Podcasts about fedramp

Bob Burke, Chief Information Security Officer at Beyond Identity, challenges the effectiveness of traditional multi-factor authentication (MFA) in the evolving landscape of cybersecurity. He argues that legacy MFA solutions, which often rely on out-of-band authorization methods like push notifications or one-time passwords, are no longer sufficient against the rising tide of sophisticated cyber threats. With the advent of services like phishing-as-a-service, attackers can easily bypass these outdated security measures, necessitating a shift towards phishing-resistant authentication methods. Burke emphasizes the need for organizations to adopt solutions that not only enhance security but also consider device posture and trustworthiness.Burke also critiques the current state of FIDO2 and passkeys, acknowledging their potential while highlighting their limitations, particularly in terms of device posture and user experience. He suggests that small to mid-sized businesses (SMBs) should prioritize phishing-resistant solutions that integrate both browser protection and device authentication. Furthermore, he raises concerns about the pricing models of many Software as a Service (SaaS) providers, which often place essential security features behind higher-tier subscriptions, effectively discouraging customers from adopting more secure practices.The conversation shifts to the endpoint detection and response (EDR) market, where Burke notes that while EDR solutions are still necessary, they are evolving into more comprehensive offerings like extended detection and response (XDR). He points out that many of these solutions are priced for enterprise-level organizations, leaving SMBs and mid-market companies struggling to find affordable options. Burke encourages these organizations to seek out solutions that fit their budget while still providing essential security capabilities.Finally, Burke shares insights from his experience with the FedRAMP certification process, emphasizing the importance of building internal security competencies and integrating security into product design from the outset. He advocates for a clear internal compliance program, such as NIST, to guide organizations in their security efforts. As the cybersecurity landscape continues to evolve, Burke warns that the tempo and scope of attacks are increasing, driven by advancements in AI, and urges organizations to reassess their security architectures to stay ahead of emerging threats.  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Welcome back to The SaaS CFO Podcast! In this episode, host Ben Murray sits down with Andrew Black, CEO of Kovr, and Sri Iyer, the company's founder and CTO. Kovr is shaking up the world of cybersecurity compliance, helping organizations dramatically speed up the process of achieving certifications like FedRAMP, HIPAA, and others—using the latest breakthroughs in generative AI. Andrew and Sri bring fascinating perspectives, drawing from deep experience in tech, government, and startups, including previous roles at Amazon Web Services, PwC, Lockheed, and Gartner. They talk about the pain points that tech companies and government agencies face when trying to deploy secure software in regulated environments, and how Kovr can cut compliance timelines from years to minutes. If you're curious about go-to-market strategies for AI-first startups, lessons learned from early fundraising, or how to build a SaaS business in a highly regulated market, this episode is packed with candid insights and actionable advice. Tune in to hear how Kovr is empowering innovators to get their products into the hands of customers faster, with less headache—and what's next for this fast-moving team. Show Notes: 00:00 "Compliance Challenges in Software Deployment" 03:43 Streamlining Compliance with AI 06:37 Target Customers: CISOs to DevOps Teams 11:11 Pursuing a $13B Market Opportunity 13:03 AI Traction and Trust Challenges 17:38 Navigating VC Relationships and Fit 20:17 Unlimited-Use Enterprise SaaS Licensing 23:48 Simplifying Gen AI Sales Model 28:26 Efficient AI: Smaller Models, Big Savings 30:25 "Focus on Sales Cycle Days" 33:44 "LinkedIn Profile: Kovr AI" Links: SaaS Fundraising Stories: https://www.thesaasnews.com/news/kovr-ai-raises-3-6-million-in-seed-round Andrew Black's LinkedIn: https://www.linkedin.com/in/andrew-black-5435b67/ Sri Iyer's LinkedIn: https://www.linkedin.com/in/sri-iyer/ Kovr AI's LinkedIn: https://www.linkedin.com/company/kovrai/ Kovr AI's Website: https://kovr.ai/ To learn more about Ben check out the links below: Subscribe to Ben's daily metrics newsletter: https://saasmetricsschool.beehiiv.com/subscribe Subscribe to Ben's SaaS newsletter: https://mailchi.mp/df1db6bf8bca/the-saas-cfo-sign-up-landing-page SaaS Metrics courses here: https://www.thesaasacademy.com/ Join Ben's SaaS community here: https://www.thesaasacademy.com/offers/ivNjwYDx/checkout Follow Ben on LinkedIn: https://www.linkedin.com/in/benrmurray

In today's episode of the Daily Windup, we dive into the world of government contracts and how startups can navigate this complex landscape. Our speakers discuss the importance of FedRAMP certification and how it can open doors for small businesses. They share valuable advice on building a track record and finding the right niche to deliver value to government agencies. Our guest, an experienced entrepreneur, shares the story of how they secured their first government contract and the valuable lessons they learned along the way. From dealing with pricing challenges to overcoming the initial hurdles of being a new player in the market, this episode provides invaluable insights for startups seeking to make their mark in the government space. So, tune in to learn from the experiences of seasoned entrepreneurs and discover the keys to success when it comes to breaking into government contracts. Brought to you by alchemy gov - When Connections Matter Most.

IT leaders in regulated industries know the pain of navigating outdated, slow procurement systems – especially when critical missions depend on modern tools. In this episode, Bryana Tucci, Lead of the AWS Marketplace for the US Intelligence Community, shares how government agencies are overcoming legacy procurement bottlenecks to access cutting-edge software, AI tools, and cloud services faster and more securely.Listeners will gain insight into:Why traditional government procurement can take up to two years – and how that's changing.How air-gapped environments complicate innovation and what's being done about it.How generative AI is reshaping national security workflows.What kinds of tech companies are best positioned to succeed in the public sector.This episode is a must-listen for IT leaders interested in procurement innovation, cloud adoption in secure environments, and where AI fits into the future of public sector IT. Enjoy!Key Moments00:00 Meet Bryana Tucci, AWS06:58 The Pain Point: Procurement Then vs. Now11:31 Unique Challenges in Public Sector Tech15:55 The Long Road to Selling in Government19:23 Vetting and Onboarding Sellers (how to meet federal standards)23:49 Government + AI: A Game-Changer30:34 Cost Efficiency, Saving Time, and the Future of Procurement41:46 What's Next for AWS Marketplace ---Produced by the team at Mission.org and brought to you by Brightspot.

Welcome to a new episode of The Daily Windup! Today, I had the pleasure of speaking with Yolanda Clark, CEO of Powder River Industries, a small business that has successfully navigated the world of defense contracts and specialized in DevSecOps and infrastructure as code services. Yolanda shared her journey of bringing stability to her business by establishing headquarters in Wyoming while her spouse serves in the military. In our conversation, Yolanda explained the intricacies of DevSecOps, clarifying that it involves coding within secure environments, ensuring software compliance with cyber requirements from day one. We also discussed the differences between FedRAMP and their services, with Yolanda highlighting how they provide support at a specific point within the lifecycle for their defense customers. Listen now to learn more!

In this episode of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with John Sobczak, founder and CEO of NXT1, to explore how software development teams can accelerate time to market without compromising on security or compliance. John shares how his career shaped the vision behind NXT1 and discusses the structural pitfalls that often delay or derail promising SaaS startups. This engaging conversation is packed with actionable insights for developers, founders, and investors navigating the complex intersection of speed, scale, and security.SummaryJohn Sobczak brings decades of experience in enterprise technology and government cybersecurity to this discussion, offering a compelling argument for embedding security from the very first line of code. He outlines how modern SaaS development is hampered by excessive cognitive load on developers, who are often forced to juggle core product development with complex compliance frameworks. This leads to delays, technical debt, and avoidable risk.NXT1's solution is LaunchIT, a turnkey platform designed to provide secure, compliant infrastructure out of the box. Sobczak explains how inheritance—not just guardrails—makes the difference. By giving developers access to hardened, policy-aligned environments that meet standards like SOC 2, HIPAA, and FedRAMP, NXT1 dramatically shortens the path from idea to revenue. This also reduces founder and investor risk while increasing the cost for adversaries targeting early-stage SaaS companies.Throughout the episode, Sobczak emphasizes the importance of building with scale and regulation in mind—even if those market demands aren't immediate. He notes that most early-stage teams wait too long to consider security, mistakenly treating compliance as a checklist to be addressed after product development. Instead, NXT1 aims to "meet customers where they are," helping both startups and more mature companies seamlessly scale into new verticals like healthcare and public sector without rebuilding from scratch.He also touches on the cultural shifts required in development organizations: making security everyone's responsibility, automating infrastructure to reduce human error, and resisting the temptation to reinvent the wheel when platforms already exist that can shoulder much of the compliance burden.Whether you're an entrepreneur launching a new SaaS product or a development leader in a growth-stage company, this episode is a must-listen for those looking to secure their software—and their future—from the ground up.

