Podcasts about fedramp

Today on the Federal Drive with Terry Gerton A status report on the most expensive weapon system ever Looking at the Trump administration against its predecessors The FedRAMP cloud security program goes cloud nativeSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The FedRAMP program at the General Services Administration has enabled agencies to safely use commercial cloud computing for more than a decade. Last month the GSA launched an update called FedRAMP 20-X. It's designed to make it easier and faster for vendors to get the authorization they need to take on federal customers. For how it looks to industry, we turn to the founder and CEO of RegScale, Travis Howerton.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In this pre-event Brand Story On Location conversation recorded live from RSAC Conference 2025, Emily Long, Co-Founder and CEO of Edera, and Kaylin Trychon, Head of Communications, introduce a new approach to container security—one that doesn't just patch problems, but prevents them entirely.Edera, just over a year old, is focused on reimagining how containers are built and run by taking a hardware-up approach rather than layering security on from the top down. Their system eliminates lateral movement and living-off-the-land attacks from the outset by operating below the kernel, resulting in simplified, proactive protection across cloud and on-premises environments.What's notable is not just the technology, but the philosophy behind it. As Emily explains, organizations have grown accustomed to the limitations of containerization and the technical debt that comes with it. Edera challenges this assumption by revisiting foundational virtualization principles, drawing inspiration from technologies like Xen hypervisors, and applying them in modern ways to support today's use cases, including AI and GPU-driven environments.Kaylin adds that this design-first approach means security isn't bolted on later—it's embedded from the start. And yet, it's done without disruption. Teams don't need to scrap what they have or undertake complex rebuilds. The system works with existing environments to reduce complexity and ease compliance burdens like FedRAMP.For those grappling with infrastructure pain points—whether you're in product security, DevOps, or infrastructure—this conversation is worth a listen. Edera's vision is bold, but their delivery is practical. And yes, you'll find them roaming the show floor in bold pink—“mobile booth,” zero fluff.Listen to the episode to hear what it really means to be “secure by design” in the age of AI and container sprawl.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guests: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/Kaylin Trychon, Head of Communications, Edera | https://www.linkedin.com/in/kaylintrychon/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:emily long, kaylin trychon, sean martin, marco ciappelli, containers, virtualization, cloud, infrastructure, security, fedramp, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Dan Lorenc is the Co-founder and CEO of Chainguard, the safe source for open source.The internet runs on free, open source software. But as its risen in popularity, its become the latest attack point targeted by hackers and nation states.This conversation with Dan gets into the history of open source software, cloud computing, Linux, the software supply chain, how AI will impact it, and what the next big cyber attack will look like.Dan is an engineer, but he also loves sales and go-to-market. We unpack how Chainguard went from zero to 150 customers and a $40m ARR in two years.Chainguard just announced a $350 million Series D led by Kleiner and IVP, and Dan unpacks the round, plus shares his secret methodology for valuing the company.A big thank you to Dan's Co-founder Kim Lewandowski, to Clay Fischer @ Spark, Bogomil Balkansky & Andrew Reed @ Sequoia, and Tom Loverro @ IVP for their help brainstorming topics for Dan.Thanks to Numeral for supporting this episode, the end-to-end platform for sales tax and compliance. Try it here: https://bit.ly/NumeralThePeelTimestamps:(3:26) A safe source for open source(4:57) The software supply chain(7:19) Can you trust open source code with contributors in Russia?(9:43) Malware attack that almost took down the entire internet(12:40) What the next big cyber attack will look like(15:12) How will AI impact the software supply chain(17:53) The history of cloud computing(21:42) Why all cloud computing runs on Linux(23:16) How Linux + Linux distros work(29:28) Automating open source security(32:43) Chainguard roadmap: Libraries and VMs(36:40) Focusing on FedRAMP(42:44) Impact of DOGE(44:06) Zero to $40m ARR in two years(45:40) Learning to love sales as a technical founder(47:24) Lessons from Frank Slootman(51:15) How to create urgency in sales(53:16) How to build a sales team(58:23) Hiring Ryan Carlson from Wiz & Okta(1:01:45) Inside Chainguard's $350m Series D(1:07:41) Vibe coding + Dan's software stack(1:09:51) Cutting his hair in front of the entire company(1:10:27) Wearing a different suit to each board meeting(1:12:32) Bogomil, world's best SDRReferencedCheck out Chainguard: https://www.chainguard.dev/Jobs at Chainguard: https://www.chainguard.dev/careersPrior episode with Dan: https://www.youtube.com/watch?v=AC4cOJ9n_Z8Linux Origin Email: https://www.reddit.com/r/linux/comments/mmmlh3/linux_has_a_interested_history_this_is_one_of/The Qualified Sales Leader: https://www.amazon.com/Qualified-Sales-Leader-Proven-Lessons/dp/0578895064Julius, AI data analysis: https://julius.ai/Claude Code: https://www.anthropic.com/claude-codeWorld's best SDR: https://x.com/BogieBalkansky/status/19132697148828143502025 Chainguard Assemble Keynote: https://www.youtube.com/watch?v=adfU9LJg3I0Follow DanTwitter: https://x.com/lorenc_danLinkedIn: https://www.linkedin.com/in/danlorenc/Follow TurnerTwitter: https://twitter.com/TurnerNovakLinkedIn: https://www.linkedin.com/in/turnernovakSubscribe to my newsletter to get every episode + the transcript in your inbox every week: https://www.thespl.it/

Varun Mohan is the co-founder and CEO of Windsurf (formerly Codeium), an AI-powered development environment (IDE) that has been used by over 1 million developers in just four months and has quickly emerged as a leader in transforming how developers build software. Prior to finding success with Windsurf, the company pivoted twice—first from GPU virtualization infrastructure to an IDE plugin, and then to their own standalone IDE.In this conversation, you'll learn:1. Why Windsurf walked away from a profitable GPU infrastructure business and bet the company on helping engineers code2. The surprising UI discovery that tripled adoption rates overnight.3. The secret behind Windsurf's B2B enterprise plan, and why they invested early in an 80-person sales team despite conventional startup wisdom.4. How non-technical staff at Windsurf built their own custom tools instead of purchasing SaaS products, saving them over $500k in software costs5. Why Varun believes 90% of code will be AI-generated, but engineering jobs will actually increase6. How training on millions of incomplete code samples gives Windsurf an edge, and creates a moat long-term7. Why agency is the most undervalued and important skill in the AI era—Brought to you by:• Brex—The banking solution for startups• Productboard—Make products that matter• Coda—The all-in-one collaborative workspace—Where to find Varun Mohan:• X: https://x.com/_mohansolo• LinkedIn: https://www.linkedin.com/in/varunkmohan/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Varun's background(03:57) Building and scaling Windsurf(12:58) Windsurf: The new purpose-built IDE to harness magic(17:11) The future of engineering and AI(21:30) Skills worth investing in(23:07) Hiring philosophy and company culture(35:22) Sales strategy and market position(39:37) JetBrains vs. VS Code: extensibility and enterprise adoption(41:20) Live demo: building an Airbnb for dogs with Windsurf(42:46) Tips for using Windsurf effectively(46:38) AI's role in code modification and review(48:56) Empowering non-developers to build custom software(54:03) Training Windsurf(01:00:43) Windsurf's unique team structure and product strategy(01:06:40) The importance of continuous innovation(01:08:57) Final thoughts and advice for aspiring developers—Referenced:• Windsurf: https://windsurf.com/• VS Code: https://code.visualstudio.com/• JetBrains: https://www.jetbrains.com/• Eclipse: https://eclipseide.org/• Visual Studio: https://visualstudio.microsoft.com/• Vim: https://www.vim.org/• Emacs: https://www.gnu.org/software/emacs/• Lessons from a two-time unicorn builder, 50-time startup advisor, and 20-time company board member | Uri Levine (co-founder of Waze): https://www.lennysnewsletter.com/p/lessons-from-uri-levine• IntelliJ: https://www.jetbrains.com/idea/• Julia: https://julialang.org/• Parallel computing: https://en.wikipedia.org/wiki/Parallel_computing• Douglas Chen on LinkedIn: https://www.linkedin.com/in/douglaspchen/• Carlos Delatorre on LinkedIn: https://www.linkedin.com/in/cadelatorre/• MongoDB: https://www.mongodb.com/• Cursor: https://www.cursor.com/• GitHub Copilot: https://github.com/features/copilot• Llama: https://www.llama.com/• Mistral: https://mistral.ai/• Building Lovable: $10M ARR in 60 days with 15 people | Anton Osika (CEO and co-founder): https://www.lennysnewsletter.com/p/building-lovable-anton-osika• Inside Bolt: From near-death to ~$40m ARR in 5 months—one of the fastest-growing products in history | Eric Simons (founder & CEO of StackBlitz): https://www.lennysnewsletter.com/p/inside-bolt-eric-simons• Behind the product: Replit | Amjad Masad (co-founder and CEO): https://www.lennysnewsletter.com/p/behind-the-product-replit-amjad-masad• React: https://react.dev/• Sonnet: https://www.anthropic.com/claude/sonnet• OpenAI: https://openai.com/• FedRamp: https://www.fedramp.gov/• Dario Amodei on LinkedIn: https://www.linkedin.com/in/dario-amodei-3934934/• Amdahl's law: https://en.wikipedia.org/wiki/Amdahl%27s_law• How to win in the AI era: Ship a feature every week, embrace technical debt, ruthlessly cut scope, and create magic your competitors can't copy | Gaurav Misra (CEO and co-founder of Captions): https://www.lennysnewsletter.com/p/how-to-win-in-the-ai-era-gaurav-misra—Recommended book:• Fall in Love with the Problem, Not the Solution: A Handbook for Entrepreneurs: https://www.amazon.com/Fall-Love-Problem-Solution-Entrepreneurs/dp/1637741987—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe

Secretary of Defense Pete Hegseth signed a memo Thursday ordering the termination of several IT services contracts and directing the Pentagon's chief information officer to draw up plans for in-sourcing, among other measures. The aim is to “cut wasteful spending” and “support the continued rationalization” of the Defense Department's IT enterprise, Hegseth wrote. The move comes amid a broader push by the Trump administration to implement Department of Government Efficiency (DOGE) initiatives across federal agencies. Hegseth's new memo to senior Pentagon leadership ordered the termination of contracts affecting a variety of DOD components, including a Defense Health Agency contract for consulting services; an Air Force contract to re-sell third party enterprise cloud IT services; a Navy contract for business process consulting services; and a Defense Advanced Research Projects Agency (DARPA) contract for IT helpdesk services. In a video released on social media touting these DOGE-related efforts, Hegseth estimated that those contract terminations would save the Pentagon approximately $1.8 billion, $1.4 billion, $500 million and $500 million, respectively. Another round of General Services Administration workforce cuts is hitting Technology Transformation Services, specifically within its Integrated Award Environment (IAE), Solutions, and Office of Regulatory and Oversight Systems (OROS) programs, sources confirmed to FedScoop. Under TTS, the Solutions platforms and services, front office, public experience and accelerators teams were all affected by the reductions, according to a source with knowledge of the situation. However, programs that are safe from the current — and widespread — reductions in force include FedRAMP, Login.gov and Cloud.gov, sources said. Additionally, TTS consulting, fellowships and front office are untouched as well. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

In this episode of "Scrappy ABM," host Mason Cosby responds to a newsletter request from Shaughn, who is targeting security and compliance organizations requiring FedRAMP authorized signatures. Mason breaks down a strategic approach for standing out in a competitive market by leveraging a company's unique differentiators.Best Moments:(00:32) Introduction to Sean's specific ABM challenge in the electronic signature space(01:19) The importance of leveraging FedRAMP authorization as a market differentiator(02:11) Developing an "onlyness statement" based on unique value propositions(02:39) How to identify your true differentiators by asking customers why they buy(03:30) Using the account progression model to highlight specific problems you solve(04:58) Creating buyer enablement content to help champions sell internally(05:40) Warning against claiming "onlyness" publicly without true differentiation(07:29) Recommendation to focus on one department (HR, procurement, or legal) initially

