Podcasts about fedramp

Innovation in Compliance with Tom Fox

Play Episode Listen Later Sep 3, 2025 4:30

OpenAI has cleared another critical hurdle to selling its ChatGPT tool directly to the federal government. As of Tuesday, ChatGPT is listed as “in process” on the FedRAMP Marketplace, an online repository that tracks where companies stand in the FedRAMP security review process. While federal agencies can issue their own approvals to use technology platforms, FedRAMP is the government's primary security review program and is designed to clear widespread cloud-based technologies for use across federal agencies. OpenAI received prioritized authorization through 20x, a person familiar with the matter told FedScoop. It's the first company to receive this prioritization, which, in effect, eliminates the need for companies to find federal agencies to sponsor them for review. At one point, OpenAI had engaged USAID, its first enterprise customer, about helping them with the process, FedScoop previously reported, but the agency was mostly shuttered in the early days of the second Trump administration. The General Services Administration created the prioritized review for AI cloud services just last month. Microsoft will offer a host of its cloud services at a discounted price to the federal government, the General Services Administration announced Tuesday, including its artificial intelligence assistant Copilot at no cost to some agencies. The OneGov deal makes Microsoft the latest technology firm to leverage steep discounts on its cloud products to expand adoption within the federal government. It comes on the heels of GSA's deals with industry competitors like OpenAI, Anthropic and Google, which are separately offering their AI models to the government for a dollar or less. Under the new agreement, Microsoft will offer its subscription service, Microsoft 365, Azure Cloud Services, and Dynamics 365 — the company's suite of business management apps — for a “discounted price” for up to 36 months. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.

Navigating Cybersecurity Compliance: From Physical Audits to AI Frameworks with Lori Crooks

Play Episode Listen Later Sep 3, 2025 21:55

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. Join Tom Fox, the Voice of Compliance as he visits with top innovative minds, thinkers and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox visits with Lori Crooks, a seasoned professional in the field of cybersecurity and audit assessments, to discuss the evolution of auditing practices from physical infrastructure to cloud and AI. Lori shares insights from her extensive career, highlighting key federal compliance frameworks like NIST 800-53, FedRAMP, and NIST 800-171. Lori stresses the importance of proactive compliance strategies and scalable GRC programs. As AI integration accelerates, she also touches on the challenges of adjusting compliance frameworks to keep pace with technological advancements, and the necessity of fostering collaboration within organizations to meet regulatory requirements effectively. Key Highlights Federal Auditing Frameworks Proactive Compliance Strategies Scalable GRC Programs AI and Compliance Landscape Future of Auditing in the Age of AI Resources Lori Crooks on Linkedin Cadra Tom Fox Instagram Facebook YouTube Twitter LinkedIn Check out my latest book Upping Your Game-How Compliance and Risk Management Move to 2023 and Beyond, available from Amazon.com. Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

amazon ai voice navigating podcasts innovation cybersecurity compliance risk management crooks frameworks audits auditing nist grc tom fox fedramp

GovCast: Inside FedRAMP 20x: GSA's Pete Waterman Talks Speed, Safety, Automation

GovCast

Play Episode Listen Later Aug 26, 2025 23:42

FedRAMP 20x is redefining how federal cloud services get authorized —making them faster, smarter and more secure. Earlier this year GSA released the 20x pilot in an effort to increase the efficiency of authorizations and enhance security. Pete Waterman, FedRAMP director at the General Services Administration, unpacks how the program is streamlining approvals, enhancing continuous monitoring and leveraging automation to detect and resolve security risks in real time. Waterman explains how FedRAMP 20x is helping agencies and providers build services that make sense from the start, leading to stronger security and better mission outcomes.

safety speed cloud cybersecurity automation federal government waterman gsa general services administration fedramp pete waterman

Event Recap: Kieran Human at Black Hat USA 2025 — ThreatLocker Unveils Configuration Defense, Achieves FedRAMP Status & More | Brand Story with ThreatLocker from Black Hat USA 2025

Play Episode Listen Later Aug 15, 2025 8:07

Event Recap: Kieran Human at Black Hat USA 2025 — ThreatLocker Unveils Configuration Defense, Achieves FedRAMP Status & MoreThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.Zero trust security continues evolving beyond theoretical frameworks into practical business solutions, as demonstrated by ThreatLocker's latest announcements at Black Hat USA 2025. The company introduced Defense Against Configuration (DAC), a monitoring tool addressing a critical gap in zero trust implementations.Kieran Human, Special Projects Engineer at ThreatLocker, explained the challenge driving DAC's development. Organizations implementing zero trust often struggle with configuration management, potentially leaving systems vulnerable despite security investments. DAC monitors configurations continuously, alerting administrators to potential security issues and mapping findings to compliance frameworks including Essential 8.The tool addresses human factors in security implementation. Technical staff sometimes create overly permissive rules to minimize user complaints, compromising security posture. DAC provides weekly reports to executives, ensuring oversight of configuration decisions and maintaining security standards across the organization.ThreatLocker's approach distinguishes itself through "denied by default, allowed by exception" methodology, contrasting with traditional endpoint detection and response solutions that permit by default and block threats reactively. This fundamental difference requires careful implementation to avoid business disruption.The company's learning mode capabilities address deployment concerns. With over 10,000 built-in application profiles, ThreatLocker automates policy creation while learning organizational workflows. This reduces manual configuration requirements that previously made zero trust implementations tedious and time-intensive.FedRAMP certification represents another significant milestone, opening government sector opportunities. Federal compliance requirements previously excluded ThreatLocker from certain contracts, despite strong customer demand for their zero trust capabilities. This certification enables expansion into highly regulated environments requiring stringent security controls.Customer testimonials continue validating the approach. One user reported preventing three breaches after implementing ThreatLocker's zero trust solution, demonstrating measurable security improvements. Such feedback reinforces the practical value of properly implemented zero trust architecture.The balance between security and business functionality remains crucial. Organizations need security solutions that protect assets without hampering productivity. ThreatLocker's principle of least privilege implementation focuses on enabling business requirements with minimal necessary permissions rather than creating restrictive environments that impede operations.Human described working closely with CEO Danny Jenkins, emphasizing the collaborative environment that drives product innovation. His engineering perspective provides valuable insights into customer needs while maintaining focus on practical security solutions that work in real-world environments.As zero trust adoption accelerates across industries, tools like DAC become essential for maintaining security posture while meeting business demands. The combination of automated learning, configuration monitoring, and compliance mapping addresses practical implementation challenges facing security teams today.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Kieran Human, Special Project Engineer at ThreatLocker | On LinkedIn | https://www.linkedin.com/in/kieran-human-5495ab170/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

GSA unveils USAi; How the government is working to fast-track security reviews for AI companies

Play Episode Listen Later Aug 14, 2025 5:47

The General Services Administration rolled out a new governmentwide tool Thursday that gives federal agencies the ability to test major artificial intelligence models, a continuation of Trump administration efforts to ramp up government use of automation. The AI evaluation suite, titled USAi.gov, launched Thursday morning and allow federal agencies to test various AI models, including those from Anthropic, OpenAI, Google and Meta to start, two senior GSA officials told FedScoop. The launch of USAi underscores the Trump administration's increasing appetite for AI integration into federal government workspaces. The GSA has described these tools as a way to help federal workers with time-consuming tasks, like document summaries, and give government officials access to some of the country's leading AI firms. The GSA, according to one of the officials, will act as a “curator of sorts” for determining which models will be available for testing on USAi. The official noted that additional models are being considered for the platform, with input from GSA's industry and federal partners, and that American-made models are the primary focus. Grok, the chatbot made by Elon Musk's xAI firm, is notably not included on the platform for its launch Thursday. Anthropic and OpenAI, two of the country's leading AI companies, recently announced that they're offering their powerful models to federal agencies for $1 for the next year. But the new deals, which are both available through a General Services Administration OneGov contract vehicle, don't on their own clear the way for widespread government adoption of artificial intelligence. Instead, the new financial incentive seems to be daring government officials to move quickly and approve the technology as soon as possible. Currently, no major AI provider is authorized under FedRAMP, a critical security program that allows agencies to use a company's cloud services — including software or models offered on a cloud service — across government. While several companies — including Anthropic, xAI and OpenAI — have released government-focused product suites, they're still somewhat dependent on cloud providers like Microsoft and Amazon that have already cleared the FedRAMP process. If AI companies want to sell much of their technology directly to the government, they need their own authorization-to-operate or ATO. What's changed, though, is that federal officials now have a new reason to move through security review processes more quickly, a former GSA employee and another person familiar with the matter both told FedScoop. That strategy could involve going through an authorization-to-operate process through an agency's authorizing official — typically, their chief information officer — as well as the security review process explicated by FedRAMP, both people said. GSA is now looking at strategies to speed up the process. An agency spokesperson confirmed that these companies still need to seek FedRAMP authorization if they want to offer their technology directly. But to make that happen faster, GSA is now consulting with the Chief Information Officers Council and the board that oversees FedRAMP about “prioritization for AI companies” that are added to GSA's multiple award schedule. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.