Discover everything cloud service providers (CSPs) need to know about the FedRamp 20X pilot program and its transformative impact on Risk Management in 2025. In this episode of the Risk Management Show, Boris Agranovich, CEO of Global Risk Community, interviews Travis Howerton, Co-Founder and CEO at Regscale, a leading voice in Cyber Security and AI-driven solutions. Together, they explore how they streamlines authorization processes, enhances cloud security, and balances innovation with robust security standards. During the discussion, Travis shares insights on automating compliance through AI, addressing regulatory challenges, and creating opportunities for CSPs and federal agencies. Learn how innovations like compliance as code and automation are shaping the future of cloud security and sustainability. If you're a Chief Risk Officer or a professional in the cybersecurity space, this is a must-watch for actionable strategies and expert advice. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Guest Proposal."

In this podcast with Sujit Mohanty, General Manager of Field Engineering at Databricks, learn how the recent achievement of FedRAMP high for Databricks on AWS creates impactful opportunities for modernization within the Federal Government

The FedRAMP program at the General Services Administration has enabled agencies to safely use commercial cloud computing for more than a decade. Last month the GSA launched an update called FedRAMP 20-X. It's designed to make it easier and faster for vendors to get the authorization they need to take on federal customers. For how it looks to industry, we turn to the founder and CEO of RegScale, Travis Howerton.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Today on the Federal Drive with Terry Gerton A status report on the most expensive weapon system ever Looking at the Trump administration against its predecessors The FedRAMP cloud security program goes cloud nativeSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Joining us on board the bridge of the good ship SS Tomorrow is Nick Jain, CEO of Ideascale, discusses the future of work, the challenges of the current workplace, and the role of AI in shaping tomorrow's work environment. He emphasises the importance of innovation, security, and the ethical implications of AI, while also addressing the need for organisations to adapt to a global workforce and the potential impact of AI on employment and personal fulfilment. takeaways IdeaScale is the largest innovation and idea management software company.The software allows organisations to tap into collective knowledge effectively.Security is a major concern for organisations, and IdeaScale addresses this with a FedRAMP qualification.The shift to remote and hybrid work is a significant challenge for many organisations.Education and training in new technologies are essential for the workforce.Global competition is increasing due to improved infrastructure and access to technology in developing countries.The future workplace will likely see the rise of multifunctional autonomous robots.AI will play a larger role in decision-making processes in organisations.The ethical implications of AI are crucial as it becomes more integrated into the workplace.Finding meaning in life may become challenging as traditional job roles evolve or disappear. workplace of tomorrow, innovation, AI, remote work, ethics, decision making, global competition, Ideascale, Nick Jain, technology

In this pre-event Brand Story On Location conversation recorded live from RSAC Conference 2025, Emily Long, Co-Founder and CEO of Edera, and Kaylin Trychon, Head of Communications, introduce a new approach to container security—one that doesn't just patch problems, but prevents them entirely.Edera, just over a year old, is focused on reimagining how containers are built and run by taking a hardware-up approach rather than layering security on from the top down. Their system eliminates lateral movement and living-off-the-land attacks from the outset by operating below the kernel, resulting in simplified, proactive protection across cloud and on-premises environments.What's notable is not just the technology, but the philosophy behind it. As Emily explains, organizations have grown accustomed to the limitations of containerization and the technical debt that comes with it. Edera challenges this assumption by revisiting foundational virtualization principles, drawing inspiration from technologies like Xen hypervisors, and applying them in modern ways to support today's use cases, including AI and GPU-driven environments.Kaylin adds that this design-first approach means security isn't bolted on later—it's embedded from the start. And yet, it's done without disruption. Teams don't need to scrap what they have or undertake complex rebuilds. The system works with existing environments to reduce complexity and ease compliance burdens like FedRAMP.For those grappling with infrastructure pain points—whether you're in product security, DevOps, or infrastructure—this conversation is worth a listen. Edera's vision is bold, but their delivery is practical. And yes, you'll find them roaming the show floor in bold pink—“mobile booth,” zero fluff.Listen to the episode to hear what it really means to be “secure by design” in the age of AI and container sprawl.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guests: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/Kaylin Trychon, Head of Communications, Edera | https://www.linkedin.com/in/kaylintrychon/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:emily long, kaylin trychon, sean martin, marco ciappelli, containers, virtualization, cloud, infrastructure, security, fedramp, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Dan Lorenc is the Co-founder and CEO of Chainguard, the safe source for open source.The internet runs on free, open source software. But as its risen in popularity, its become the latest attack point targeted by hackers and nation states.This conversation with Dan gets into the history of open source software, cloud computing, Linux, the software supply chain, how AI will impact it, and what the next big cyber attack will look like.Dan is an engineer, but he also loves sales and go-to-market. We unpack how Chainguard went from zero to 150 customers and a $40m ARR in two years.Chainguard just announced a $350 million Series D led by Kleiner and IVP, and Dan unpacks the round, plus shares his secret methodology for valuing the company.A big thank you to Dan's Co-founder Kim Lewandowski, to Clay Fischer @ Spark, Bogomil Balkansky & Andrew Reed @ Sequoia, and Tom Loverro @ IVP for their help brainstorming topics for Dan.Thanks to Numeral for supporting this episode, the end-to-end platform for sales tax and compliance. Try it here: https://bit.ly/NumeralThePeelTimestamps:(3:26) A safe source for open source(4:57) The software supply chain(7:19) Can you trust open source code with contributors in Russia?(9:43) Malware attack that almost took down the entire internet(12:40) What the next big cyber attack will look like(15:12) How will AI impact the software supply chain(17:53) The history of cloud computing(21:42) Why all cloud computing runs on Linux(23:16) How Linux + Linux distros work(29:28) Automating open source security(32:43) Chainguard roadmap: Libraries and VMs(36:40) Focusing on FedRAMP(42:44) Impact of DOGE(44:06) Zero to $40m ARR in two years(45:40) Learning to love sales as a technical founder(47:24) Lessons from Frank Slootman(51:15) How to create urgency in sales(53:16) How to build a sales team(58:23) Hiring Ryan Carlson from Wiz & Okta(1:01:45) Inside Chainguard's $350m Series D(1:07:41) Vibe coding + Dan's software stack(1:09:51) Cutting his hair in front of the entire company(1:10:27) Wearing a different suit to each board meeting(1:12:32) Bogomil, world's best SDRReferencedCheck out Chainguard: https://www.chainguard.dev/Jobs at Chainguard: https://www.chainguard.dev/careersPrior episode with Dan: https://www.youtube.com/watch?v=AC4cOJ9n_Z8Linux Origin Email: https://www.reddit.com/r/linux/comments/mmmlh3/linux_has_a_interested_history_this_is_one_of/The Qualified Sales Leader: https://www.amazon.com/Qualified-Sales-Leader-Proven-Lessons/dp/0578895064Julius, AI data analysis: https://julius.ai/Claude Code: https://www.anthropic.com/claude-codeWorld's best SDR: https://x.com/BogieBalkansky/status/19132697148828143502025 Chainguard Assemble Keynote: https://www.youtube.com/watch?v=adfU9LJg3I0Follow DanTwitter: https://x.com/lorenc_danLinkedIn: https://www.linkedin.com/in/danlorenc/Follow TurnerTwitter: https://twitter.com/TurnerNovakLinkedIn: https://www.linkedin.com/in/turnernovakSubscribe to my newsletter to get every episode + the transcript in your inbox every week: https://www.thespl.it/