Michael Duffy, President Donald Trump's nominee for Undersecretary of Defense for Acquisition and Sustainment, has committed to reviewing the Pentagon's Cybersecurity Maturity Model Certification (CMMC) 2.0 if confirmed. This revamped program, effective since December, mandates that defense contractors handling controlled, unclassified information comply with specific cybersecurity standards to qualify for Department of Defense contracts. Concerns have been raised about the burden these regulations may impose on smaller firms, with a report indicating that over 50% of respondents felt unprepared for the program's requirements. Duffy aims to balance security needs with regulatory burdens, recognizing the vulnerability of small and medium-sized businesses in the face of cyber threats.In addition to the CMMC developments, the General Services Administration (GSA) is set to unveil significant changes to the Federal Risk Authorization Management Program (FedRAMP). The new plan for 2025 focuses on establishing standards and policies rather than approving cloud authorization packages, which previously extended the process for up to 11 months. The GSA intends to automate at least 80% of current requirements, allowing cloud service providers to demonstrate compliance more efficiently, while reducing reliance on external support services.Across the Atlantic, the UK government has announced a comprehensive cybersecurity and resilience bill aimed at strengthening defenses against cyber threats. This legislation will bring more firms under regulatory oversight, specifically targeting managed service providers (MSPs) that provide core IT services and have extensive access to client systems. The proposed regulations will enhance incident reporting requirements and empower the Information Commissioner's Office to proactively identify and mitigate cyber risks, setting higher expectations for cybersecurity practices among MSPs.The episode also discusses the implications of recent developments in AI and cybersecurity. With companies like SolarWinds, CloudFlare, and Red Hat enhancing their offerings, the integration of AI into business operations raises concerns about security and compliance. The ease of generating fake documents using AI tools poses a significant risk to industries reliant on document verification. As the landscape evolves, IT service providers must adapt by advising clients on updated compliance practices and strengthening their cybersecurity measures to address these emerging threats. Four things to know today 00:00 New Regulatory Shifts for MSPs: CMMC 2.0, FedRAMP Overhaul, and UK Cyber Security Bill05:21 CISA Cuts and Signal on Gov Devices: What Could Go Wrong?08:15 AI Solutions Everywhere! SolarWinds, Cloudflare, and Red Hat Go All In11:37 OpenAI's Image Generation Capabilities Raise Fraud Worries: How Businesses Should Respond  Supported by:  https://www.huntress.com/mspradio/https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship  Join Dave April 22nd to learn about Marketing in the AI Era.  Signup here:  https://hubs.la/Q03dwWqg0 All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Now more than ever, the long running cloud security program known as FedRAMP needs industry's help. That was the message Monday from Pete Waterman, the Director of the Federal Risk Authorization management program FedRAMP at the General Services Administration. Here with what's going on, Federal News Network's executive editor, Jason Miller. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Now more than ever, the long running cloud security program known as FedRAMP needsindustry's help. That was the message Monday from Pete Waterman, the Director of the Federal Risk Authorization management program FedRAMP at the General Services Administration. Here with what's going on, Federal News Network's executive editor, Jason Miller. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

After serving for nearly 18 months as the Department of Defense's first-ever customer experience officer in the Office of the CIO, Savan Kong earlier this month parted ways with the Pentagon. Previously a member of the Defense Digital Service during his first tour of duty with the DOD, Kong helped build the department's CXO office from scratch, fostering a culture that prioritizes the needs of service members, civilians, and mission partners and striving to streamline governance processes, improve transparency, and ensure that IT solutions meet operational needs. Kong joins the Daily Scoop for a conversation to share the progress his office ushered in to improve customer experience for DOD's personnel, where things are headed under this administration and how AI will impact the CX space. FedRAMP is getting another overhaul, one that will involve far more automation and a greater role for the private sector, the program's chief announced Monday. Through FedRAMP 20x, the General Services Administration-based team focused on the program aims to simplify the authorization process and reduce the amount of time needed to approve a service from months to weeks, Director Pete Waterman said during an Alliance for Digital Innovation event. The private sector will also have increased responsibility over monitoring of their systems, he noted. In a critical change, agency sponsorship will — eventually — no longer be necessary to win authorization. As a first step, FedRAMP has launched four community working groups, which give the public a chance to share feedback, and focus on creating “innovative solutions” to formalize the program's standards. But in the meantime, Waterman said existing baselines will remain in place and there are no immediate changes to the program. The Office of Personnel Management and the departments of Treasury and Education are now barred from sharing individuals' personally identifiable information with DOGE representatives, a federal judge ruled Monday. Judge Deborah L. Boardman of the U.S. District Court for the District of Maryland said in her decision that in granting associates with Elon Musk's so-called government efficiency initiative access to systems containing plaintiffs' PII, the agencies “likely violated” the Privacy Act and the Administrative Procedure Act. The lawsuit was filed by the American Federation of Teachers, the International Association of Machinists and Aerospace Workers, the International Federation of Professional and Technical Engineers, the National Active and Retired Federal Employees Association, the National Federation of Federal Employees, and six military veterans. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

This week, the GovNavigators welcome Allison Brigati, former Deputy Administrator of the General Services Administration, and Daniel Heckman, CEO of MSI Consulting, to share lessons learned from the first Trump administration's push for government efficiency. They discuss overcoming resistance to change, and harnessing automation and AI to modernize government functions. Additionally, they reflect on how these strategies could shape current reform efforts as we enter Trump's second term.Show NotesPresident's Management Agenda: Trump Administration(2018), Cap Goal 6 Pg. 32Events on the GovNavigators' RadarMarch 24: FedRAMP 2025 Discussion with Pete Waterman March 26-28: Coleridge Initiative's Annual ConveningMarch 28: NAPA's Standing Panel on Executive Organization and Management

Cybersecurity is vital in today's cloud-based world. Learn about the journey Solventum took to StateRAMP and FedRAMP certification.

All non-critical and non-statutorily required work will cease at the General Services Administration's Technology Transformation Services as part of a 50% reduction of the office, according to Director Thomas Shedd. In his prepared remarks for a Thursday afternoon town hall, which were obtained by FedScoop, Shedd said that to deliver technology at GSA in a “more focused and streamlined way,” moving forward TTS will support only work that is required by statute and policy, fits into the Trump administration's definition of critical, and is prioritized by the leadership at GSA “in accordance with the priorities of the administration.” Everything else will be eliminated, per Shedd, who said in his remarks that TTS will be smaller in size – at least 50% smaller. Additionally, any contracts that support the work that falls outside of the established bounds “will be terminated” and any job functions that are deemed non-essential will be cut. The prioritized and remaining TTS programs include Login.gov, FedRAMP, Cloud.gov, statutorily required websites, the Integrated Award Environment, the Office of Regulatory Oversight, the Centers of Excellence, the Presidential Innovation Fellowship Program, the U.S. Digital Corps, operations and other “special projects.” Australian-based software company Atlassian has tapped Matthew Graviss to be its first public sector chief technology officer following his recent departure as the State Department's top data and AI official. Although the role starts a new private sector chapter in Graviss's career, being the first person to establish a newly created position is familiar ground. During his time in the federal government, Graviss was the first-ever chief data officer at both the State Department and the Department of Homeland Security's U.S. Citizenship and Immigration Services. In an interview with FedScoop, Graviss said his role at Atlassian is an extension of that experience in that he'll again be codifying the responsibilities of the job, showing value and solving customer problems. Regardless of whether his role is in or out of the government, Graviss said “the delivery of better goods and services to citizens is contingent upon … an ecosystem of government employees, service providers, and solution providers.” The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The rise of IT generalists is becoming increasingly significant as the industry grapples with a growing talent gap. A recent report by Auvik reveals that a staggering 78% of IT professionals feel that work-related stressors hinder their ability to improve their skills, with 60% experiencing burnout. As baby boomers retire at an accelerated pace, the workload is shifting to senior employees, intensifying stress and workload issues. The report highlights the necessity for IT professionals to possess a broad range of knowledge across various IT functions, emphasizing the integration of artificial intelligence and automation to alleviate these challenges.Managed service providers (MSPs) are facing heightened security demands, yet there are concerns about whether clients are allocating their budgets effectively. A series of market reports indicate that organizations are managing an average of 45 cybersecurity tools, which calls for a streamlined approach to security controls. The landscape of cybersecurity is evolving, with a notable shift towards generative AI and the need for comprehensive strategies for machine identity and access management. MSPs are encouraged to help clients prioritize security investments based on risk rather than simply increasing spending.Recent product announcements from companies like Scion AG, Huntress, and Cisco reflect the industry's response to these challenges. Scion AG has launched Scion Guard360, a cybersecurity solution aimed at small and medium-sized enterprises, while Huntress introduced a sensitive data mode to aid compliance with the Cybersecurity Maturity Model Certification. Cisco's Meraki for Government solution has achieved FedRAMP authorization, underscoring the importance of compliance in enhancing security for federal agencies. These developments highlight the trend towards automation and AI-driven solutions in the security sector.The backlash against Broadcom's acquisition of VMware is resulting in significant financial gains for competitors like Nutanix and Scale Computing. Nutanix reported a 16% revenue increase, driven by customers seeking alternatives to VMware, while Scale Computing experienced a remarkable 400% growth in enterprise demand. This shift in buying behavior indicates that organizations are actively looking for new solutions, presenting an opportunity for IT consultants to guide clients through the migration process. As the market evolves, understanding alternatives to VMware could provide a competitive advantage for service providers. Four things to know today00:00 IT Generalists on the Rise: Auvik Report Highlights Burnout, Skills Gaps, and AI's Role04:32 MSPs Face Rising Security Demand—But Are Clients Spending in the Right Places? 08:51 Huntress, Cisco, and Cyan AG Roll Out New Security Features—Here's Why It Matters11:14 Big Wins for Nutanix and Scale Computing as VMware Customers Make Their Move  Supported by:  https://syncromsp.com/  Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Forecast = Punxsutawney Phil saw his shadow, so we can expect continued Musk-y days ahead in these remaining DOGE days of Winter. ‍ In this week's episode of GreyNoise Storm⚡️Watch, we have a bit of an AI-theme. First, the Department of Government Efficiency (DOGE), led by Elon Musk, has sparked significant privacy and security concerns by accessing sensitive federal systems like Treasury databases and Education Department records through AI-driven analysis. Critics highlight undisclosed partnerships with vendors like Inventry.ai, which allegedly introduced algorithmic bias by disproportionately targeting diversity programs and climate initiatives while retaining fossil fuel subsidies. Cybersecurity experts warn about unvetted API integrations and data security risks, as Inventry.ai processed taxpayer information without proper FedRAMP authorization. These issues have led to bipartisan calls for stricter AI procurement rules and transparency mandates to rebuild public trust. Meanwhile, Chinese AI startup DeepSeek faces scrutiny over its claims of rivaling GPT-4 at lower costs, with analysts questioning its $5.6M training budget and geopolitical alignment. The models show systematic pro-China biases, refusing to answer 88% of sensitive questions about Tiananmen Square or Taiwan while promoting CCP narratives in responses. Security researchers flag its opaque training data—potentially using OpenAI outputs—and anti-debugging features that hinder independent audits. These concerns have triggered bans in Australia, South Korea, and U.S. agencies like NASA, with EU officials noting non-compliance with cybersecurity standards. On the defense front, Splunk's DECEIVE AI honeypot introduces innovative deception tech by letting users simulate systems via text prompts, democratizing access to advanced threat detection. While it offers dynamic behavioral analysis and safe sandboxing, security professionals caution about LLM hallucination risks that could tip off attackers and ethical questions around logging fabricated credentials. The open-source tool shows promise but remains untested against sophisticated adversaries. Rounding out the cybersecurity landscape, Censys research exposes the BADBOX botnet's infrastructure and BeyondTrust vulnerabilities, while VulnCheck highlights 2024's exploitation trends and Zyxel's unpatched telnet flaws; and GreyNoise's latest Noiseletter showcases new platform features + upcoming events. Storm Watch Homepage >> Learn more about GreyNoise >>  

The FedRAMP Emerging Technology Prioritization Framework, which was established last year to accelerate the use of systems like artificial intelligence in the federal cloud, has been eliminated as part of President Donald Trump's rescission of the Biden administration's AI executive order. A person with direct knowledge of the matter confirmed the program no longer existed. The Emerging Technology Prioritization Framework, which recently switched to a rolling application process, aimed to allow cloud service providers to request prioritization of cloud services associated with emerging technology in the FedRAMP authorization process. The framework's final draft was issued last summer, requiring interested cloud providers to apply for prioritization by the end of August 2024. The General Services Administration, which operates the FedRAMP program, said initial determinations would be announced the following month. Pete Hegseth, President Donald Trump's nominee to lead the Pentagon, was confirmed as the next secretary of defense after Vice President JD Vance cast the tiebreaking vote in the Senate Friday night. Senators voted 50-50 before Vance had to be called in to tip the balance. Hegseth will take the helm at the Defense Department as the DOD gears up for potential wars against high-tech adversaries such as China. During his confirmation process, Hegseth pledged that as defense secretary he would prioritize investments in AI, drones and counter-drone systems, among other technologies that he considers key to military modernization. Soon after his confirmation, Hegseth issued a message to the military on Saturday that expressed his intent to quickly field emerging capabilities to deter China and others. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The episode highlights a notable rise in small business optimism, with the National Federation of Independent Business reporting an optimism index of 105.1, the highest since October 2018. Despite this positive sentiment, challenges such as inflation and labor quality persist, with a significant percentage of business owners planning to raise compensation. The episode also touches on the impact of Donald Trump's presidency on channel partners, with many expecting positive outcomes from tariffs.Sobel delves into the ongoing shifts in the job market, particularly within the IT sector, where traditional roles are diminishing due to the rise of AI. The episode notes that while IT layoffs have slowed, the market has seen a contraction with nearly 71,000 jobs lost over two years. The World Economic Forum's report indicates that AI is creating new job opportunities, with a net gain of 2 million jobs expected by 2030. However, the episode warns of a decline in employee engagement, which has hit a 10-year low, emphasizing the importance of focusing on workforce development amidst these changes.The podcast also addresses the projected growth in worldwide IT spending, which is expected to rise to $5.61 trillion in 2025. However, Sobel cautions that much of this growth may be offset by price hikes, leading to a situation where customers may not see the benefits of increased spending. Key areas for investment include data center systems and software, with a significant uptick in AI usage among small and mid-sized businesses. The episode underscores the necessity for businesses to adapt and find ways to deliver more value to their customers despite rising costs.Finally, the episode covers recent regulatory changes, including President Trump's revocation of an AI safety order established by the previous administration. The FCC has introduced new cybersecurity rules, and FedRAMP is proposing to streamline requirements for cloud service providers. Sobel emphasizes the importance of staying informed about these regulatory shifts, as they will impact the tech landscape moving forward. The episode concludes with a reminder of the significance of understanding the evolving dynamics in the IT sector and the need for continuous learning and adaptation. Four things to know today 00:00 IT Layoffs Slow While Small Business Confidence Soars, But AI and Engagement Challenges Shape the Future04:34 Global IT Growth Drives AI Investment in SMBs, but Price Hikes Threaten Real Value in 2025 07:39 Regulation in Flux: Trump Revokes AI Safety Order as FCC and FedRAMP Push New Cybersecurity Measures09:52 CompTIA Layoffs Raise Questions About Private Equity's Role in Restructuring the Tech Certification Giant  Supported by:  https://timezest.com/mspradio/https://www.huntress.com/mspradio/   All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