Cyber Budgets Shrink, GPT-5 Faces Backlash, FedRAMP Speeds Up, Vendors Squeeze MSPs

Play Episode Listen Later Aug 13, 2025 17:47

The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant criticism from state and local officials who feel abandoned due to diminishing federal support for critical cybersecurity programs. Many officials are concerned about their increasing reliance on self-driven initiatives, especially after cuts to the Multi-State Information Sharing and Analysis Center, which has been a crucial source of cybersecurity intelligence for over two decades. A recent survey revealed that a substantial portion of state and local governments lack adequate funding for cybersecurity, with 22% allocating no funds and 42% operating with annual budgets of less than $100,000. This situation raises alarms about the potential for increased vulnerability to cyberattacks, particularly from nation-state actors.In response to the evolving landscape of artificial intelligence, the National Institute of Standards and Technology (NIST) is developing new security guidance aimed at addressing the associated risks. This initiative will clarify how AI interacts with cybersecurity, focusing on securing AI systems, the adversarial use of AI, and leveraging AI to enhance cybersecurity measures. Additionally, a bipartisan bill known as the Validation and Evaluation for Trustworthy Artificial Intelligence Act has been reintroduced in the Senate, aiming to establish guidelines for the responsible development and testing of AI systems. House appropriators are also proposing a significant funding increase for NIST, reflecting a commitment to bolster cybersecurity and innovation.The Federal Risk Management and Authorization Program (FedRAMP) has made strides in streamlining the approval process for government cloud services, achieving a significant reduction in wait times from over a year to approximately five weeks. This shift is part of a broader trend toward more efficient cloud authorization processes, with FedRAMP already approving more than twice as many services in fiscal year 2025 compared to the previous year. This development presents an opportunity for businesses to leverage FedRAMP-authorized stacks for government-related buyers and to build migration strategies accordingly.OpenAI has recently updated its ChatGPT platform, introducing new models and third-party tool connectors while facing scrutiny over the performance and security of its latest model, GPT-5. Despite the introduction of various user-focused options, security assessments have revealed significant vulnerabilities in GPT-5, prompting concerns about its safety and reliability. As companies like ConnectWise implement new credit card surcharges and adjust their workforce in response to market demands, the overarching theme emphasizes the need for operational discipline and strategic planning in navigating the evolving technology landscape. Four things to know today 00:00 Shrinking Cyber Budgets, Emerging AI Rules, and Streamlined FedRAMP Signal Shifts for IT Providers06:43 From Security to SaaS Management, Vendors Roll Out Agentic Features for IT Service Providers10:25 OpenAI Expands GPT-5 Options, Adds Connectors, but Faces Early Security Backlash13:41 ConnectWise Adds Credit Card Surcharges, Trims Staff in Strategic Realignment Supported by: https://syncromsp.com/ Tell us about a newsletter!https://bit.ly/biztechnewsletter All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Anthropic offers Claude AI to federal agencies for $1; FedRAMP authorizations in 2025 already more than double last year

ai office government management congress budget federal offers enterprise approval anthropic gsa federal agencies general services administration fedramp authorizations

Play Episode Listen Later Aug 12, 2025 4:24

Federal agencies will now have access to Anthropic's Claude model for $1, the General Services Administration announced Tuesday, continuing the agency's push for artificial intelligence products across government. Under the OneGov deal, all three branches of government will be able to use Anthropic's Claude for Enterprise and Claude for Government for a nominal $1 fee. Approval for members of Congress and the judiciary is pending, the GSA noted. It is the latest in a series of deals between private AI firms and the federal government to increase the use of automation in agency workflows and boost workers' productivity and efficiency. Anthropic said in a release Tuesday: “We believe the U.S. public sector should have access to the most advanced AI capabilities to tackle complex challenges, from scientific research to constituent services. By combining broad accessibility with uncompromising security standards, we're helping ensure AI serves the public interest.” Anthropic's Claude for Government models have FedRAMP High certification and can be used by federal workers dealing with “sensitive unclassified work,” while Claude for Enterprise models have expanded features for data protection, Anthropic said. Anthropic said it will also offer technical support for agencies to implement its products into workflows. The Federal Risk Management and Authorization Program has already approved more than twice as many government cloud services in fiscal year 2025 as all of fiscal 2024, the General Services Administration announced Monday. FedRAMP reached 114 authorizations in July for fiscal 2025, along with four new cloud services through the FedRAMP 20x revamp program, according to a GSA statement. In fiscal 2024, FedRAMP authorized 49 cloud service providers, according to a GSA spokesperson. The reform program, unveiled in March, is focused on simplifying the authorization process and shaving the approval timeline from months to weeks. Eventually, agency sponsorship will no longer be needed to win authorization, a process that is often expensive and time-consuming. The new numbers come just over a year since the Office of Management and Budget published a memo calling for the modernization of the cloud authorization process. GSA said FedRAMP had a “significant backlog” at the time of the memo, with authorizations taking more than a year. A year later, FedRAMP's increased use of automation and streamlined workflows cut the wait time to about five weeks, the GSA said.

Simplifying Security Without Sacrificing Control | A ThreatLocker Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with Danny Jenkins

Federal Tech Podcast: Listen and learn how successful companies get federal contracts

Play Episode Listen Later Aug 11, 2025 19:25

At Black Hat USA 2025, Danny Jenkins, CEO of ThreatLocker, shares how his team is proving that effective cybersecurity doesn't have to be overly complex. The conversation centers on a straightforward yet powerful principle: security should be simple enough to implement quickly and consistently, while still addressing the evolving needs of diverse organizations.Jenkins emphasizes that the industry has moved beyond selling “magic” solutions that promise to find every threat. Instead, customers are demanding tangible results—tools that block threats by default, simplify approvals, and make exceptions easy to manage. ThreatLocker's platform is built on this premise, enabling over 54,000 organizations worldwide to maintain a secure environment without slowing business operations.A highlight from the event is ThreatLocker's Defense Against Configurations (DAC) module. This feature performs 170 daily checks on every endpoint, aligning them with compliance frameworks like NIST and FedRAMP. It not only detects misconfigurations but also explains why they matter and how to fix them. Jenkins admits the tool even revealed gaps in ThreatLocker's own environment—issues that were resolved in minutes—proving its practical value.The discussion also touches on the company's recent FedRAMP authorization process, a rigorous journey that validates both the product's and the company's security maturity. For federal agencies and contractors, this means faster compliance with CMMC and NIST requirements. For commercial clients, it's an assurance that they're working with a partner whose internal security practices meet some of the highest standards in the industry.As ThreatLocker expands its integrations and modules, Jenkins stresses that simplicity remains the guiding principle. This is achieved through constant engagement with customers—at trade shows, in the field, and within the company's own managed services operations. By actively using their own products at scale, the team identifies friction points and smooths them out before customers encounter them.In short, the message from the booth at Black Hat is clear: effective security comes from strong fundamentals, simplified management, and a relentless focus on the user experience.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Danny Jenkins, CEO of ThreatLocker | On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Ep. 264 How Automation is Accelerating Digital Transformation Across Federal Agencies

Play Episode Listen Later Aug 8, 2025 20:42

Ep. 264 How Automation Is Accelerating Digital Transformation Across Federal Agencies Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In this episode of the Federal Tech Podcast, host John Gilroy interviews Nabil Amiri, Vice President of Business Development for the federal practice at NWN. The discussion introduces NWN's expanding role in helping federal agencies adopt advanced technologies, particularly artificial intelligence (AI), as part of broader digital transformation efforts. Amiri explains NWN's recent acquisition of Leverage Information, a move that brought deep federal experience—especially with defense, intelligence, and civilian agencies—into NWN's already strong commercial portfolio. This merger allows NWN to deliver robust, secure IT solutions tailored to the complexities of federal requirements such as FedRAMP, STIGs, and Zero Trust. He emphasizes that innovation and compliance can—and must—coexist in the federal space. The conversation touches on the real-world challenges federal agencies face, like outdated systems, budget cuts, workforce reductions, and tool sprawl. Amiri critiques the proliferation of “single panes of glass” in IT environments, which often complicate rather than simplify operations. NWN's strength lies in delivering visibility across systems, reducing complexity, and enabling security and automation through integrated, scalable platforms. Key themes include Zero Trust architecture, infrastructure modernization, automation, and streamlining tech procurement. NWN's flexible acquisition pathways (e.g., via GSA and SEWP contracts) make it easier for agencies to respond quickly to crises like COVID or cyberattacks. On AI, Amiri emphasizes its role in real-time data analysis to improve visibility and prevent outages, critical for mission continuity. NWN remains vendor-neutral, working with a broad ecosystem of partners to deliver best-in-class, mission-focused outcomes. Looking ahead, Amiri confidently predicts that AI will become foundational to all federal IT strategies, driving operational resilience and transformation in the next five years. The interview sets the stage for deeper dives into emerging topics like agentic AI and cloud-native strategies in future discussions.

covid-19 ai vice president automation business development digital transformation accelerating zero trust gsa federal agencies amiri fedramp stigs john gilroy

Ep. 263 How Microsoft Drives Cloud-Powered Transformation in Federal Agencies

Federal Tech Podcast: Listen and learn how successful companies get federal contracts

