Podcasts about fedramp

Back in 2011, FedRAMP was put together because each federal agency had to conduct its own time-consuming security audit. The idea was to standardize security to reduce costs and accelerate cloud adoption.   About ten years later, state leaders saw the same problem. Over the years, they worked out a security guidance package that was released this year. GovRAMP was launched to address many of the same challenges faced by the federal government: to establish a standard that enables transparency, standardization, and community. GovRamp's framework is based on NIST 800-53 rev5.   Tony O'Neil from Massachusetts observed that before GovRAMP, each state had a patchwork of security guidelines. With so much variation across states, a simplified environment could reduce costs and enable leaders to adopt a mindset of investing in people.   Today, we sat down with data security experts who detailed the implementation of compliance to improve data security and compliance. The conversation also covered the importance of continuous monitoring, the role of CSPs in maintaining security, and the necessity of proper resource allocation for cybersecurity professionals.        

Bob Friday, Chief AI Officer for HPE Networking, discusses how federal agencies are rethinking network modernization in the face of rising complexity, new security demands, and the accelerating influence of AI. Friday shares what he's hearing from federal IT leaders about their most urgent challenges—cloud migration hurdles, stringent security requirements like FedRAMP and FIPS, and the staffing constraints shaping today's modernization efforts. He also breaks down the technology trends driving HPE's approach, including the shift to real-time AI-ops, the organizational changes required to fully leverage agentic AI, and how HPE's acquisition of Juniper Networks strengthens the push toward a “self-driving network.”

In this episode of UC Today, host Kieran Devlin sits down with Amit Barave, Vice President of Product Management at Webex by Cisco, to explore how the collaboration giant is securing digital communication in an era of AI-powered threats, distributed teams, and rising compliance demands. From zero trust principles to vertical-specific safeguards, this discussion offers a deep dive into how Webex is redefining trust and usability for enterprises worldwide.How do you secure every click, call, and conversation—without killing collaboration? In this thought-provoking interview, Webex's Amit Barave shares how his team is building security directly into the DNA of the Webex Suite—while ensuring the user experience remains intuitive and frictionless.

Operating as a small business in government contracting is expensive and competitive. Everyone tells you to "stand out" and "differentiate," but when you're already stretched thin on resources, how do you decide where to invest?In this co-host episode, Tasha and Yas tackle the real costs and challenges of strategic differentiation. They explore how selling hardware and software products can create new revenue streams (and what compliance hurdles you'll face), examine certifications like CMMC and CMMI that can unlock contract opportunities (and whether the six-figure price tags are worth it), and discuss creative diversification strategies that don't require massive capital investments.From GSA Schedules and FedRAMP certification to strategic partnerships and niche specialization, this episode delivers an honest conversation about what it takes to compete effectively in today's GovCon market. Whether you're considering your first product line, evaluating whether a certification makes sense for your business stage, or exploring SLED and commercial opportunities, Tasha and Yas provide a practical decision framework to help you invest strategically.Key topics covered include product sales and the compliance differences between hardware and software, how to prioritize certifications like CMMC, CMMI, ISO, and FedRAMP, and alternative differentiation strategies such as geographic expansion, partnerships, IP development, and niche specialization. They also break down real cost and timeline expectations for each option, along with a clear decision-making framework that highlights green lights and red flags for smart investments. The episode even includes accessible strategies designed specifically for businesses under $5M in revenue.Whether you're new to the GovCon space or a seasoned professional looking to grow with intention, this episode provides the honest insights you need to make smarter decisions about differentiation and investment.Call(s) to Action:Interested in learning more about or leveraging Collective's services? Click here to schedule a call and learn more about how Collective can help power your business.Help spread the word about Unveiled: GovCon Stories.Do you want to be a guest or recommend a topic that you would like to learn or hear about on the podcast? Let us know through our guest feedback and registration form.Sponsors:The views and opinions expressed in this podcast are solely those of the hosts and guests, and do not reflect the views or endorsements of our sponsors.Withum – Diamond Sponsor!Withum is a forward-thinking, technology-driven advisory and accounting firm, helping clients to be in a position of strength in today's complex business environment. Go to Withum's website to learn more about how they can help your business! Hosted on Acast. See acast.com/privacy for more information.

Perplexity AI, an AI-powered search engine, is ramping up its push for government use, inking a new deal with the General Services Administration to offer its product for just 25 cents per agency. GSA announced the deal with Perplexity on Wednesday, emphasizing that the product will be offered directly through the agency's Multiple Award Schedule rather than through a government reseller, a first-of-its-kind agreement. The move aligns with GSA's OneGov initiative, which aims to work directly with technology vendors to cut prices and streamline contracting. Under the deal, Perplexity's Enterprise Pro for Government will be available on GSA's MAS for a quarter to agencies over an 18-month term. In doing so, Perplexity also received prioritized authorization under FedRAMP, the government's primary security review program that approves cloud-based technologies for federal use. Perplexity is only the second company to do so, joining OpenAI, which received prioritized authorization in September. According to GSA, Perplexity's Enterprise platform was also streamlined through the FedRAMP 20x pilot, which is focused on simplifying the cloud services approval process and reducing the timeline from months to weeks. Perplexity's platform uses large language models from other companies, such as Anthropic's Claude or OpenAI's ChatGPT, to conduct real-time internet searches and generate summaries for users. GSA noted Perplexity's platform has optional connections to common agency systems like Microsoft's OneDrive, Outlook or SharePoint. The Department of Health and Human Services is exploring how artificial intelligence can support caregivers with the launch of a new $2 million prize competition for AI caregiver tools. HHS Secretary Robert F. Kennedy Jr. announced the “Caregiver Artificial Intelligence Prize Competition” at an event Tuesday for National Family Caregivers Month, stating the agency is calling on engineers, scientists and entrepreneurs to use AI to “make caregiving smarter, simpler and more humane.” Kennedy said: “Many caregivers work around the clock, 24 hours a day, seven days a week, taking care of their loved ones with lifelong disabilities, dementia or chronic illness. Too many lose their income, their job, their aspirations and ambitions for themselves and even their own health in the process.” The HHS's Administration for Community Living (ACL) emphasized that the direct care workforce is facing increased shortages, leaving family caregivers to fill the void. According to an AARP report published in July, nearly 1 in 4 adults provided ongoing care for an adult or child with a complex medical condition or disability. These caregivers spend, on average, about $7,200 a year in out-of-pocket caregiving expenses, the report found. The competition will seek tools that benefit the professional care workforce or personal caregivers. Developers could be awarded up to $2 million for the products. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

In this episode, host Tom Suder, Founder of the Advanced Technology Academic Research Center, sits down with Allen Hill, retired Chief Information Officer at the Federal Communications Commission, for a reflective conversation on four decades of service in federal IT. They explore the FCC's cloud transformation, the shift to secure FedRAMP environments, and the importance of building technical teams that can both architect and execute modernization at scale. Beyond technology, Hill offers perspective on leadership, mentorship, and sustaining a mission driven career in public service. Whether you work in federal IT, lead modernization initiatives, or follow the evolution of government technology, this episode provides valuable insight from one of the community's most respected CIOs.