If your organization uses Google Workspace you have access to Google Groups. Kind of like a listserv but so much better.What are Google Groups?If your nonprofit uses Google Workspace, you can use Google Groups to manage tasks via an email group, with granular controls and monitoring if you need it. Google Groups can improve security for email addresses like “donate@mynonprofit” or “info@mynonprofit” if that email directs to a group and is not its own account that's credentials could be hacked. Director of IT Consulting Steve Longenecker explains the ins and outs of using Google Groups and some issues to consider including Google's Fedramp certification if you are trying to use Google Groups with federal workers. Since few MSPs can help nonprofits using Google Workspace, please contact us if you have more questions we can help with. We know that so many nonprofit startups start using Google Workspace because it is easy. Some Key Takeaways:Google Groups works like a listserv, allowing multiple people to view and respond to group emails right from their inbox. No new tools needed like slack or discord. Keeping it simple can help your team or volunteers engage easily.Google Groups allows granular permissions and allows a manager to assign certain email threads to specific team members, so you can make sure all donation inquiries get a quick response, for example. Managers can get valuable insight into email thread status and team members can easily collaborate without checking and back-checking to see who is taking which inquiry.Google Groups can be useful in keeping volunteer groups organized and engaged. You can assign any email to Google Groups, making a partly external volunteer team more functional and making it easier for busy volunteers to participate, right from their inbox.Google Groups has many security features that make it preferable to listservs. And Listerv tools are becoming harder to find and manage. Everyone uses email – if you already use Google Workspace you have a listserv tool already available to you, for free, that has many features and security that listservs just don't have.Google Groups is relatively easy to set up and manage, and Google provides lots of helpful how-to tutorials and advice that are accessible to non-technical managers.If you are trying to use Google Groups with federal employees and encountering resistance, be aware that Google has Fedramp certification. This means your federal friends are allowed to use it from a security perspective.Google Groups is a tool you should consider if you are struggling to manage a team or volunteer group. It is easy to get started and easy to expand as you learn the capabilities. We know that few MSPs serving nonprofits are experts in Google Workspace. Community IT has developed expertise in Google Workspace support since we serve nonprofits exclusively, and so many nonprofits use this platform.  _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Get the GovClose Certification: https://www.govclose.com/sales-certification Join us as we talk to Ekene Imbata, founder of Facility Management Supplies and People, Inc., about his journey into government contracting. Kenny shares how he transitioned from running a software solutions business to securing his first contracts with the government. Learn about his strategic partnerships, insights into MRO products, and plans to expand into DoD and software contracts.   Ekene is just getting started and If you're looking for inspiration to break into government sales, this is the episode for you! Timestamps: [00:00:00] Introduction to Kenny Imbata and His Business Journey Overview of Facility Management Supplies and People, Inc. Initial motivation to pursue government contracting. [00:00:45] Why Government Contracting? Discovering the government as the largest buyer. Importance of targeting higher-value clients. [00:06:00] Starting Small: Registration and Early Challenges Kenny's first steps on SAM.gov and early difficulties with software contracts. [00:08:30] Teaming Up for Success Partnering with an experienced company for MRO product contracts. How joint ventures and subcontracting can fast-track success. [00:12:00] Fine-Tuning the GovCon Process Focusing on niche markets to reduce competition. Targeting specific agencies like the Navy shipyards. [00:15:30] The Challenges of Pricing and Past Performance Understanding the importance of supplier relationships and profit margins. Strategies to secure past performance for future growth. [00:18:45] Expanding into DoD and Software Contracts Kenny's exploration of custom software solutions for government needs. Navigating cybersecurity requirements like FedRAMP and NIST. [00:24:00] Building Relationships and Long-Term Success Leveraging relationships with agencies and vendors for simplified acquisitions. Kenny's advice for aspiring GovCon professionals. [00:26:00] Final Thoughts and Advice for New GovCon Entrants Kenny's top takeaways from his journey. How to reach out to Kenny for advice or collaboration. Ekene's Linkedin Profile    

Palantir (PLTR) rallied again to yet another all-time high after receiving FedRAMP "high authorization" for its cloud services. How much higher can the stock soar? Mostly-neutral analyst reactions show doubt for a continuing bull run. Alex Coffey and Caroline Woods weigh if Palantir can keep up its 300%+ year-to-date rally. ======== Schwab Network ======== Empowering every investor and trader, every market day. Subscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribe Download the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185 Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7 Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watch Watch on Vizio - https://www.vizio.com/en/watchfreeplus-explore Watch on DistroTV - https://www.distro.tv/live/schwab-network/ Follow us on X – https://twitter.com/schwabnetwork Follow us on Facebook – https://www.facebook.com/schwabnetwork Follow us on LinkedIn - https://www.linkedin.com/company/schwab-network/ About Schwab Network - https://schwabnetwork.com/about

In this episode of Game Changers for Government Contractors, host Michael LeJeune and cybersecurity expert Gary Daemer discuss FedRAMP, an essential certification for cloud service providers looking to sell to the federal government. With over 40 years of experience in cybersecurity, Gary provides a comprehensive overview of what FedRAMP entails, who needs it, and the challenges involved. Learn about the rigorous process, timelines, costs, and ongoing maintenance requirements for certification. Gary also shares strategic advice on whether pursuing FedRAMP is right for your business and tips for leveraging resources like SBIRs to offset costs. This episode is a must-listen for contractors aiming to enter or expand in the government market. ----- Frustrated with your government contracting journey? Join our group coaching community here: https://federal-access.com/gamechangers Grab my #1 bestselling book, "I'm New to Government Contract. Where Should I Start?" Here: https://amzn.to/4c5Vb0d

In an era of escalating digital threats, cybersecurity compliance goes beyond ticking a legal box - it's a crucial shield safeguarding assets, reputation, and the very survival of your business. What is the most common pain point facing businesses these days? Is it supply chain fragility? Fierce competition? Tight cashflows? Or is it the rising and relentless tide of cyberattacks? Evidence and analysts suggest it's often the latter. As cyberthreats show no signs of slowing down, both small and large organizations increasingly recognize that cybersecurity is no longer optional. What's more, governments and regulatory agencies have also caught onto its importance, especially when it concerns organizations that operate in sectors that are critical to a nation's national infrastructure. The result? An expanding set of compliance requirements that feel daunting but are essential for a country's smooth operations and public security. Forms of compliance For starters, we need to distinguish between two types of compliance - compulsory and voluntary, as each brings its own set of requirements. Compulsory compliance encompasses regulations enforced by state-level or state-adjacent agencies and targeting companies operating in critical infrastructure sectors, such as healthcare, transport, and energy. For example, a company working with patient data in the US must abide by the Health Insurance Portability and Accountability Act (HIPAA), a federal regulation, to maintain patient data privacy across state lines. On the other hand, voluntary compliance means that businesses apply for specific certifications and standards that identify them as experts within a particular field or qualify some of their products as fulfilling a standard. For example, a company seeking environmental credibility might apply for ISO 14001 certification that demonstrates its commitment to environment-friendly practices. However, every company needs to recognize that compliance isn't a one-time effort. Every standard, or another "bit of compliance", requires additional resources since these processes require consistent monitoring and budget allocations (even ISO certifications require regular re-certification). Cybersecurity compliance - not only for security vendors A company that doesn't conform to compulsory compliance can face hefty fines. Incidents such as data breaches or ransomware attacks can result in extensive costs, but evidence of a failure to comply with mandated security measures can ultimately cause the final bill to go "through the roof". The specific cybersecurity regulations an organization needs to abide by depend on the type of industry the company operates in, and how important the security of its internal data is to privacy, data security, or critical infrastructure acts. Do also note that many regulatory acts and certifications are region-specific. Furthermore, depending on what customers, clients, or partners a business wants to attract, it is wise to apply for a specific certificate to qualify for a contract. For example, if a company wants to work with the US federal government, it needs to apply for the FedRAMP certificate, demonstrating its competence in protecting federal data. At any rate, compliance needs to be built into the foundations of any business strategy. As regulatory requirements keep rising in the future, well-prepared companies will have an easier time adapting to the changes, With compliance being measured continuously, this can save organizations significant resources and enable their growth in the long run. Key cybersecurity acts and frameworks Let's now have a quick rundown on some of the most important cybersecurity regulatory acts and frameworks: Health Insurance Portability and Accountability Act (HIPAA) This regulatory act covers the handling of patient information in hospitals and other healthcare facilities. It represents a set of standards that are designed to protect confidential patient health data from be...

In today's episode, Les talks with Kenny Scott, the founder of Paramify. Kenny shares his journey from initially disliking compliance and GRC work to eventually building a successful SaaS company that automates and streamlines these processes. He discusses his background in consulting and cybersecurity, his brief stint running a hedge fund, and the pivotal moment when he decided to create a solution to the pain points he experienced in the GRC space. Throughout the conversation, Kenny emphasizes the importance of relationships, prioritizing family, and leveraging technology to enable security professionals to focus on more strategic initiatives. Kenny talks about the importance of balancing work and family and predicts a future where AI will play a crucial role in enhancing cybersecurity. Here's a closer look at the episode: Kenny's background, mentioning his initial interest in finance and his transition to programming. Kenny discusses his career progression, including roles at Google, American Express, and Adobe, where he worked on organizational risk management. Kenny reflects on the challenges and rewards of his career, emphasizing the importance of solving real problems. Kenny's thoughts on the significance of governance, risk, and compliance (GRC) and the growing demand for security services. Kenny dives into the complexities of FedRAMP, explaining its purpose and the rigorous process involved. Kenny talks about the early days of Paramify, including the search for talented developers and the initial success with small startups. Kenny highlights the importance of relationships and the support from early clients like Palo Alto Networks. Kenny provides an update on Paramify's current status, including their FedRAMP High audit and the growth of their client base. Resources: Website: https://www.paramify.com/ Kenny LinkedIn: https://www.linkedin.com/in/kenny-g-scott/ Paramify LinkedIn: https://www.linkedin.com/company/paramify/ Kenny Twitter: https://x.com/kenny_g_scott

Confused about Microsoft 365 and DFARS/CMMC compliance?In this episode, I speak with Richard Wakeman, Chief Architect for cybersecurity of Aerospace & Defense @ Microsoft!We discuss the history of the government clouds, the need behind GCC and GCC High, and much more!Here are some highlights:The origins of the Microsoft cloudsWhich clouds support DFARS 7012 complianceWhen will GCC High be FedRAMP authorized?CUI enclave considerationsRichard is a wealth of knowledge, and I have personally benefited from his compliance blog articles since at least 2020!If you are currently operating in the Microsoft cloud or are trying to decide which Microsoft cloud to buy, you won't want to miss this!Were you aware that GCC High isn't FedRAMP authorized yet? What about Microsoft 365 commercial not being compliant with DFARS 7012?Whatever your thoughts are, let me know!Follow Richard on LinkedIn: https://www.linkedin.com/in/wakeman/Microsoft Cloud compliance article: https://techcommunity.microsoft.com/t5/public-sector-blog/understanding-compliance-between-commercial-government-dod-amp/ba-p/4225436Microsoft 365 Roadmap: https://www.microsoft.com/en-us/microsoft-365/roadmap-----------Thanks to our sponsor Vanta!Want to save time filling out security questionnaires?Experience questionnaire automation here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e36&utm_campaign=courses

The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization's unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN's experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.Learn more about A-LIGN: https://itspm.ag/a-lign-uz1wNote: This story contains promotional content. Learn more.Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/ResourcesLearn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lignLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization's unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN's experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.Learn more about A-LIGN: https://itspm.ag/a-lign-uz1wNote: This story contains promotional content. Learn more.Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/ResourcesLearn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lignLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode, Intel Federal CTO Steve Orrin discusses securing edge devices, enabling trusted AI, and navigating cybersecurity challenges in the public sector. Discover strategies for protecting sensitive data, complying with regulations, and ensuring the trustworthiness of cutting-edge technologies critical to government missions.