Play Episode Listen Later Aug 7, 2025 26:55

Ep. 263 How Microsoft Drives Cloud-Powered Transformation in Federal Agencies Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Microsoft has been a behemoth in the world of information technology since its founding in 1985. The only way to understand how Microsoft can impact the federal government is to take a topic like AI and conduct a thorough analysis. Today, we sat down with Wole Moses, the Chief AI Officer for Microsoft Federal. He shares his perspective on how Microsoft's innovation can help federal agencies achieve their ambitious goals. Essentially, we discuss AI's role in cyber threats, legacy infrastructure, and compliance. Moses explains that Microsoft's AI assistant, Copilot, is integrated into various products to enhance productivity. He emphasizes the importance of a strategic approach to AI, aligning projects with agency missions and goals. Moses discusses the potential of AI to modernize legacy systems and processes, improve cybersecurity, and support software developers. In AI, multimodal refers to a system that utilizes text, images, audio, and even video. He also highlights the need for multimodal AI to expand communication capabilities and the importance of compliance with frameworks like FedRAMP and NIST RMF. Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

ai transformation microsoft cloud powered drives copilot federal agencies fedramp john gilroy

FedRAMP 20x pilots finds initial success with four approvals

success initial pilots jason miller approvals general services administration fedramp

Play Episode Listen Later Aug 5, 2025 10:30

The initial results are in for the pilot effort to improve the cloud security program known as FedRAMP, four vendors have crossed the finish line to receive low authorizations under FedRAMP, proving the faster process is working for more on how the General Services Administration plans to continue to improve FedRAMP, federal news networks executive editor Jason Miller joins me nowSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The FedRAMP 20x Phase One Pilot begins

pilot phase one jason miller general services administration fedramp pete waterman federal news network

Play Episode Listen Later Jul 28, 2025 8:52

Anyone who pays attention to cloud computing in the federal community knows the term FedRAMP, but more than a decade after the program's establishment, it's becoming something new and hopefully a lot more streamlined. Part of that is the FedRAMP 20x Phase One pilot. The program management office is moving to a more elective or discretionary style of security verification rather than a prescriptive one. Pete Waterman is director of FedRAMP at the General Services Administration. He talked with Federal News Network's Jason Miller as part of our annual cloud exchange.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

GSA's plans to test the controversial AI tool Grok; Why IRS's data-sharing deal with ICE could lead to ‘dangerous' mistakes

Play Episode Listen Later Jul 14, 2025 5:02

Employees at the General Services Administration appear poised to test Grok 3, the artificial intelligence tool built by Elon Musk's company xAI, according to a GitHub page referencing the agency's work. The GitHub page operated by GSA and its digital government group Technology Transformation Services references the Grok AI model as one it is testing and that the team is actively discussing as part of its 10x AI Sandbox. A GSA spokesperson told FedScoop in a response to an inquiry about the agency's work with Grok “GSA is evaluating the use of several top-tier AI solutions to empower agencies and our public servants to best achieve their goals. We welcome all American companies and models who abide by our terms and conditions.”A post from Tuesday shows what appears to be one GSA employee trying to access Grok 3 for testing, but struggling to do so. Several names of the people active on the GitHub page match those of workers affiliated with GSA. The 10x AI Sandbox project is described on GitHub as “a venture studio in collaboration with the General Services Administration (GSA). Its primary goal is to enable federal agencies to experiment with artificial intelligence (AI) in a secure, FedRAMP-compliant environment.” It continues: “By providing access to base models from leading AI companies and offering advanced UI features, the sandbox empowers agencies to test and validate new AI use cases efficiently.” The public version of the 10x AI Sandbox project page on GitHub was taken down after the publication of this story, redirecting now to a 404 error page. Interest in testing Grok comes as GSA continues to work on GSAi, an artificial intelligence tool built by the agency and meant to help employees access multiple AI models. At launch, the GSAi tool included access to several systems, including tools from Anthropic and Meta. Notably, Grok came under fire last week after promoting various antisemitic statements on the Musk-owned social media platform X. A top digital rights group is pushing back on the IRS's data-sharing agreement with the Department of Homeland Security, writing in a new court filing that the pact violates federal tax code and fails to take into account the real-world consequences of bulk data disclosure. In an amicus brief filed in the U.S. Court of Appeals for the D.C. Circuit, the Electronic Frontier Foundation argued that the “historical context” of the tax code section that ensures confidentiality of returns and return information “favors a narrow interpretation of disclosure provisions.” EFF also made the case for why the bulk disclosure of taxpayer information — in this case to Immigration and Customs Enforcement — is especially harmful due to “record linkage errors” that set the stage for “an increase in mistaken and dangerous ICE enforcement actions against taxpayers.” Nonprofit groups sued the Trump administration in March, shortly after the data-sharing deal between the IRS and ICE was announced. Soon after, the tax agency's then-acting commissioner resigned, reportedly in protest. In May, a Trump-appointed federal judge refused to block the agreement, allowing the IRS to continue delivering taxpayer data to ICE. The ruling, DHS said in a statement, was “a victory for the American people and for common sense.” As the D.C. Circuit Court considers the appeal, the Electronic Frontier Foundation wants to make sure that the “historical context” of tax and privacy law is taken into account. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.

Rethinking Cybersecurity: Why Traditional MFA Fails and the Future of Phishing-Resistant Solutions with Bob Burke

TechCrunch Startups – Spoken Edition

Play Episode Listen Later Jul 13, 2025 21:11

Bob Burke, Chief Information Security Officer at Beyond Identity, challenges the effectiveness of traditional multi-factor authentication (MFA) in the evolving landscape of cybersecurity. He argues that legacy MFA solutions, which often rely on out-of-band authorization methods like push notifications or one-time passwords, are no longer sufficient against the rising tide of sophisticated cyber threats. With the advent of services like phishing-as-a-service, attackers can easily bypass these outdated security measures, necessitating a shift towards phishing-resistant authentication methods. Burke emphasizes the need for organizations to adopt solutions that not only enhance security but also consider device posture and trustworthiness.Burke also critiques the current state of FIDO2 and passkeys, acknowledging their potential while highlighting their limitations, particularly in terms of device posture and user experience. He suggests that small to mid-sized businesses (SMBs) should prioritize phishing-resistant solutions that integrate both browser protection and device authentication. Furthermore, he raises concerns about the pricing models of many Software as a Service (SaaS) providers, which often place essential security features behind higher-tier subscriptions, effectively discouraging customers from adopting more secure practices.The conversation shifts to the endpoint detection and response (EDR) market, where Burke notes that while EDR solutions are still necessary, they are evolving into more comprehensive offerings like extended detection and response (XDR). He points out that many of these solutions are priced for enterprise-level organizations, leaving SMBs and mid-market companies struggling to find affordable options. Burke encourages these organizations to seek out solutions that fit their budget while still providing essential security capabilities.Finally, Burke shares insights from his experience with the FedRAMP certification process, emphasizing the importance of building internal security competencies and integrating security into product design from the outset. He advocates for a clear internal compliance program, such as NIST, to guide organizations in their security efforts. As the cybersecurity landscape continues to evolve, Burke warns that the tempo and scope of attacks are increasing, driven by advancements in AI, and urges organizations to reassess their security architectures to stay ahead of emerging threats. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Knox lands $6.5M to compete with Palantir in the federal compliance market

Play Episode Listen Later Jul 11, 2025 4:01

While highly sought after, federal software contracts frequently come with a hidden cost: Achieving government SaaS security compliance, known as FedRAMP, can take years and require substantial resources. Achieving this certification typically takes up to three years and costs more than $3 million, covering everything from security operations engineer salaries to security audits Learn more about your ad choices. Visit podcastchoices.com/adchoices

market federal achieving saas compliance compete lands palantir fedramp

Kovr Raises $3.6M to Automate Cyber Compliance with AI

The SaaS CFO

Play Episode Listen Later Jul 3, 2025 33:59

Welcome back to The SaaS CFO Podcast! In this episode, host Ben Murray sits down with Andrew Black, CEO of Kovr, and Sri Iyer, the company's founder and CTO. Kovr is shaking up the world of cybersecurity compliance, helping organizations dramatically speed up the process of achieving certifications like FedRAMP, HIPAA, and others—using the latest breakthroughs in generative AI. Andrew and Sri bring fascinating perspectives, drawing from deep experience in tech, government, and startups, including previous roles at Amazon Web Services, PwC, Lockheed, and Gartner. They talk about the pain points that tech companies and government agencies face when trying to deploy secure software in regulated environments, and how Kovr can cut compliance timelines from years to minutes. If you're curious about go-to-market strategies for AI-first startups, lessons learned from early fundraising, or how to build a SaaS business in a highly regulated market, this episode is packed with candid insights and actionable advice. Tune in to hear how Kovr is empowering innovators to get their products into the hands of customers faster, with less headache—and what's next for this fast-moving team. Show Notes: 00:00 "Compliance Challenges in Software Deployment" 03:43 Streamlining Compliance with AI 06:37 Target Customers: CISOs to DevOps Teams 11:11 Pursuing a $13B Market Opportunity 13:03 AI Traction and Trust Challenges 17:38 Navigating VC Relationships and Fit 20:17 Unlimited-Use Enterprise SaaS Licensing 23:48 Simplifying Gen AI Sales Model 28:26 Efficient AI: Smaller Models, Big Savings 30:25 "Focus on Sales Cycle Days" 33:44 "LinkedIn Profile: Kovr AI" Links: SaaS Fundraising Stories: https://www.thesaasnews.com/news/kovr-ai-raises-3-6-million-in-seed-round Andrew Black's LinkedIn: https://www.linkedin.com/in/andrew-black-5435b67/ Sri Iyer's LinkedIn: https://www.linkedin.com/in/sri-iyer/ Kovr AI's LinkedIn: https://www.linkedin.com/company/kovrai/ Kovr AI's Website: https://kovr.ai/ To learn more about Ben check out the links below: Subscribe to Ben's daily metrics newsletter: https://saasmetricsschool.beehiiv.com/subscribe Subscribe to Ben's SaaS newsletter: https://mailchi.mp/df1db6bf8bca/the-saas-cfo-sign-up-landing-page SaaS Metrics courses here: https://www.thesaasacademy.com/ Join Ben's SaaS community here: https://www.thesaasacademy.com/offers/ivNjwYDx/checkout Follow Ben on LinkedIn: https://www.linkedin.com/in/benrmurray

ceo ai focus pursuing saas cto cyber compliance raises pwc automate gartner amazon web services hipaa sri lockheed fedramp big savings ben murray andrew black saas metrics