Send us a textThis week's customer experience and marketing technology updates highlight a clear shift toward deeper intelligence, tighter collaboration, and more secure enterprise-grade platforms. CallMiner strengthened its conversational analytics footprint with the acquisition of VOCALLS, while Contentstack expanded its composable ecosystem by launching the new Data and Insights solution. Mosaicx introduced the next generation of its Engage platform, and Salesforce continued its march toward unified workflows by embedding Slack directly into CRM collaboration. In the government and regulated markets, Talkdesk achieved FedRAMP authorization for its CX Cloud Government Edition, signaling a major milestone for secure cloud CX. Meanwhile, Treasure Data rolled out five new AI suites aimed at enhancing customer experiences, Uniphore unveiled a new suite of AI marketing agents, and Zeta Global provided fresh details on its new Zeta Answers offering—collectively reflecting increased innovation and maturity across the CX and martech landscape.In today's episode, we invited a panel of industry analysts for a live discussion on LinkedIn to analyze current enterprise software stories. We covered many grounds including the direction and roadmaps of each enterprise software vendors. Finally, we analyzed future trends and how they might shape the enterprise software industry.Video: https://www.youtube.com/watch?v=85vq3s9786EQuestions for Panelists?

I have a surprise for you --- the last GRC Academy podcast!In this last episode, Michael Greenman from Deltek shares the journey to FedRAMP Moderate Equivalency for Deltek Costpoint GovCon Cloud Moderate (GCC-M).And let me tell you, it's quite a story: changes in the control baseline, new policy from the DoW, and lessons learned.Here are some of the biggest takeaways:The real-world implications of DoW's equivalency definitionHow the absence of continuous monitoring shapes the trust modelHow Deltek developed a customer responsibility matrix that reduces friction for their customersShould the DoW blow up FedRAMP moderate equivalency?We also discussed improvements that can be made by the DoW, the Cyber AB, and more!We recorded this months ago, but this conversation is still very relevant.On another note, it is kind of surreal to think this is the last episode of the GRC Academy podcast. I hope you've enjoyed listening!!What were your biggest takeaways? Let me know in the comments.Follow Michael on LinkedIn: https://www.linkedin.com/in/michael-greenman-94952a3/Deltek Costpoint GCC-M: https://www.deltek.com/en/government-contracting/costpoint/cloud-----------Online GRC Training: https://tekfused.com/marketplace/?utm_source=podcast&utm_medium=s2-12&utm_campaign=marketplace#cmmc

In this episode of the Global Risk Community podcast, we explore the critical topic of CMMC 2.0 and FedRAMP Compliance and why early action saves contracts. Our host, Boris Agranovich, speaks with Shrav Mehta, founder and CEO of Secureframe, a leader in simplifying compliance processes for businesses. Shrav shares his expert insights on navigating the complex compliance landscape for federal contractors, focusing on CMMC 2.0 requirements and the transformative impact of the new FedRAMP 20x framework. Learn how early action on compliance can save your contracts, streamline workflows, and ensure your organization stays competitive in the defense and federal sectors. We discussed the challenges and costs contractors face with CMMC Level 1 and Level 2 certifications, the differences between FedRAMP and CMMC, and how automation and tools like Secureframe can make compliance more accessible and effective. Shrav also shared his perspective on why prioritizing compliance now is crucial for success in the defense industry.  

Send us a textThe enterprise tech landscape saw a wave of AI-driven advancements this week, with major vendors pushing deeper into intelligent automation and unified customer experiences. Sage introduced its AI-powered Copilot to Sage X3, while Storyblok rolled out two new integrations to strengthen content operations. Workday expanded its ecosystem with a new AI Agent Partner Network and Gateway, and AdDaptive Intelligence broadened its AI-powered advertising platform. In the CX space, CallMiner acquired VOCALLS and Mosaicx launched the next generation of its Engage platform. Contentstack unveiled a new Data and Insights solution, Salesforce embedded Slack for tighter CRM collaboration, and Talkdesk secured FedRAMP authorization for its CX Cloud Government Edition. Rounding out the announcements, Treasure Data released five new AI suites focused on customer experience, Uniphore introduced a suite of AI marketing agents, and Zeta Global shared details on its new Zeta Answers offering—collectively signaling an accelerating shift toward more intelligent, integrated, and automated digital ecosystems.In today's episode, we invited a panel of industry analysts for a live discussion on LinkedIn to analyze current enterprise software stories. We covered many grounds including the direction and roadmaps of each enterprise software vendors. Finally, we analyzed future trends and how they might shape the enterprise software industry.Video: https://www.youtube.com/watch?v=iplWl80n90YZhdGlxBackground Soundtrack: Away From You – Mauro SommQuestions for Panelists?

Unlock the Atlassian and Clovity podcast to hear digital transformation experts discuss how the Atlassian Government Cloud helps agencies unify cloud modernization, AI automation and compliance governance in a FedRAMP Moderate environment.

Government agencies often rely on outdated legacy systems that hinder cross-departmental collaboration due to fragmented data and operational inefficiencies. Watch the podcast to hear Atlassian and Clovity experts discuss how Government agencies streamline IT modernization with FedRAMP-authorized cloud solutions, powered by Jira, Jira Service Management and Confluence.

Today, we take a nuanced look at automating cyber risk management.   Let's start with ingress of data.  Kemp Jennings-Roach from the DoD understands the concept of having a complete inventory of an agency's data. Still, his experience shows that data coming in from multiple missions, potentially with various classifications, can be challenging.   Combine that with varying kinds of reporting requirements, and you get a process that can overwhelm even the most experienced individuals. His recommendation is to consider a platform approach that can help normalize data, allowing it to be used in a meaningful way.   Matt Goodrich from Diligent expands on some of the benefits of automation. For example, you may have a shortage of talent that can be compensated for with an automated platform. Automation reduces human error and can speed up the time to report.   Goodrich makes a great point about summarizing information. The goal of reviewing logs for anomalies is not to create a report, but to increase speed to action.      Rather than arbitrarily selecting an automated system, Goodrich suggests looking for tools that can integrate with existing systems and align with compliance frameworks, such as FedRAMP and NIST CSF.    

Keywordscybersecurity, technology, AI, IoT, Intel, startups, security culture, talent development, career advice  SummaryIn this episode of No Password Required, host Jack Clabby and Kayleigh Melton engage with Steve Orrin, the federal CTO at Intel, discussing the evolving landscape of cybersecurity, the importance of diverse teams, and the intersection of technology and security. Steve shares insights from his extensive career, including his experiences in the startup scene, the significance of AI and IoT, and the critical blind spots in cybersecurity practices. The conversation also touches on nurturing talent in technology and offers valuable advice for young professionals entering the field.  TakeawaysIoT is now referred to as the Edge in technology.Diverse teams bring unique perspectives and solutions.Experience in cybersecurity is crucial for effective team building.The startup scene in the 90s was vibrant and innovative.Understanding both biology and technology can lead to unique career paths.AI and IoT are integral to modern cybersecurity solutions.Organizations often overlook the importance of security in early project stages.Nurturing talent involves giving them interesting projects and autonomy.Young professionals should understand the hacker mentality to succeed in cybersecurity.Customer feedback is essential for developing effective security solutions.  TitlesThe Edge of Cybersecurity: Insights from Steve OrrinNavigating the Intersection of Technology and Security  Sound bites"IoT is officially called the Edge.""We're making mainframe sexy again.""Surround yourself with people smarter than you."  Chapters00:00 Introduction to Cybersecurity and the Edge01:48 Steve Orrin's Role at Intel04:51 The Evolution of Security Technology09:07 The Startup Scene in the 90s13:00 The Intersection of Biology and Technology15:52 The Importance of AI and IoT20:30 Blind Spots in Cybersecurity25:38 Nurturing Talent in Technology28:57 Advice for Young Cybersecurity Professionals32:10 Lifestyle Polygraph: Fun Questions with Steve