In October 2024, the final CMMC rule was published in the CFR and will be in effect 60 days from the published date.  After many comments received, this final rule is making all contractors ask a lot of questions.  We already knew the three levels of CMMC, NIST Standards, FISMA and FedRAMP compliance, but the question is how will CMMC roll out and what is the cost of compliance?   Listen to what the rule says and what can be challenges to you and your business as a prime, as a sub or as just as a supplier within the supply chain of the Defense Industrial Base (DIB). 

Host Dave Sobel engages in a thought-provoking conversation with Steven Cook, the owner of Strategic IT Services, a managed service provider (MSP) specializing in cybersecurity. Steven shares insights into the diverse range of services his organization offers, from general technical support to cybersecurity and disaster recovery. With a focus on co-managed IT, Steven explains how his company assists businesses of varying sizes, from solopreneurs to larger organizations in regulated sectors like finance and energy.The discussion delves into the impact of regulations on customer needs, particularly in the energy sector, where recent political changes have significantly affected income streams. Steven highlights the challenges faced by small businesses in maintaining IT services, often opting for minimal or no support, which raises concerns about cybersecurity risks. He emphasizes the importance of having a baseline level of security measures in place, such as endpoint detection and response, to protect sensitive information and maintain operational continuity.As the conversation progresses, the topic shifts to the evolving landscape of cybersecurity regulations, including the rollout of CMMC 2.0 and the implications of FedRAMP certification for software vendors. Steven expresses his expectation that demand for compliance with these standards will increase, particularly as more MSPs and MSSPs serve defense-related industries. He notes that while some vendors have yet to prioritize FedRAMP certification, there is a growing need for businesses to adopt security measures that meet regulatory requirements.Finally, Steven shares his perspective on the liability of software providers in the context of cybersecurity incidents. He argues that while vendors like CrowdStrike bear some responsibility for their products, the onus also falls on businesses and IT implementers to follow best practices in deploying technology. This includes implementing phased rollouts and testing updates in controlled environments. The episode concludes with a call for clearer regulations and standards to protect businesses and their customers from the increasing threat of cyberattacks. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

This week, Ryan Connell sits down with cybersecurity expert Chris Hughes, CEO of Aquia, a veteran-owned cloud and cybersecurity digital services firm. Chris brings two decades of experience from the federal IT space, sharing insights on everything from AI adoption in the government to the importance of continuous ATO. Chris dives into the challenges and opportunities of experimenting with new technologies, the balance between security and usability, and the evolving landscape of cybersecurity compliance in the DoD. Whether you're a tech professional, a government contractor, or someone interested in the future of defense technology, this episode is packed with valuable perspectives and actionable takeaways. TIMESTAMPS: (0:49) Chris's journey in federal IT and cyber (2:25) Diving into cybersecurity practices (4:33) Balancing “build vs. buy” in cybersecurity (12:30) A deep dive on FedRAMP and ATO (16:45) How to leverage AI for cybersecurity (18:13) Navigating software supply chain security (20:57) How to overcome software supply chain security challenges (27:30) If Chris was king of Dod for the day, what would he change? LINKS: Follow Ryan: https://www.linkedin.com/in/ryan-connell-8413a03a/ Follow Chris: https://www.linkedin.com/in/resilientcyber/ Aquia: https://www.aquia.us/ CDAO: https://www.ai.mil/ Tradewinds: https://www.tradewindai.com/

DORA - the EU's Digital Operational Resiliency Act - will take effect in January of 2025 and is currently top of mind for IT Leaders across all financial service institutions that operate in the European Union. But what is DORA really? Why is this important? How can institutions meet the DORA requirements? What is the role of observability, automation and AI in all of this?To answer all those and more questions we invited Kay Young, Sr Principal Product Manager at Dynatrace, who has been working with organizations around the globe that have been tasked to implement regulations such as DORA, GDPR, FedRAMP or others.In our conversation we also touch base on the third-party risk management as well as resiliency testing and incident reporting.Resources we discussed:Kay's LinkedIn Profile: https://www.linkedin.com/in/karlien-young-4a156730/What is DORA blog: https://www.dynatrace.com/news/blog/what-is-dora/Taming DORA compliance: https://www.dynatrace.com/news/blog/taming-dora-compliance-with-ai-observability-and-security/Blog on Dynatrace's DORA compliance journey: https://www.dynatrace.com/news/blog/the-dynatrace-journey-toward-dora-compliance/Beyond DORA compliance: https://www.dynatrace.com/news/blog/dora-how-dynatrace-helps-the-financial-sector-stay-resilient/

The FedRAMP program has been around for over a decade and has recently released a host of new policies and resources, including a new roadmap, a refreshed OMB policy memo, two different pilots, an emerging technology prioritization framework, an a request for public comment on new metrics. Zaree Singer, Agency Engagement Lead at the FedRAMP program at GSA joins the GovNavigators Show to talk about the new and refurbished FedRAMP program. Show NotesFedRAMP RoadmapEmerging Technology Prioritization FrameworkFedRAMP Agile Delivery PilotRefreshed OMB Policy MemoFedRAMP Metrics for Public CommentNews LinksWSJ: Cheetos Turning Mice TranslucentOMB Issues Guidance to Advance the Responsible Acquisition of AI in GovernmentGAO: OMB Needs a Structure to Govern and a Plan to Develop a Comprehensive InventoryWash Post: After bungling financial aid process, Ed Dept. begins testing new FAFSAFed News Network: Rep. Mace questions GSA's plan for replacing FedRAMP JABEvents on the GovNavigators' RadarPSC: 2024 Defense Conference (10/8/24)ACT-IAC: Cybersecurity Summit and U.S. Cyber Challenge Awards Ceremony 2024 (10/9/24)AFCEA Bethesda: Kickin' It with Energy: A Conversation With Leadership (10/10/24)Abundance Conference (10/9/24 - 10/10/24)

The rollout of Windows 11 version 24H2 introduces a range of AI-powered features, such as enhanced Energy Saver, improved Bluetooth LE audio support, and Wi-Fi 7 compatibility. Notably, Microsoft has integrated Rust into the Windows kernel and introduced new functionalities for its CoPilot AI, which now includes natural voice interaction and daily news summarization. However, the update also marks the end of support for Windows Mixed Reality headsets, as Microsoft shifts its focus away from hardware in the mixed reality space.Host Dave Sobel highlights Microsoft's decision to cease production of the HoloLens 2 and its partnership with Meta, indicating a strategic pivot towards software integration with Meta's Quest headsets. This move reflects a broader trend in the tech industry, where companies are increasingly prioritizing AI-driven productivity tools. Sobel emphasizes the importance of data management for businesses looking to leverage these new AI capabilities effectively, suggesting that many customers may not be prepared to utilize these tools without a solid data foundation.The episode also covers OpenAI's introduction of a public beta for its Realtime API, which allows developers to create applications that facilitate natural conversations with AI chatbots. This new API supports low-latency, multimodal features, enhancing voice interactions and enabling seamless communication across languages. Additionally, Liquid AI has launched its Liquid Foundation Models, which are non-transformer AI models designed for improved performance and memory efficiency, potentially lowering infrastructure costs for clients running large-scale AI applications.Finally, Sobel discusses Kaseya's commitment to achieving FedRAMP authorization for its ITComplete platform, which aims to support managed service providers (MSPs) with compliance requirements. This initiative is particularly significant as it addresses the growing need for compliance in government contracts. The episode concludes with a call for IT solution providers to participate in Service Leadership's annual compensation survey, which aims to provide insights into compensation trends and help organizations optimize their recruitment strategies. Three things to know today 00:00 Windows 11 Update Brings AI Features as Microsoft Exits Mixed Reality Hardware with HoloLens05:05 OpenAI Expands Voice Integration with Realtime API, While Liquid AI Launches Efficient Non-Transformer Models07:10 Kaseya Aims for FedRAMP Authorization as Service Leadership Opens IT Compensation Survey  Supported by:  https://www.coreview.com/msphttps://mspradio.com/engage/  Event: www.smbTechFest.com/Go/Sobel    All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

If you provide (or want to provide) innovative cloud products or services to federal agencies, then you'll need to consider FedRAMP.Today, Neil McDonnell interviews Zyad Nabbus, Principal of DataLock Consulting Group to share his lessons learned as a FedRAMP accredited Third Party Assessment Organization (3PAO).✅ In this training, GovCon Chamber president Neil McDonnell explainsWhat is FedRAMP and what are the various roles involvedWho should care about FedRAMPHow to make the FedRAMP process easier to speed your product to productionWHAT IS FEDRAMP?The Federal Risk and Authorization Management Program (FedRAMP®) was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP empowers agencies to use modern cloud technologies, with an emphasis on security and protection of federal information.ABOUT OUR GUEST: Zyad Nabbus A Cybersecurity Firm Focused on Securing Mission-Critical Systems, Protecting Supply Chains, and Safeguarding Digital Assets Within Federal Agencies, While Ensuring Regulatory Compliance.✅ Join us on LinkedIn to build your network and engaging other in the largest Government Contracting community online.–––––––––––––––––––––––––HOST | Neil McDonnellpresident GovCon Chamber of Commerce and co-founder of GovCon in a Boxhttps://www.linkedin.com/in/neil-mcdonnell/Small business owners trust Neil to show them HOW to earn federal government contracts and subcontracts. A passionate 'evangelist' for business development in the federal marketplace, Neil has helped 1000s of small business contractors collectively win over $3B (federal contract value).A small business contractor in the tech space for 25+ years, Neil successfully won contracts worth hundreds of millions for the Department of Defense and civilian agencies, includingUS Army • US Navy • US Air Force • HHS • VA • White House • Departments of Education, Transportation, Interior and Energy and numerous large prime contractors✅ SPONSORED BY GOVCON IN A BOX | www.GOVCONinaBox.comGovCon in a Box is a FREE AI Community Resource for small business government contractors (launched July 2024)Maximize your visibility to federal buyers by getting a '100 Visibliity Score'Find teammates who want to work with youGettting daily updates of RFIs in your sweet spotRespond to opportunities that you can winSee consolidated data from USA Spending, FDPS, and DSBSwww.GOVCONinaBox.com

  https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com FedRAMP was launched fourteen years ago; today we get an update on metrics and use cases to help companies considering certification. James Leach has been immersed in the world of FedRAMP since the beginning. Today, he gives listeners insight on navigating the FedRAMP compliance process. Commercial companies understand, in detail, the business problem they can solve. For some reason, when it comes to the federal government, they think they can “copy and paste” a business case and have it resonate. When they apply, they may reference a single-threaded business case without federal business. Or they may promote an on-premises model and not include a cloud reference. Finally, organizations may dive into a hybrid cloud environment where it is a challenge to get sponsors. First, one must do business with an agency and understand their requirements in detail; they will have different priorities from a regular “for profit” company. You will also need an agency to sponsor your application. Once these basic hurdles are achieved, then one can begin to study cloud reference architecture. During the interview, James Leach gave several guidelines. >> You need to understand FedRAMP more as a maturity model than a checklist for compliance. >> You need to understand the controls but, more importantly, how the mandates are implemented. Commercial companies can expend considerable resources to achieve FedRAMP certification, only to get frustrated in the end. FedRAMP is not a walk in the park and must be taken seriously.

General Service Administration Executive Director of Cloud Strategy Eric Mill briefed updates for the newly focused FedRAMP program and associated advisories for cloud service providers. FedRAMP's Agile Delivery Pilot will help prepare the program for continuous assessments, a key part of FedRAMP 2.0's evolution. He also previews FedRAMP's Emerging Technology Prioritization Framework that will soon enable agencies to use generative AI. Mill discusses the agency's new automation hub, automation.gsa.gov, supporting cloud service providers creating and managing digital authorization packages. He also shares his priorities around real-time data sharing, APIs and secure software development.