Securing the cloud: Zero trust and beyond

Studio 2G Podcasts

Play Episode Listen Later Jul 2, 2025 50:31

Federal agencies are accelerating cloud adoption, but increasingly sophisticated cyber threats and regulatory mandates require a stronger approach to security. This episode explores how agencies can enhance visibility, improve risk prioritization and strengthen zero trust strategies. Experts discuss multi-cloud security challenges, compliance with federal mandates like FedRAMP and EO 14028, and the role of automation in incident response and vulnerability management.

cloud federal securing eo zero trust fedramp

Why Small Businesses Keep Failing: The 10% HUBZone Advantage You're Wasting!

Govcon Giants Podcast

Play Episode Listen Later Jun 26, 2025 10:17

In today's episode of the Daily Windup, we dive into the world of government contracts and how startups can navigate this complex landscape. Our speakers discuss the importance of FedRAMP certification and how it can open doors for small businesses. They share valuable advice on building a track record and finding the right niche to deliver value to government agencies. Our guest, an experienced entrepreneur, shares the story of how they secured their first government contract and the valuable lessons they learned along the way. From dealing with pricing challenges to overcoming the initial hurdles of being a new player in the market, this episode provides invaluable insights for startups seeking to make their mark in the government space. So, tune in to learn from the experiences of seasoned entrepreneurs and discover the keys to success when it comes to breaking into government contracts. Brought to you by alchemy gov - When Connections Matter Most.

businesses small business failing advantage wasting fedramp hubzone

What IT Leaders Can Learn from How the Government Buys Tech

IT Visionaries

Play Episode Listen Later Jun 26, 2025 44:04

IT leaders in regulated industries know the pain of navigating outdated, slow procurement systems – especially when critical missions depend on modern tools. In this episode, Bryana Tucci, Lead of the AWS Marketplace for the US Intelligence Community, shares how government agencies are overcoming legacy procurement bottlenecks to access cutting-edge software, AI tools, and cloud services faster and more securely.Listeners will gain insight into:Why traditional government procurement can take up to two years – and how that's changing.How air-gapped environments complicate innovation and what's being done about it.How generative AI is reshaping national security workflows.What kinds of tech companies are best positioned to succeed in the public sector.This episode is a must-listen for IT leaders interested in procurement innovation, cloud adoption in secure environments, and where AI fits into the future of public sector IT. Enjoy!Key Moments00:00 Meet Bryana Tucci, AWS06:58 The Pain Point: Procurement Then vs. Now11:31 Unique Challenges in Public Sector Tech15:55 The Long Road to Selling in Government19:23 Vetting and Onboarding Sellers (how to meet federal standards)23:49 Government + AI: A Game-Changer30:34 Cost Efficiency, Saving Time, and the Future of Procurement41:46 What's Next for AWS Marketplace ---Produced by the team at Mission.org and brought to you by Brightspot.

2.5 YEARS Just to Win ONE Government Contract? The Ugly Truth They Won't Tell You!

Govcon Giants Podcast

Play Episode Listen Later Jun 23, 2025 7:13

Welcome to a new episode of The Daily Windup! Today, I had the pleasure of speaking with Yolanda Clark, CEO of Powder River Industries, a small business that has successfully navigated the world of defense contracts and specialized in DevSecOps and infrastructure as code services. Yolanda shared her journey of bringing stability to her business by establishing headquarters in Wyoming while her spouse serves in the military. In our conversation, Yolanda explained the intricacies of DevSecOps, clarifying that it involves coding within secure environments, ensuring software compliance with cyber requirements from day one. We also discussed the differences between FedRAMP and their services, with Yolanda highlighting how they provide support at a specific point within the lifecycle for their defense customers. Listen now to learn more!

ceo wyoming ugly truth devsecops government contracts fedramp

Speed Meets Security: Building SaaS with Compliance in Mind

Brilliance Security Magazine Podcast

Play Episode Listen Later Jun 16, 2025 39:30

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with John Sobczak, founder and CEO of NXT1, to explore how software development teams can accelerate time to market without compromising on security or compliance. John shares how his career shaped the vision behind NXT1 and discusses the structural pitfalls that often delay or derail promising SaaS startups. This engaging conversation is packed with actionable insights for developers, founders, and investors navigating the complex intersection of speed, scale, and security.SummaryJohn Sobczak brings decades of experience in enterprise technology and government cybersecurity to this discussion, offering a compelling argument for embedding security from the very first line of code. He outlines how modern SaaS development is hampered by excessive cognitive load on developers, who are often forced to juggle core product development with complex compliance frameworks. This leads to delays, technical debt, and avoidable risk.NXT1's solution is LaunchIT, a turnkey platform designed to provide secure, compliant infrastructure out of the box. Sobczak explains how inheritance—not just guardrails—makes the difference. By giving developers access to hardened, policy-aligned environments that meet standards like SOC 2, HIPAA, and FedRAMP, NXT1 dramatically shortens the path from idea to revenue. This also reduces founder and investor risk while increasing the cost for adversaries targeting early-stage SaaS companies.Throughout the episode, Sobczak emphasizes the importance of building with scale and regulation in mind—even if those market demands aren't immediate. He notes that most early-stage teams wait too long to consider security, mistakenly treating compliance as a checklist to be addressed after product development. Instead, NXT1 aims to "meet customers where they are," helping both startups and more mature companies seamlessly scale into new verticals like healthcare and public sector without rebuilding from scratch.He also touches on the cultural shifts required in development organizations: making security everyone's responsibility, automating infrastructure to reduce human error, and resisting the temptation to reinvent the wheel when platforms already exist that can shoulder much of the compliance burden.Whether you're an entrepreneur launching a new SaaS product or a development leader in a growth-stage company, this episode is a must-listen for those looking to secure their software—and their future—from the ground up.

ceo security speed saas compliance hipaa soc fedramp

FedRamp 20X Explained: What CSPs Must Know in 2025 with Travis Howerton

Risk Management Show

Play Episode Listen Later Jun 12, 2025 25:34

Discover everything cloud service providers (CSPs) need to know about the FedRamp 20X pilot program and its transformative impact on Risk Management in 2025. In this episode of the Risk Management Show, Boris Agranovich, CEO of Global Risk Community, interviews Travis Howerton, Co-Founder and CEO at Regscale, a leading voice in Cyber Security and AI-driven solutions. Together, they explore how they streamlines authorization processes, enhances cloud security, and balances innovation with robust security standards. During the discussion, Travis shares insights on automating compliance through AI, addressing regulatory challenges, and creating opportunities for CSPs and federal agencies. Learn how innovations like compliance as code and automation are shaping the future of cloud security and sustainability. If you're a Chief Risk Officer or a professional in the cybersecurity space, this is a must-watch for actionable strategies and expert advice. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Guest Proposal."

ceo ai discover co founders academy cybersecurity risk management must know online communities csp chief risk officer howerton fedramp csps

The Federal Drive with Terry Gerton - Wednesday, May 7, 2025

Play Episode Listen Later May 7, 2025 56:42

Today on the Federal Drive with Terry Gerton A status report on the most expensive weapon system ever Looking at the Trump administration against its predecessors The FedRAMP cloud security program goes cloud nativeSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

donald trump fedramp federal drive

The FedRAMP cloud security program goes cloud native

ceo gsa cloud security cloud native general services administration security program fedramp

Play Episode Listen Later May 7, 2025 10:38

The FedRAMP program at the General Services Administration has enabled agencies to safely use commercial cloud computing for more than a decade. Last month the GSA launched an update called FedRAMP 20-X. It's designed to make it easier and faster for vendors to get the authorization they need to take on federal customers. For how it looks to industry, we turn to the founder and CEO of RegScale, Travis Howerton.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Rethinking Container Security from the Kernel Up | A Brand Story with Emily Long and Kaylin Trychon from Edera | An RSAC Conference 2025 Pre-Event Conversation