Varun Mohan is the co-founder and CEO of Windsurf (formerly Codeium), an AI-powered development environment (IDE) that has been used by over 1 million developers in just four months and has quickly emerged as a leader in transforming how developers build software. Prior to finding success with Windsurf, the company pivoted twice—first from GPU virtualization infrastructure to an IDE plugin, and then to their own standalone IDE.In this conversation, you'll learn:1. Why Windsurf walked away from a profitable GPU infrastructure business and bet the company on helping engineers code2. The surprising UI discovery that tripled adoption rates overnight.3. The secret behind Windsurf's B2B enterprise plan, and why they invested early in an 80-person sales team despite conventional startup wisdom.4. How non-technical staff at Windsurf built their own custom tools instead of purchasing SaaS products, saving them over $500k in software costs5. Why Varun believes 90% of code will be AI-generated, but engineering jobs will actually increase6. How training on millions of incomplete code samples gives Windsurf an edge, and creates a moat long-term7. Why agency is the most undervalued and important skill in the AI era—Brought to you by:• Brex—The banking solution for startups• Productboard—Make products that matter• Coda—The all-in-one collaborative workspace—Where to find Varun Mohan:• X: https://x.com/_mohansolo• LinkedIn: https://www.linkedin.com/in/varunkmohan/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Varun's background(03:57) Building and scaling Windsurf(12:58) Windsurf: The new purpose-built IDE to harness magic(17:11) The future of engineering and AI(21:30) Skills worth investing in(23:07) Hiring philosophy and company culture(35:22) Sales strategy and market position(39:37) JetBrains vs. VS Code: extensibility and enterprise adoption(41:20) Live demo: building an Airbnb for dogs with Windsurf(42:46) Tips for using Windsurf effectively(46:38) AI's role in code modification and review(48:56) Empowering non-developers to build custom software(54:03) Training Windsurf(01:00:43) Windsurf's unique team structure and product strategy(01:06:40) The importance of continuous innovation(01:08:57) Final thoughts and advice for aspiring developers—Referenced:• Windsurf: https://windsurf.com/• VS Code: https://code.visualstudio.com/• JetBrains: https://www.jetbrains.com/• Eclipse: https://eclipseide.org/• Visual Studio: https://visualstudio.microsoft.com/• Vim: https://www.vim.org/• Emacs: https://www.gnu.org/software/emacs/• Lessons from a two-time unicorn builder, 50-time startup advisor, and 20-time company board member | Uri Levine (co-founder of Waze): https://www.lennysnewsletter.com/p/lessons-from-uri-levine• IntelliJ: https://www.jetbrains.com/idea/• Julia: https://julialang.org/• Parallel computing: https://en.wikipedia.org/wiki/Parallel_computing• Douglas Chen on LinkedIn: https://www.linkedin.com/in/douglaspchen/• Carlos Delatorre on LinkedIn: https://www.linkedin.com/in/cadelatorre/• MongoDB: https://www.mongodb.com/• Cursor: https://www.cursor.com/• GitHub Copilot: https://github.com/features/copilot• Llama: https://www.llama.com/• Mistral: https://mistral.ai/• Building Lovable: $10M ARR in 60 days with 15 people | Anton Osika (CEO and co-founder): https://www.lennysnewsletter.com/p/building-lovable-anton-osika• Inside Bolt: From near-death to ~$40m ARR in 5 months—one of the fastest-growing products in history | Eric Simons (founder & CEO of StackBlitz): https://www.lennysnewsletter.com/p/inside-bolt-eric-simons• Behind the product: Replit | Amjad Masad (co-founder and CEO): https://www.lennysnewsletter.com/p/behind-the-product-replit-amjad-masad• React: https://react.dev/• Sonnet: https://www.anthropic.com/claude/sonnet• OpenAI: https://openai.com/• FedRamp: https://www.fedramp.gov/• Dario Amodei on LinkedIn: https://www.linkedin.com/in/dario-amodei-3934934/• Amdahl's law: https://en.wikipedia.org/wiki/Amdahl%27s_law• How to win in the AI era: Ship a feature every week, embrace technical debt, ruthlessly cut scope, and create magic your competitors can't copy | Gaurav Misra (CEO and co-founder of Captions): https://www.lennysnewsletter.com/p/how-to-win-in-the-ai-era-gaurav-misra—Recommended book:• Fall in Love with the Problem, Not the Solution: A Handbook for Entrepreneurs: https://www.amazon.com/Fall-Love-Problem-Solution-Entrepreneurs/dp/1637741987—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe

Secretary of Defense Pete Hegseth signed a memo Thursday ordering the termination of several IT services contracts and directing the Pentagon's chief information officer to draw up plans for in-sourcing, among other measures. The aim is to “cut wasteful spending” and “support the continued rationalization” of the Defense Department's IT enterprise, Hegseth wrote. The move comes amid a broader push by the Trump administration to implement Department of Government Efficiency (DOGE) initiatives across federal agencies. Hegseth's new memo to senior Pentagon leadership ordered the termination of contracts affecting a variety of DOD components, including a Defense Health Agency contract for consulting services; an Air Force contract to re-sell third party enterprise cloud IT services; a Navy contract for business process consulting services; and a Defense Advanced Research Projects Agency (DARPA) contract for IT helpdesk services. In a video released on social media touting these DOGE-related efforts, Hegseth estimated that those contract terminations would save the Pentagon approximately $1.8 billion, $1.4 billion, $500 million and $500 million, respectively. Another round of General Services Administration workforce cuts is hitting Technology Transformation Services, specifically within its Integrated Award Environment (IAE), Solutions, and Office of Regulatory and Oversight Systems (OROS) programs, sources confirmed to FedScoop. Under TTS, the Solutions platforms and services, front office, public experience and accelerators teams were all affected by the reductions, according to a source with knowledge of the situation. However, programs that are safe from the current — and widespread — reductions in force include FedRAMP, Login.gov and Cloud.gov, sources said. Additionally, TTS consulting, fellowships and front office are untouched as well. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

In this episode of "Scrappy ABM," host Mason Cosby responds to a newsletter request from Shaughn, who is targeting security and compliance organizations requiring FedRAMP authorized signatures. Mason breaks down a strategic approach for standing out in a competitive market by leveraging a company's unique differentiators.Best Moments:(00:32) Introduction to Sean's specific ABM challenge in the electronic signature space(01:19) The importance of leveraging FedRAMP authorization as a market differentiator(02:11) Developing an "onlyness statement" based on unique value propositions(02:39) How to identify your true differentiators by asking customers why they buy(03:30) Using the account progression model to highlight specific problems you solve(04:58) Creating buyer enablement content to help champions sell internally(05:40) Warning against claiming "onlyness" publicly without true differentiation(07:29) Recommendation to focus on one department (HR, procurement, or legal) initially

Michael Duffy, President Donald Trump's nominee for Undersecretary of Defense for Acquisition and Sustainment, has committed to reviewing the Pentagon's Cybersecurity Maturity Model Certification (CMMC) 2.0 if confirmed. This revamped program, effective since December, mandates that defense contractors handling controlled, unclassified information comply with specific cybersecurity standards to qualify for Department of Defense contracts. Concerns have been raised about the burden these regulations may impose on smaller firms, with a report indicating that over 50% of respondents felt unprepared for the program's requirements. Duffy aims to balance security needs with regulatory burdens, recognizing the vulnerability of small and medium-sized businesses in the face of cyber threats.In addition to the CMMC developments, the General Services Administration (GSA) is set to unveil significant changes to the Federal Risk Authorization Management Program (FedRAMP). The new plan for 2025 focuses on establishing standards and policies rather than approving cloud authorization packages, which previously extended the process for up to 11 months. The GSA intends to automate at least 80% of current requirements, allowing cloud service providers to demonstrate compliance more efficiently, while reducing reliance on external support services.Across the Atlantic, the UK government has announced a comprehensive cybersecurity and resilience bill aimed at strengthening defenses against cyber threats. This legislation will bring more firms under regulatory oversight, specifically targeting managed service providers (MSPs) that provide core IT services and have extensive access to client systems. The proposed regulations will enhance incident reporting requirements and empower the Information Commissioner's Office to proactively identify and mitigate cyber risks, setting higher expectations for cybersecurity practices among MSPs.The episode also discusses the implications of recent developments in AI and cybersecurity. With companies like SolarWinds, CloudFlare, and Red Hat enhancing their offerings, the integration of AI into business operations raises concerns about security and compliance. The ease of generating fake documents using AI tools poses a significant risk to industries reliant on document verification. As the landscape evolves, IT service providers must adapt by advising clients on updated compliance practices and strengthening their cybersecurity measures to address these emerging threats. Four things to know today 00:00 New Regulatory Shifts for MSPs: CMMC 2.0, FedRAMP Overhaul, and UK Cyber Security Bill05:21 CISA Cuts and Signal on Gov Devices: What Could Go Wrong?08:15 AI Solutions Everywhere! SolarWinds, Cloudflare, and Red Hat Go All In11:37 OpenAI's Image Generation Capabilities Raise Fraud Worries: How Businesses Should Respond  Supported by:  https://www.huntress.com/mspradio/https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship  Join Dave April 22nd to learn about Marketing in the AI Era.  Signup here:  https://hubs.la/Q03dwWqg0 All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Now more than ever, the long running cloud security program known as FedRAMP needsindustry's help. That was the message Monday from Pete Waterman, the Director of the Federal Risk Authorization management program FedRAMP at the General Services Administration. Here with what's going on, Federal News Network's executive editor, Jason Miller. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Now more than ever, the long running cloud security program known as FedRAMP needs industry's help. That was the message Monday from Pete Waterman, the Director of the Federal Risk Authorization management program FedRAMP at the General Services Administration. Here with what's going on, Federal News Network's executive editor, Jason Miller. Learn more about your ad choices. Visit podcastchoices.com/adchoices