Pete Waterman, a former Technology Modernization Fund adviser and U.S. Digital Services engineer, has been tapped as the new FedRAMP director, the General Services Administration announced in an internal email Monday. His appointment comes after he served at GSA as a senior technical adviser for TMF until earlier this year. Waterman, who officially started Monday, will report to Lauren Bracey Scheidt, assistant commissioner of the agency's Technology and Transformation Services Office of Solutions, and work to “build on the FedRAMP team's considerable transformation momentum, and guide program strategy for 2025 and beyond.” The Biden administration is reporting major progress in its quest to deploy half a million public chargers by the end of the decade. The Energy Department on Tuesday said that there were now more than 192,000 public charging ports available throughout the country and that since the start of President Joe Biden's term, the number of public EV chargers has doubled. The announcement of those milestones came as the government announced more than half a billion dollars to nearly 30 states, two tribes and Washington, D.C. to build even more charging infrastructure. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

This week's episode covers DOD's proposed rule regarding Cybersecurity Maturity Model Certification 2.0, DOJ's new Corporate Whistleblower Awards Pilot Program, and an OMB memo that proposes updates to FedRAMP, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

Federal agencies with highly sensitive workloads now have the opportunity to use OpenAI GPT-4o. Microsoft announced that it received FedRAMP High accreditation to offer the OpenAI generative AI platform through its Azure Government cloud. The FedRAMP High designation denotes that the OpenAI services have met a higher security threshold to work with sensitive civilian datasets, including those in the fields of health care, law enforcement, finance and emergency response, among others. The General Services Administration has a health robotic process automation program, but in some cases, those bots are putting data and systems at risk, the agency's inspector general found in a recent audit. In a new report, GSA's Office of the Inspector General stated that the agency's RPA program did not comply with IT security requirements to “ensure bots are operating securely and properly.” The watchdog found a slew of security issues with the bots ranging from the agency not establishing a process for removing access to decommissioned bots to a lack of monitoring and reporting bot-related activity. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

Ransomware attacks have prompted legislative action to classify such cyber offenses alongside terrorism. A provision authored by Sen. Mark Warner, D-Va., included in the annual intelligence authorization act, seeks to combat the surge in ransomware by naming specific gangs and designating host nations as 'state sponsors of ransomware,' subjecting them to potential U.S. sanctions. Although the U.S. Justice Department has previously prioritized ransomware investigations similarly to terrorism, this proposal would be the first law to formally link ransomware to terrorism. However, its effectiveness is debated among experts due to the complex ties between ransomware actors and their host states. In other news, the Department of State is conducting market research on customizable large language models (LLMs) that could enhance its handling of classified and unclassified data. This initiative is part of an effort to identify available AI tools that meet stringent security requirements, including the Defense Department's Impact Level 6 and moderate-level FedRAMP authorization. This reflects the department's strategic approach to augmenting its diplomatic missions with advanced technology. The Department of Health and Human Services (HHS) is restructuring its technological and AI responsibilities, transferring these from the Assistant Secretary for Administration to the Office of the National Coordinator for Health Information Technology (ONC), now also designated as the Assistant Secretary for Technology Policy. FedScoop's Madison Alder sits down with Micky Tripathi, head of ONC and the new Assistant Secretary for Technology Policy, to discuss the reorganization's goals to enhance departmental AI and tech strategies and improve integration across HHS's diverse agencies. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

In the current landscape of AI sentiment analysis, there are challenges faced by organizations in justifying the costs of generative AI projects. While executives expect AI to boost productivity, employees report feeling overwhelmed and experiencing burnout due to increased workloads. This discrepancy between leaders and employees underscores the need for organizations to invest in AI implementation, leverage freelance talent, and rethink productivity metrics to address these issues effectively.The episode also delves into the findings of the 2024 Stack Overflow Developer Survey, revealing a widening gap between the increasing use of AI tools by developers and their trust in the accuracy of these tools. Concerns around misinformation, data attribution, and bias contribute to the lack of trust in AI systems. Despite these concerns, developers do not see AI as a job threat, with JavaScript remaining the most popular programming language and AWS leading in cloud platforms.Furthermore, the discussion touches on the evolving landscape of IT and privacy policy, with a focus on the modernization of the Federal Risk and Authorization Management Program (FedRAMP) and recent court rulings on border searches. The modernization of FedRAMP aims to enhance cloud security authorization processes, driving government-wide digital transformation and IT modernization. Additionally, the court ruling emphasizes the importance of warrants for searches, safeguarding privacy rights protected by the First and Fourth Amendments.Lastly, the episode explores Microsoft's response to the CrowdStrike outage, where 8.5 million PCs were affected by a faulty update. Microsoft is considering restricting third-party access to the Windows kernel to enhance system reliability and security. This incident underscores the importance of software quality and system resilience, prompting discussions around kernel access policies. The episode concludes with a call for technology advancements and a reminder of the significance of software quality in ensuring system reliability. Three things to know today00:00 AI Sentiment Analysis: Addressing the Gaps Between Business Leaders and Employees, Product Use and Trust04:17 FedRAMP Modernization and Court Ruling on Border Searches Highlight Major IT and Privacy Policy Shifts06:15 Microsoft's Security Strategy: Lessons from CrowdStrike Outage and Potential Kernel Access Restrictions  Supported by:  https://movebot.io/mspradio/   All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

The White House will issue final FedRAMP modernization guidance on Friday, addressing changes in the cloud market and agency needs for diverse mission delivery. The guidance aims to reform the cloud security authorization program by focusing on strategic goals, including rigorous reviews and swift mitigation of security weaknesses by cloud service providers. The memo emphasizes an automated process for security assessments to reduce participant burden and speed up cloud solution implementation. Agencies and the General Services Administration (GSA) have deadlines ranging from 180 days to two years to align with the new requirements, ensuring continuous monitoring and the use of Open Secure Control Assessment Language (OSCAL). In other news, the Department of Health and Human Services (HHS) announced a major reorganization of its technology policy functions. The chief technology, data, and AI officer roles will move from the Assistant Secretary for Administration to the Office of the National Coordinator for Health Information Technology (ONC), now also titled Assistant Secretary for Technology Policy (ASTP/ONC). The 405(d) Program will transfer to the Administration for Strategic Preparedness and Response. HHS Secretary Xavier Becerra stated the reorganization aims to clarify and consolidate critical functions, preparing the department for future challenges. The new ASTP/ONC office will also seek to fill permanent roles for chief technology, AI, and data officers. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

Just days after it was revealed that the FBI used software from Israeli firm Cellebrite to break into the phone of the man who shot former President Donald Trump, the company announced a strategic acquisition to expand its U.S. government work. Cellebrite purchased Cyber Technology Services Inc. and is establishing Cellebrite Federal Solutions, aiming to boost U.S. operations and engage more federal departments. The company is close to announcing a federal agency sponsorship for a FedRAMP cloud accreditation, expected in 2025. Cellebrite already holds contracts with several federal agencies, including Immigration and Customs Enforcement, the Secret Service, and the Defense Department. In other news, the Department of Veterans Affairs (VA) is transitioning online users to Login.gov or ID.me sign-ins to access benefits and health care service accounts. This change will impact three million veterans and beneficiaries, who will no longer use usernames or passwords for My HealtheVet after January 2025. The VA aims to enhance security and provide a more user-friendly experience. Kurt DelBene, the VA's assistant secretary for IT and chief information officer, emphasized that the transition is about empowering veterans with a modernized online experience. This move aligns with the Biden administration's efforts to safeguard veteran data and improve federal customer service.

As federal agencies patiently await final modernization guidance from the Office of Management and Budget (OMB), the Federal Risk and Authorization Management Program (FedRAMP) finds itself navigating through a transitional period. Congressman Gerry Connolly (D-Va.), a staunch advocate for federal IT modernization and the author of the FedRAMP Authorization Act, voiced his concerns about the program's current limbo, attributed to the absence of OMB's final guidance and exacerbated by factors like agency backlogs and the unfilled directorial role at FedRAMP. Despite these hurdles, Connolly highlighted several positive strides, noting that the situation has evolved from 'the inferno' to a more stable 'limbo.' He remains hopeful about FedRAMP's trajectory and ongoing reforms, such as the Emerging Technology Prioritization Framework spearheaded by the General Services Administration. Simultaneously, the White House is advocating for a substantial increase in cybersecurity budgets across federal agencies to fortify the nation's defenses, aligning with the broader goals of the Biden administration's national cyber strategy. In a pivotal memo, OMB Director Shalanda Young and National Cyber Director Harry Coker Jr. called for agency budget requests to include significant enhancements to cyber defenses, including the adoption of zero-trust architectures and the bolstering of open-source software security. The memo underscores the critical need for investments in department-wide, enterprise solutions to unify cybersecurity efforts across various mission areas, facilitating better information sharing and bolstering the nation's resilience against burgeoning cyber threats.

The General Services Administration (GSA) has launched a new initiative to prioritize generative AI technologies in the FedRAMP cloud authorization process, aligning with a 2023 executive order. This effort focuses on accelerating the approval of AI capabilities such as chat interfaces, code generation, and image generators to enhance their integration into government systems. Additionally, the Chief Data Officers (CDO) Council is facing significant challenges due to the absence of essential Phase Two guidance from the Office of Management and Budget (OMB), which is necessary for implementing effective data governance practices. Despite these hurdles, the CDO Council continues to support federal agencies in managing and disseminating data effectively, underscoring ongoing efforts to incorporate advanced technologies and robust data management within the federal government.

In this episode of The Daily Scoop Podcast, Eric Mill, GSA's Executive Director for Cloud Strategy, shares comprehensive updates on the modernization of the FedRAMP program, including strategic hires and a new partnership approach aligned with the Department of Defense to enhance cloud authorizations. Additionally, the episode delves into a recent DHS report that discusses the imperative of mitigating AI's potential threats in chemical and biological security. It also features insights from a Cisco Talos report on a Chinese cyberespionage group targeting international ministries and embassies, showcasing the evolving landscape of global cybersecurity threats.

- For those don't know your background or Nucleus Security, can you start by telling us a bit about both?- You have experience and a background in the Federal environment, and Nucleus recently achieved their FedRAMP authorization, can you tell us a bit about that process?- When you look at the Federal/Defense/IC VulnMgt landscape, what are some of the biggest problems from your experience and where do you think innovative products and solutions can help?- Going broader, we have seen a recent uptick in the interest around VulnMgt, and looking to modernize the way we do things. What do you think is driving this recent focus on VulnMgt and what major innovations or disruptions in the space do you see underway?- What do you feel helps differentiate Nucleus Security from some of the other competitors we see in this space focusing on this problem?- We're seeing a big push for Secure-by-Design software, which of course deals with driving down vulnerabilities, and repeated classes of vulnerabilities. What's your take on this push and do you see it being effective?

- For those don't know your background or Nucleus Security, can you start by telling us a bit about both?- You have experience and a background in the Federal environment, and Nucleus recently achieved their FedRAMP authorization, can you tell us a bit about that process?- When you look at the Federal/Defense/IC VulnMgt landscape, what are some of the biggest problems from your experience and where do you think innovative products and solutions can help?- Going broader, we have seen a recent uptick in the interest around VulnMgt, and looking to modernize the way we do things. What do you think is driving this recent focus on VulnMgt and what major innovations or disruptions in the space do you see underway?- What do you feel helps differentiate Nucleus Security from some of the other competitors we see in this space focusing on this problem?- We're seeing a big push for Secure-by-Design software, which of course deals with driving down vulnerabilities, and repeated classes of vulnerabilities. What's your take on this push and do you see it being effective?