First Resonance provides factory orchestration and coordination software for scaling hardware companies. Founded by SpaceX veterans in 2019, the company focused on filling the gap between legacy manufacturing systems and the needs of emerging hard tech startups. In a recent episode of Category Visionaries, we sat down with Karan Talati, CEO & Co-Founder of First Resonance, to learn about the company's journey building Ion—their manufacturing operations platform—and how they're enabling companies scaling from R&D prototypes to production manufacturing across aerospace, defense, nuclear energy, and advanced manufacturing. Topics Discussed: Karan's time at SpaceX during hypergrowth (employee 2,000 to 6,000+) and the transition from single rocket design to production operations Why First Resonance walked away from pursuing legacy aerospace and defense giants The failed PLG experiment and pivot to enterprise sales with product analytics for expansion How the "new space" pattern is repeating in nuclear energy and other hard tech verticals Market expansion from aerospace into nuclear energy over the past three to four years Advanced manufacturing technology convergence enabling electric aviation (battery density, composite manufacturing, 3D printing) AI's role in breaking down knowledge silos between mechanical, electrical, and software engineering Defense contractor security requirements: CMMC, FedRamp, and NIST 800-171 Brand strategy targeting the new manufacturing workforce versus the retiring old guard GTM Lessons For B2B Founders: Kill upmarket plans when your core segment outpaces them: First Resonance planned to move from scale-ups to traditional defense and aviation giants. They didn't execute. Karan found that staying with scaling startups delivered faster growth and higher ROI than "long sales cycles" with customers "averse to modern technology." The lesson isn't about patience with enterprise—it's about recognizing when your initial segment is expanding faster than you can capture it. If your TAM is growing 40%+ annually from customer expansion alone, moving upmarket is a distraction. Test PLG fast, kill it faster in multi-stakeholder environments: First Resonance ran a PLG experiment and "quickly learned it does not" work in manufacturing. The buying process involves "centralized, coordinated, orchestrated, many decision makers, many influencers." But they kept the instrumentation. They use "product utilization and usage and engagement" data to "package subsequent value" for renewals and expansion. The tactical move: instrument your product like PLG, sell like enterprise, and use analytics to drive net dollar retention during annual renewals. Treat cloud service provider status as a wedge, not overhead: As a cloud service provider to defense contractors, First Resonance maintains compliance with CMMC, FedRamp, and NIST 800-171. Rather than viewing this as cost center, Karan noted "regulations are getting easier, not harder" and that this is "a benefit to innovators." For B2B founders selling to regulated industries: invest in compliance infrastructure early, monitor regulatory roadmaps (like FedRamp 20x), and position compliance as competitive moat when competitors can't move as quickly. Pattern match your wedge vertical to adjacent disruption: First Resonance saw their aerospace playbook repeat in nuclear energy "literally in the last three, four years." The pattern: legacy incumbents "too big to fail" but "so large and inertial, so hard to move, that startups are going to have to come in and close that gap." When one vertical shows this pattern, adjacent industries with similar incumbent dynamics are expansion candidates. The key signal: former SpaceX/Tesla talent founding companies in that vertical. Design brand for the incoming generation, not the incumbent buyer: With the old guard "rapidly retiring" and manufacturing becoming "cool," First Resonance built a brand with "bold colors and straight lines" that "combines cybernetic systems with inspiration from the Matrix." Karan explicitly rejected softer design trends: "throw all that out." For technical products in industries with demographic shifts, design for the 30-year-old engineer who will champion your tool, not the 55-year-old executive who signs the contract. Deepen rather than proliferate when customers expand physically: First Resonance doesn't worry about logo count because their customers are "scaling in terms of factory square footage and the number of teams." Their expansion motion: "observe product analytics and customer signals and package subsequent value" for upselling during renewals. The tactic works because aerospace and energy have "a tailwind of decades." For infrastructure software with usage tied to physical operations: if customers are adding factories or production lines, you don't need new logos—you need seat expansion and module attach. // Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co // Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM    

CX Today's Charlie Mitchell reveals the big news that Content Guru has become the "first full-stack" CCaaS vendor to secure FedRAMP High Authorization.The High accreditation level is built for agencies handling highly sensitive data - like law enforcement, healthcare, emergency services, and finance - where strict security is critical. FedRAMP's High baseline safeguards the government's most sensitive unclassified data in the cloud, protecting lives, operations, and financial security.As such, this is a big step for Content Guru, which secures a big differentiator as it bids to bring cautious enterprises to the cloud, in the public sector, and beyond.Andrew Casson, VP of Public Sector at Content Guru, stresses this in his interview with CX Today's Head of Publication. He also discusses:- The ins and outs of the FedRAMP certification.- The differentiative features Content Guru offers in the public sector.- Examples of Content Guru supporting cautious customers through their CCaaS migrations.For more on Content Guru's expansive CCaaS portfolio, visit: https://www.contentguru.com/

In this episode of UC Today, host Kieran Devlin sits down with Amit Barave, Vice President of Product Management at Webex by Cisco, to explore how the collaboration giant is securing digital communication in an era of AI-powered threats, distributed teams, and rising compliance demands. From zero trust principles to vertical-specific safeguards, this discussion offers a deep dive into how Webex is redefining trust and usability for enterprises worldwide.How do you secure every click, call, and conversation—without killing collaboration? In this thought-provoking interview, Webex's Amit Barave shares how his team is building security directly into the DNA of the Webex Suite—while ensuring the user experience remains intuitive and frictionless.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com MongoDB has spent years earning a formidable reputation in the developer world; today, we will unpack some of its capabilities for project managers and federal leaders so they can understand where MongoDB may fit in their stack. Conventional wisdom is that MongoDB is a flexible open-source database. Although that is true, this does not do justice to some characteristics that will appeal to the federal audience. ONE: An agency may have restrictions on where the cloud is not suitable for storage. Because of its ability to use flexible, JSON-like documents, MongoDB has listened to those needs and can have storage in many varying regions.   In fact, we have seen a movement to move cloud applications back on premises. MongoDB provides flexibility for working in both hybrid and on-premises environments. TWO:  Most readers have studied encryption and think of it primarily as data at rest. Cloud storage transitions have forced a method where data is encrypted during transit. MongoDB can take encrypted data and search while it remains encrypted. Some will describe encryption at rest, in transit, and now, data in use.  THREE   MongoDB has listened to the federal community and is offering something called MongoDB Atlas for Government. It is a secure, fully managed cloud database service for U.S. Government agencies to modernize applications and oversee sensitive data. During the interview, Ben Cephalo revealed the effort MongoDB is making to serve federal agencies that require FedRAMP high capabilities.  

In this episode, I sit down with Mitchel Herckis, Global Head of Government Affairs at cloud security leader Wiz. We will be discussing all things public sector and cybersecurity, including the evolution of the FedRAMP program, modernizing vulnerability management, and the future of Continuous ATO (cATO).We covered a lot of ground, including:Mitch's background, both at Wiz and inside Government at roles such as OMBHow Wiz is working with Federal agencies and Defense Industrial Base (DIB) partners on Cloud Security, including the long-needed overhaul of FedRAMP with FedRAMP 20x's efforts.The move towards real Continuous Monitoring (ConMon) with real-time visibility of cloud environments, as well as the need for machine-readable artifacts, automations, and streamlined security control assessments.The modernization of vulnerability management, including factors such as attack paths, reachability, exploitability, known exploitation, and the importance of focusing on real risks versus noise.Moving away from paper-based compliance exercises and bridging the gap between security and compliance.Wiz's role as a CVE Numbering Authority (CNA) and the broader CVE program, including its importance for both the Government and industry when it comes to vulnerability management.To evolving usage of SBOMs and broader supply chain security.Disjointed efforts around the Government at both the Federal at State levels when it comes to Continuous ATO (cATO) and how we can move towards a more cohesive approach to modern system assessment and authorization.The importance of Government Affairs and bridging the divide between industry and Government, including bringing in tech leaders into Government, influencing policy, and improving outcomes for citizens and warfighters alike.The dual-edged sword that is AI adoption in the public sector.