Lenny's Podcast: Product | Growth | Career

Play Episode Listen Later Apr 29, 2025 11:29

In this pre-event Brand Story On Location conversation recorded live from RSAC Conference 2025, Emily Long, Co-Founder and CEO of Edera, and Kaylin Trychon, Head of Communications, introduce a new approach to container security—one that doesn't just patch problems, but prevents them entirely.Edera, just over a year old, is focused on reimagining how containers are built and run by taking a hardware-up approach rather than layering security on from the top down. Their system eliminates lateral movement and living-off-the-land attacks from the outset by operating below the kernel, resulting in simplified, proactive protection across cloud and on-premises environments.What's notable is not just the technology, but the philosophy behind it. As Emily explains, organizations have grown accustomed to the limitations of containerization and the technical debt that comes with it. Edera challenges this assumption by revisiting foundational virtualization principles, drawing inspiration from technologies like Xen hypervisors, and applying them in modern ways to support today's use cases, including AI and GPU-driven environments.Kaylin adds that this design-first approach means security isn't bolted on later—it's embedded from the start. And yet, it's done without disruption. Teams don't need to scrap what they have or undertake complex rebuilds. The system works with existing environments to reduce complexity and ease compliance burdens like FedRAMP.For those grappling with infrastructure pain points—whether you're in product security, DevOps, or infrastructure—this conversation is worth a listen. Edera's vision is bold, but their delivery is practical. And yes, you'll find them roaming the show floor in bold pink—“mobile booth,” zero fluff.Listen to the episode to hear what it really means to be “secure by design” in the age of AI and container sprawl.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guests: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/Kaylin Trychon, Head of Communications, Edera | https://www.linkedin.com/in/kaylintrychon/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:emily long, kaylin trychon, sean martin, marco ciappelli, containers, virtualization, cloud, infrastructure, security, fedramp, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Lessons Going Zero to $40M ARR in Two Years | Dan Lorenc, Chainguard

The Peel

Play Episode Listen Later Apr 24, 2025 74:56

Dan Lorenc is the Co-founder and CEO of Chainguard, the safe source for open source.The internet runs on free, open source software. But as its risen in popularity, its become the latest attack point targeted by hackers and nation states.This conversation with Dan gets into the history of open source software, cloud computing, Linux, the software supply chain, how AI will impact it, and what the next big cyber attack will look like.Dan is an engineer, but he also loves sales and go-to-market. We unpack how Chainguard went from zero to 150 customers and a $40m ARR in two years.Chainguard just announced a $350 million Series D led by Kleiner and IVP, and Dan unpacks the round, plus shares his secret methodology for valuing the company.A big thank you to Dan's Co-founder Kim Lewandowski, to Clay Fischer @ Spark, Bogomil Balkansky & Andrew Reed @ Sequoia, and Tom Loverro @ IVP for their help brainstorming topics for Dan.Thanks to Numeral for supporting this episode, the end-to-end platform for sales tax and compliance. Try it here: https://bit.ly/NumeralThePeelTimestamps:(3:26) A safe source for open source(4:57) The software supply chain(7:19) Can you trust open source code with contributors in Russia?(9:43) Malware attack that almost took down the entire internet(12:40) What the next big cyber attack will look like(15:12) How will AI impact the software supply chain(17:53) The history of cloud computing(21:42) Why all cloud computing runs on Linux(23:16) How Linux + Linux distros work(29:28) Automating open source security(32:43) Chainguard roadmap: Libraries and VMs(36:40) Focusing on FedRAMP(42:44) Impact of DOGE(44:06) Zero to $40m ARR in two years(45:40) Learning to love sales as a technical founder(47:24) Lessons from Frank Slootman(51:15) How to create urgency in sales(53:16) How to build a sales team(58:23) Hiring Ryan Carlson from Wiz & Okta(1:01:45) Inside Chainguard's $350m Series D(1:07:41) Vibe coding + Dan's software stack(1:09:51) Cutting his hair in front of the entire company(1:10:27) Wearing a different suit to each board meeting(1:12:32) Bogomil, world's best SDRReferencedCheck out Chainguard: https://www.chainguard.dev/Jobs at Chainguard: https://www.chainguard.dev/careersPrior episode with Dan: https://www.youtube.com/watch?v=AC4cOJ9n_Z8Linux Origin Email: https://www.reddit.com/r/linux/comments/mmmlh3/linux_has_a_interested_history_this_is_one_of/The Qualified Sales Leader: https://www.amazon.com/Qualified-Sales-Leader-Proven-Lessons/dp/0578895064Julius, AI data analysis: https://julius.ai/Claude Code: https://www.anthropic.com/claude-codeWorld's best SDR: https://x.com/BogieBalkansky/status/19132697148828143502025 Chainguard Assemble Keynote: https://www.youtube.com/watch?v=adfU9LJg3I0Follow DanTwitter: https://x.com/lorenc_danLinkedIn: https://www.linkedin.com/in/danlorenc/Follow TurnerTwitter: https://twitter.com/TurnerNovakLinkedIn: https://www.linkedin.com/in/turnernovakSubscribe to my newsletter to get every episode + the transcript in your inbox every week: https://www.thespl.it/

Building a magical AI code editor used by over 1 million developers in four months: The untold story of Windsurf | Varun Mohan (co-founder & CEO)

Play Episode Listen Later Apr 20, 2025 74:06

Varun Mohan is the co-founder and CEO of Windsurf (formerly Codeium), an AI-powered development environment (IDE) that has been used by over 1 million developers in just four months and has quickly emerged as a leader in transforming how developers build software. Prior to finding success with Windsurf, the company pivoted twice—first from GPU virtualization infrastructure to an IDE plugin, and then to their own standalone IDE.In this conversation, you'll learn:1. Why Windsurf walked away from a profitable GPU infrastructure business and bet the company on helping engineers code2. The surprising UI discovery that tripled adoption rates overnight.3. The secret behind Windsurf's B2B enterprise plan, and why they invested early in an 80-person sales team despite conventional startup wisdom.4. How non-technical staff at Windsurf built their own custom tools instead of purchasing SaaS products, saving them over $500k in software costs5. Why Varun believes 90% of code will be AI-generated, but engineering jobs will actually increase6. How training on millions of incomplete code samples gives Windsurf an edge, and creates a moat long-term7. Why agency is the most undervalued and important skill in the AI era—Brought to you by:• Brex—The banking solution for startups• Productboard—Make products that matter• Coda—The all-in-one collaborative workspace—Where to find Varun Mohan:• X: https://x.com/_mohansolo• LinkedIn: https://www.linkedin.com/in/varunkmohan/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Varun's background(03:57) Building and scaling Windsurf(12:58) Windsurf: The new purpose-built IDE to harness magic(17:11) The future of engineering and AI(21:30) Skills worth investing in(23:07) Hiring philosophy and company culture(35:22) Sales strategy and market position(39:37) JetBrains vs. VS Code: extensibility and enterprise adoption(41:20) Live demo: building an Airbnb for dogs with Windsurf(42:46) Tips for using Windsurf effectively(46:38) AI's role in code modification and review(48:56) Empowering non-developers to build custom software(54:03) Training Windsurf(01:00:43) Windsurf's unique team structure and product strategy(01:06:40) The importance of continuous innovation(01:08:57) Final thoughts and advice for aspiring developers—Referenced:• Windsurf: https://windsurf.com/• VS Code: https://code.visualstudio.com/• JetBrains: https://www.jetbrains.com/• Eclipse: https://eclipseide.org/• Visual Studio: https://visualstudio.microsoft.com/• Vim: https://www.vim.org/• Emacs: https://www.gnu.org/software/emacs/• Lessons from a two-time unicorn builder, 50-time startup advisor, and 20-time company board member | Uri Levine (co-founder of Waze): https://www.lennysnewsletter.com/p/lessons-from-uri-levine• IntelliJ: https://www.jetbrains.com/idea/• Julia: https://julialang.org/• Parallel computing: https://en.wikipedia.org/wiki/Parallel_computing• Douglas Chen on LinkedIn: https://www.linkedin.com/in/douglaspchen/• Carlos Delatorre on LinkedIn: https://www.linkedin.com/in/cadelatorre/• MongoDB: https://www.mongodb.com/• Cursor: https://www.cursor.com/• GitHub Copilot: https://github.com/features/copilot• Llama: https://www.llama.com/• Mistral: https://mistral.ai/• Building Lovable: $10M ARR in 60 days with 15 people | Anton Osika (CEO and co-founder): https://www.lennysnewsletter.com/p/building-lovable-anton-osika• Inside Bolt: From near-death to ~$40m ARR in 5 months—one of the fastest-growing products in history | Eric Simons (founder & CEO of StackBlitz): https://www.lennysnewsletter.com/p/inside-bolt-eric-simons• Behind the product: Replit | Amjad Masad (co-founder and CEO): https://www.lennysnewsletter.com/p/behind-the-product-replit-amjad-masad• React: https://react.dev/• Sonnet: https://www.anthropic.com/claude/sonnet• OpenAI: https://openai.com/• FedRamp: https://www.fedramp.gov/• Dario Amodei on LinkedIn: https://www.linkedin.com/in/dario-amodei-3934934/• Amdahl's law: https://en.wikipedia.org/wiki/Amdahl%27s_law• How to win in the AI era: Ship a feature every week, embrace technical debt, ruthlessly cut scope, and create magic your competitors can't copy | Gaurav Misra (CEO and co-founder of Captions): https://www.lennysnewsletter.com/p/how-to-win-in-the-ai-era-gaurav-misra—Recommended book:• Fall in Love with the Problem, Not the Solution: A Handbook for Entrepreneurs: https://www.amazon.com/Fall-Love-Problem-Solution-Entrepreneurs/dp/1637741987—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe

DOD aims to rein in spending on IT services contracts; GSA tech arm faces more workforce cuts