Victoria Guido hosts Robbie Holmes, the founder and CEO of Holmes Consulting Group. The conversation kicks off with Robbie recounting his initial foray into the tech world at a small web hosting company named A1 Terabit.net, chosen for its alphabetical advantage in the white pages. This job was a stepping stone to a more significant role at Unisys, working for the state of New York's Department of Social Services, where Robbie inadvertently ventured into civic tech and public interest technology. Robbie shares his career progression from supporting welfare systems in New York to becoming a technological liaison between the city and state, leading to a deeper involvement in open-source solutions. His journey through tech spaces includes developing websites, diving into the Drupal community, and eventually establishing his consulting business. Robbie emphasizes the serendipitous nature of his career path, influenced significantly by community involvement and networking rather than a planned trajectory. Additionally, Robbie gives insights on the impact of technology in public services and his stint with the U.S. Digital Service (USDS), where he contributed to significant projects like vets.gov. Robbie promotes the value of community engagement in shaping one's career, stressing how connections and being in the right place at the right time can lead to unexpected opportunities and career pivots. Follow Robbie Holmes on LinkedIn (https://www.linkedin.com/in/robbiethegeek/), X (https://twitter.com/RobbieTheGeek), Facebook (https://www.facebook.com/robbiethegeek), Instagram (https://www.instagram.com/robbiethegeek), or GitHub (https://github.com/robbiethegeek). Check out his website at robbiethegeek (https://about.me/robbiethegeek). Follow thoughtbot on X (https://twitter.com/thoughtbot) or LinkedIn (https://www.linkedin.com/company/150727/). Transcript: VICTORIA: This is the Giant Robots Smashing Into Other Giant Robots podcast, where we explore the design, development, and business of great products. I'm your host, Victoria Guido. And with me today is Robbie Holmes, Founder and CEO of Holmes Consulting Group. Robbie, thank you for joining me. ROBBIE: I'm so happy to be here. It's great to talk to you, Victoria. VICTORIA: Yes. I have known you for a long time now, but I don't know everything about you. So, I thought I would start with the question: What was your first job that you ever had? ROBBIE: My first technical job, I ended up working for an internet web hosting company called A1 Terabit.net. And note the A1 because it came first in the white pages. It was a really small web hosting company run by a man named [SP] Maxim Avrutsky. I worked there for about six months before I submitted my resume to an online job forum. That's how old I am. And it ended up in the hands of Unisys, where I eventually worked for the state of New York. VICTORIA: Wow [laughs]. So, what a journey that you've been on to get from starting there, and what a marketing ploy back in the day with the white pages. So, tell me a little bit more about how you went from that first job to where you are today with having your own business in consulting. ROBBIE: Yeah, I wasn't even aware that I was jumping into the sort of civic tech space and public interest technology because the job I ended up with was working for New York State in the Department of Social Services. And welfare is federally funded and distributed to states and then states to localities. And New York City and New York State have a weird parasymbiotic relationship because over 50% of the welfare in New York State goes to the five boroughs in New York City. So, so much of my job was supporting the welfare system within the city, which was run by the human resources administration. So, that just led to this cascade of me, like, getting invested in supporting that, and then eventually jumping over to the other side where I worked for the City of New York. And at that point, I ended up becoming sort of a technology project manager and almost a tech liaison between the city and state. And I was out in the welfare centers, helping get the job centers up to a new application called the Paperless Office System, which was a client-server app that was a wrapper around welfare. All of that ended up leading to me finally making it to the network operation center for the City of New York, where I started replacing expensive solutions like HP OpenView with open-source solutions like Nagios and another open-source solution that provided an interface. And it really opened my eyes to the idea of open source. And I had really paid attention to a lot of open-source operating systems. So, I was kind of just a general tech nerd. And eventually, I started building websites, and that led me to the Drupal community in New York City, which was sort of this cascade that led me to communities. And I think that's sort of a through line for my entire career is I don't really think I ever had a plan. I think my entire career has been this sort of a lucky happenstance of being prepared when an opportunity arose and sometimes being in the right place because of my connections and community. VICTORIA: That's interesting about being involved with the people around you and seeing what problems are out there to solve and letting that lead you to where your interests lie. And then, following that, naturally led you to, like, this really long career and these really interesting, big projects and problems that you get to solve. ROBBIE: Yeah. And I think one interesting aspect is like, I feel I spent a lot of time worried about what I was going to do and where I was going to do it. I don't have a bachelor's degree. I don't have an advanced degree. I have a high school diploma and a couple of years in college. Well, 137 credits, not the right 125 or 124 to have a bachelor's degree. I have enough credits for a couple of minors though, definitely Greek art history, I think mathematics, maybe one more. I just never got it together and actually got my degree. But that was so interesting because it was limiting to what jobs I could find. So, I was in the tech space as an IT person and specifically doing networking. So, I was running the network operation center. I helped, like, create a whole process for how we track tickets, and how we created tickets, and how things were moved along. And, in the process, I started building websites for family and friends. And I built a website for our network operation center, so that way we could have photos to go with our diagrams of the network. So that way, when we were troubleshooting remotely, we could actually pull up images and say, "The cable that's in port six goes off to the router. I think that port is dead. Can we move it to the port two to its right, and I'll activate it?" And that made a really interesting solution for something we weren't even aware we had, which was lack of visibility. So many of the people in the fields were newer or were trying to figure it out. And some of us had really deep knowledge of what was going on in those network rooms and hubs. It led me to this solution of like, well, why don't we just start documenting it and making it easier for us to help when they're in the field? That led me to, like, the Drupal community because I started building sites in the Drupal CMS. And I went to, like, my first Drupal meetup in 2007, and there was, like, five of us around the table. That led to eventually me working for Sony Music and all these other things. But the year before I found my way to the Drupal community, I probably sent out, like, 400 resumes for jobs in the tech space, didn't really get any callbacks. And then, I met the community, and I started attending events, and then eventually, I started organizing events. And then, Sony I interviewed and talked to them a couple of times. And then, a friend of mine became the boss. And she contacted me and was like, "Hey, are you in the market?" And I was like, "I don't know. Why? What's up?" And she's like, "I became Doug." And I was like, "What?" And she was like, "I'm now replacing Doug at Sony. I'm running the team." And I was like, "Yeah, I'm happy to talk." And that was the big transition in my career from IT to sort of development and to delivery, right? Like, when it comes right down to it, is I became the manager of interactive media at Sony Music, which was really a job I landed because I was connected to the community, and running events, and getting to know everyone. VICTORIA: Yeah. And I think it's really cool that you had this exposure early on to what you called civic tech, which we'll get into a little bit, and then you went from the community into a commercial technology space and really getting into engineering with Drupal. ROBBIE: Yeah, it was an interesting transition because what they needed at Sony was sort of somebody who could ride the line between systems engineer, database administrator, and Drupal engineer, and also probably pre-DevOps DevOps person. So, I was responsible for all deployments and all tickets that came in. I was sort of both the technical arm of the help desk. When I joined, there was 24 websites on the Drupal platform, and when I left, there was over 200. And we upgraded it from Drupal 5 to Drupal 6 to Drupal 7 while I was there. So, I was heavily involved in all of those updates, and all those upgrades, and all of the deployments of all the new themes, and all the changes to all these sites. So, what was great was they, I believe, if I understand it correctly, they actually created a role for me out of, like, two or three jobs because they needed a me, and they didn't have a role that existed. So, all of a sudden, they made a manager of interactive media role. And I was able to work there for two years, sort of being what I jokingly say, like, a digital janitor. I used to say that I had, like, an eight-bit key ring in a push broom. And I was always mad at your kids for trying to break my stuff. VICTORIA: [laughs] That's so good. A digital service janitor [laughs]? The connection for me between that and where I met you in the U.S. digital service space [laughs] I feel like there's a lot of parallels between that and where your career evolved later on in life. ROBBIE: Yeah. What's amazing is I did all this early work in my career in civic tech and didn't realize it was civic tech at the time. I just realized what I was doing was providing this huge impact and was value. You know, I spent a couple of years in the welfare centers, and I used to say all the time that the two hardest jobs in the welfare center are the person applying for welfare and the person deciding whether or not that person gets welfare. So, being a technologist and trying to help make that as simple as possible or easier and smooth the edges off of that process was really important. And it really taught me how important technology is to delivering service. And I really never thought about it before. And then, when I was working for Phase2 technologies, I was a director of Digital Services. And I read in a blog post, I believe that was written by Mikey Dickerson, who was the original administrator for USDS, and he talked about HealthCare.gov. And he walked in the door, and he said, "How do you know HealthCare.gov is down?" And I think there was some allusion to the fact that we were like, we turn on the television and if they're yelling at us, we know it's down. And Mikey was like, "We know how to monitor things." So, like, if you don't know Mikey Dickerson, he's the person who sort of created the web application hierarchy of needs in Google. He was an SRE. And his pyramid, like Maslow's hierarchy of needs, was all over Google when I was there. I was so impressed with the idea that, like, we aren't talking about how do we solve this problem? We're talking about knowing when there's a problem. And then, if we know there's a problem, we can put some messaging around that. We can say, like, "We're aware," right? Like if the president calls the secretary, the secretary can say, "We know it's down. We're working on it," which is building up political capital. It's a really amazing process that I kept reading this blog post, and I was like, God, that's how I would approach it. And then, I was like, wow, I wonder if I could use my skills to help America, and very shortly submitted an application and was like, well, we'll see what happens. And about six months later, I walked in the door at the VA and was the eighth employee of the Digital Service team at the VA. That was a franchise team of the USDS model. VICTORIA: And can you say a little bit more about what is the U.S. Digital Service and expand upon your early experience there? ROBBIE: Yeah. So, the United States Digital Service was created after HealthCare.gov had its issues. Todd Park had convinced President Obama to reach out to get support from the private industry. And the few of the people who were there, Todd convinced to stick around and start creating a team that could support if there was this kind of issue in the future. I believe the team that was there on the ground was Mikey Dickerson, Erie Meyer, Haley Van Dyck, and Todd. And there was a few other people who came back or were very close at the beginning, including the current administrator of USDS. She has been around a long time and really helped with HealthCare.gov. It's amazing that Mina is back in government. We're very lucky to have her. But what came out of that was what if we were able to stand up a team that was here in case agencies needed support or could vet solutions before these types of problems could exist? So, USDS was what they called the startup inside the White House that was created during the 2014 administration of President Obama. The team started that year, and I joined in May of 2016. So, I would be, like, sort of the beginning of the second team of the VA U.S. Digital Service team. So, USDS supported this idea of tours of duty, where you're a schedule A employee, which meant you were a full-time government employee, but you were term-limited. You could do up to two years of duty and work, and then you could theoretically stick around and do two more years. That was how these roles were envisioned. I think there's lots of reasons why that was the case. But what's nice is it meant that you would come in with fresh eyes and would never become part of the entrenched IT ecosystem. There are people that transition from USDS into government, and I think that's a huge value prop nowadays. It's something that I don't know they were thinking about when the original United States Digital Service was stood up, but it was hugely impactful. Like, I was part of the team at the VA that helped digitize the first form on vets.gov and all the work that was done. When the VA team started, there was a team that was helping with veteran benefits, and they worked on the appeals process for veteran benefits. And I joined. And there was a team that was...eventually, it became dubbed the veteran-facing tools team. And we worked on vets.gov, which was a new front door to expose and let veterans interact with the VA digitally. And over time, all the work that went into the tools and the solutions that were built there, everything was user-researched. And all of that work eventually got brought into VA.gov in what they called a brand merger. So, we took, like, the sixth most trafficked front door of the VA and took all the modern solutioning that that was and brought it into VA.gov, the main front door. So, all of a sudden, there was an identity, a login provided on VA.gov for the first time. So big, impactful work that many people were a part of and is still ongoing today. Surprisingly, so much of this work has now fallen under OCTO, which is the Office of the CTO in the VA. And the CTO is Charles Worthington, who was a USDSer who's the epitome of a person who goes where the work is. Charles was a Presidential Innovation Fellow who helped out in the times of HealthCare.gov and, joined USDS and did anything and everything that was necessary. He interviewed engineers. He was a product person. Charles is one of the most unique technologists and civic tech people I've ever met in my life. But Charles, at the end of the Obama administration and in this transition, realized that the VA was in need of someone to fill the CTO role. So, he came over to become the interim CTO because one of the values of USDS is to go where the work is. And he realized, with the transition, that Marina Nitze, who was the CTO who was transitioning out, there was going to be a need for continuity. So, he came in to provide that continuity and eventually became the full-time CTO and has been there ever since. So, he has helped shape the vision of what the VA is working towards digitally and is now...he was just named the Chief AI Officer for the agency. Charles is a great person. He has successfully, you know, shepherded the work that was being done early by some of us into what is now becoming a sort of enterprise-wide solution, and it's really impressive. VICTORIA: I appreciate you sharing that. And, you know, I think there's a perception about working for public service or for government, state or federal agencies, that they are bureaucratic, difficult to work with, very slow. And I think that the USDS was a great example of trying to really create a massive change. And there's been this ripple effect of how the government acquires products and services to support public needs, right? ROBBIE: Yeah, I would say there's a couple of arms of the government that were sort of modernization approaches, so you have the Presidential Innovation Fellows, which are the equivalent of, like, entrepreneurs and residents in government. And they run out of...I think they're out of the TTS, the Technology Transformation Service over at GSA, which is the General Services Administration. But the PIFs are this really interesting group of people that get a chance to go in and try to dig in and use their entrepreneurial mindset and approach to try to solve problems in government. And a lot of PIFS work in offices. Like, Charles' early team when he first became the CTO included a lot of Presidential Innovation Fellows. It was basically like, "Hey, the VA could use some support," and these people were available and were able to be convinced to come and do this work. And then, you have the Presidential Management Fellows, which I think is a little bit more on the administration side. And then, we have 18F and USDS. The United States Digital Service is a funded agency with an OMB. And we were created as a way to