Watch the podcast to hear experts from Broadcom, Google Cloud and stackArmor discuss how agencies accelerate software delivery, improve customer experience and maintain compliance while meeting deadlines and staying within budget. Gain insights into how the Federal Government navigates FedRAMP's evolving framework, leverages AI tools for portfolio management and breaks down information silos with a unified platform.

Peter O'Donohue, CTO at Tyto Athene, and Gaurav “GP” Pal, Principal at Stack Armor join the show to unpack the future of federal compliance, security, and cloud modernization. From automating risk management frameworks to balancing mission urgency with cybersecurity, the discussion dives into how government and industry can partner to drive efficiency, accountability, and continuous monitoring. Finally we explore insights on the evolution of FedRAMP, secure-by-design practices, and the role of AI and quantum in shaping the next five years of compliance.

In this episode of Resilient Cyber, I sit down with Founder & CEO of Paramify, Kenny Scott, to unpack the evolution of the FedRAMP program, FedRAMP 20x, and discuss what the public sector cloud compliance looks like moving into the future.Kenny and I dove into a lot of topics, including:What FedRAMP is and why it mattersWhat FedRAMP 20x is and what longstanding challenges associated with FedRAMP and public sector cloud and compliance it is addressingThe various aspects of FedRAMP 20x, including its phased rolloutChanges via FedRAMP 20x when it comes to Key Security Indicators (KSI), and how they differ from “controls”FedRAMP's modern vulnerability management approach and how it changes from the way vulnerability was historically handled under FedRAMPThe importance of automated assessments, machine-readable artifacts, real Continuous Monitoring (ConMon), and more for practical GRC EngineeringThe role of GRC platforms when it comes to modernizing GRCWhat are the implications of FedRAMP 20x for other public sector compliance programs, such as DoD's SWFT, SRG, and RMFSubscribe now

Senate Commerce Committee Chairman Ted Cruz said he would introduce legislation to establish AI sandboxes to allow companies “room to breathe” without running up against regulations. Cruz announced that proposal as well as a legislative framework for AI policy ahead of a Wednesday hearing before the Subcommittee on Science, Manufacturing, and Competitiveness on the administration's recent AI Action Plan. The concept of regulatory sandboxes were among the more than 90 policy recommendations outlined in that document. Cruz said during the hearing: “Under the Sandbox Act, an AI user developer can identify obstructive regulations and request a waiver or a modification, which the government may grant for two years via a written agreement that must include a participant's responsibility to mitigate health or consumer risks,” adding that “a regulatory sandbox is not a free pass. People creating or using AI still have to follow the same laws as everyone else.” Drew Myklegard is stepping down from his role as deputy federal CIO after nearly four years, FedScoop has learned. Two sources with knowledge of the matter said Myklegard told colleagues he's taking a role in the private sector and that his last day will be Sept. 22. A holdover from the Biden administration, Myklegard was appointed to the deputy federal CIO role in early 2022, after a more than eight-year stint in supporting IT operations at the Department of Veterans Affairs. During his time in the Office of the Federal CIO, he championed a number of key governmentwide technology modernization initiatives, including rolling out a new policy reforming federal cloud security authorizations under FedRAMP and guidance on how agencies acquire and inventory AI tools, among others. On Monday, Myklegard was recognized with a FedScoop 50 award in the Golden Gov: Federal Executive of the Year category. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker's new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you're a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: https://threatlocker.com/platform/defense-against-configuration?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=blackhat25q325&utmcontent=blackhat25&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerbh to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can't afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesbh to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-412

With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker's new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you're a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: https://threatlocker.com/platform/defense-against-configuration?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=blackhat25q325&utmcontent=blackhat25&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerbh to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can't afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesbh to learn more about them! Show Notes: https://securityweekly.com/bsw-412

With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker's new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you're a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: https://threatlocker.com/platform/defense-against-configuration?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=blackhat25q325&utmcontent=blackhat25&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerbh to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can't afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesbh to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-412

GSA and FedRAMP are fast-tracking cloud authorizations for AI tools, while Congress is pushing to prioritize skills over degrees in federal cyber jobs. Together, these moves signal a shift in how agencies adopt innovation and build talent. Here to share how federal contractors can prepare is Jim Carroll, CEO of the Professional Services Council.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker's new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you're a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: https://threatlocker.com/platform/defense-against-configuration?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=blackhat25q325&utmcontent=blackhat25&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerbh to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can't afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesbh to learn more about them! Show Notes: https://securityweekly.com/bsw-412

OpenAI has cleared another critical hurdle to selling its ChatGPT tool directly to the federal government. As of Tuesday, ChatGPT is listed as “in process” on the FedRAMP Marketplace, an online repository that tracks where companies stand in the FedRAMP security review process. While federal agencies can issue their own approvals to use technology platforms, FedRAMP is the government's primary security review program and is designed to clear widespread cloud-based technologies for use across federal agencies. OpenAI received prioritized authorization through 20x, a person familiar with the matter told FedScoop. It's the first company to receive this prioritization, which, in effect, eliminates the need for companies to find federal agencies to sponsor them for review. At one point, OpenAI had engaged USAID, its first enterprise customer, about helping them with the process, FedScoop previously reported, but the agency was mostly shuttered in the early days of the second Trump administration. The General Services Administration created the prioritized review for AI cloud services just last month. Microsoft will offer a host of its cloud services at a discounted price to the federal government, the General Services Administration announced Tuesday, including its artificial intelligence assistant Copilot at no cost to some agencies. The OneGov deal makes Microsoft the latest technology firm to leverage steep discounts on its cloud products to expand adoption within the federal government. It comes on the heels of GSA's deals with industry competitors like OpenAI, Anthropic and Google, which are separately offering their AI models to the government for a dollar or less. Under the new agreement, Microsoft will offer its subscription service, Microsoft 365, Azure Cloud Services, and Dynamics 365 — the company's suite of business management apps — for a “discounted price” for up to 36 months. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. Join Tom Fox, the Voice of Compliance as he visits with top innovative minds, thinkers and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom Fox visits with Lori Crooks, a seasoned professional in the field of cybersecurity and audit assessments, to discuss the evolution of auditing practices from physical infrastructure to cloud and AI.   Lori shares insights from her extensive career, highlighting key federal compliance frameworks like NIST 800-53, FedRAMP, and NIST 800-171. Lori stresses the importance of proactive compliance strategies and scalable GRC programs. As AI integration accelerates, she also touches on the challenges of adjusting compliance frameworks to keep pace with technological advancements, and the necessity of fostering collaboration within organizations to meet regulatory requirements effectively.  Key Highlights  Federal Auditing Frameworks Proactive Compliance Strategies Scalable GRC Programs AI and Compliance Landscape Future of Auditing in the Age of AI  Resources Lori Crooks on Linkedin Cadra  Tom Fox Instagram Facebook YouTube Twitter LinkedIn Check out my latest book Upping Your Game-How Compliance and Risk Management Move to 2023 and Beyond, available from Amazon.com.  Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

FedRAMP 20x is redefining how federal cloud services get authorized —making them faster, smarter and more secure. Earlier this year GSA released the 20x pilot in an effort to increase the efficiency of authorizations and enhance security. Pete Waterman, FedRAMP director at the General Services Administration, unpacks how the program is streamlining approvals, enhancing continuous monitoring and leveraging automation to detect and resolve security risks in real time. Waterman explains how FedRAMP 20x is helping agencies and providers build services that make sense from the start, leading to stronger security and better mission outcomes.