Play Episode Listen Later Apr 11, 2025 5:07

Secretary of Defense Pete Hegseth signed a memo Thursday ordering the termination of several IT services contracts and directing the Pentagon's chief information officer to draw up plans for in-sourcing, among other measures. The aim is to “cut wasteful spending” and “support the continued rationalization” of the Defense Department's IT enterprise, Hegseth wrote. The move comes amid a broader push by the Trump administration to implement Department of Government Efficiency (DOGE) initiatives across federal agencies. Hegseth's new memo to senior Pentagon leadership ordered the termination of contracts affecting a variety of DOD components, including a Defense Health Agency contract for consulting services; an Air Force contract to re-sell third party enterprise cloud IT services; a Navy contract for business process consulting services; and a Defense Advanced Research Projects Agency (DARPA) contract for IT helpdesk services. In a video released on social media touting these DOGE-related efforts, Hegseth estimated that those contract terminations would save the Pentagon approximately $1.8 billion, $1.4 billion, $500 million and $500 million, respectively. Another round of General Services Administration workforce cuts is hitting Technology Transformation Services, specifically within its Integrated Award Environment (IAE), Solutions, and Office of Regulatory and Oversight Systems (OROS) programs, sources confirmed to FedScoop. Under TTS, the Solutions platforms and services, front office, public experience and accelerators teams were all affected by the reductions, according to a source with knowledge of the situation. However, programs that are safe from the current — and widespread — reductions in force include FedRAMP, Login.gov and Cloud.gov, sources said. Additionally, TTS consulting, fellowships and front office are untouched as well. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.

MSP Regulations Shift: CMMC 2.0, FedRAMP Overhaul, UK Cyber Bill & AI Security Concerns

Play Episode Listen Later Apr 2, 2025 15:30

Michael Duffy, President Donald Trump's nominee for Undersecretary of Defense for Acquisition and Sustainment, has committed to reviewing the Pentagon's Cybersecurity Maturity Model Certification (CMMC) 2.0 if confirmed. This revamped program, effective since December, mandates that defense contractors handling controlled, unclassified information comply with specific cybersecurity standards to qualify for Department of Defense contracts. Concerns have been raised about the burden these regulations may impose on smaller firms, with a report indicating that over 50% of respondents felt unprepared for the program's requirements. Duffy aims to balance security needs with regulatory burdens, recognizing the vulnerability of small and medium-sized businesses in the face of cyber threats.In addition to the CMMC developments, the General Services Administration (GSA) is set to unveil significant changes to the Federal Risk Authorization Management Program (FedRAMP). The new plan for 2025 focuses on establishing standards and policies rather than approving cloud authorization packages, which previously extended the process for up to 11 months. The GSA intends to automate at least 80% of current requirements, allowing cloud service providers to demonstrate compliance more efficiently, while reducing reliance on external support services.Across the Atlantic, the UK government has announced a comprehensive cybersecurity and resilience bill aimed at strengthening defenses against cyber threats. This legislation will bring more firms under regulatory oversight, specifically targeting managed service providers (MSPs) that provide core IT services and have extensive access to client systems. The proposed regulations will enhance incident reporting requirements and empower the Information Commissioner's Office to proactively identify and mitigate cyber risks, setting higher expectations for cybersecurity practices among MSPs.The episode also discusses the implications of recent developments in AI and cybersecurity. With companies like SolarWinds, CloudFlare, and Red Hat enhancing their offerings, the integration of AI into business operations raises concerns about security and compliance. The ease of generating fake documents using AI tools poses a significant risk to industries reliant on document verification. As the landscape evolves, IT service providers must adapt by advising clients on updated compliance practices and strengthening their cybersecurity measures to address these emerging threats. Four things to know today 00:00 New Regulatory Shifts for MSPs: CMMC 2.0, FedRAMP Overhaul, and UK Cyber Security Bill05:21 CISA Cuts and Signal on Gov Devices: What Could Go Wrong?08:15 AI Solutions Everywhere! SolarWinds, Cloudflare, and Red Hat Go All In11:37 OpenAI's Image Generation Capabilities Raise Fraud Worries: How Businesses Should Respond Supported by: https://www.huntress.com/mspradio/https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship Join Dave April 22nd to learn about Marketing in the AI Era. Signup here: https://hubs.la/Q03dwWqg0 All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

GSA's overhaul of FedRAMP contingent on automation

director automation overhaul jason miller contingent general services administration fedramp pete waterman federal news network

Play Episode Listen Later Mar 26, 2025 7:35

Now more than ever, the long running cloud security program known as FedRAMP needsindustry's help. That was the message Monday from Pete Waterman, the Director of the Federal Risk Authorization management program FedRAMP at the General Services Administration. Here with what's going on, Federal News Network's executive editor, Jason Miller. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

GSA's overhaul of FedRAMP contingent on automation

director automation overhaul jason miller contingent general services administration fedramp pete waterman federal news network

Play Episode Listen Later Mar 26, 2025 8:20

Now more than ever, the long running cloud security program known as FedRAMP needs industry's help. That was the message Monday from Pete Waterman, the Director of the Federal Risk Authorization management program FedRAMP at the General Services Administration. Here with what's going on, Federal News Network's executive editor, Jason Miller. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Reflections from DOD's first-ever customer experience officer

ceo donald trump ai government management efficiency pg napa general services administration heckman deputy administrator fedramp

Play Episode Listen Later Mar 25, 2025 29:03

After serving for nearly 18 months as the Department of Defense's first-ever customer experience officer in the Office of the CIO, Savan Kong earlier this month parted ways with the Pentagon. Previously a member of the Defense Digital Service during his first tour of duty with the DOD, Kong helped build the department's CXO office from scratch, fostering a culture that prioritizes the needs of service members, civilians, and mission partners and striving to streamline governance processes, improve transparency, and ensure that IT solutions meet operational needs. Kong joins the Daily Scoop for a conversation to share the progress his office ushered in to improve customer experience for DOD's personnel, where things are headed under this administration and how AI will impact the CX space. FedRAMP is getting another overhaul, one that will involve far more automation and a greater role for the private sector, the program's chief announced Monday. Through FedRAMP 20x, the General Services Administration-based team focused on the program aims to simplify the authorization process and reduce the amount of time needed to approve a service from months to weeks, Director Pete Waterman said during an Alliance for Digital Innovation event. The private sector will also have increased responsibility over monitoring of their systems, he noted. In a critical change, agency sponsorship will — eventually — no longer be necessary to win authorization. As a first step, FedRAMP has launched four community working groups, which give the public a chance to share feedback, and focus on creating “innovative solutions” to formalize the program's standards. But in the meantime, Waterman said existing baselines will remain in place and there are no immediate changes to the program. The Office of Personnel Management and the departments of Treasury and Education are now barred from sharing individuals' personally identifiable information with DOGE representatives, a federal judge ruled Monday. Judge Deborah L. Boardman of the U.S. District Court for the District of Maryland said in her decision that in granting associates with Elon Musk's so-called government efficiency initiative access to systems containing plaintiffs' PII, the agencies “likely violated” the Privacy Act and the Administrative Procedure Act. The lawsuit was filed by the American Federation of Teachers, the International Association of Machinists and Aerospace Workers, the International Federation of Professional and Technical Engineers, the National Active and Retired Federal Employees Association, the National Federation of Federal Employees, and six military veterans. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.

100th Episode Special: Government Efficiency with Allison Brigati & Dan Heckman

The GovNavigators Show

Play Episode Listen Later Mar 24, 2025 27:34

This week, the GovNavigators welcome Allison Brigati, former Deputy Administrator of the General Services Administration, and Daniel Heckman, CEO of MSI Consulting, to share lessons learned from the first Trump administration's push for government efficiency. They discuss overcoming resistance to change, and harnessing automation and AI to modernize government functions. Additionally, they reflect on how these strategies could shape current reform efforts as we enter Trump's second term.Show NotesPresident's Management Agenda: Trump Administration(2018), Cap Goal 6 Pg. 32Events on the GovNavigators' RadarMarch 24: FedRAMP 2025 Discussion with Pete Waterman March 26-28: Coleridge Initiative's Annual ConveningMarch 28: NAPA's Standing Panel on Executive Organization and Management

Navigating the never-static cybersecurity landscape

Inside Angle

Play Episode Listen Later Mar 7, 2025 30:16

Cybersecurity is vital in today's cloud-based world. Learn about the journey Solventum took to StateRAMP and FedRAMP certification.

navigating landscape cybersecurity static fedramp

GSA reveals plans to reduce TTS tech services arm by 50%, eliminate non-statutory work; Former State Department CAIO Matthew Graviss joins Atlassian

Play Episode Listen Later Mar 7, 2025 4:26

All non-critical and non-statutorily required work will cease at the General Services Administration's Technology Transformation Services as part of a 50% reduction of the office, according to Director Thomas Shedd. In his prepared remarks for a Thursday afternoon town hall, which were obtained by FedScoop, Shedd said that to deliver technology at GSA in a “more focused and streamlined way,” moving forward TTS will support only work that is required by statute and policy, fits into the Trump administration's definition of critical, and is prioritized by the leadership at GSA “in accordance with the priorities of the administration.” Everything else will be eliminated, per Shedd, who said in his remarks that TTS will be smaller in size – at least 50% smaller. Additionally, any contracts that support the work that falls outside of the established bounds “will be terminated” and any job functions that are deemed non-essential will be cut. The prioritized and remaining TTS programs include Login.gov, FedRAMP, Cloud.gov, statutorily required websites, the Integrated Award Environment, the Office of Regulatory Oversight, the Centers of Excellence, the Presidential Innovation Fellowship Program, the U.S. Digital Corps, operations and other “special projects.” Australian-based software company Atlassian has tapped Matthew Graviss to be its first public sector chief technology officer following his recent departure as the State Department's top data and AI official. Although the role starts a new private sector chapter in Graviss's career, being the first person to establish a newly created position is familiar ground. During his time in the federal government, Graviss was the first-ever chief data officer at both the State Department and the Department of Homeland Security's U.S. Citizenship and Immigration Services. In an interview with FedScoop, Graviss said his role at Atlassian is an extension of that experience in that he'll again be codifying the responsibilities of the job, showing value and solving customer problems. Regardless of whether his role is in or out of the government, Graviss said “the delivery of better goods and services to citizens is contingent upon … an ecosystem of government employees, service providers, and solution providers.” The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.

Burnout Fuels IT Generalists; MSPs Navigate Security Needs and Nutanix's VMware Exodus

Stormâš¡ï¸Watch by GreyNoise Intelligence

Play Episode Listen Later Mar 5, 2025 15:20

The rise of IT generalists is becoming increasingly significant as the industry grapples with a growing talent gap. A recent report by Auvik reveals that a staggering 78% of IT professionals feel that work-related stressors hinder their ability to improve their skills, with 60% experiencing burnout. As baby boomers retire at an accelerated pace, the workload is shifting to senior employees, intensifying stress and workload issues. The report highlights the necessity for IT professionals to possess a broad range of knowledge across various IT functions, emphasizing the integration of artificial intelligence and automation to alleviate these challenges.Managed service providers (MSPs) are facing heightened security demands, yet there are concerns about whether clients are allocating their budgets effectively. A series of market reports indicate that organizations are managing an average of 45 cybersecurity tools, which calls for a streamlined approach to security controls. The landscape of cybersecurity is evolving, with a notable shift towards generative AI and the need for comprehensive strategies for machine identity and access management. MSPs are encouraged to help clients prioritize security investments based on risk rather than simply increasing spending.Recent product announcements from companies like Scion AG, Huntress, and Cisco reflect the industry's response to these challenges. Scion AG has launched Scion Guard360, a cybersecurity solution aimed at small and medium-sized enterprises, while Huntress introduced a sensitive data mode to aid compliance with the Cybersecurity Maturity Model Certification. Cisco's Meraki for Government solution has achieved FedRAMP authorization, underscoring the importance of compliance in enhancing security for federal agencies. These developments highlight the trend towards automation and AI-driven solutions in the security sector.The backlash against Broadcom's acquisition of VMware is resulting in significant financial gains for competitors like Nutanix and Scale Computing. Nutanix reported a 16% revenue increase, driven by customers seeking alternatives to VMware, while Scale Computing experienced a remarkable 400% growth in enterprise demand. This shift in buying behavior indicates that organizations are actively looking for new solutions, presenting an opportunity for IT consultants to guide clients through the migration process. As the market evolves, understanding alternatives to VMware could provide a competitive advantage for service providers. Four things to know today00:00 IT Generalists on the Rise: Auvik Report Highlights Burnout, Skills Gaps, and AI's Role04:32 MSPs Face Rising Security Demand—But Are Clients Spending in the Right Places? 08:51 Huntress, Cisco, and Cyan AG Roll Out New Security Features—Here's Why It Matters11:14 Big Wins for Nutanix and Scale Computing as VMware Customers Make Their Move Supported by: https://syncromsp.com/ Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

When AI Attacks: Taxpayer Data, Beijing's Chatbots & LLM Hallucinations

Play Episode Listen Later Feb 11, 2025 63:28

Forecast = Punxsutawney Phil saw his shadow, so we can expect continued Musk-y days ahead in these remaining DOGE days of Winter. ‍ In this week's episode of GreyNoise Storm⚡️Watch, we have a bit of an AI-theme. First, the Department of Government Efficiency (DOGE), led by Elon Musk, has sparked significant privacy and security concerns by accessing sensitive federal systems like Treasury databases and Education Department records through AI-driven analysis. Critics highlight undisclosed partnerships with vendors like Inventry.ai, which allegedly introduced algorithmic bias by disproportionately targeting diversity programs and climate initiatives while retaining fossil fuel subsidies. Cybersecurity experts warn about unvetted API integrations and data security risks, as Inventry.ai processed taxpayer information without proper FedRAMP authorization. These issues have led to bipartisan calls for stricter AI procurement rules and transparency mandates to rebuild public trust. Meanwhile, Chinese AI startup DeepSeek faces scrutiny over its claims of rivaling GPT-4 at lower costs, with analysts questioning its $5.6M training budget and geopolitical alignment. The models show systematic pro-China biases, refusing to answer 88% of sensitive questions about Tiananmen Square or Taiwan while promoting CCP narratives in responses. Security researchers flag its opaque training data—potentially using OpenAI outputs—and anti-debugging features that hinder independent audits. These concerns have triggered bans in Australia, South Korea, and U.S. agencies like NASA, with EU officials noting non-compliance with cybersecurity standards. On the defense front, Splunk's DECEIVE AI honeypot introduces innovative deception tech by letting users simulate systems via text prompts, democratizing access to advanced threat detection. While it offers dynamic behavioral analysis and safe sandboxing, security professionals caution about LLM hallucination risks that could tip off attackers and ethical questions around logging fabricated credentials. The open-source tool shows promise but remains untested against sophisticated adversaries. Rounding out the cybersecurity landscape, Censys research exposes the BADBOX botnet's infrastructure and BeyondTrust vulnerabilities, while VulnCheck highlights 2024's exploitation trends and Zyxel's unpatched telnet flaws; and GreyNoise's latest Noiseletter showcases new platform features + upcoming events. Storm Watch Homepage >> Learn more about GreyNoise >>

Trump administration scraps AI-focused framework for FedRAMP

spotify donald trump ai china washington joe biden soundcloud focused senators framework pentagon trump administration jd vance dod pete hegseth scraps defense department general services administration fedramp

Play Episode Listen Later Jan 27, 2025 3:25

The FedRAMP Emerging Technology Prioritization Framework, which was established last year to accelerate the use of systems like artificial intelligence in the federal cloud, has been eliminated as part of President Donald Trump's rescission of the Biden administration's AI executive order. A person with direct knowledge of the matter confirmed the program no longer existed. The Emerging Technology Prioritization Framework, which recently switched to a rolling application process, aimed to allow cloud service providers to request prioritization of cloud services associated with emerging technology in the FedRAMP authorization process. The framework's final draft was issued last summer, requiring interested cloud providers to apply for prioritization by the end of August 2024. The General Services Administration, which operates the FedRAMP program, said initial determinations would be announced the following month. Pete Hegseth, President Donald Trump's nominee to lead the Pentagon, was confirmed as the next secretary of defense after Vice President JD Vance cast the tiebreaking vote in the Senate Friday night. Senators voted 50-50 before Vance had to be called in to tip the balance. Hegseth will take the helm at the Defense Department as the DOD gears up for potential wars against high-tech adversaries such as China. During his confirmation process, Hegseth pledged that as defense secretary he would prioritize investments in AI, drones and counter-drone systems, among other technologies that he considers key to military modernization. Soon after his confirmation, Hegseth issued a message to the military on Saturday that expressed his intent to quickly field emerging capabilities to deter China and others. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.

Small Business Confidence Rises Amid IT Job Cuts and AI Growth

Community IT Innovators Nonprofit Technology Topics

Play Episode Listen Later Jan 21, 2025 13:32

The episode highlights a notable rise in small business optimism, with the National Federation of Independent Business reporting an optimism index of 105.1, the highest since October 2018. Despite this positive sentiment, challenges such as inflation and labor quality persist, with a significant percentage of business owners planning to raise compensation. The episode also touches on the impact of Donald Trump's presidency on channel partners, with many expecting positive outcomes from tariffs.Sobel delves into the ongoing shifts in the job market, particularly within the IT sector, where traditional roles are diminishing due to the rise of AI. The episode notes that while IT layoffs have slowed, the market has seen a contraction with nearly 71,000 jobs lost over two years. The World Economic Forum's report indicates that AI is creating new job opportunities, with a net gain of 2 million jobs expected by 2030. However, the episode warns of a decline in employee engagement, which has hit a 10-year low, emphasizing the importance of focusing on workforce development amidst these changes.The podcast also addresses the projected growth in worldwide IT spending, which is expected to rise to $5.61 trillion in 2025. However, Sobel cautions that much of this growth may be offset by price hikes, leading to a situation where customers may not see the benefits of increased spending. Key areas for investment include data center systems and software, with a significant uptick in AI usage among small and mid-sized businesses. The episode underscores the necessity for businesses to adapt and find ways to deliver more value to their customers despite rising costs.Finally, the episode covers recent regulatory changes, including President Trump's revocation of an AI safety order established by the previous administration. The FCC has introduced new cybersecurity rules, and FedRAMP is proposing to streamline requirements for cloud service providers. Sobel emphasizes the importance of staying informed about these regulatory shifts, as they will impact the tech landscape moving forward. The episode concludes with a reminder of the significance of understanding the evolving dynamics in the IT sector and the need for continuous learning and adaptation. Four things to know today 00:00 IT Layoffs Slow While Small Business Confidence Soars, But AI and Engagement Challenges Shape the Future04:34 Global IT Growth Drives AI Investment in SMBs, but Price Hikes Threaten Real Value in 2025 07:39 Regulation in Flux: Trump Revokes AI Safety Order as FCC and FedRAMP Push New Cybersecurity Measures09:52 CompTIA Layoffs Raise Questions About Private Equity's Role in Restructuring the Tech Certification Giant Supported by: https://timezest.com/mspradio/https://www.huntress.com/mspradio/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Using Google Groups with Steve Longenecker

Play Episode Listen Later Jan 10, 2025 38:14

If your organization uses Google Workspace you have access to Google Groups. Kind of like a listserv but so much better.What are Google Groups?If your nonprofit uses Google Workspace, you can use Google Groups to manage tasks via an email group, with granular controls and monitoring if you need it. Google Groups can improve security for email addresses like “donate@mynonprofit” or “info@mynonprofit” if that email directs to a group and is not its own account that's credentials could be hacked. Director of IT Consulting Steve Longenecker explains the ins and outs of using Google Groups and some issues to consider including Google's Fedramp certification if you are trying to use Google Groups with federal workers. Since few MSPs can help nonprofits using Google Workspace, please contact us if you have more questions we can help with. We know that so many nonprofit startups start using Google Workspace because it is easy. Some Key Takeaways:Google Groups works like a listserv, allowing multiple people to view and respond to group emails right from their inbox. No new tools needed like slack or discord. Keeping it simple can help your team or volunteers engage easily.Google Groups allows granular permissions and allows a manager to assign certain email threads to specific team members, so you can make sure all donation inquiries get a quick response, for example. Managers can get valuable insight into email thread status and team members can easily collaborate without checking and back-checking to see who is taking which inquiry.Google Groups can be useful in keeping volunteer groups organized and engaged. You can assign any email to Google Groups, making a partly external volunteer team more functional and making it easier for busy volunteers to participate, right from their inbox.Google Groups has many security features that make it preferable to listservs. And Listerv tools are becoming harder to find and manage. Everyone uses email – if you already use Google Workspace you have a listserv tool already available to you, for free, that has many features and security that listservs just don't have.Google Groups is relatively easy to set up and manage, and Google provides lots of helpful how-to tutorials and advice that are accessible to non-technical managers.If you are trying to use Google Groups with federal employees and encountering resistance, be aware that Google has Fedramp certification. This means your federal friends are allowed to use it from a security perspective.Google Groups is a tool you should consider if you are struggling to manage a team or volunteer group. It is easy to get started and easy to expand as you learn the capabilities. We know that few MSPs serving nonprofits are experts in Google Workspace. Community IT has developed expertise in Google Workspace support since we serve nonprofits exclusively, and so many nonprofits use this platform. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

google register managers google workspace msps using google fedramp longenecker google groups community it

Breaking into Government Contracts: Ekene's Journey from SAM.gov to Winning Deals

DoD Contract Academy

Play Episode Listen Later Dec 24, 2024 27:55

Get the GovClose Certification: https://www.govclose.com/sales-certification Join us as we talk to Ekene Imbata, founder of Facility Management Supplies and People, Inc., about his journey into government contracting. Kenny shares how he transitioned from running a software solutions business to securing his first contracts with the government. Learn about his strategic partnerships, insights into MRO products, and plans to expand into DoD and software contracts. Ekene is just getting started and If you're looking for inspiration to break into government sales, this is the episode for you! Timestamps: [00:00:00] Introduction to Kenny Imbata and His Business Journey Overview of Facility Management Supplies and People, Inc. Initial motivation to pursue government contracting. [00:00:45] Why Government Contracting? Discovering the government as the largest buyer. Importance of targeting higher-value clients. [00:06:00] Starting Small: Registration and Early Challenges Kenny's first steps on SAM.gov and early difficulties with software contracts. [00:08:30] Teaming Up for Success Partnering with an experienced company for MRO product contracts. How joint ventures and subcontracting can fast-track success. [00:12:00] Fine-Tuning the GovCon Process Focusing on niche markets to reduce competition. Targeting specific agencies like the Navy shipyards. [00:15:30] The Challenges of Pricing and Past Performance Understanding the importance of supplier relationships and profit margins. Strategies to secure past performance for future growth. [00:18:45] Expanding into DoD and Software Contracts Kenny's exploration of custom software solutions for government needs. Navigating cybersecurity requirements like FedRAMP and NIST. [00:24:00] Building Relationships and Long-Term Success Leveraging relationships with agencies and vendors for simplified acquisitions. Kenny's advice for aspiring GovCon professionals. [00:26:00] Final Thoughts and Advice for New GovCon Entrants Kenny's top takeaways from his journey. How to reach out to Kenny for advice or collaboration. Ekene's Linkedin Profile

PLTR: FOMO Stock of the Year?

TD Ameritrade Network

Play Episode Listen Later Dec 3, 2024 10:07

Palantir (PLTR) rallied again to yet another all-time high after receiving FedRAMP "high authorization" for its cloud services. How much higher can the stock soar? Mostly-neutral analyst reactions show doubt for a continuing bull run. Alex Coffey and Caroline Woods weigh if Palantir can keep up its 300%+ year-to-date rally. ======== Schwab Network ======== Empowering every investor and trader, every market day. Subscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribe Download the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185 Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7 Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watch Watch on Vizio - https://www.vizio.com/en/watchfreeplus-explore Watch on DistroTV - https://www.distro.tv/live/schwab-network/ Follow us on X – https://twitter.com/schwabnetwork Follow us on Facebook – https://www.facebook.com/schwabnetwork Follow us on LinkedIn - https://www.linkedin.com/company/schwab-network/ About Schwab Network - https://schwabnetwork.com/about

ios stock fomo palantir sling vizio fedramp pltr market minute palantir pltr

Ep 346: FedRAMP 101 Insights To Prepare For Certification

Game Changers for Government Contractors

Play Episode Listen Later Nov 25, 2024 26:34

In this episode of Game Changers for Government Contractors, host Michael LeJeune and cybersecurity expert Gary Daemer discuss FedRAMP, an essential certification for cloud service providers looking to sell to the federal government. With over 40 years of experience in cybersecurity, Gary provides a comprehensive overview of what FedRAMP entails, who needs it, and the challenges involved. Learn about the rigorous process, timelines, costs, and ongoing maintenance requirements for certification. Gary also shares strategic advice on whether pursuing FedRAMP is right for your business and tips for leveraging resources like SBIRs to offset costs. This episode is a must-listen for contractors aiming to enter or expand in the government market. ----- Frustrated with your government contracting journey? Join our group coaching community here: https://federal-access.com/gamechangers Grab my #1 bestselling book, "I'm New to Government Contract. Where Should I Start?" Here: https://amzn.to/4c5Vb0d

game changers frustrated certification government contracts government contractors fedramp

Kenny Scott (Paramify) \\ Automating Compliance's Tedious Grind

Found In The Rockies

Play Episode Listen Later Nov 13, 2024 60:00

In today's episode, Les talks with Kenny Scott, the founder of Paramify. Kenny shares his journey from initially disliking compliance and GRC work to eventually building a successful SaaS company that automates and streamlines these processes. He discusses his background in consulting and cybersecurity, his brief stint running a hedge fund, and the pivotal moment when he decided to create a solution to the pain points he experienced in the GRC space. Throughout the conversation, Kenny emphasizes the importance of relationships, prioritizing family, and leveraging technology to enable security professionals to focus on more strategic initiatives. Kenny talks about the importance of balancing work and family and predicts a future where AI will play a crucial role in enhancing cybersecurity. Here's a closer look at the episode: Kenny's background, mentioning his initial interest in finance and his transition to programming. Kenny discusses his career progression, including roles at Google, American Express, and Adobe, where he worked on organizational risk management. Kenny reflects on the challenges and rewards of his career, emphasizing the importance of solving real problems. Kenny's thoughts on the significance of governance, risk, and compliance (GRC) and the growing demand for security services. Kenny dives into the complexities of FedRAMP, explaining its purpose and the rigorous process involved. Kenny talks about the early days of Paramify, including the search for talented developers and the initial success with small startups. Kenny highlights the importance of relationships and the support from early clients like Palo Alto Networks. Kenny provides an update on Paramify's current status, including their FedRAMP High audit and the growth of their client base. Resources: Website: https://www.paramify.com/ Kenny LinkedIn: https://www.linkedin.com/in/kenny-g-scott/ Paramify LinkedIn: https://www.linkedin.com/company/paramify/ Kenny Twitter: https://x.com/kenny_g_scott

ai google business startups cybersecurity saas grind compliance adobe american express automating voiceamerica next frontier palo alto networks grc tedious fedramp

Guiding Organizations on the Next Steps in Their Compliance Journey | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | An A-LIGN Short Brand Innovation Story with Shreesh Bhattarai

Play Episode Listen Later Oct 31, 2024 7:13

The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization's unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN's experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.Learn more about A-LIGN: https://itspm.ag/a-lign-uz1wNote: This story contains promotional content. Learn more.Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/ResourcesLearn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lignLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Cybersecurity, Regulation, Liability, & Best Practices in Managed IT Services w/ Steven Cook