provide the government with support either by detailing people over or dropping in when there was a problem. And then, 18F is an organization that is named because the offices of GSA and TTS (Technology Transformation Service), where it's housed, are on the corner of 18th Street and F in DC. And 18F is sort of like having a technology or a digital agency for hire within the government. So, they are full-time employees of the government, sort of like USDS, except government agencies can procure the support of that 18F team, just like they would procure the support of your company. And it was a really interesting play. They are fully cost-recoupable subcomponent of TTS, which means they have to basically make back all the money that they spend, whereas USDS is different. It's congressionally funded for what it does. But they're all similar sibling organizations that are all trying to change how government works or to bring a more modern idea or parlance into the government. I used to say to people all the time that at USDS, you know, we would set a broken bone say, and then we would come back around and say, like, "Hey, does your arm hurt anymore?" The idea being like, no. Be like, "Cool, cool. Maybe you should go to the gym, and you should eat better." And that would be, like, procurement change. That would be, like, changing for the long term. So, all the work I was doing was building political capital so we could do better work in changing how procurement was done and then changing how the government delivered these things. So, what was awesome was, like, we used to have these fights at USDS about whether or not we were a culture change or we were firefighters. And I think the reality is once we're involved, culture changes happen. The bigger question is, are we going to be there for the long haul, or are we only there for a shorter period of time? And I think there are reasons why USDS teams had both plays. And I think it really is just two different plays for the same outcome. VICTORIA: Yeah, that makes sense. And to pivot a little bit, I think, you know, our audience, we have clients and listeners who are founders of products that are aimed at making these, like, public service needs, or to give some examples, like, maybe they're trying to track Congressional voting patterns or contact information for different state representatives, and they're trying to navigate this space [laughs]. So, maybe you can give some advice for founders interested in selling their products to government agencies. What can they do to make it more appealing and less painful for themselves? ROBBIE: I wouldn't consider myself a procurement expert, but at USDS, the procurement team called themselves the [SP] procurementati. And I was a secret member of the procurementati. I often was the engineer they would call to evaluate statements of work or sometimes be on technology evaluation panels. And it was fun to be a part of that. Things that most companies don't realize is government agencies will put out things like request for information or sources sought in the government space. And this is a way for industry to influence how government tries to solve problems. If you are trying to go after government work and you're only responding to an RFP, you're probably behind in your influence that you could have on the type of work. So, you'll see if a procurement seems to be, like, specifically focused on an approach, or a technology, or a framework, it's probably because some companies have come through and said, "I think this would probably solve your problem," and they gave examples. So, that's one way to be more connected to what's going on is to follow those types of requests. Another is to follow the money. My wife is this amazing woman who helped write The Data Act and get it passed through government. And The Data Act is the Data and Transparency Act. And that led to her heading over to treasury and leading up a team that built USAspending.gov. So, there is a website that tracks every dollar, with some exceptions, of the funding that comes out of Congress every year. And what's great is you can track it down to where it's spent, and how it's spent, and things like that. For education purposes, I think that is a really good thing that business and growth people can focus on is try to see and target where competitors or where solutions that you've looked at have gone in the past. It's just a good set of data for you to take a look at. The other piece is if you're creating a solution that is a delivery or a deliverable, like a SaaS solution, in order for something to be utilized in the government, it probably needs to be FedRAMP-approved, which is a process by which security approvals have been given so that government agencies have the green light to utilize your solution. So, there's tons of documentation out there about FedRAMP and the FedRAMP approval process. But that is one of those things that becomes a very big stopping point for product companies that are trying to work in the government. The easiest way to work your way through that is to read up on it a bunch, but also find an agency that was probably willing to sponsor you getting FedRAMP approval. Most companies start working with a government agency, get an exemption for them to utilize your product, and then you get to shape what that FedRAMP process looks like. You start applying for it, and then you have to have some sort of person who's helping shepherd it for you internally in the government and accepting any issues that come along in the process. So, I guess FedRAMP approval is one that's a little complicated but would be worth looking into if you were planning on delivering a product in government. VICTORIA: Right. And does that apply to state governments as well? ROBBIE: So, lots of state-related and city and locality-related governments will actually adopt federal solutions or federal paradigms. So, I think in the state of California, I think FedRAMP as one of the guiding principles for accepting work into the state of California, so it's not consistent. There's not a one-to-one that every state, or every city, or every locality will pull this in. But if you are already approved to be a federal contractor, or a federal business, or a federal product, it's probably going to be easier to make your way into the local spaces also. VICTORIA: Right. And as you said, there's plenty of resources, and tools, and everything to help you go along that journey if that's the group you're going for [laughs]. Mid-Roll Ad: When starting a new project, we understand that you want to make the right choices in technology, features, and investment but that you don't have all year to do extended research. In just a few weeks, thoughtbot's Discovery Sprints deliver a user-centered product journey, a clickable prototype or Proof of Concept, and key market insights from focused user research. We'll help you to identify the primary user flow, decide which framework should be used to bring it to life, and set a firm estimate on future development efforts. Maximize impact and minimize risk with a validated roadmap for your new product. Get started at: tbot.io/sprint. VICTORIA: So, kind of bringing it back to you, like, you're saying you want those partnerships within the government. You want someone advocating for you or for your product or your service. Drawing that back to what you said earlier about community, like, how do you form a community with this group of people who are in the state, or federal government, or civic tech spaces? ROBBIE: Yeah, I think it's an interesting problem because so much of it feels impenetrable from the outside. Most people don't even know where to start. There are organizations out there that are pretty good community connections, an example I would give is ACT-IAC. It is a public-private partnership where people from within the government, experts in their fields, and people in the private industry who are experts in their fields will be together on community boards and engaging in panels. And so, it's a really nice way to start connecting those dots. I have no direct affiliation with ACT-IAC. But if they'd like to give me my own account, that would be great. But it is one of those organizations I've seen be successful for people trying to find their way into a community that is a little harder to find. I think, also, so much of the community engagement happens at conferences and around...so, like, if you're in the healthcare space, this last month, you've had multiple conferences that I think were really great for people to get to know one another, you know, an example is ViVE. It just happened out in LA, which is a little more on the private sector health space, but still, government agencies were there. I know that the Department of Veterans Affairs had people there and were on panels. And then, HIMSS is another conference that takes place, and that just took place down in Miami. And in Miami, HIMSS happened and a whole bunch of other social community events took place. So, I'm close with a thing called the Digital Services Coalition, which is 47 companies that all try to deliver good government based on the Digital Services Playbook that was created by USDS that lives at playbook.cio.gov and the way that they try to accomplish this work. And that organization, while they were in Miami, hosted a happy hour. So, there's a lot of connections that can be made once you start seeing the players and getting to know who's around. So, it's a little bit about trying to find your way to that first event, and I think that will really open up everything for you. Within a week or two, I was at an International Women's Day event at MetroStar, which is a really great company that I've gotten a chance to spend some time with. And then, I was at an event for the Digital Services Coalition talking about open source in government. So, there's a lot of stuff out there for you to be a part of that isn't super cost-prohibitive and also doesn't take a lot once you start to open the door. You know, once you peek around that corner and you find some people, there's a lot more to be done. VICTORIA: Yeah. And you touched on something at the end there that wants me to bring up some of the advantages you can have being a small business, a minority-owned business, or woman-owned business, or veteran-owned business, so thinking about how you can form those connections, especially if you have one of those socio and economic set-asides that you might want to consider if they're looking to work with the government as well. ROBBIE: Yeah. Those socioeconomic set-asides include small businesses, woman-owned small business. I think it's Native and Alaskan 8(a), which is historically underrepresented and service-disabled veteran-owned. So, there are also sub-communities of associations, like there's the Digital WOSB, the digital Women-Owned Small Business alliance that was founded by Jess Morris from Pluribus Digital, and a bunch of other companies in the Digital Services Coalition. I believe she's the president of the Digital WOSB right now. That is a sub-community of women-owned small businesses that are trying to connect and create a community that they can support one another. And that's just one example of the type of connection you can make through those types of socioeconomic set-asides. But once you have those official socioeconomic set-asides, it will allow you to get specific contracts engagements in the government that are not allowed or available for others. So, the government procurement process will have some amount of these specific socioeconomic set-asides that need to be hit. Like, 8% of all procurements need to go to this and 10% of all procurements need to go to this. So, I think the VA is probably one of the most effective at hitting any of the socioeconomic set-asides, specifically related to service-disabled veteran-owned small businesses. So, if you happen to be a person of color and you found a business and you are female presenting, right? You may have 8(a) woman-owned small business. If you also happen to be a veteran and you're service-disabled, all of those things stack. You don't just get to have one of them. And they can be really effective in helping a business get a leg up and starting out and trying to help even the playing field for those communities. VICTORIA: Yeah. What I really appreciated about my experience working with Pluribus Digital, and you, and people who had had that experience in the U.S. Digital Services, that there is this community and desire to help each other out and that you can have access to people who know how to move your product forward, get you the connections that you need to be competitive, and to go after the work. So, I love encouraging people to consider civic tech options. And maybe even say more about just how impactful some of it can be. And what kind of missions are you solving in these spaces? ROBBIE: Yeah, I often try to remind people, especially those who are heading towards or considering civic tech, there are very few places in this world that you can work on something that can impact millions of people. Sure, I was lucky enough. I have tons of privilege. I worked at a lot of wacky places that have given me the access to do the type of work that I think is impactful, but very little has the kind of impact. Like, when I was interviewed by Marina Nitze as, my last interview when I joined USDS, she sent me an email at the end of it and said like, "Everything was great. I look forward to working with you. And remember, every time you commit code into our GitHub, you'll be helping 8 million veterans." And then, she cc'd Todd Park. And Todd was the CTO of the U.S., and he responded back within a minute. Todd is one of the most busy people. It was amazing to me how fast he responded. But he was like, "Lemme tell you, as somebody who can talk on behalf of our president, our country needs you." And those kinds of things they're hard to comprehend. And then, I joined the Digital Service team at the VA. And one of the first things that I got to support was the 10-10EZ. It's the healthcare application for veterans. And before I got there, it was a hosted PDF that we were trying to replace. And the team had been working for months to try to build a new, modern solution. What it was is it was, like, less than six submissions were happening a day because it only worked in Adobe Acrobat, I think it was 6.5 and below, and Internet Explorer 8.5 and below. And if you think about the people that could submit utilizing that limited set of technologies, it was slowly becoming homeless veterans who were using library computers that had not been upgraded. So, there was a diminishing amount of value that it was providing. And then, on top of it, it was sort of lying to veterans. If the version of the Adobe Acrobat was out of date, or wrong, or too new, it would tell them to upgrade their browser. So, like, it was effectively not providing any value over time. We were able to create a new version of that and that was already well on its way when I joined, but we were able to get it out the door. And it was a React frontend using a Node backend to talk to that SOAP API endpoint. Within the first week, we went from 6 submissions a day to 60 submissions a day. It's a joke, right? We were all 10x developers. We were like, "Look at us. We're killing it." But about three years later, Matt Cutts came to a staff meeting of USDS, and he was the second administrator of the USDS. And he brought the cake that had the actual 10-10EZ form on it, and it said, "500,000." And he had checked with the analytics team, and there were over 500,000 submissions of that form, which means there are 500,000 possible veterans that now may or may not have access to healthcare benefits. Those are big problems. All of that was done by changing out one form. It opened up the world. It opened up to a group of veterans that no one else was able to do. They would have had to go into a veteran's office, and they would have had to fill it out in paper. And some veterans just don't have the ability to do that, or don't have an address, or don't have a...so, there are so many reasons why having a digital form that worked for veterans was so important. But this one form that we digitized and we helped make modern has been submitted so many times and has helped so many veterans and their families. And that's just one example. That's just one form that we helped digitize. But now the team, I mean, I'm back in the VA ecosystem. There's, like, 2,500 people in the general channel in the office of the CTO Slack organization. That's amazing. There's people there that are working all day, every day, trying to solve the same problems that I was trying to solve when I got here. And there's so much work being done to help veterans. But that's just one example, right? Like, at USDS, I know that the digital filing for the free version of your tax form, the IRS e-file Direct, just went live. That was something that USDS had been working on for a very long time behind the scenes. And that's going to impact everybody who submits their taxes. These are the kind of problems that you get to work on or the scope of some of the problems if you work in these types of organizations, and that's really powerful. It's the thing that keeps drawing me back. I'm back supporting the VA again through some contracts in my business. But it's funny, like, I was working for another agency. I was over working at DHS on an asylum project. And a friend of mine kept telling people to tell me, "Man, veterans need you. If only there was another one of you to help us over here, that would be great." And eventually, it led to me being like, well, veterans need me. I'm going to go back to the VA. And that was my second tour at USDS at the Department of Veteran Affairs. And now I'm back there again. So, it's a very impactful place to work. There's tons of value you can provide to veterans. And, to me, it's the kind of work that keeps bringing me back. I didn't realize just how much I was a, like, impact junkie until I joined USDS, and then it really came to a head. I cannot believe how much work I've gotten to be a part of that has affected and supported those who get benefits and services from the federal government. VICTORIA: [inaudible 33:47] impact junkie. That's funny. But yeah, no, thank you for sharing that. That's really interesting. Let me see if you could go back in time to when you first started in this journey; if you could give yourself any advice, what would you say? ROBBIE: Yeah, I