Event Recap: Kieran Human at Black Hat USA 2025 — ThreatLocker Unveils Configuration Defense, Achieves FedRAMP Status & MoreThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.Zero trust security continues evolving beyond theoretical frameworks into practical business solutions, as demonstrated by ThreatLocker's latest announcements at Black Hat USA 2025. The company introduced Defense Against Configuration (DAC), a monitoring tool addressing a critical gap in zero trust implementations.Kieran Human, Special Projects Engineer at ThreatLocker, explained the challenge driving DAC's development. Organizations implementing zero trust often struggle with configuration management, potentially leaving systems vulnerable despite security investments. DAC monitors configurations continuously, alerting administrators to potential security issues and mapping findings to compliance frameworks including Essential 8.The tool addresses human factors in security implementation. Technical staff sometimes create overly permissive rules to minimize user complaints, compromising security posture. DAC provides weekly reports to executives, ensuring oversight of configuration decisions and maintaining security standards across the organization.ThreatLocker's approach distinguishes itself through "denied by default, allowed by exception" methodology, contrasting with traditional endpoint detection and response solutions that permit by default and block threats reactively. This fundamental difference requires careful implementation to avoid business disruption.The company's learning mode capabilities address deployment concerns. With over 10,000 built-in application profiles, ThreatLocker automates policy creation while learning organizational workflows. This reduces manual configuration requirements that previously made zero trust implementations tedious and time-intensive.FedRAMP certification represents another significant milestone, opening government sector opportunities. Federal compliance requirements previously excluded ThreatLocker from certain contracts, despite strong customer demand for their zero trust capabilities. This certification enables expansion into highly regulated environments requiring stringent security controls.Customer testimonials continue validating the approach. One user reported preventing three breaches after implementing ThreatLocker's zero trust solution, demonstrating measurable security improvements. Such feedback reinforces the practical value of properly implemented zero trust architecture.The balance between security and business functionality remains crucial. Organizations need security solutions that protect assets without hampering productivity. ThreatLocker's principle of least privilege implementation focuses on enabling business requirements with minimal necessary permissions rather than creating restrictive environments that impede operations.Human described working closely with CEO Danny Jenkins, emphasizing the collaborative environment that drives product innovation. His engineering perspective provides valuable insights into customer needs while maintaining focus on practical security solutions that work in real-world environments.As zero trust adoption accelerates across industries, tools like DAC become essential for maintaining security posture while meeting business demands. The combination of automated learning, configuration monitoring, and compliance mapping addresses practical implementation challenges facing security teams today.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Kieran Human, Special Project Engineer at ThreatLocker | On LinkedIn | https://www.linkedin.com/in/kieran-human-5495ab170/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The General Services Administration rolled out a new governmentwide tool Thursday that gives federal agencies the ability to test major artificial intelligence models, a continuation of Trump administration efforts to ramp up government use of automation. The AI evaluation suite, titled USAi.gov, launched Thursday morning and allow federal agencies to test various AI models, including those from Anthropic, OpenAI, Google and Meta to start, two senior GSA officials told FedScoop. The launch of USAi underscores the Trump administration's increasing appetite for AI integration into federal government workspaces. The GSA has described these tools as a way to help federal workers with time-consuming tasks, like document summaries, and give government officials access to some of the country's leading AI firms. The GSA, according to one of the officials, will act as a “curator of sorts” for determining which models will be available for testing on USAi. The official noted that additional models are being considered for the platform, with input from GSA's industry and federal partners, and that American-made models are the primary focus. Grok, the chatbot made by Elon Musk's xAI firm, is notably not included on the platform for its launch Thursday. Anthropic and OpenAI, two of the country's leading AI companies, recently announced that they're offering their powerful models to federal agencies for $1 for the next year. But the new deals, which are both available through a General Services Administration OneGov contract vehicle, don't on their own clear the way for widespread government adoption of artificial intelligence. Instead, the new financial incentive seems to be daring government officials to move quickly and approve the technology as soon as possible. Currently, no major AI provider is authorized under FedRAMP, a critical security program that allows agencies to use a company's cloud services — including software or models offered on a cloud service — across government. While several companies — including Anthropic, xAI and OpenAI — have released government-focused product suites, they're still somewhat dependent on cloud providers like Microsoft and Amazon that have already cleared the FedRAMP process. If AI companies want to sell much of their technology directly to the government, they need their own authorization-to-operate or ATO. What's changed, though, is that federal officials now have a new reason to move through security review processes more quickly, a former GSA employee and another person familiar with the matter both told FedScoop. That strategy could involve going through an authorization-to-operate process through an agency's authorizing official — typically, their chief information officer — as well as the security review process explicated by FedRAMP, both people said. GSA is now looking at strategies to speed up the process. An agency spokesperson confirmed that these companies still need to seek FedRAMP authorization if they want to offer their technology directly. But to make that happen faster, GSA is now consulting with the Chief Information Officers Council and the board that oversees FedRAMP about “prioritization for AI companies” that are added to GSA's multiple award schedule. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant criticism from state and local officials who feel abandoned due to diminishing federal support for critical cybersecurity programs. Many officials are concerned about their increasing reliance on self-driven initiatives, especially after cuts to the Multi-State Information Sharing and Analysis Center, which has been a crucial source of cybersecurity intelligence for over two decades. A recent survey revealed that a substantial portion of state and local governments lack adequate funding for cybersecurity, with 22% allocating no funds and 42% operating with annual budgets of less than $100,000. This situation raises alarms about the potential for increased vulnerability to cyberattacks, particularly from nation-state actors.In response to the evolving landscape of artificial intelligence, the National Institute of Standards and Technology (NIST) is developing new security guidance aimed at addressing the associated risks. This initiative will clarify how AI interacts with cybersecurity, focusing on securing AI systems, the adversarial use of AI, and leveraging AI to enhance cybersecurity measures. Additionally, a bipartisan bill known as the Validation and Evaluation for Trustworthy Artificial Intelligence Act has been reintroduced in the Senate, aiming to establish guidelines for the responsible development and testing of AI systems. House appropriators are also proposing a significant funding increase for NIST, reflecting a commitment to bolster cybersecurity and innovation.The Federal Risk Management and Authorization Program (FedRAMP) has made strides in streamlining the approval process for government cloud services, achieving a significant reduction in wait times from over a year to approximately five weeks. This shift is part of a broader trend toward more efficient cloud authorization processes, with FedRAMP already approving more than twice as many services in fiscal year 2025 compared to the previous year. This development presents an opportunity for businesses to leverage FedRAMP-authorized stacks for government-related buyers and to build migration strategies accordingly.OpenAI has recently updated its ChatGPT platform, introducing new models and third-party tool connectors while facing scrutiny over the performance and security of its latest model, GPT-5. Despite the introduction of various user-focused options, security assessments have revealed significant vulnerabilities in GPT-5, prompting concerns about its safety and reliability. As companies like ConnectWise implement new credit card surcharges and adjust their workforce in response to market demands, the overarching theme emphasizes the need for operational discipline and strategic planning in navigating the evolving technology landscape. Four things to know today 00:00 Shrinking Cyber Budgets, Emerging AI Rules, and Streamlined FedRAMP Signal Shifts for IT Providers06:43 From Security to SaaS Management, Vendors Roll Out Agentic Features for IT Service Providers10:25 OpenAI Expands GPT-5 Options, Adds Connectors, but Faces Early Security Backlash13:41 ConnectWise Adds Credit Card Surcharges, Trims Staff in Strategic Realignment  Supported by:  https://syncromsp.com/   Tell us about a newsletter!https://bit.ly/biztechnewsletter  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Federal agencies will now have access to Anthropic's Claude model for $1, the General Services Administration announced Tuesday, continuing the agency's push for artificial intelligence products across government. Under the OneGov deal, all three branches of government will be able to use Anthropic's Claude for Enterprise and Claude for Government for a nominal $1 fee. Approval for members of Congress and the judiciary is pending, the GSA noted. It is the latest in a series of deals between private AI firms and the federal government to increase the use of automation in agency workflows and boost workers' productivity and efficiency. Anthropic said in a release Tuesday: “We believe the U.S. public sector should have access to the most advanced AI capabilities to tackle complex challenges, from scientific research to constituent services. By combining broad accessibility with uncompromising security standards, we're helping ensure AI serves the public interest.” Anthropic's Claude for Government models have FedRAMP High certification and can be used by federal workers dealing with “sensitive unclassified work,” while Claude for Enterprise models have expanded features for data protection, Anthropic said. Anthropic said it will also offer technical support for agencies to implement its products into workflows. The Federal Risk Management and Authorization Program has already approved more than twice as many government cloud services in fiscal year 2025 as all of fiscal 2024, the General Services Administration announced Monday. FedRAMP reached 114 authorizations in July for fiscal 2025, along with four new cloud services through the FedRAMP 20x revamp program, according to a GSA statement. In fiscal 2024, FedRAMP authorized 49 cloud service providers, according to a GSA spokesperson. The reform program, unveiled in March, is focused on simplifying the authorization process and shaving the approval timeline from months to weeks. Eventually, agency sponsorship will no longer be needed to win authorization, a process that is often expensive and time-consuming. The new numbers come just over a year since the Office of Management and Budget published a memo calling for the modernization of the cloud authorization process. GSA said FedRAMP had a “significant backlog” at the time of the memo, with authorizations taking more than a year. A year later, FedRAMP's increased use of automation and streamlined workflows cut the wait time to about five weeks, the GSA said.