After serving for nearly 18 months as the Department of Defense's first-ever customer experience officer in the Office of the CIO, Savan Kong earlier this month parted ways with the Pentagon. Previously a member of the Defense Digital Service during his first tour of duty with the DOD, Kong helped build the department's CXO office from scratch, fostering a culture that prioritizes the needs of service members, civilians, and mission partners and striving to streamline governance processes, improve transparency, and ensure that IT solutions meet operational needs. Kong joins the Daily Scoop for a conversation to share the progress his office ushered in to improve customer experience for DOD's personnel, where things are headed under this administration and how AI will impact the CX space. FedRAMP is getting another overhaul, one that will involve far more automation and a greater role for the private sector, the program's chief announced Monday. Through FedRAMP 20x, the General Services Administration-based team focused on the program aims to simplify the authorization process and reduce the amount of time needed to approve a service from months to weeks, Director Pete Waterman said during an Alliance for Digital Innovation event. The private sector will also have increased responsibility over monitoring of their systems, he noted. In a critical change, agency sponsorship will — eventually — no longer be necessary to win authorization. As a first step, FedRAMP has launched four community working groups, which give the public a chance to share feedback, and focus on creating “innovative solutions” to formalize the program's standards. But in the meantime, Waterman said existing baselines will remain in place and there are no immediate changes to the program. The Office of Personnel Management and the departments of Treasury and Education are now barred from sharing individuals' personally identifiable information with DOGE representatives, a federal judge ruled Monday. Judge Deborah L. Boardman of the U.S. District Court for the District of Maryland said in her decision that in granting associates with Elon Musk's so-called government efficiency initiative access to systems containing plaintiffs' PII, the agencies “likely violated” the Privacy Act and the Administrative Procedure Act. The lawsuit was filed by the American Federation of Teachers, the International Association of Machinists and Aerospace Workers, the International Federation of Professional and Technical Engineers, the National Active and Retired Federal Employees Association, the National Federation of Federal Employees, and six military veterans. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

This week, the GovNavigators welcome Allison Brigati, former Deputy Administrator of the General Services Administration, and Daniel Heckman, CEO of MSI Consulting, to share lessons learned from the first Trump administration's push for government efficiency. They discuss overcoming resistance to change, and harnessing automation and AI to modernize government functions. Additionally, they reflect on how these strategies could shape current reform efforts as we enter Trump's second term.Show NotesPresident's Management Agenda: Trump Administration(2018), Cap Goal 6 Pg. 32Events on the GovNavigators' RadarMarch 24: FedRAMP 2025 Discussion with Pete Waterman March 26-28: Coleridge Initiative's Annual ConveningMarch 28: NAPA's Standing Panel on Executive Organization and Management

Cybersecurity is vital in today's cloud-based world. Learn about the journey Solventum took to StateRAMP and FedRAMP certification.

All non-critical and non-statutorily required work will cease at the General Services Administration's Technology Transformation Services as part of a 50% reduction of the office, according to Director Thomas Shedd. In his prepared remarks for a Thursday afternoon town hall, which were obtained by FedScoop, Shedd said that to deliver technology at GSA in a “more focused and streamlined way,” moving forward TTS will support only work that is required by statute and policy, fits into the Trump administration's definition of critical, and is prioritized by the leadership at GSA “in accordance with the priorities of the administration.” Everything else will be eliminated, per Shedd, who said in his remarks that TTS will be smaller in size – at least 50% smaller. Additionally, any contracts that support the work that falls outside of the established bounds “will be terminated” and any job functions that are deemed non-essential will be cut. The prioritized and remaining TTS programs include Login.gov, FedRAMP, Cloud.gov, statutorily required websites, the Integrated Award Environment, the Office of Regulatory Oversight, the Centers of Excellence, the Presidential Innovation Fellowship Program, the U.S. Digital Corps, operations and other “special projects.” Australian-based software company Atlassian has tapped Matthew Graviss to be its first public sector chief technology officer following his recent departure as the State Department's top data and AI official. Although the role starts a new private sector chapter in Graviss's career, being the first person to establish a newly created position is familiar ground. During his time in the federal government, Graviss was the first-ever chief data officer at both the State Department and the Department of Homeland Security's U.S. Citizenship and Immigration Services. In an interview with FedScoop, Graviss said his role at Atlassian is an extension of that experience in that he'll again be codifying the responsibilities of the job, showing value and solving customer problems. Regardless of whether his role is in or out of the government, Graviss said “the delivery of better goods and services to citizens is contingent upon … an ecosystem of government employees, service providers, and solution providers.” The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The rise of IT generalists is becoming increasingly significant as the industry grapples with a growing talent gap. A recent report by Auvik reveals that a staggering 78% of IT professionals feel that work-related stressors hinder their ability to improve their skills, with 60% experiencing burnout. As baby boomers retire at an accelerated pace, the workload is shifting to senior employees, intensifying stress and workload issues. The report highlights the necessity for IT professionals to possess a broad range of knowledge across various IT functions, emphasizing the integration of artificial intelligence and automation to alleviate these challenges.Managed service providers (MSPs) are facing heightened security demands, yet there are concerns about whether clients are allocating their budgets effectively. A series of market reports indicate that organizations are managing an average of 45 cybersecurity tools, which calls for a streamlined approach to security controls. The landscape of cybersecurity is evolving, with a notable shift towards generative AI and the need for comprehensive strategies for machine identity and access management. MSPs are encouraged to help clients prioritize security investments based on risk rather than simply increasing spending.Recent product announcements from companies like Scion AG, Huntress, and Cisco reflect the industry's response to these challenges. Scion AG has launched Scion Guard360, a cybersecurity solution aimed at small and medium-sized enterprises, while Huntress introduced a sensitive data mode to aid compliance with the Cybersecurity Maturity Model Certification. Cisco's Meraki for Government solution has achieved FedRAMP authorization, underscoring the importance of compliance in enhancing security for federal agencies. These developments highlight the trend towards automation and AI-driven solutions in the security sector.The backlash against Broadcom's acquisition of VMware is resulting in significant financial gains for competitors like Nutanix and Scale Computing. Nutanix reported a 16% revenue increase, driven by customers seeking alternatives to VMware, while Scale Computing experienced a remarkable 400% growth in enterprise demand. This shift in buying behavior indicates that organizations are actively looking for new solutions, presenting an opportunity for IT consultants to guide clients through the migration process. As the market evolves, understanding alternatives to VMware could provide a competitive advantage for service providers. Four things to know today00:00 IT Generalists on the Rise: Auvik Report Highlights Burnout, Skills Gaps, and AI's Role04:32 MSPs Face Rising Security Demand—But Are Clients Spending in the Right Places? 08:51 Huntress, Cisco, and Cyan AG Roll Out New Security Features—Here's Why It Matters11:14 Big Wins for Nutanix and Scale Computing as VMware Customers Make Their Move  Supported by:  https://syncromsp.com/  Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Forecast = Punxsutawney Phil saw his shadow, so we can expect continued Musk-y days ahead in these remaining DOGE days of Winter. ‍ In this week's episode of GreyNoise Storm⚡️Watch, we have a bit of an AI-theme. First, the Department of Government Efficiency (DOGE), led by Elon Musk, has sparked significant privacy and security concerns by accessing sensitive federal systems like Treasury databases and Education Department records through AI-driven analysis. Critics highlight undisclosed partnerships with vendors like Inventry.ai, which allegedly introduced algorithmic bias by disproportionately targeting diversity programs and climate initiatives while retaining fossil fuel subsidies. Cybersecurity experts warn about unvetted API integrations and data security risks, as Inventry.ai processed taxpayer information without proper FedRAMP authorization. These issues have led to bipartisan calls for stricter AI procurement rules and transparency mandates to rebuild public trust. Meanwhile, Chinese AI startup DeepSeek faces scrutiny over its claims of rivaling GPT-4 at lower costs, with analysts questioning its $5.6M training budget and geopolitical alignment. The models show systematic pro-China biases, refusing to answer 88% of sensitive questions about Tiananmen Square or Taiwan while promoting CCP narratives in responses. Security researchers flag its opaque training data—potentially using OpenAI outputs—and anti-debugging features that hinder independent audits. These concerns have triggered bans in Australia, South Korea, and U.S. agencies like NASA, with EU officials noting non-compliance with cybersecurity standards. On the defense front, Splunk's DECEIVE AI honeypot introduces innovative deception tech by letting users simulate systems via text prompts, democratizing access to advanced threat detection. While it offers dynamic behavioral analysis and safe sandboxing, security professionals caution about LLM hallucination risks that could tip off attackers and ethical questions around logging fabricated credentials. The open-source tool shows promise but remains untested against sophisticated adversaries. Rounding out the cybersecurity landscape, Censys research exposes the BADBOX botnet's infrastructure and BeyondTrust vulnerabilities, while VulnCheck highlights 2024's exploitation trends and Zyxel's unpatched telnet flaws; and GreyNoise's latest Noiseletter showcases new platform features + upcoming events. Storm Watch Homepage >> Learn more about GreyNoise >>  