think I spent so much time being nervous about not having my degree that I was worried it was going to hinder me forever. And it's pretty amazing the career I've been able to thread together, right? Like, you know, I've hit on a few of them already. But, like, I started with a small web hosting company, and then New York State in the Department of Social Services, then New York City in the Human Resources Administration, Sony Music, Zagat Survey, Google, Johnson & Johnson, IDT telecommunications, Phase2 technologies, where I got to work on an awful lot of problems in lots of awesome places like NBA.com, and Major League Soccer, and Bassmaster. And then, the United States Digital Service where I got to work on things supporting the Department of Veterans Affairs and the Department of Homeland Security over at ADA.gov in DOJ. I helped them out. And I worked over at USDA helping get Farmers.gov off the ground. So, everything on my left leg, tattoo-wise, is something that changed my life from my perspective. And I have a Drupal tattoo on the back of my leg. I have a DrupalCon. So, anytime somebody said "Drupal" anywhere near a USDS person, I would magically appear because they would just be like, "Oh, Robbie has that Drupal tattoo." So, I got to work on a lot of dot govs that eventually landed or were being built in Drupal. So, I got to support a lot of work. And it meant that I got to, like, float around in government and do a lot of things that others didn't get to do. When CISA stood up, which is the office of security inside of DHS, it's one of the newest sub-communities or subcomponents, they built DHS SchoolSafety.gov, which is a cross-MOU'd site. And I got to sit in and help at the beginning of that because of my Drupal background. But it was really fun to be the person who helped them work with the vendors and make sure that they understood what they were trying to accomplish and be a sort of voice of reason in the room. So, I did all of that work, and then after that, I went and worked at Pluribus Digital, where I got a chance to work side by side with you. And then, that led to other things, like, I was able to apply and become the director of Digital Services and software engineering for my local county. So, I worked for Prince William County, where I bought a house during the pandemic. And then, after that contract ended, I had already started my own business. So, that's led to me having multiple individual contracts with companies and so many people. I've gotten to work on so many different things. And I feel very lucky. If I could go back and tell myself one thing, it's just, take a breath. Everything's going to be okay. And focus on the things that matter. Focus on the things that are going to help you. Focus on community. Focus on delivering value. Everything else will work itself out. You know, I joke all the time that I'm really good at providing impact. If you can measure my life in impact and value, I would be a very rich man. If you can measure it in money, I'm doing all right, but I'm never going to be yacht Robbie, you know, but I'm going to do okay. VICTORIA: Oh my god, yacht Robbie. That's great. So, just to recap, everything's going to be okay. You never know where it's going to take you. And don't be limited by the things that you think, you know, make you not enough. Like, there's a lot of things that you can do out there. I really like that advice. ROBBIE: And I think one last piece is, like, community matters, if you are a part of communities and you do it genuinely, how much that will impact your career. I gave a talk from Drupal NYC to the White House and beyond. And I talked through my entire resume and how everything changed when I started doing community engagement. When I went to the Drupal community in New York City and how that led to Sony, and that led to Zagat, which led to me getting acquired by Google, like, these things all cascaded. And then, when I moved to the DMV, I was able to join here and continue supporting communities, which allowed me to bring people into the local civic tech community from the local DC tech community. So, so many of the best USDS engineers, and designers, and product people I was able to help influence to come to government were people I met in the community or the communities I helped support. You know, I was an early revivalist of Alexandria Code and Coffee. It was a community that was started and then wavered. And then, Sean McBeth reached out to the community and said, "Do we want to help and support getting it off the ground again?" And I immediately said, "Yes." And then, that led to my friends at BLACK CODE COLLECTIVE wanting to create a community where they could feel safe and connected and create a community of their own. And then DC Code & Coffee started. And from there, Baltimore Code & Coffee kicked off. And it's just really nice that, like, it doesn't matter where I've been. All these things keep coming back to be a part of community and help support others. And you will be surprised at how much you get back in return. I wouldn't be the person I am today in my community. I wouldn't have my career if it wasn't for the people who started and helped shepherd me when I was starting out. And I feel like I've been trying to do the same for people for a really long time. VICTORIA: I love that. That's what I say, too, when people ask me for advice on careers and how to grow. And my biggest piece is always to go out and meet people. And go to your community, like, look and see what's happening. Like, find people you like hanging out with and learning from. And just that should be the majority of your time probably if you're trying to figure out where to go with your career or even just, like, expand as a person sometimes [laughs]. Robbie, I was going to ask; you mentioned that you had bought a house in Virginia. One of my other warmup questions was going to be, what's your favorite thing to put on the grill? ROBBIE: My house in Virginia definitely gets a lot of use, especially in the spring and the fall. I'm a big fan of team no extreme when it comes to temperature. But during those time periods, my grill is often fired up. My favorite is probably to make skirt steak on the grill. I'm a huge fan of tacos, especially made out of skirt steak. I'm in all day. That's one of my favorites. I also love to smoke. I have a smoker because I'm a caricature-esque suburban dude. I'm going to live into all of the possible things I could have. But I've had a smoker for a long time, and I love making sort of poor man's burnt ends. It's one of my favorite things to make. But you got to have some time. That's the kind of thing that takes, you know, 14 hours or 16 hours, but it's really fun to take advantage of it. A quick thing I love to make is actually smoked salmon. It takes longer to brine it than it usually does to smoke it. But it is one of the nicest things I've made on my smoker, you know, fresh pesto on a piece of salmon is pretty awesome, or everything bagel. Everything with the bagel seasoning is a pretty fun way to smoke some salmon. VICTORIA: Wow, that sounds so good. I'm going to have to stop in next time I'm in Virginia and get some [laughs] and hang out. Do you have any questions for me? ROBBIE: I'm excited to see where you've gone and how you've gotten here. I think this is such a cool job for you. Knowing who you are as a person and seeing you land in a company like this is really exciting. And I think you getting to be a part of this podcast, which we were joking about earlier, is I've been listening to probably since it started. I've been a big fan for a long time. So, it's cool to be here on this podcast. But it's also cool that my friend is a part of this and gets to be a part of this legacy. I'm really excited to see where you go over time. I know my career has been changing, right? I worked in government. Before that, I did all kinds of other stuff. Nowadays I have my own business where I often joke I have sort of, like, three things I offer, which is, like, consigliere services. Wouldn't it be nice to have a Robbie on your executive team without having to pay them an executive salary? You know, another one is like, you know, strategy and mentoring, but these are all things I know you do also, which I think is cool. But I've been working on contracts where I support companies trying to figure out how they modernize, or how their CTO can be more hands-off keyboard, or how their new director of business development can be more of a technical leader and taking on their first direct reports. So, I just enjoy all those aspects, and I just think it's something that I've watched you do in the company where we worked together. And it's always fun to see what you're working on and getting a chance to catch up with you. I feel like you're one of those people that does a really great job of staying connected. Every once in a while, I'll get a random text message like, "Hey, how you doing?" It always makes me smile. I'm like, Victoria is a really good connector, and I feel like I am, but you're even better at it on the being proactive side. That's how this all came about, right? We caught up, and you were like, "Why don't you come on the podcast?" So, that's really exciting. VICTORIA: Well, thank you, Robbie. Yeah, I think that's one of the great things about community is you meet people. You're like, "Oh, you're really cool. And you're doing cool stuff all the time. Like, how can I support you in your journey [laughs]? Like, what's up?" Yeah, for me, it was hard to actually leave DC. I didn't, you know, really think about the impact of leaving behind my tech community, like, that network of people. It was pretty emotional for me, actually, especially when we finally, like, stopped doing the digital version [laughs]. And I, like, kind of gave up managing it from California, which was kind of funny anyways [laughs]. Yeah, so no, I'm grateful that we stayed in touch and that you made time to be here with us today. Is there anything else that you would like to promote? ROBBIE: You know, just to remind you, you've done a great job of transitioning into where you are today, but anybody can do that, right? Like, before I moved to the DC area, I was in New York, and I was helping to organize JavaScript events. And I started looking at the DC area before I moved down here. And I found the DC Tech Community. And I found the Node School DC GitHub organization and reached out to the person who had ownership of it and said I wanted to help and support. I looked at this the other day. I think I moved on May 8th, and then, like, May 11th, when I walked in the door, somebody was like, "Are you new?" And I was like, "Yeah, I just moved here." And they were like, "Oh, from where?" And I was like, "New York." And they were like, "Are you that guy who's been bugging Josh about running Node school events?" I was like, "Yeah." And like, they were planning an unconference at the end of the month. And they were like, "Would you like to run a Node school at that unconference?" Like, 27 days later. So, it was amazing that, like, I immediately, like, fell from the New York Community where I was super connected, but I went out of my way to try to, like, see what the community looked like before I got there. And I was lucky enough to find the right people, and immediately I joked...I think I wrote a blog post that said like, "I found my new friends. By, like, going from one community to another, gave a person who was in his 40s a chance to meet new people very quickly." And it was pretty amazing, and I felt very lucky. But I did spend a little bit of energy and capital to try to figure it out because I knew it was going to be important to me. So, I think you've done a really good job. You've helped launch and relaunch things that were going on in San Diego and becoming a part of this connection to more people. I think you and I have a very similar spirit, which is like, let's find a way to connect with humans, and we do it pretty effectively. VICTORIA: Well, thank you. That really boosts my confidence, Robbie [laughs]. Sometimes, you show up to an event you've never been to before by yourself, and it's like a deer in headlights kind of moment. Like, oh God, what have I done [laughs]? ROBBIE: Oh, and the last thing I need to mention is I also have a podcast. I have my podcast about film. It's called Geek on Film. I used to record it with my friend, Jon. He's a little busy right now. But I used to pitch it as a conversation show about the current films that were going on. Now, it's one lone geek's ramblings about what he just saw. It's a great podcast for me because it gives me an opportunity to think a little more critically about film, which is one of the things that I probably have almost enough credits to get a minor in. But I absolutely love cinema and film in general. And it's given me an opportunity to connect with a lot more people about this subject and also to scratch the itch of me being able to create something around a community and around a thing I really love. VICTORIA: That's super cool. Yeah. You're top of mind because I also like films. I'm like, what's Robbie up to? Like, what's the recommendations, you know [laughs]? Do you have a top film recommendation from the Oscars? Is that too big of a question? ROBBIE: So, the one I will say that didn't get enough spotlight shined on it was Nimona. So, I'm a huge fan of the Spider-Man movies. I think Spider-Man Into the Spider-Verse and Across the Spider-Verse are both masterpieces. But Nimona is an animated film that was picked up by Netflix, and it is amazing. I don't know that I laughed or cried or was more moved by a film last year. And I don't know that it gets enough credit for what it was. But it did get nominated for best-animated film, but I don't know that enough people paid attention to it. Like it may have gotten lost in the algorithm. So, if you get a chance, check out Nimona. It's one of those beautiful, little gems that, if you travel down its story, there's all these twists and turns. It was based on a webcomic that became a graphic novel. One of the production companies picked it up, and it wasn't going to see the light of day. And then, Netflix bought its distribution rights. There's going to be a great documentary someday about, like, Inside Nimona. But I think the movie itself is really charming and moving, and I was really impressed with it. So, that was the one that got me, like, just before the Oscars this year, where I was like, this is the little animated movie that could, in my opinion. It's so charming. VICTORIA: I will definitely have to check that out. Thank you for giving us that recommendation. ROBBIE: Totally. VICTORIA: Final question. I just wanted to see if you had anything to share about being an advisory board member for Gray and for Hutch Studio. Could you tell us a little bit more about that? ROBBIE: Yeah. So, Gray Digital was founded by a friend of mine. We met through United States Digital Service. And his organization...I had been supporting him for a while and just being behind the scenes, talking to him and talking through business-related issues. And it was really nice. He offered to make me an official advisory board member. It was a great acknowledgment, and I really felt moved. There's some great people that are supporting him and have supported him. They've done really great work. Gray is out there delivering digital services in this space. And I think I was really lucky to be a part of it and to support my friend, Randall. Hutch is different. Hutch is an organization that's kind of like if you think about it, it almost is a way to support entrepreneurs of color who are trying to make their way into the digital service delivery space. Being an advisory board member there has been really interesting because it's shaping how Hutch provides services and what their approach is to how to support these companies. But over the last year, I've convinced the person who's running it, Stephanie, with a couple of other people, to open the door up or crack the door so we could talk directly and support the individual companies. So, it's been really great to be a Hutch advisory member to help shape how Hutch is approaching things. But I've also been a part of, like, many interview processes. I've reviewed a lot of, like, [inaudible 48:01] who want to join the organization. And I've also created personal relationships with many of the people who are part of Hutch. And, you know, like, you know me personally, so you know I run a Day of the Dead party. We'll just party at my house every year. I have a huge amount of affection for Mexican culture and, in general, the approach of how to remember people who are a part of your life. So, this is, like, the perfect way for me to bring people together at my house is to say, like, "Hey, my dad was awesome. What about your family? Who are your people?" What's really nice is that has given me an opportunity to host people at my house. And I've had Hutch company owners at my house the last couple of years and the person who runs Hutch. So, it's a really great community that I look at that is trying to shape the next emergent companies that are helping deliver digital services across the government. And it's really fun to be early on in their career and help them grow. Again, it seems silly, but it's the thing I care a lot about. How do I connect with people and provide the most value that I can? And this is a way I can provide that value to companies that may also go off and provide that value. It's a little bit of an amplifier. So, I'm a huge fan of what we've been able to accomplish and being a part of it in any way, shape, or form. VICTORIA: Well, I think that's a really beautiful way to wrap it up. ROBBIE: Really glad to catch up with you and be a part of this amazing podcast. VICTORIA: Yeah, so much fun. Thank you again so much. It was great to be here with you today. You can subscribe to the show and find notes along with a complete transcript for this episode at giantrobots.fm. If you have questions or comments, email us at hosts@giantrobots.fm. You can find me on thoughtbotsocial@vguido. This podcast is brought to you by thoughtbot and produced and edited by Mandy Moore. Thanks for listening. See you next time. AD: Did you know thoughtbot has a referral program? If you introduce us to someone looking for a design or development partner, we will compensate you if they decide to work with us. More info on our website at: tbot.io/referral. Or you can email us at: referrals@thoughtbot.com with any questions.