At Black Hat USA 2025, Danny Jenkins, CEO of ThreatLocker, shares how his team is proving that effective cybersecurity doesn't have to be overly complex. The conversation centers on a straightforward yet powerful principle: security should be simple enough to implement quickly and consistently, while still addressing the evolving needs of diverse organizations.Jenkins emphasizes that the industry has moved beyond selling “magic” solutions that promise to find every threat. Instead, customers are demanding tangible results—tools that block threats by default, simplify approvals, and make exceptions easy to manage. ThreatLocker's platform is built on this premise, enabling over 54,000 organizations worldwide to maintain a secure environment without slowing business operations.A highlight from the event is ThreatLocker's Defense Against Configurations (DAC) module. This feature performs 170 daily checks on every endpoint, aligning them with compliance frameworks like NIST and FedRAMP. It not only detects misconfigurations but also explains why they matter and how to fix them. Jenkins admits the tool even revealed gaps in ThreatLocker's own environment—issues that were resolved in minutes—proving its practical value.The discussion also touches on the company's recent FedRAMP authorization process, a rigorous journey that validates both the product's and the company's security maturity. For federal agencies and contractors, this means faster compliance with CMMC and NIST requirements. For commercial clients, it's an assurance that they're working with a partner whose internal security practices meet some of the highest standards in the industry.As ThreatLocker expands its integrations and modules, Jenkins stresses that simplicity remains the guiding principle. This is achieved through constant engagement with customers—at trade shows, in the field, and within the company's own managed services operations. By actively using their own products at scale, the team identifies friction points and smooths them out before customers encounter them.In short, the message from the booth at Black Hat is clear: effective security comes from strong fundamentals, simplified management, and a relentless focus on the user experience.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Danny Jenkins, CEO of ThreatLocker | On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Ep. 264 How Automation Is Accelerating Digital Transformation Across Federal Agencies Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In this episode of the Federal Tech Podcast, host John Gilroy interviews Nabil Amiri, Vice President of Business Development for the federal practice at NWN. The discussion introduces NWN's expanding role in helping federal agencies adopt advanced technologies, particularly artificial intelligence (AI), as part of broader digital transformation efforts. Amiri explains NWN's recent acquisition of Leverage Information, a move that brought deep federal experience—especially with defense, intelligence, and civilian agencies—into NWN's already strong commercial portfolio. This merger allows NWN to deliver robust, secure IT solutions tailored to the complexities of federal requirements such as FedRAMP, STIGs, and Zero Trust. He emphasizes that innovation and compliance can—and must—coexist in the federal space. The conversation touches on the real-world challenges federal agencies face, like outdated systems, budget cuts, workforce reductions, and tool sprawl. Amiri critiques the proliferation of “single panes of glass” in IT environments, which often complicate rather than simplify operations. NWN's strength lies in delivering visibility across systems, reducing complexity, and enabling security and automation through integrated, scalable platforms. Key themes include Zero Trust architecture, infrastructure modernization, automation, and streamlining tech procurement. NWN's flexible acquisition pathways (e.g., via GSA and SEWP contracts) make it easier for agencies to respond quickly to crises like COVID or cyberattacks. On AI, Amiri emphasizes its role in real-time data analysis to improve visibility and prevent outages, critical for mission continuity. NWN remains vendor-neutral, working with a broad ecosystem of partners to deliver best-in-class, mission-focused outcomes. Looking ahead, Amiri confidently predicts that AI will become foundational to all federal IT strategies, driving operational resilience and transformation in the next five years. The interview sets the stage for deeper dives into emerging topics like agentic AI and cloud-native strategies in future discussions.

Ep. 263  How Microsoft Drives Cloud-Powered Transformation in Federal Agencies   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Microsoft has been a behemoth in the world of information technology since its founding in 1985. The only way to understand how Microsoft can impact the federal government is to take a topic like AI and conduct a thorough analysis. Today, we sat down with Wole Moses, the Chief AI Officer for Microsoft Federal. He shares his perspective on how Microsoft's innovation can help federal agencies achieve their ambitious goals. Essentially, we discuss AI's role in cyber threats, legacy infrastructure, and compliance. Moses explains that Microsoft's AI assistant, Copilot, is integrated into various products to enhance productivity. He emphasizes the importance of a strategic approach to AI, aligning projects with agency missions and goals. Moses discusses the potential of AI to modernize legacy systems and processes, improve cybersecurity, and support software developers. In AI, multimodal refers to a system that utilizes text, images, audio, and even video. He also highlights the need for multimodal AI to expand communication capabilities and the importance of compliance with frameworks like FedRAMP and NIST RMF.   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