The FedRAMP Emerging Technology Prioritization Framework, which was established last year to accelerate the use of systems like artificial intelligence in the federal cloud, has been eliminated as part of President Donald Trump's rescission of the Biden administration's AI executive order. A person with direct knowledge of the matter confirmed the program no longer existed. The Emerging Technology Prioritization Framework, which recently switched to a rolling application process, aimed to allow cloud service providers to request prioritization of cloud services associated with emerging technology in the FedRAMP authorization process. The framework's final draft was issued last summer, requiring interested cloud providers to apply for prioritization by the end of August 2024. The General Services Administration, which operates the FedRAMP program, said initial determinations would be announced the following month. Pete Hegseth, President Donald Trump's nominee to lead the Pentagon, was confirmed as the next secretary of defense after Vice President JD Vance cast the tiebreaking vote in the Senate Friday night. Senators voted 50-50 before Vance had to be called in to tip the balance. Hegseth will take the helm at the Defense Department as the DOD gears up for potential wars against high-tech adversaries such as China. During his confirmation process, Hegseth pledged that as defense secretary he would prioritize investments in AI, drones and counter-drone systems, among other technologies that he considers key to military modernization. Soon after his confirmation, Hegseth issued a message to the military on Saturday that expressed his intent to quickly field emerging capabilities to deter China and others. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The episode highlights a notable rise in small business optimism, with the National Federation of Independent Business reporting an optimism index of 105.1, the highest since October 2018. Despite this positive sentiment, challenges such as inflation and labor quality persist, with a significant percentage of business owners planning to raise compensation. The episode also touches on the impact of Donald Trump's presidency on channel partners, with many expecting positive outcomes from tariffs.Sobel delves into the ongoing shifts in the job market, particularly within the IT sector, where traditional roles are diminishing due to the rise of AI. The episode notes that while IT layoffs have slowed, the market has seen a contraction with nearly 71,000 jobs lost over two years. The World Economic Forum's report indicates that AI is creating new job opportunities, with a net gain of 2 million jobs expected by 2030. However, the episode warns of a decline in employee engagement, which has hit a 10-year low, emphasizing the importance of focusing on workforce development amidst these changes.The podcast also addresses the projected growth in worldwide IT spending, which is expected to rise to $5.61 trillion in 2025. However, Sobel cautions that much of this growth may be offset by price hikes, leading to a situation where customers may not see the benefits of increased spending. Key areas for investment include data center systems and software, with a significant uptick in AI usage among small and mid-sized businesses. The episode underscores the necessity for businesses to adapt and find ways to deliver more value to their customers despite rising costs.Finally, the episode covers recent regulatory changes, including President Trump's revocation of an AI safety order established by the previous administration. The FCC has introduced new cybersecurity rules, and FedRAMP is proposing to streamline requirements for cloud service providers. Sobel emphasizes the importance of staying informed about these regulatory shifts, as they will impact the tech landscape moving forward. The episode concludes with a reminder of the significance of understanding the evolving dynamics in the IT sector and the need for continuous learning and adaptation. Four things to know today 00:00 IT Layoffs Slow While Small Business Confidence Soars, But AI and Engagement Challenges Shape the Future04:34 Global IT Growth Drives AI Investment in SMBs, but Price Hikes Threaten Real Value in 2025 07:39 Regulation in Flux: Trump Revokes AI Safety Order as FCC and FedRAMP Push New Cybersecurity Measures09:52 CompTIA Layoffs Raise Questions About Private Equity's Role in Restructuring the Tech Certification Giant  Supported by:  https://timezest.com/mspradio/https://www.huntress.com/mspradio/   All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

If your organization uses Google Workspace you have access to Google Groups. Kind of like a listserv but so much better.What are Google Groups?If your nonprofit uses Google Workspace, you can use Google Groups to manage tasks via an email group, with granular controls and monitoring if you need it. Google Groups can improve security for email addresses like “donate@mynonprofit” or “info@mynonprofit” if that email directs to a group and is not its own account that's credentials could be hacked. Director of IT Consulting Steve Longenecker explains the ins and outs of using Google Groups and some issues to consider including Google's Fedramp certification if you are trying to use Google Groups with federal workers. Since few MSPs can help nonprofits using Google Workspace, please contact us if you have more questions we can help with. We know that so many nonprofit startups start using Google Workspace because it is easy. Some Key Takeaways:Google Groups works like a listserv, allowing multiple people to view and respond to group emails right from their inbox. No new tools needed like slack or discord. Keeping it simple can help your team or volunteers engage easily.Google Groups allows granular permissions and allows a manager to assign certain email threads to specific team members, so you can make sure all donation inquiries get a quick response, for example. Managers can get valuable insight into email thread status and team members can easily collaborate without checking and back-checking to see who is taking which inquiry.Google Groups can be useful in keeping volunteer groups organized and engaged. You can assign any email to Google Groups, making a partly external volunteer team more functional and making it easier for busy volunteers to participate, right from their inbox.Google Groups has many security features that make it preferable to listservs. And Listerv tools are becoming harder to find and manage. Everyone uses email – if you already use Google Workspace you have a listserv tool already available to you, for free, that has many features and security that listservs just don't have.Google Groups is relatively easy to set up and manage, and Google provides lots of helpful how-to tutorials and advice that are accessible to non-technical managers.If you are trying to use Google Groups with federal employees and encountering resistance, be aware that Google has Fedramp certification. This means your federal friends are allowed to use it from a security perspective.Google Groups is a tool you should consider if you are struggling to manage a team or volunteer group. It is easy to get started and easy to expand as you learn the capabilities. We know that few MSPs serving nonprofits are experts in Google Workspace. Community IT has developed expertise in Google Workspace support since we serve nonprofits exclusively, and so many nonprofits use this platform.  _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Get the GovClose Certification: https://www.govclose.com/sales-certification Join us as we talk to Ekene Imbata, founder of Facility Management Supplies and People, Inc., about his journey into government contracting. Kenny shares how he transitioned from running a software solutions business to securing his first contracts with the government. Learn about his strategic partnerships, insights into MRO products, and plans to expand into DoD and software contracts.   Ekene is just getting started and If you're looking for inspiration to break into government sales, this is the episode for you! Timestamps: [00:00:00] Introduction to Kenny Imbata and His Business Journey Overview of Facility Management Supplies and People, Inc. Initial motivation to pursue government contracting. [00:00:45] Why Government Contracting? Discovering the government as the largest buyer. Importance of targeting higher-value clients. [00:06:00] Starting Small: Registration and Early Challenges Kenny's first steps on SAM.gov and early difficulties with software contracts. [00:08:30] Teaming Up for Success Partnering with an experienced company for MRO product contracts. How joint ventures and subcontracting can fast-track success. [00:12:00] Fine-Tuning the GovCon Process Focusing on niche markets to reduce competition. Targeting specific agencies like the Navy shipyards. [00:15:30] The Challenges of Pricing and Past Performance Understanding the importance of supplier relationships and profit margins. Strategies to secure past performance for future growth. [00:18:45] Expanding into DoD and Software Contracts Kenny's exploration of custom software solutions for government needs. Navigating cybersecurity requirements like FedRAMP and NIST. [00:24:00] Building Relationships and Long-Term Success Leveraging relationships with agencies and vendors for simplified acquisitions. Kenny's advice for aspiring GovCon professionals. [00:26:00] Final Thoughts and Advice for New GovCon Entrants Kenny's top takeaways from his journey. How to reach out to Kenny for advice or collaboration. Ekene's Linkedin Profile    

Palantir (PLTR) rallied again to yet another all-time high after receiving FedRAMP "high authorization" for its cloud services. How much higher can the stock soar? Mostly-neutral analyst reactions show doubt for a continuing bull run. Alex Coffey and Caroline Woods weigh if Palantir can keep up its 300%+ year-to-date rally. ======== Schwab Network ======== Empowering every investor and trader, every market day. Subscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribe Download the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185 Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7 Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watch Watch on Vizio - https://www.vizio.com/en/watchfreeplus-explore Watch on DistroTV - https://www.distro.tv/live/schwab-network/ Follow us on X – https://twitter.com/schwabnetwork Follow us on Facebook – https://www.facebook.com/schwabnetwork Follow us on LinkedIn - https://www.linkedin.com/company/schwab-network/ About Schwab Network - https://schwabnetwork.com/about

In this episode of Game Changers for Government Contractors, host Michael LeJeune and cybersecurity expert Gary Daemer discuss FedRAMP, an essential certification for cloud service providers looking to sell to the federal government. With over 40 years of experience in cybersecurity, Gary provides a comprehensive overview of what FedRAMP entails, who needs it, and the challenges involved. Learn about the rigorous process, timelines, costs, and ongoing maintenance requirements for certification. Gary also shares strategic advice on whether pursuing FedRAMP is right for your business and tips for leveraging resources like SBIRs to offset costs. This episode is a must-listen for contractors aiming to enter or expand in the government market. ----- Frustrated with your government contracting journey? Join our group coaching community here: https://federal-access.com/gamechangers Grab my #1 bestselling book, "I'm New to Government Contract. Where Should I Start?" Here: https://amzn.to/4c5Vb0d

In an era of escalating digital threats, cybersecurity compliance goes beyond ticking a legal box - it's a crucial shield safeguarding assets, reputation, and the very survival of your business. What is the most common pain point facing businesses these days? Is it supply chain fragility? Fierce competition? Tight cashflows? Or is it the rising and relentless tide of cyberattacks? Evidence and analysts suggest it's often the latter. As cyberthreats show no signs of slowing down, both small and large organizations increasingly recognize that cybersecurity is no longer optional. What's more, governments and regulatory agencies have also caught onto its importance, especially when it concerns organizations that operate in sectors that are critical to a nation's national infrastructure. The result? An expanding set of compliance requirements that feel daunting but are essential for a country's smooth operations and public security. Forms of compliance For starters, we need to distinguish between two types of compliance - compulsory and voluntary, as each brings its own set of requirements. Compulsory compliance encompasses regulations enforced by state-level or state-adjacent agencies and targeting companies operating in critical infrastructure sectors, such as healthcare, transport, and energy. For example, a company working with patient data in the US must abide by the Health Insurance Portability and Accountability Act (HIPAA), a federal regulation, to maintain patient data privacy across state lines. On the other hand, voluntary compliance means that businesses apply for specific certifications and standards that identify them as experts within a particular field or qualify some of their products as fulfilling a standard. For example, a company seeking environmental credibility might apply for ISO 14001 certification that demonstrates its commitment to environment-friendly practices. However, every company needs to recognize that compliance isn't a one-time effort. Every standard, or another "bit of compliance", requires additional resources since these processes require consistent monitoring and budget allocations (even ISO certifications require regular re-certification). Cybersecurity compliance - not only for security vendors A company that doesn't conform to compulsory compliance can face hefty fines. Incidents such as data breaches or ransomware attacks can result in extensive costs, but evidence of a failure to comply with mandated security measures can ultimately cause the final bill to go "through the roof". The specific cybersecurity regulations an organization needs to abide by depend on the type of industry the company operates in, and how important the security of its internal data is to privacy, data security, or critical infrastructure acts. Do also note that many regulatory acts and certifications are region-specific. Furthermore, depending on what customers, clients, or partners a business wants to attract, it is wise to apply for a specific certificate to qualify for a contract. For example, if a company wants to work with the US federal government, it needs to apply for the FedRAMP certificate, demonstrating its competence in protecting federal data. At any rate, compliance needs to be built into the foundations of any business strategy. As regulatory requirements keep rising in the future, well-prepared companies will have an easier time adapting to the changes, With compliance being measured continuously, this can save organizations significant resources and enable their growth in the long run. Key cybersecurity acts and frameworks Let's now have a quick rundown on some of the most important cybersecurity regulatory acts and frameworks: Health Insurance Portability and Accountability Act (HIPAA) This regulatory act covers the handling of patient information in hospitals and other healthcare facilities. It represents a set of standards that are designed to protect confidential patient health data from be...

In today's episode, Les talks with Kenny Scott, the founder of Paramify. Kenny shares his journey from initially disliking compliance and GRC work to eventually building a successful SaaS company that automates and streamlines these processes. He discusses his background in consulting and cybersecurity, his brief stint running a hedge fund, and the pivotal moment when he decided to create a solution to the pain points he experienced in the GRC space. Throughout the conversation, Kenny emphasizes the importance of relationships, prioritizing family, and leveraging technology to enable security professionals to focus on more strategic initiatives. Kenny talks about the importance of balancing work and family and predicts a future where AI will play a crucial role in enhancing cybersecurity. Here's a closer look at the episode: Kenny's background, mentioning his initial interest in finance and his transition to programming. Kenny discusses his career progression, including roles at Google, American Express, and Adobe, where he worked on organizational risk management. Kenny reflects on the challenges and rewards of his career, emphasizing the importance of solving real problems. Kenny's thoughts on the significance of governance, risk, and compliance (GRC) and the growing demand for security services. Kenny dives into the complexities of FedRAMP, explaining its purpose and the rigorous process involved. Kenny talks about the early days of Paramify, including the search for talented developers and the initial success with small startups. Kenny highlights the importance of relationships and the support from early clients like Palo Alto Networks. Kenny provides an update on Paramify's current status, including their FedRAMP High audit and the growth of their client base. Resources: Website: https://www.paramify.com/ Kenny LinkedIn: https://www.linkedin.com/in/kenny-g-scott/ Paramify LinkedIn: https://www.linkedin.com/company/paramify/ Kenny Twitter: https://x.com/kenny_g_scott

The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization's unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN's experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.Learn more about A-LIGN: https://itspm.ag/a-lign-uz1wNote: This story contains promotional content. Learn more.Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/ResourcesLearn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lignLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode, Intel Federal CTO Steve Orrin discusses securing edge devices, enabling trusted AI, and navigating cybersecurity challenges in the public sector. Discover strategies for protecting sensitive data, complying with regulations, and ensuring the trustworthiness of cutting-edge technologies critical to government missions.

Host Dave Sobel engages in a thought-provoking conversation with Steven Cook, the owner of Strategic IT Services, a managed service provider (MSP) specializing in cybersecurity. Steven shares insights into the diverse range of services his organization offers, from general technical support to cybersecurity and disaster recovery. With a focus on co-managed IT, Steven explains how his company assists businesses of varying sizes, from solopreneurs to larger organizations in regulated sectors like finance and energy.The discussion delves into the impact of regulations on customer needs, particularly in the energy sector, where recent political changes have significantly affected income streams. Steven highlights the challenges faced by small businesses in maintaining IT services, often opting for minimal or no support, which raises concerns about cybersecurity risks. He emphasizes the importance of having a baseline level of security measures in place, such as endpoint detection and response, to protect sensitive information and maintain operational continuity.As the conversation progresses, the topic shifts to the evolving landscape of cybersecurity regulations, including the rollout of CMMC 2.0 and the implications of FedRAMP certification for software vendors. Steven expresses his expectation that demand for compliance with these standards will increase, particularly as more MSPs and MSSPs serve defense-related industries. He notes that while some vendors have yet to prioritize FedRAMP certification, there is a growing need for businesses to adopt security measures that meet regulatory requirements.Finally, Steven shares his perspective on the liability of software providers in the context of cybersecurity incidents. He argues that while vendors like CrowdStrike bear some responsibility for their products, the onus also falls on businesses and IT implementers to follow best practices in deploying technology. This includes implementing phased rollouts and testing updates in controlled environments. The episode concludes with a call for clearer regulations and standards to protect businesses and their customers from the increasing threat of cyberattacks. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

This week, Ryan Connell sits down with cybersecurity expert Chris Hughes, CEO of Aquia, a veteran-owned cloud and cybersecurity digital services firm. Chris brings two decades of experience from the federal IT space, sharing insights on everything from AI adoption in the government to the importance of continuous ATO. Chris dives into the challenges and opportunities of experimenting with new technologies, the balance between security and usability, and the evolving landscape of cybersecurity compliance in the DoD. Whether you're a tech professional, a government contractor, or someone interested in the future of defense technology, this episode is packed with valuable perspectives and actionable takeaways. TIMESTAMPS: (0:49) Chris's journey in federal IT and cyber (2:25) Diving into cybersecurity practices (4:33) Balancing “build vs. buy” in cybersecurity (12:30) A deep dive on FedRAMP and ATO (16:45) How to leverage AI for cybersecurity (18:13) Navigating software supply chain security (20:57) How to overcome software supply chain security challenges (27:30) If Chris was king of Dod for the day, what would he change? LINKS: Follow Ryan: https://www.linkedin.com/in/ryan-connell-8413a03a/ Follow Chris: https://www.linkedin.com/in/resilientcyber/ Aquia: https://www.aquia.us/ CDAO: https://www.ai.mil/ Tradewinds: https://www.tradewindai.com/

DORA - the EU's Digital Operational Resiliency Act - will take effect in January of 2025 and is currently top of mind for IT Leaders across all financial service institutions that operate in the European Union. But what is DORA really? Why is this important? How can institutions meet the DORA requirements? What is the role of observability, automation and AI in all of this?To answer all those and more questions we invited Kay Young, Sr Principal Product Manager at Dynatrace, who has been working with organizations around the globe that have been tasked to implement regulations such as DORA, GDPR, FedRAMP or others.In our conversation we also touch base on the third-party risk management as well as resiliency testing and incident reporting.Resources we discussed:Kay's LinkedIn Profile: https://www.linkedin.com/in/karlien-young-4a156730/What is DORA blog: https://www.dynatrace.com/news/blog/what-is-dora/Taming DORA compliance: https://www.dynatrace.com/news/blog/taming-dora-compliance-with-ai-observability-and-security/Blog on Dynatrace's DORA compliance journey: https://www.dynatrace.com/news/blog/the-dynatrace-journey-toward-dora-compliance/Beyond DORA compliance: https://www.dynatrace.com/news/blog/dora-how-dynatrace-helps-the-financial-sector-stay-resilient/

The FedRAMP program has been around for over a decade and has recently released a host of new policies and resources, including a new roadmap, a refreshed OMB policy memo, two different pilots, an emerging technology prioritization framework, an a request for public comment on new metrics. Zaree Singer, Agency Engagement Lead at the FedRAMP program at GSA joins the GovNavigators Show to talk about the new and refurbished FedRAMP program. Show NotesFedRAMP RoadmapEmerging Technology Prioritization FrameworkFedRAMP Agile Delivery PilotRefreshed OMB Policy MemoFedRAMP Metrics for Public CommentNews LinksWSJ: Cheetos Turning Mice TranslucentOMB Issues Guidance to Advance the Responsible Acquisition of AI in GovernmentGAO: OMB Needs a Structure to Govern and a Plan to Develop a Comprehensive InventoryWash Post: After bungling financial aid process, Ed Dept. begins testing new FAFSAFed News Network: Rep. Mace questions GSA's plan for replacing FedRAMP JABEvents on the GovNavigators' RadarPSC: 2024 Defense Conference (10/8/24)ACT-IAC: Cybersecurity Summit and U.S. Cyber Challenge Awards Ceremony 2024 (10/9/24)AFCEA Bethesda: Kickin' It with Energy: A Conversation With Leadership (10/10/24)Abundance Conference (10/9/24 - 10/10/24)

The rollout of Windows 11 version 24H2 introduces a range of AI-powered features, such as enhanced Energy Saver, improved Bluetooth LE audio support, and Wi-Fi 7 compatibility. Notably, Microsoft has integrated Rust into the Windows kernel and introduced new functionalities for its CoPilot AI, which now includes natural voice interaction and daily news summarization. However, the update also marks the end of support for Windows Mixed Reality headsets, as Microsoft shifts its focus away from hardware in the mixed reality space.Host Dave Sobel highlights Microsoft's decision to cease production of the HoloLens 2 and its partnership with Meta, indicating a strategic pivot towards software integration with Meta's Quest headsets. This move reflects a broader trend in the tech industry, where companies are increasingly prioritizing AI-driven productivity tools. Sobel emphasizes the importance of data management for businesses looking to leverage these new AI capabilities effectively, suggesting that many customers may not be prepared to utilize these tools without a solid data foundation.The episode also covers OpenAI's introduction of a public beta for its Realtime API, which allows developers to create applications that facilitate natural conversations with AI chatbots. This new API supports low-latency, multimodal features, enhancing voice interactions and enabling seamless communication across languages. Additionally, Liquid AI has launched its Liquid Foundation Models, which are non-transformer AI models designed for improved performance and memory efficiency, potentially lowering infrastructure costs for clients running large-scale AI applications.Finally, Sobel discusses Kaseya's commitment to achieving FedRAMP authorization for its ITComplete platform, which aims to support managed service providers (MSPs) with compliance requirements. This initiative is particularly significant as it addresses the growing need for compliance in government contracts. The episode concludes with a call for IT solution providers to participate in Service Leadership's annual compensation survey, which aims to provide insights into compensation trends and help organizations optimize their recruitment strategies. Three things to know today 00:00 Windows 11 Update Brings AI Features as Microsoft Exits Mixed Reality Hardware with HoloLens05:05 OpenAI Expands Voice Integration with Realtime API, While Liquid AI Launches Efficient Non-Transformer Models07:10 Kaseya Aims for FedRAMP Authorization as Service Leadership Opens IT Compensation Survey  Supported by:  https://www.coreview.com/msphttps://mspradio.com/engage/  Event: www.smbTechFest.com/Go/Sobel    All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

If you provide (or want to provide) innovative cloud products or services to federal agencies, then you'll need to consider FedRAMP.Today, Neil McDonnell interviews Zyad Nabbus, Principal of DataLock Consulting Group to share his lessons learned as a FedRAMP accredited Third Party Assessment Organization (3PAO).✅ In this training, GovCon Chamber president Neil McDonnell explainsWhat is FedRAMP and what are the various roles involvedWho should care about FedRAMPHow to make the FedRAMP process easier to speed your product to productionWHAT IS FEDRAMP?The Federal Risk and Authorization Management Program (FedRAMP®) was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP empowers agencies to use modern cloud technologies, with an emphasis on security and protection of federal information.ABOUT OUR GUEST: Zyad Nabbus A Cybersecurity Firm Focused on Securing Mission-Critical Systems, Protecting Supply Chains, and Safeguarding Digital Assets Within Federal Agencies, While Ensuring Regulatory Compliance.✅ Join us on LinkedIn to build your network and engaging other in the largest Government Contracting community online.–––––––––––––––––––––––––HOST | Neil McDonnellpresident GovCon Chamber of Commerce and co-founder of GovCon in a Boxhttps://www.linkedin.com/in/neil-mcdonnell/Small business owners trust Neil to show them HOW to earn federal government contracts and subcontracts. A passionate 'evangelist' for business development in the federal marketplace, Neil has helped 1000s of small business contractors collectively win over $3B (federal contract value).A small business contractor in the tech space for 25+ years, Neil successfully won contracts worth hundreds of millions for the Department of Defense and civilian agencies, includingUS Army • US Navy • US Air Force • HHS • VA • White House • Departments of Education, Transportation, Interior and Energy and numerous large prime contractors✅ SPONSORED BY GOVCON IN A BOX | www.GOVCONinaBox.comGovCon in a Box is a FREE AI Community Resource for small business government contractors (launched July 2024)Maximize your visibility to federal buyers by getting a '100 Visibliity Score'Find teammates who want to work with youGettting daily updates of RFIs in your sweet spotRespond to opportunities that you can winSee consolidated data from USA Spending, FDPS, and DSBSwww.GOVCONinaBox.com

  https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com FedRAMP was launched fourteen years ago; today we get an update on metrics and use cases to help companies considering certification. James Leach has been immersed in the world of FedRAMP since the beginning. Today, he gives listeners insight on navigating the FedRAMP compliance process. Commercial companies understand, in detail, the business problem they can solve. For some reason, when it comes to the federal government, they think they can “copy and paste” a business case and have it resonate. When they apply, they may reference a single-threaded business case without federal business. Or they may promote an on-premises model and not include a cloud reference. Finally, organizations may dive into a hybrid cloud environment where it is a challenge to get sponsors. First, one must do business with an agency and understand their requirements in detail; they will have different priorities from a regular “for profit” company. You will also need an agency to sponsor your application. Once these basic hurdles are achieved, then one can begin to study cloud reference architecture. During the interview, James Leach gave several guidelines. >> You need to understand FedRAMP more as a maturity model than a checklist for compliance. >> You need to understand the controls but, more importantly, how the mandates are implemented. Commercial companies can expend considerable resources to achieve FedRAMP certification, only to get frustrated in the end. FedRAMP is not a walk in the park and must be taken seriously.

General Service Administration Executive Director of Cloud Strategy Eric Mill briefed updates for the newly focused FedRAMP program and associated advisories for cloud service providers. FedRAMP's Agile Delivery Pilot will help prepare the program for continuous assessments, a key part of FedRAMP 2.0's evolution. He also previews FedRAMP's Emerging Technology Prioritization Framework that will soon enable agencies to use generative AI. Mill discusses the agency's new automation hub, automation.gsa.gov, supporting cloud service providers creating and managing digital authorization packages. He also shares his priorities around real-time data sharing, APIs and secure software development.

Pete Waterman, a former Technology Modernization Fund adviser and U.S. Digital Services engineer, has been tapped as the new FedRAMP director, the General Services Administration announced in an internal email Monday. His appointment comes after he served at GSA as a senior technical adviser for TMF until earlier this year. Waterman, who officially started Monday, will report to Lauren Bracey Scheidt, assistant commissioner of the agency's Technology and Transformation Services Office of Solutions, and work to “build on the FedRAMP team's considerable transformation momentum, and guide program strategy for 2025 and beyond.” The Biden administration is reporting major progress in its quest to deploy half a million public chargers by the end of the decade. The Energy Department on Tuesday said that there were now more than 192,000 public charging ports available throughout the country and that since the start of President Joe Biden's term, the number of public EV chargers has doubled. The announcement of those milestones came as the government announced more than half a billion dollars to nearly 30 states, two tribes and Washington, D.C. to build even more charging infrastructure. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

This week's episode covers DOD's proposed rule regarding Cybersecurity Maturity Model Certification 2.0, DOJ's new Corporate Whistleblower Awards Pilot Program, and an OMB memo that proposes updates to FedRAMP, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

Federal agencies with highly sensitive workloads now have the opportunity to use OpenAI GPT-4o. Microsoft announced that it received FedRAMP High accreditation to offer the OpenAI generative AI platform through its Azure Government cloud. The FedRAMP High designation denotes that the OpenAI services have met a higher security threshold to work with sensitive civilian datasets, including those in the fields of health care, law enforcement, finance and emergency response, among others. The General Services Administration has a health robotic process automation program, but in some cases, those bots are putting data and systems at risk, the agency's inspector general found in a recent audit. In a new report, GSA's Office of the Inspector General stated that the agency's RPA program did not comply with IT security requirements to “ensure bots are operating securely and properly.” The watchdog found a slew of security issues with the bots ranging from the agency not establishing a process for removing access to decommissioned bots to a lack of monitoring and reporting bot-related activity. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

Ransomware attacks have prompted legislative action to classify such cyber offenses alongside terrorism. A provision authored by Sen. Mark Warner, D-Va., included in the annual intelligence authorization act, seeks to combat the surge in ransomware by naming specific gangs and designating host nations as 'state sponsors of ransomware,' subjecting them to potential U.S. sanctions. Although the U.S. Justice Department has previously prioritized ransomware investigations similarly to terrorism, this proposal would be the first law to formally link ransomware to terrorism. However, its effectiveness is debated among experts due to the complex ties between ransomware actors and their host states. In other news, the Department of State is conducting market research on customizable large language models (LLMs) that could enhance its handling of classified and unclassified data. This initiative is part of an effort to identify available AI tools that meet stringent security requirements, including the Defense Department's Impact Level 6 and moderate-level FedRAMP authorization. This reflects the department's strategic approach to augmenting its diplomatic missions with advanced technology. The Department of Health and Human Services (HHS) is restructuring its technological and AI responsibilities, transferring these from the Assistant Secretary for Administration to the Office of the National Coordinator for Health Information Technology (ONC), now also designated as the Assistant Secretary for Technology Policy. FedScoop's Madison Alder sits down with Micky Tripathi, head of ONC and the new Assistant Secretary for Technology Policy, to discuss the reorganization's goals to enhance departmental AI and tech strategies and improve integration across HHS's diverse agencies. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

In the current landscape of AI sentiment analysis, there are challenges faced by organizations in justifying the costs of generative AI projects. While executives expect AI to boost productivity, employees report feeling overwhelmed and experiencing burnout due to increased workloads. This discrepancy between leaders and employees underscores the need for organizations to invest in AI implementation, leverage freelance talent, and rethink productivity metrics to address these issues effectively.The episode also delves into the findings of the 2024 Stack Overflow Developer Survey, revealing a widening gap between the increasing use of AI tools by developers and their trust in the accuracy of these tools. Concerns around misinformation, data attribution, and bias contribute to the lack of trust in AI systems. Despite these concerns, developers do not see AI as a job threat, with JavaScript remaining the most popular programming language and AWS leading in cloud platforms.Furthermore, the discussion touches on the evolving landscape of IT and privacy policy, with a focus on the modernization of the Federal Risk and Authorization Management Program (FedRAMP) and recent court rulings on border searches. The modernization of FedRAMP aims to enhance cloud security authorization processes, driving government-wide digital transformation and IT modernization. Additionally, the court ruling emphasizes the importance of warrants for searches, safeguarding privacy rights protected by the First and Fourth Amendments.Lastly, the episode explores Microsoft's response to the CrowdStrike outage, where 8.5 million PCs were affected by a faulty update. Microsoft is considering restricting third-party access to the Windows kernel to enhance system reliability and security. This incident underscores the importance of software quality and system resilience, prompting discussions around kernel access policies. The episode concludes with a call for technology advancements and a reminder of the significance of software quality in ensuring system reliability. Three things to know today00:00 AI Sentiment Analysis: Addressing the Gaps Between Business Leaders and Employees, Product Use and Trust04:17 FedRAMP Modernization and Court Ruling on Border Searches Highlight Major IT and Privacy Policy Shifts06:15 Microsoft's Security Strategy: Lessons from CrowdStrike Outage and Potential Kernel Access Restrictions  Supported by:  https://movebot.io/mspradio/   All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

The White House will issue final FedRAMP modernization guidance on Friday, addressing changes in the cloud market and agency needs for diverse mission delivery. The guidance aims to reform the cloud security authorization program by focusing on strategic goals, including rigorous reviews and swift mitigation of security weaknesses by cloud service providers. The memo emphasizes an automated process for security assessments to reduce participant burden and speed up cloud solution implementation. Agencies and the General Services Administration (GSA) have deadlines ranging from 180 days to two years to align with the new requirements, ensuring continuous monitoring and the use of Open Secure Control Assessment Language (OSCAL). In other news, the Department of Health and Human Services (HHS) announced a major reorganization of its technology policy functions. The chief technology, data, and AI officer roles will move from the Assistant Secretary for Administration to the Office of the National Coordinator for Health Information Technology (ONC), now also titled Assistant Secretary for Technology Policy (ASTP/ONC). The 405(d) Program will transfer to the Administration for Strategic Preparedness and Response. HHS Secretary Xavier Becerra stated the reorganization aims to clarify and consolidate critical functions, preparing the department for future challenges. The new ASTP/ONC office will also seek to fill permanent roles for chief technology, AI, and data officers. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

Just days after it was revealed that the FBI used software from Israeli firm Cellebrite to break into the phone of the man who shot former President Donald Trump, the company announced a strategic acquisition to expand its U.S. government work. Cellebrite purchased Cyber Technology Services Inc. and is establishing Cellebrite Federal Solutions, aiming to boost U.S. operations and engage more federal departments. The company is close to announcing a federal agency sponsorship for a FedRAMP cloud accreditation, expected in 2025. Cellebrite already holds contracts with several federal agencies, including Immigration and Customs Enforcement, the Secret Service, and the Defense Department. In other news, the Department of Veterans Affairs (VA) is transitioning online users to Login.gov or ID.me sign-ins to access benefits and health care service accounts. This change will impact three million veterans and beneficiaries, who will no longer use usernames or passwords for My HealtheVet after January 2025. The VA aims to enhance security and provide a more user-friendly experience. Kurt DelBene, the VA's assistant secretary for IT and chief information officer, emphasized that the transition is about empowering veterans with a modernized online experience. This move aligns with the Biden administration's efforts to safeguard veteran data and improve federal customer service.