The initial results are in for the pilot effort to improve the cloud security program known as FedRAMP, four vendors have crossed the finish line to receive low authorizations under FedRAMP, proving the faster process is working for more on how the General Services Administration plans to continue to improve FedRAMP, federal news networks executive editor Jason Miller joins me nowSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Anyone who pays attention to cloud computing in the federal community knows the term FedRAMP, but more than a decade after the program's establishment, it's becoming something new and hopefully a lot more streamlined. Part of that is the FedRAMP 20x Phase One pilot. The program management office is moving to a more elective or discretionary style of security verification rather than a prescriptive one. Pete Waterman is director of FedRAMP at the General Services Administration. He talked with Federal News Network's Jason Miller as part of our annual cloud exchange.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Employees at the General Services Administration appear poised to test Grok 3, the artificial intelligence tool built by Elon Musk's company xAI, according to a GitHub page referencing the agency's work. The GitHub page operated by GSA and its digital government group Technology Transformation Services references the Grok AI model as one it is testing and that the team is actively discussing as part of its 10x AI Sandbox. A GSA spokesperson told FedScoop in a response to an inquiry about the agency's work with Grok “GSA is evaluating the use of several top-tier AI solutions to empower agencies and our public servants to best achieve their goals. We welcome all American companies and models who abide by our terms and conditions.”A post from Tuesday shows what appears to be one GSA employee trying to access Grok 3 for testing, but struggling to do so. Several names of the people active on the GitHub page match those of workers affiliated with GSA. The 10x AI Sandbox project is described on GitHub as “a venture studio in collaboration with the General Services Administration (GSA). Its primary goal is to enable federal agencies to experiment with artificial intelligence (AI) in a secure, FedRAMP-compliant environment.” It continues: “By providing access to base models from leading AI companies and offering advanced UI features, the sandbox empowers agencies to test and validate new AI use cases efficiently.” The public version of the 10x AI Sandbox project page on GitHub was taken down after the publication of this story, redirecting now to a 404 error page. Interest in testing Grok comes as GSA continues to work on GSAi, an artificial intelligence tool built by the agency and meant to help employees access multiple AI models. At launch, the GSAi tool included access to several systems, including tools from Anthropic and Meta. Notably, Grok came under fire last week after promoting various antisemitic statements on the Musk-owned social media platform X. A top digital rights group is pushing back on the IRS's data-sharing agreement with the Department of Homeland Security, writing in a new court filing that the pact violates federal tax code and fails to take into account the real-world consequences of bulk data disclosure. In an amicus brief filed in the U.S. Court of Appeals for the D.C. Circuit, the Electronic Frontier Foundation argued that the “historical context” of the tax code section that ensures confidentiality of returns and return information “favors a narrow interpretation of disclosure provisions.” EFF also made the case for why the bulk disclosure of taxpayer information — in this case to Immigration and Customs Enforcement — is especially harmful due to “record linkage errors” that set the stage for “an increase in mistaken and dangerous ICE enforcement actions against taxpayers.” Nonprofit groups sued the Trump administration in March, shortly after the data-sharing deal between the IRS and ICE was announced. Soon after, the tax agency's then-acting commissioner resigned, reportedly in protest. In May, a Trump-appointed federal judge refused to block the agreement, allowing the IRS to continue delivering taxpayer data to ICE. The ruling, DHS said in a statement, was “a victory for the American people and for common sense.” As the D.C. Circuit Court considers the appeal, the Electronic Frontier Foundation wants to make sure that the “historical context” of tax and privacy law is taken into account. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Bob Burke, Chief Information Security Officer at Beyond Identity, challenges the effectiveness of traditional multi-factor authentication (MFA) in the evolving landscape of cybersecurity. He argues that legacy MFA solutions, which often rely on out-of-band authorization methods like push notifications or one-time passwords, are no longer sufficient against the rising tide of sophisticated cyber threats. With the advent of services like phishing-as-a-service, attackers can easily bypass these outdated security measures, necessitating a shift towards phishing-resistant authentication methods. Burke emphasizes the need for organizations to adopt solutions that not only enhance security but also consider device posture and trustworthiness.Burke also critiques the current state of FIDO2 and passkeys, acknowledging their potential while highlighting their limitations, particularly in terms of device posture and user experience. He suggests that small to mid-sized businesses (SMBs) should prioritize phishing-resistant solutions that integrate both browser protection and device authentication. Furthermore, he raises concerns about the pricing models of many Software as a Service (SaaS) providers, which often place essential security features behind higher-tier subscriptions, effectively discouraging customers from adopting more secure practices.The conversation shifts to the endpoint detection and response (EDR) market, where Burke notes that while EDR solutions are still necessary, they are evolving into more comprehensive offerings like extended detection and response (XDR). He points out that many of these solutions are priced for enterprise-level organizations, leaving SMBs and mid-market companies struggling to find affordable options. Burke encourages these organizations to seek out solutions that fit their budget while still providing essential security capabilities.Finally, Burke shares insights from his experience with the FedRAMP certification process, emphasizing the importance of building internal security competencies and integrating security into product design from the outset. He advocates for a clear internal compliance program, such as NIST, to guide organizations in their security efforts. As the cybersecurity landscape continues to evolve, Burke warns that the tempo and scope of attacks are increasing, driven by advancements in AI, and urges organizations to reassess their security architectures to stay ahead of emerging threats.  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

While highly sought after, federal software contracts frequently come with a hidden cost: Achieving government SaaS security compliance, known as FedRAMP, can take years and require substantial resources. Achieving this certification typically takes up to three years and costs more than $3 million, covering everything from security operations engineer salaries to security audits Learn more about your ad choices. Visit podcastchoices.com/adchoices

Welcome back to The SaaS CFO Podcast! In this episode, host Ben Murray sits down with Andrew Black, CEO of Kovr, and Sri Iyer, the company's founder and CTO. Kovr is shaking up the world of cybersecurity compliance, helping organizations dramatically speed up the process of achieving certifications like FedRAMP, HIPAA, and others—using the latest breakthroughs in generative AI. Andrew and Sri bring fascinating perspectives, drawing from deep experience in tech, government, and startups, including previous roles at Amazon Web Services, PwC, Lockheed, and Gartner. They talk about the pain points that tech companies and government agencies face when trying to deploy secure software in regulated environments, and how Kovr can cut compliance timelines from years to minutes. If you're curious about go-to-market strategies for AI-first startups, lessons learned from early fundraising, or how to build a SaaS business in a highly regulated market, this episode is packed with candid insights and actionable advice. Tune in to hear how Kovr is empowering innovators to get their products into the hands of customers faster, with less headache—and what's next for this fast-moving team. Show Notes: 00:00 "Compliance Challenges in Software Deployment" 03:43 Streamlining Compliance with AI 06:37 Target Customers: CISOs to DevOps Teams 11:11 Pursuing a $13B Market Opportunity 13:03 AI Traction and Trust Challenges 17:38 Navigating VC Relationships and Fit 20:17 Unlimited-Use Enterprise SaaS Licensing 23:48 Simplifying Gen AI Sales Model 28:26 Efficient AI: Smaller Models, Big Savings 30:25 "Focus on Sales Cycle Days" 33:44 "LinkedIn Profile: Kovr AI" Links: SaaS Fundraising Stories: https://www.thesaasnews.com/news/kovr-ai-raises-3-6-million-in-seed-round Andrew Black's LinkedIn: https://www.linkedin.com/in/andrew-black-5435b67/ Sri Iyer's LinkedIn: https://www.linkedin.com/in/sri-iyer/ Kovr AI's LinkedIn: https://www.linkedin.com/company/kovrai/ Kovr AI's Website: https://kovr.ai/ To learn more about Ben check out the links below: Subscribe to Ben's daily metrics newsletter: https://saasmetricsschool.beehiiv.com/subscribe Subscribe to Ben's SaaS newsletter: https://mailchi.mp/df1db6bf8bca/the-saas-cfo-sign-up-landing-page SaaS Metrics courses here: https://www.thesaasacademy.com/ Join Ben's SaaS community here: https://www.thesaasacademy.com/offers/ivNjwYDx/checkout Follow Ben on LinkedIn: https://www.linkedin.com/in/benrmurray

In today's episode of the Daily Windup, we dive into the world of government contracts and how startups can navigate this complex landscape. Our speakers discuss the importance of FedRAMP certification and how it can open doors for small businesses. They share valuable advice on building a track record and finding the right niche to deliver value to government agencies. Our guest, an experienced entrepreneur, shares the story of how they secured their first government contract and the valuable lessons they learned along the way. From dealing with pricing challenges to overcoming the initial hurdles of being a new player in the market, this episode provides invaluable insights for startups seeking to make their mark in the government space. So, tune in to learn from the experiences of seasoned entrepreneurs and discover the keys to success when it comes to breaking into government contracts. Brought to you by alchemy gov - When Connections Matter Most.

IT leaders in regulated industries know the pain of navigating outdated, slow procurement systems – especially when critical missions depend on modern tools. In this episode, Bryana Tucci, Lead of the AWS Marketplace for the US Intelligence Community, shares how government agencies are overcoming legacy procurement bottlenecks to access cutting-edge software, AI tools, and cloud services faster and more securely.Listeners will gain insight into:Why traditional government procurement can take up to two years – and how that's changing.How air-gapped environments complicate innovation and what's being done about it.How generative AI is reshaping national security workflows.What kinds of tech companies are best positioned to succeed in the public sector.This episode is a must-listen for IT leaders interested in procurement innovation, cloud adoption in secure environments, and where AI fits into the future of public sector IT. Enjoy!Key Moments00:00 Meet Bryana Tucci, AWS06:58 The Pain Point: Procurement Then vs. Now11:31 Unique Challenges in Public Sector Tech15:55 The Long Road to Selling in Government19:23 Vetting and Onboarding Sellers (how to meet federal standards)23:49 Government + AI: A Game-Changer30:34 Cost Efficiency, Saving Time, and the Future of Procurement41:46 What's Next for AWS Marketplace ---Produced by the team at Mission.org and brought to you by Brightspot.

Welcome to a new episode of The Daily Windup! Today, I had the pleasure of speaking with Yolanda Clark, CEO of Powder River Industries, a small business that has successfully navigated the world of defense contracts and specialized in DevSecOps and infrastructure as code services. Yolanda shared her journey of bringing stability to her business by establishing headquarters in Wyoming while her spouse serves in the military. In our conversation, Yolanda explained the intricacies of DevSecOps, clarifying that it involves coding within secure environments, ensuring software compliance with cyber requirements from day one. We also discussed the differences between FedRAMP and their services, with Yolanda highlighting how they provide support at a specific point within the lifecycle for their defense customers. Listen now to learn more!

Discover everything cloud service providers (CSPs) need to know about the FedRamp 20X pilot program and its transformative impact on Risk Management in 2025. In this episode of the Risk Management Show, Boris Agranovich, CEO of Global Risk Community, interviews Travis Howerton, Co-Founder and CEO at Regscale, a leading voice in Cyber Security and AI-driven solutions. Together, they explore how they streamlines authorization processes, enhances cloud security, and balances innovation with robust security standards. During the discussion, Travis shares insights on automating compliance through AI, addressing regulatory challenges, and creating opportunities for CSPs and federal agencies. Learn how innovations like compliance as code and automation are shaping the future of cloud security and sustainability. If you're a Chief Risk Officer or a professional in the cybersecurity space, this is a must-watch for actionable strategies and expert advice. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Guest Proposal."

Varun Mohan is the co-founder and CEO of Windsurf (formerly Codeium), an AI-powered development environment (IDE) that has been used by over 1 million developers in just four months and has quickly emerged as a leader in transforming how developers build software. Prior to finding success with Windsurf, the company pivoted twice—first from GPU virtualization infrastructure to an IDE plugin, and then to their own standalone IDE.In this conversation, you'll learn:1. Why Windsurf walked away from a profitable GPU infrastructure business and bet the company on helping engineers code2. The surprising UI discovery that tripled adoption rates overnight.3. The secret behind Windsurf's B2B enterprise plan, and why they invested early in an 80-person sales team despite conventional startup wisdom.4. How non-technical staff at Windsurf built their own custom tools instead of purchasing SaaS products, saving them over $500k in software costs5. Why Varun believes 90% of code will be AI-generated, but engineering jobs will actually increase6. How training on millions of incomplete code samples gives Windsurf an edge, and creates a moat long-term7. Why agency is the most undervalued and important skill in the AI era—Brought to you by:• Brex—The banking solution for startups• Productboard—Make products that matter• Coda—The all-in-one collaborative workspace—Where to find Varun Mohan:• X: https://x.com/_mohansolo• LinkedIn: https://www.linkedin.com/in/varunkmohan/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Varun's background(03:57) Building and scaling Windsurf(12:58) Windsurf: The new purpose-built IDE to harness magic(17:11) The future of engineering and AI(21:30) Skills worth investing in(23:07) Hiring philosophy and company culture(35:22) Sales strategy and market position(39:37) JetBrains vs. VS Code: extensibility and enterprise adoption(41:20) Live demo: building an Airbnb for dogs with Windsurf(42:46) Tips for using Windsurf effectively(46:38) AI's role in code modification and review(48:56) Empowering non-developers to build custom software(54:03) Training Windsurf(01:00:43) Windsurf's unique team structure and product strategy(01:06:40) The importance of continuous innovation(01:08:57) Final thoughts and advice for aspiring developers—Referenced:• Windsurf: https://windsurf.com/• VS Code: https://code.visualstudio.com/• JetBrains: https://www.jetbrains.com/• Eclipse: https://eclipseide.org/• Visual Studio: https://visualstudio.microsoft.com/• Vim: https://www.vim.org/• Emacs: https://www.gnu.org/software/emacs/• Lessons from a two-time unicorn builder, 50-time startup advisor, and 20-time company board member | Uri Levine (co-founder of Waze): https://www.lennysnewsletter.com/p/lessons-from-uri-levine• IntelliJ: https://www.jetbrains.com/idea/• Julia: https://julialang.org/• Parallel computing: https://en.wikipedia.org/wiki/Parallel_computing• Douglas Chen on LinkedIn: https://www.linkedin.com/in/douglaspchen/• Carlos Delatorre on LinkedIn: https://www.linkedin.com/in/cadelatorre/• MongoDB: https://www.mongodb.com/• Cursor: https://www.cursor.com/• GitHub Copilot: https://github.com/features/copilot• Llama: https://www.llama.com/• Mistral: https://mistral.ai/• Building Lovable: $10M ARR in 60 days with 15 people | Anton Osika (CEO and co-founder): https://www.lennysnewsletter.com/p/building-lovable-anton-osika• Inside Bolt: From near-death to ~$40m ARR in 5 months—one of the fastest-growing products in history | Eric Simons (founder & CEO of StackBlitz): https://www.lennysnewsletter.com/p/inside-bolt-eric-simons• Behind the product: Replit | Amjad Masad (co-founder and CEO): https://www.lennysnewsletter.com/p/behind-the-product-replit-amjad-masad• React: https://react.dev/• Sonnet: https://www.anthropic.com/claude/sonnet• OpenAI: https://openai.com/• FedRamp: https://www.fedramp.gov/• Dario Amodei on LinkedIn: https://www.linkedin.com/in/dario-amodei-3934934/• Amdahl's law: https://en.wikipedia.org/wiki/Amdahl%27s_law• How to win in the AI era: Ship a feature every week, embrace technical debt, ruthlessly cut scope, and create magic your competitors can't copy | Gaurav Misra (CEO and co-founder of Captions): https://www.lennysnewsletter.com/p/how-to-win-in-the-ai-era-gaurav-misra—Recommended book:• Fall in Love with the Problem, Not the Solution: A Handbook for Entrepreneurs: https://www.amazon.com/Fall-Love-Problem-Solution-Entrepreneurs/dp/1637741987—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe