United States law preventing export of military technologies
POPULARITY
What happens when you fabricate the wrong version of a board because someone skipped the process? It's a nightmare scenario—and it's more common than you think. But there's a solution: PLM integration. In this episode of The Printed Circuit Podcast, host Steph Chavez is joined by Scott Claes, Senior Technical Marketing Engineer at Siemens, to explore how Product Lifecycle Management (PLM) systems can revolutionize PCB design workflows. With nearly two decades of experience integrating ECAD data with PLM systems, Scott offers practical insights into how PLM enhances design control, collaboration, and efficiency across global teams. The discussion covers the real-world problems PCB designers face when managing data, from version confusion to design reuse challenges, and how a properly implemented PLM system solves them. Whether you're navigating compliance needs like ITAR and HIPAA, or trying to bridge the gap between ECAD and MCAD, this episode provides a clear roadmap for leveraging PLM in your design ecosystem. This conversation is essential for PCB designers, electrical engineers, CAD admins, and product teams looking to streamline their design process and avoid costly mistakes. What You'll Learn in this Episode: What does a PLM system do? (1:35) How does PLM integration enhance rather than restrict design freedom? (4:55) How PLM enables easy reuse of previously released designs. (6:35) Avoiding Costly Errors: How PLM prevents versioning mix-ups and fabrication mistakes (8:15) How PLM supports ECAD/MCAD integration and complex designs like flex and rigid-flex (11:55) Learning Curve & Workflow Impact: What PCB designers can expect when adapting to PLM (13:30) Behind the Scenes of Integration: How PLM connectors automate design data management and bill of materials comparisons (16:55) Library Management & Synchronization: What to push, what not to, and where EDM fits in (21:10) How PLM supports ITAR, HIPAA, and team-based permission management (24:40) Why learning PLM early can boost your career and prevent process bottlenecks (26:55) What's next for ECAD-to-PLM flows and supplier integration (28:10) Connect with Steph Chavez: LinkedIn Website Connect with Scott Claes LinkedIn Website
In this episode, Seth Steinman and I talk about CMMC, CUI and email encryption. Preveil is a leading provider to the contracting industry in helping keeping data safe through encryption. They are a leading solution for CMMC, NIST 800-171 and even ITAR data by helping companies keep data secure.
Episode #82 - In this episode of the Space Marketing Podcast, Izzy House chats with John Gordon, corporate attorney at Taft, about "The Legal Side of Space."
Host Tim O'Toole and guests Melissa Burgess (Miller & Chevalier) and Johanna Reeves (Reeves & Dola, LLP) discuss changes to the ITAR that came into effect in 2024, proposed rules that could be finalized in 2025, and the enforcement outlook for the new year. Roadmap: Updates: Addition of Nicaragua as a 126.1 country and new DDTC guidance for universities Deeper dives Expansion of § 120.54: Activities that are not exports, reexports, retransfers, or temporary imports AUKUS-related changes and new FAQs Proposed rules: defense services Enforcement: DDTC and BIS approaches in recent years, what does the future look like in the wake of Jarkesy and Loper Bright? ******* Thanks to our guests for joining us: Melissa Burgess: https://www.millerchevalier.com/professional/melissa-burgess Johanna Reeves: https://reevesdola.com/about-johanna-e-reeves Questions? Contact us at podcasts@milchev.com. EMBARGOED! is not intended and cannot be relied on as legal advice; the content only reflects the thoughts and opinions of its hosts. EMBARGOED! is intelligent talk about sanctions, export controls, and all things international trade for trade nerds and normal human beings alike. Each episode will feature deep thoughts and hot takes about the latest headline-grabbing developments in this area of the law, as well as some below-the-radar items to keep an eye on. Subscribe wherever you get your podcasts for new episodes so you don't miss out!
In this episode of the IC-DISC show, I speak with Susanne Cook, a senior partner at Denton's Cohen and Grigsby, exploring the world of international trade compliance. Based in Pittsburgh, Susanne chairs the firm's International Business Team and provides insights into import regulations and export control classifications. We dive deep into the complexities of U.S.-China trade relations, examining Section 301 tariffs and their impact on small-value imports. She shares practical strategies companies use to navigate these challenges, such as China's establishing factories in Mexico to counter tariff restrictions. The conversation highlights the critical importance of accurate prior disclosures to regulatory agencies. Through a compelling case study, Susanne illustrates how businesses can effectively manage compliance, demonstrating that U.S. agencies can be forgiving when companies approach disclosure with transparency and comprehensiveness. Beyond trade compliance, we touch on personal development. I share insights on work-life balance and the significance of building a capable team. Susanne's expertise provides a unique lens into how professional challenges can be navigated with strategic thinking and thorough preparation.     SHOW HIGHLIGHTS Susanne Cook, a senior partner at Denton's Cohen and Grigsby, shares her expertise on international trade compliance, focusing on the import side of the practice. The episode discusses the importance of accurate prior disclosures to regulatory agencies and the potential consequences of incomplete disclosures. We explore the challenges and strategies related to U.S.-China trade relations, specifically regarding Section 301 tariffs and the implications for small-value imports. Susanne provides a case study on determining export control classifications, highlighting the role of full disclosure and the forgiving nature of U.S. agencies when proper steps are taken. The conversation covers the growth of Denton's trade practice, emphasizing their specialization in assisting foreign companies entering the U.S. market. We examine China's strategy of building factories in Mexico to circumvent tariffs through USMCA and the role of trade experts in advising businesses. The discussion touches on the characteristics of an ideal client for trade advisory services, including large companies with sophisticated internal traffic groups and growing businesses. We highlight the importance of early compliance to avoid potential pitfalls and the necessity for companies to understand their import-export responsibilities. Susanne and I delve into personal growth and team building, discussing the significance of surrounding oneself with a capable team and achieving work-life balance. The episode offers practical advice on personal and professional development, emphasizing teamwork and strategic client selection.   Contact Details LinkedIn- Susanne Cook (https://www.linkedin.com/in/susanne-cook-722a239/) LINKSShow Notes Be a Guest About IC-DISC Alliance About Dentons GUEST Susanne CookAbout Susanne TRANSCRIPT (AI transcript provided as supporting material and may contain errors) Dave: Hello, this is David Spray and welcome to another episode of the IC Disc Show. My guest today is Susanne Cook, and Susanne is a senior partner and she chairs the Denton's Cohen and Grigsby International Business Team, so her practice is all international trade and one of the fun things we got into was on the import side, which I know little about. So, although our firm has an export focus, it was really interesting hearing about the import side, because many people assume that if we have exporting capabilities and expertise, that we have comparable capabilities on the inside, or the import in which we don't comparable capabilities on the inside, or the input, in which we don't. So this was a wide-ranging interview and Susanne is a really interesting person and she's from the Pittsburgh and in the Pittsburgh office of the firm and I hope you enjoyed this episode as much as I did. Good morning, Susanne. How are you today? Susanne: I'm doing well in sunny Pittsburgh. Dave: Oh, that is great. Now are you a native of Pittsburgh. Susanne: No, Pittsburgh is my adopted city. You may detect an accent I am German. Dave: I attended law school in the United. Susanne: States. I attended law school in the United States and Pittsburgh is my adopted city and I am a fan. Dave: Okay, that is great. Well, I know that you chair your firm's international business team. Susanne: What does that tell me about what that entails? Tell me about the international business team at DIMMS. It really consists of two pieces and maybe going into it historically kind of explain the development of that team. Being German, I've always had an interest in international law and I liked Pittsburgh and decided to practice international law from Pittsburgh, heading out of law school, and in those days it was a little bit more unusual than it is today. We lived through COVID and can connect from wherever we are. 10, 20 years ago it was more unusual to practice international law in Pittsburgh, but that's what we decided to do so. We tend the group tends to international clients coming to the United States to do business here and have developed what we call the soft landing program. And that grew the trade practice, the export-import trade practice that, frankly, within the last five years or so has quadrupled in size. We engaged additional attorneys in that field as trade. Dave: Everybody reading the paper can see how we impose additional tariffs, how we impose additional expert control measures and so, responding to that need, that part of our practice has grown incredibly of our practice has grown incredibly Okay, and so it's mostly I guess they would call this inbound business mostly foreign companies trying to do business in the US, or is it split pretty evenly between that and US companies like on the export controls work and such? Susanne: I'm glad you're asking. We do both, but the majority is really inbound. Yes, we do assist companies, do business overseas, but really what that entails is finding somebody in that country who is like the Susanne Cook overseas to do what we do here, and ultimately we just hand it off to a good resource. Now I think that's valuable for a client, but really where we are more engaged is on the inbound side. And then for on the trade side, it's also companies who do business internationally and need US export control advice. Dave: Okay, that's helpful and so help us understand. I love case studies, examples. Could you give us an example? And if you need to anonymize the client's name, of course feel free to do so but maybe give us an example of like a couple engagements that might be representative and maybe kind of lay out sort of the fact pattern and again, you know, anonymize as appropriate. Susanne: Right, of course. Of course, a simple case study would be a client who is engaged in exporting and at one point wonders whether the software or a hard product is export controlled and reaches out to us and we look at the product and assist in classification as to whether this item is controlled or not. If we determine it's not controlled, that's wonderful, the end of the story. The next step may be that it is controlled and at that point we look at okay, point, we look at okay. We look at past exports to see if any of those should have been pursued under a license, and that could be a license through commerce, it could be a license under ITAR, which is military, and ultimately, depending on the circumstances, that may lead to what we call a prior disclosure, where the client approaches through us, the regulatory agency in charge, and discloses the issues in the past. And I have to say that generally US agencies are pretty forgiving. Us agencies are pretty forgiving. If the prior disclosure is done well, the circumstances aren't too egregious. Generally, I have to say, our prior disclosures we've had great success in coming clean and the client then can walk away knowing that this is not in their past and could pop up any moment. Dave: Well, I'm really just, as a us citizen, I'm really pleased to hear that, because it would seem like like that's the system that we would want, that now I'm. I'm presuming, though, the flip side of that if the client does not identify the issue and the government agency somehow identifies it then the consequences are maybe not as favorable to the client. Is that a fair assumption? Susanne: That is, yes, that is the dynamic here and really also I always say there's one thing worse than not doing a prior disclosure and doing a bad prior disclosure At that point doing a prior disclosure means full disclosure, because if a partial disclosure is done and the agencies find out that this was really a very calculated prior disclosure, with keeping in the background some of the items that the client wasn't ready to share, that is actually viewed as an aggravating effect an aggregating, aggravating effect. Dave: So it's all, it's almost so. In the sequence, the worst thing to do is a prior, an incomplete prior disclosure, and then the next verse would be no disclosure and the agency comes calling and, just you know, plead ignorance. So you actually get in. Typically, the client would get in less trouble for just being clueless, if you will, than for strategically disclosing only some stuff. Susanne: Oh, absolutely, that goes to knowledge right. It is negligence, gross negligence, or this now goes to intentional misconduct. And with respect to intentional misconduct, even if the client decides not to do a prior disclosure for whatever reason and there are reasons what we consistently counsel the behavior cannot continue because once it has been determined that something should be corrected, if the client continues doing that now it becomes with knowledge intention. And so, yes, it has to change one way or the other. Okay, yes, yeah way or the other. Okay, yes, yeah, so that is on the export side. We also in the trade, we do the importation side and it's rather similar and again, like the export side, we like to stay ahead of trouble. I always say we can do it this way or this way. And this way is prospectively working with a client, developing a program where violations are likely not to occur, or we can assist after a violation occurred, and we much prefer to be on the front end and I think really the client is served better. Dave: Now, on the import side, where does the trouble lie? Susanne: Is it failing to pay like an import tariff, or and there I can tell you, we used to have tariffs averaging of maybe 0.4 to 0.6 percent. There were a few, maybe two, three percent duties, and companies, and the regulatory agencies as well, did not pay a whole lot of attention to payment of duties. But now we have the Section 305, 20 percent duties that are imposed on pretty much all goods from China. We have other tariffs, similar to the Section 232, imposed on most of steel that we import. So now everybody pays attention, as you can imagine, and so the incentive of trying to find a legal way to not pay those is, you know, much greater than it was a couple of years ago. At the same time, yes, customs pays attention much more than they did five years ago, because we're talking real money now. Dave: Yeah, yeah, it's much more material. So I'm really not familiar with the import tariffs. How do they logistically work? Does the importing company that's subject to the 25% tariff? Are they responsible for like remitting that to like volunteer? You know, I say voluntarily, but but is it their responsibility or is there somehow like a? Is that basically how it works? Susanne: Yes, the system works through customs brokers. Okay, so it's rare that a company will perform their own entry, so they engage a customs broker and the customs broker is like the intermediary in this system. And, yes, all duties are being paid through that system. Okay, all duties are being paid through that system. A significant part of determining what duties are due is what we call the harmonized tariff schedule classification of the product. Believe it or not, it's kind of mind-boggling, but anything, any product in the world has an HTS classification. Dave: Okay. Susanne: So, and it can get tricky, particularly sometimes products evolve. They were not even there when the HTS was developed. But still somehow we interpret it for those products to be classified in this HTS system. Sometimes reasonable people can disagree on classification and there's a ruling system. One can go approach customs and request a ruling. But really it's like anything garbage in, garbage out. If there is an incorrect determination on the HTS classification, only bad things can follow. Dave: Yeah, and I'm guessing the reason that you know that there may be a difference of opinion in the classification is because one product may have a higher import tariff than another, so thus the client seeks to make the case that it should fall under the lower tariff classification. Susanne: Absolutely, absolutely. And even when we submit rulings it's a little bit like you know, even court filings, you kind of make your best case as to why we believe this product falls in the category that we would prefer it to be in. Of course we have to be accurate and correct, but, yes, we stress the factors that would make it more likely for a product to be classified in our desired classification. Dave: Okay, and so, and again the process. So the customs broker is actually the one doing the classification of the product. Susanne: They do. However, they work on very, very small margins. Dave: Right. Susanne: And so in difficult cases, yeah, they will make a suggestion, but ultimately it's always the importer's responsibility. It's kind of like a tax return you engage your CPA, but if something goes wrong, it's the taxpayer, and here it is the importer of record who would be on the hook. So in difficult cases or if there is a whole lot of money involved, we get involved as a law firm in classification as well, and it's you know. The sums of money could be staggering. Dave: Yeah, yeah. And so the product comes in. The customs broker, either proactively or independently, will do a classification of the item, or maybe a preliminary classification, or, if it's not clear, they'll perhaps reach out to the client for guidance. Is that my right? So far, that's right. And then the product comes in. And then how soon does the company have to remit those tariffs? Is it a weekly process? A? Susanne: monthly process, quarterly. It's a simultaneous process. Dave: Simultaneous okay. Susanne: Simultaneous process. Dave: It's a simultaneous process, simultaneous. Okay, simultaneous process, obviously, but I'm guessing if they receive the product, if the product lands at 4 pm on a Tuesday, they don't have to remit the money at 4 or 1 pm on Tuesday. I assume there's some. Susanne: There's some leeway and there is a customs bond in the background. Dave: Okay. Susanne: Backing up the payments so as I increase their imports or they may not even increase them. But there is now all of a sudden a dumping duty applied to the product or a 25% additional tariff because the items are shipped from China. The bond may have to be increased because it doesn't cover the standard amounts anymore. Dave: I see, and the bond is that required by customs? Yes, and every company has to have one, or when they get to a certain size. Susanne: Every company has to have one, or when they get to a certain size, it's through the broker. The broker always yes, it's part of the system. Dave: Okay, yes. Susanne: So every product that gets imported is somehow falls under the umbrella of a particular bond. Unless, it's a one-off like you and I just importing things. We're not under that bond system but in professional companies who import as a business. Yes, a bond would be involved. Dave: So is there a threshold where those tariffs come into play? Like if I buy a hundred dollar item from China and I'm buying it with the intent of selling it in the US and I sell it for $150. I mean, is there a minimum threshold? Dollars $800. Susanne: Okay, yes, and this is actually subject to scrutiny, political scrutiny by now, at this point. To scrutiny, political scrutiny by now, at this point, because these de minimis entries are subject to no duties and in this age where everybody is ordering stuff online, and sometimes these are big businesses who are shipping entries, hundreds of entries every day into the United States to the ultimate customer under the $800 exclusion limitation, and a lot of them are country of origin, china, which is under scrutiny. China is a country that is under scrutiny. These de minimis shipments are currently scrutinized and I would frankly expect there to be additional regulations by the end of this year or beginning of next year, just cutting back on these exclusions, because you can see the Congress is suspicious that this is being abused by larger companies. Dave: Yeah, and is the 800 per order, or is it a cumulative amount for a period of time? Susanne: It's per entry per day, so if the US consumer are the recipient of I don't know what you ordered online, that would be, let's say, $600 worth. Dave: So the strategy if I imported $20,000 of goods annually from China and I divide that by you know 250 business days, I think that's like about $100, like a day. If I'm doing my math right, 250, 2500. Yeah, so that's about $100 a day. So if I had that, my strategy then would be to ensure that the imports are staggered such that no one day $800 is imported. Right, and that's the strategy. I can imagine where that'd be a complicated thing to try to pull off, you know the coordination and the timing and it wouldn't be so much there. Susanne: And it wouldn't be so much there. But if you're doing like $200,000 a year, or you divide that by $250, and you're approaching $800 a day, then I would imagine that it would be very difficult to try to manage the timing of all of that. And it's also an issue, frankly, on custom side, because those small orders typically are not scrutinized, and now, if we are scrutinizing them, that's also an increased bureaucracy. So there are considerations here on all sides. At the same time, there are in place, as we all know, increased regulations on imports from China. All these Section 301 tariffs are mostly from China, on goods from China, and one of the proposals is that these de minimis items still would be subject to the 25% Section 301 duties, which they currently are not. Dave: I see. So you're saying that $800 threshold would no longer apply. So if you import, an item that costs $2, you still have to pay 50 cents. Susanne: But then again the bureaucracy right. So there is a real it's not an easy issue, but yes, it's mostly targeted really at China. Dave: Yeah, so one of the things I follow closely it's just a hobby of mine is the electric vehicle space, and I don't know if that's something you pay much attention to, but China produces like I think the latest stats I heard 70 or 80% of the electric vehicles produced in the world are produced in China, and they have tremendous excess capacity. I want to say they produce like 100% 15 to 20 million electric vehicles a year, but they have capacity for like 15 months. So of course they're looking to export them, and so one of the ways that they're looking to get around this is to take advantage of NAFTA or whatever the new NAFTA name is. What's the name? Susanne: USMCA yes. Dave: So what they're doing then is they're building factories in Mexico. Yes, so what they're doing then is they're building factories in Mexico and then importing that way, and what's interesting is that's like historically seemed to be appropriate because it's been a Mexican produced product. It just so happens to be owned by a Chinese company. But the, the talking or the, the suggested proposals, I think by both parties, certainly by the Trump administration is to disallow those products to be exempt from the import tariffs. I'm just curious have you heard anything about this? Not particularly, I have not followed the electric vehicles. Susanne: But that doesn't surprise me at all because those issues are always raised and trying to fight circumvention, where the country of origin is being changed artificially or legitimately right, and that decision and determination is always in the eye of the beholder and there are significant incentives to try to deviate from the country of origin determination of China and at the same time, the United States is investigating these issues all the time. And yes, there are exclusions I'm aware of, for country of origin or to no longer benefit from USMCA for certain specific items, for example. Another item is steel from Russia. We impose more restrictions on that, even if it's channeled through Mexico, and really I mentioned that our group, trade group, has increased. Well, as these issues increase, it really requires more attention and more expertise to advise clients on what is permitted and what is not permitted. And, of course, as a US importer, you always want to import items with the least amount of tariff. Dave: Yeah, of course. Yeah, no, that makes sense, well, good. Well, that's really helpful, because the funny thing is, you know, our practice is all export driven, but the average person thinks export is a part of a compound word called import-export and they just assume that we're well-versed in all the import rules and I always have to keep telling people it's just, that's not what we're focused on. So my knowledge of import rules is now infinitely higher than it was an hour ago. So thank you for that, Susanne. Susanne: You're welcome. You're welcome, and I can see how clients view that. To them, it's just things that cross the border. Dave: Whichever way, yeah, it's all the same to them. So what would you say are the characteristics for you of like an ideal client? Because, like I'm guessing, somebody who imports you know $2,000 a year of stuff from outside the US and they have a business that does $50,000 a year in revenue, I'm guessing that's like you all. That's not a good fit for you. It's just like overkill, right, there's just not. So help me understand what just like. Maybe you just pick the perfect client. What would the characteristics be? Susanne: There are really two buckets, I would say. The one is, of course, we like working with large importers and exporters who do this all the time, who have a traffic department who manages these functions and, as it gets to be, let's say, like you mentioned, the electric vehicle to a very specific case where they need outside assistance, that would be then our role and that is an ideal client. There is another bucket, and the other bucket is really the growing business. You know, if you are the company that imports $100,000 a year, okay, often, really, the company doesn't even realize they're importing and they often do not pay a whole lot of attention to that. Dave: Sure. Susanne: In the way our international world is going, they probably will increase the imports and their exports over the next couple of years and to me it's always best to counsel that company on how to develop a department that looks at these issues and remains compliance, not when they are now importing or exporting 100 million. You want to catch them before that. I don't know when that ideal spot is to where they don't get into trouble. As I said, we always want to counsel companies before they get into trouble. Counsel companies before they get into trouble. The function is a little bit on how precarious the items is. If everything let's say half a million dollars all imports from China, I would take a look at that, the imports that will be scrutinized. Or if you export, and you export half a million of items that are export controlled, you need to pay attention. So there is a little bit of an overlay. How controlled is the item? But and if it's just, I always use the example of brooms where you import brooms or export brooms not regulated of course then the threshold would be higher. You're really not under much of a scrutiny at all Not that there are none, but it's much less and really I would love to get all these companies at the sweet spot. Sure they grow appropriately and have a system in place, because it's always harder If you get somebody with 100 million of imports. They don't even have a good system. That's a difficult task. Dave: Yeah, yeah. So just to recap, so kind of the two perfect types are one would be like a large company with a relatively sophisticated internal traffic group, that's, you know that you know is basically set up for success and you know, they kind of know what they're doing. And then they call on you for specific arcane cases or situations where they can pull you in, you know, kind of as the expert. Now do you actually do you do opinion letters? You all do opinion letters in your practice. Susanne: We do, we do, and opinion letters is really on both sides export control and on customs. It's only the agencies who can give a binding ruling on how these items are classified. We will give opinions. What that will do? It will mitigate culpability. It doesn't mean we say we are 100% right all the time, because only the agencies can give these rules. Dave: Of course. Susanne: But it will go a long way to mitigating any exposure because the company obviously went out of their way. Dave: Yeah, well, and they relied. I think the key term is the reliance. They relied on your opinion and so, like you said, that then gives them, you know, protection from you know the extreme impacts of regulatory rulings. Susanne: Correct, correct and, yes, we will give opinions. Of course, a better way, if it's possible, is to get a binding ruling, because it's actually, in a way, often less work to get a binding ruling. Dave: Oh, is it? Yeah, I can see why Because you only have to provide enough data to satisfy the regulatory agency, Whereas for an opinion letter you maybe have to be more comprehensive to encompass all these different factors Correct. Correct. Yeah, that makes sense. So this is where, as we're nearing the end here, so I'm going to put you on the spot with this one. Okay, Are you ready? So I'm guessing that Denton's is not the only law firm in the world that's involved in international trade. Is that probably a fair assumption? So why, when your clients select you specifically, or the firm, if you've ever asked them, hey, you know how did you choose us. Why did you choose us? You know why do you keep using us? What's the response you get from your clients as far as why they they use the firm? Susanne: I believe that they use us because we are extremely business oriented and a lot of the other trade outfits are much more theoretical and okay professorial and really I going back full circle to my introduction how we got into this. We got into this because we have had clients in that space that we wanted to assist. Dave: Okay. Susanne: So we're a little bit more of like an in-house legal department. How we look at this, we're very practical. What can the company do to implement these rules and regulations with undue burden? We don't just counsel. These are the rules. This is what you have to do. We always take it a step further and assist the client in finding the best way to be compliant. Dave: Okay. Susanne: And that's in our blood. Dave: Okay. Susanne: Any piece of advice we give, we always ask ourselves, when we look at it from the perspective of the client, the company Okay, how can they do that? How can they do that? Because one can give all kinds of theoretical advice, which is good advice, but it just doesn't work, and we always ask that question. So I think that's an advantage. The other advantage is just the location Pittsburgh. Our cost structure tends to be more competitive than a you know, yes, our competitors often sit in new york, manhattan, in chicago, miami, the big trade centers now Trade Center. So now yes, so our cost structure is a Pittsburgh cost structure. Dave: Yeah, and then I suppose for a client who's actually based in Pittsburgh, it's a you know kind of a bonus or that makes you uniquely attractive to have a local resource with the international capabilities that you all have. Susanne: Correct, correct. Dave: Okay, so I've got only two more questions. One's an easy one. One's gonna be the hardest that you're gonna have. So the easy one is is there anything I didn't ask you that you wish I had asked you? Anything we didn't cover? Susanne: No, I would say that the one area we all believe that trade compliance will continue on this trajectory of increased attention and I think duties will continue to increase Export control requirements will increase as well. So I think this trajectory, will continue for anybody doing business internationally, and really this is one of the areas where it does not matter how our election will turn out, that's the trajectory Our world is more complicated and increased trade rules will continue to apply. Dave: Well, I'm glad you brought that up, because for the listener who's thinking, well, yeah, this is kind of a problem now, but I'm sure it's just temporary. If the right person wins the election, then this is going to go away. So thank you for saying that, that they need to get that naive thought out of their mind, right, it's only going to increase. Susanne: It's continuing. Dave: Yes, yeah, and so it sounds like the real takeaway is the the company companies involved in international trade should just accept that and expect the increase in it and just basically be prepared for that. Susanne: And for business it's always a cost-benefit analysis right. Dave: Of course, of course. Susanne: And the cost will not go away. Dave: Exactly Yep, no, that makes sense. Cost will not go away. Exactly Yep, no, that makes sense. So the last question. So this is the tougher one, and it's okay if you need to take a bit to think about it. So if you could go back in time and give advice to your 25-year-old self, what advice might you give to yourself? Susanne: When the 25-year-old myself was mostly interested always in international trade but I was interested in outbound transactions doing joint ventures in. Brazil, in Russia, in travel and really being in private practice in Pittsburgh. That turned out to be a bad business plan Because if I did my job well, like I said, I would find the perfect match in those countries to tend to the client and I might continue having a supervisory role or occasionally advise the client. But if it was the perfect match, even that would start being less and less. So, yes, the more focusing on the inbound transaction is, the better business. Dave: Okay, so you would have. The advice you'd give is focus more on that import transactions earlier, sooner than later. Susanne: That's right. And on export transactions dealing with US companies. But don't expect on the outbound side to continue to do the work if they form a company, if they outside of the United States and it's logical, very logical, but the 25 year old me did not see that sure, and what about? Dave: and what about, like on a maybe a more personal perspective advice you might give yourself of just you know kind of lessons you've learned more on the personal side? You know work, more work, less travel more. Travel, less eat, eat more desserts, eat less desserts. Any advice you you'd have for your 25-year-old self personally? Susanne: The advice is you need a good team. Dave: Okay. Susanne: You just need a good team and pay attention to building that team, and it also you alluded to it balance of life kind of situations One person can't do it all. It's the team that performs. Dave: Understood Well that is really great advice. Well, Susanne, this has really been fun for me, and I've learned so much about import items that I didn't know anything about, so I really appreciate your time and I hope you have a great afternoon. Susanne: Well, thank you, David, you too. Special Guest: Susanne Cook.
What happens when a major defense contractor faces scrutiny for ethics and compliance violations? In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into the high-stakes world of corporate accountability, exploring Raytheon's recent $428 million settlement with the U.S. Department of Justice. From fraudulent pricing to bribery and compliance lapses, we uncover the impact of these violations and the tough questions they raise about corporate governance, oversight, and ethical responsibility in high-stakes industries.Hear Michael talk about:Raytheon Company (Raytheon) -- a subsidiary of defense contractor, RTX (formerly known as Raytheon Technologies Corporation) — agreed to pay over $950 million to resolve the Justice Department's investigations into three areas of violation. The settlement addresses three main issues:A major government fraud scheme involving defective pricing on certain government contractsViolations of the Foreign Corrupt Practices Act (FCPA) the Arms Export Control Act (AECA) and its implementing regulations, the International Traffic in Arms Regulations (ITAR)As part of the settlement, Raytheon entered into a three-year deferred prosecution agreement (DPA) and agreed to the filing of criminal information in the District of Massachusetts charging Raytheon with two counts of major fraud against the United States. Raytheon admitted to engaging in two separate schemes to defraud the Department of Defense (DOD) relating to the provision of defense articles and services, including PATRIOT missile systems and a radar system. Separately, Raytheon entered into a three-year DPA in connection with a criminal information in the Eastern District of New York charging Raytheon with two counts: conspiracy to violate the anti-bribery provision of the FCPA for a scheme to bribe a government official in Qatar and conspiracy to violate the AECA for willfully failing to disclose the bribes in export licensing applications with the Department of State as required by part 130 of ITAR.The Justice Department's FCPA and ITAR resolution is coordinated with the Securities and Exchange Commission (SEC). Both DPAs require that Raytheon retain an independent compliance monitor for three years, enhance its internal compliance program, report evidence of additional misconduct to the Justice Department, and cooperate in any ongoing or future criminal investigations. Raytheon also reached a separate False Claims Act settlement with the Justice Department relating to the defective pricing schemes.ResourcesMichael Volkov on LinkedIn | X (Twitter)The Volkov Law Group
What's going on in Global Trade this Week? Today Pete Mento and Doug Draper cover: 2:58 -Geopolitical Uncertainty and Revenue 6:51 -Elon Musk, SpaceX, DOJ Lawsuits, and ITAR 10:00 -Halftime 19:00 -Mississippi River's Low Water Levels 22:52 -South China Sea Tensions Escalate Daily https://www.capwwide.com/international-insights/11/5/24/gttw-podcast-episode-171 https://youtu.be/sqcMarfkEMg
Today, let's tackle the current shipping and forwarding industry challenges with our guest, Sara Dandan! Sara covers disputes related to demurrage and detention fees, her focus on dispute resolution, the need for shippers to document all communications and transactions to navigate conflicts effectively, the varying roles of forwarders, the negotiation power of large shippers, and the ongoing challenges faced by drayage providers in collecting evidence for freight issues! About Sara Dandan As a second-generation ocean freight forwarder, I've been immersed in logistics my entire life. As an ocean freight forwarder and supply chain consultant, I've handled the coordination and movement of thousands of ocean containers and air shipments, managing hundreds of millions of dollars in goods across global markets, performed internal audits at a major 3pl, and built out export operations and supply chain strategies for businesses of all sizes. Having proven my expertise in EAR, ITAR, and OFAC regulations I next immersed myself in years of study dedicated to the Shipping Act and maritime law and regulations. Now my focus is in resolving demurrage and detention and maritime disputes for shippers, truckers, and forwarders. Having been admitted to general practice before the Federal Maritime Commission as a non-attorney, I'm one of the rare professionals in the field who can combine deep regulatory knowledge with real-world experience when representing clients before the Commission. I founded my company with a clear mission: to make the maritime dispute process accessible to as many people as possible. Too often, shippers, drayage providers, and forwarders were shut out, left without recourse in a system stacked in favor of the carriers. I wanted to change that. By leveraging my deep knowledge of demurrage and detention, maritime regulations, and the shipping process as a freight forwarder; I fight to level the playing field and ensure an equitable supply chain for all. Connect with Sara Website: https://fouroneone.io/ LinkedIn: https://www.linkedin.com/in/sara-d-0a344018/ Email: sara@fouroneone.io
The Justice Insiders: Giving Outsiders an Insider Perspective on Government
Host Gregg N. Sofer welcomes Husch Blackwell partner Grant Leach to the program to discuss the burgeoning set of requirements and restrictions placed on U.S. businesses in connection with trade law. Gregg and Grant identify the authorities and agencies involved in trade law and the various mechanisms the regulators use to make rules and enforce them. As trade law rapidly evolves to keep pace with geopolitical developments and challenges, corporate leaders and their compliance teams have the task of managing risks that are sometimes difficult to spot, especially as they involve multiple layers of the global supply chain. Our conversation stresses the necessity of diligence and knowing your customers and vendors, as well as exploring what a “reasonable, risk-based” compliance program looks like in practice.We also discuss a key change in the statute of limitations—from five years to ten—in connection with the Office of Foreign Assets Control (OFAC) sanctions enforcement. This expansion of the lookback period has implications not just for compliance programs but could also complicate corporate transactions and the due diligence process.We conclude our discussion by addressing how the evolving trade law regime impacts smaller enterprises that might have difficulty scaling the compliance function to manage trade-based risk. These enterprises face heightened risk as they are often targeted by bad actors seeking to evade sanctions via transshipment or some other means.Gregg N. Sofer BiographyFull BiographyGregg counsels businesses and individuals in connection with a range of criminal, civil and regulatory matters, including government investigations, internal investigations, litigation, export control, sanctions, and regulatory compliance. Prior to entering private practice, Gregg served as the United States Attorney for the Western District of Texas—one of the largest and busiest United States Attorney's Offices in the country—where he supervised more than 300 employees handling a diverse caseload, including matters involving complex white-collar crime, government contract fraud, national security, cyber-crimes, public corruption, money laundering, export violations, trade secrets, tax, large-scale drug and human trafficking, immigration, child exploitation and violent crime.Grant Leach BiographyFull BiographyBased in Husch Blackwell's Omaha office and a member of the firm's International Trade & Supply Chain practice, Grant focuses on trade, export controls, sanctions and anti-corruption compliance. He has extensive experience helping clients navigate complex issues related to international commerce and its associated compliance challenges. As part of his practice, Grant advises clients on requirements under the US Foreign Corrupt Practices Act (FCPA), Export Administration Regulations (EAR) administered by the Bureau of Industry and Security (BIS), International Traffic in Arms Regulations (ITAR) administered by the Directorate of Defense Trade Controls (DDTC), trade sanctions administered by the Office of Foreign Assets Control (OFAC) and other import- and export-related regulations.© 2024 Husch Blackwell LLP. All rights reserved. This information is intended only to provide general information in summary form on legal and business topics of the day. The contents hereof do not constitute legal advice and should not be relied on as such. Specific legal advice should be sought in particular matters.
Colonel Mills delivers significant experience in Department of Defense (DoD) and Department of Homeland Security (DHS) cybersecurity, technology, and critical infrastructure programs. He has worked extensively in train and equip efforts using Foreign Military Sales (FMS), foreign military financing, ITAR, and international military education and training, and builds public-private defense and technology industrial base partnerships, including helping establish the DoD's Development Innovation Unit (DIU) in Silicon Valley.Prior to joining The SPECTRUM Group (TSG), Colonel Mills served as the Director for Cybersecurity Policy, Strategy, and International Affairs in the Office of the Secretary of Defense. His work included creating and implementing the first DoD and intelligence community (IC) scorecarding initiative, boosting whole-of government cybersecurity and multidomain responses to threat actor and nation hostile actions.Colonel Mills' 33-year U.S. Army and Army Reserves career culminated in his serving as a senior liaison between DHS and DoD for complex homeland security operations. Earlier, he helped establish and advise foreign national military and security forces in Iraq, Afghanistan, Yemen, Bosnia, South Korea, and the Kingdom of Saudi Arabia. His roles spanned joint and inter-agency operations, psychological operations (PSYOP), intelligence activities, special operations, strategic planning, and public affairs.In addition to his work at TSG, Colonel Mills serves as an adjunct assistant professor for the Cybersecurity Law and Policy program at the University of Maryland, Global Campus.Follow Freedom First Network on Pickax: https://pickax.com/freedomfirstnetworkProtect your financial future with precious metals! Use code VANDERSTEEL to download your FREE Gold and Silver Guide from Genesis Gold today and take control of your financial destiny! https://pickaxgold.comElevate your meals with Freedom First Beef… even if you find yourself in the middle of the apocalypse! Use code FFN for 25% off and enjoy high-quality beef whenever you crave it – today or tomorrow! https://freedomfirstbeef.comBe ready for anything life throws your way with The Wellness Company's Medical Emergency Kit. Order today using code FFN for a 10% discount at https://twc.health/ffn.Unleash the spirit of liberty in every cup with Freedom First Coffee's Founders Blend. Order now using code RIGHTNOW and savor the unparalleled taste of freedom in every patriotic sip. https://freedomfirstcoffee.com
Design reuse in Electronic Design Automation (EDA) involves leveraging existing designs to speed up development, reduce risks, and ensure quality. By reusing proven circuitry and IP, engineers save time, lower costs, and maintain high standards across projects. I'm your host, Steph Chavez. In this episode, we will explore design reuse methodologies in EDA. I'm thrilled to have my dear friends, Andre Mosley, a Marketing Development Specialist at Siemens EDA, and Carlos Gazca, a Senior Technical Marketing Engineer at Siemens EDA, join me for this insightful discussion. In this episode, you will learn about the crucial concept of design reuse in EDA, including its benefits, challenges, and best practices. You will also discover how leveraging existing designs can enhance efficiency, reduce time-to-market, and maintain high-quality standards in electronic product development. What You'll Learn in this Episode: The importance of reuse technologies in the EDA industry. (04:25) Challenges with data management and version control in circuit design. (06:23) Reuse methodologies in electronics design, including planning and database management. (19:38) Security concerns in design reuse, export control, and ITAR regulations. (22:40) Connect with Andre Mosley: LinkedIn Connect with Carlos Gazca: LinkedIn Connect with Steph Chavez: LinkedIn
How2Exit: Mergers and Acquisitions of Small to Middle Market Businesses
Watch Here: https://youtu.be/ZOvf5bIg6BEAbout the Guest(s): Caroline Chapdelaine is the CEO and Co-Founder of North Star Photonics, a company specialized in defense manufacturing technology, specifically focusing on photonics and fiber optic gyroscopes. With a rich background in military intelligence as an officer in the U.S. Army, Caroline has extensive experience in both operational and defense contract management roles. She has also worked for major defense contractors such as Northrop Grumman, L3 Harris, and Orbital ATK before obtaining her MBA from the Wharton School. Caroline successfully executed a carve-out to establish North Star Photonics and has since been leading the company through the complexities of the defense contracting industry.Summary: In this episode of the How2Exit Podcast, Ronald Skelton interviews Caroline Chapdelaine, CEO and Co-Founder of North Star Photonics. Caroline discusses her journey from military intelligence officer to entrepreneur in the defense sector, sharing insights on executing a unique carve-out. She covers the complexities of due diligence, acquiring specialized equipment, and meeting regulations like ITAR and ISO 9001. Caroline also details financial strategies, including the risky SBA 7a loan, to handle cash-flow challenges post-acquisition. This episode is valuable for anyone interested in defense contracting or business carve-outs.Key Takeaways:Bias for Action: Emphasizing the importance of taking actionable steps rather than getting lost in over-analysis.Resilience and Mental Health: Maintaining mental and physical health is crucial for sustaining long-term business success.Strategic Alliances: Building and utilizing networks within the industry can significantly aid in overcoming operational challenges.Navigating Financial Complexities: Understanding the intricacies of loans and financial instruments like the SBA 7a loan can provide essential lifelines during tough times.High Standards of Quality: Complying with stringent regulations such as ITAR and ISO 9001 is critical for maintaining product integrity in the defense sector.--------------------------------------------------Contact Caroline onLinkedin: https://www.linkedin.com/in/carolinechapdelaine/--------------------------------------------------How2Exit Joins IT ExchangeNet's Channel Partner Network!Have an IT Company doing between $5M and $30M You may Sell?The IT ExchangeNet M&A Marketplace @Ronald Skelton - How2Exit Host has a proprietary database of 50,000+ global buyers seeking IT Services firms, MSPs, MSSPs, Software-as-a-Service platforms and channel partners in the Microsoft, Oracle, ServiceNow and Salesforce space.If you are interested in learning more about the process and current market valuations, complete the contact form and we'll respond within one business day. Everything is kept confidential.https://www.itexchangenet.com/marketplace-how2exitOur partnership with IT ExchangeNet focuses on deals above $5M in value. If you are looking to buy or sell a tech business below the $5M mark, we recommend Flippa. --------------------------------------------------
Welcome to the last of our short series on encryption. This week we're just talking amongst ourselves, luckily Gus is an expert on encryption - having been working in and around the encryption debate since the '90s. Links - Read more about PI's work on encryption here: privacyinternational.org/learn/encryption - Matt Blaze and crypto.com: theverge.com/2018/7/6/17540818/crypto-com-domain-matt-blaze-monaco-mco-cryptology-sale; you can now find Matt at mattblaze.org - More about ITAR and the export of cryptography: en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States - More about France's ban on encryption ending in this 1999 article from the Register: theregister.com/1999/01/15/france_to_end_severe_encryption/ - More about the Data Encryption Standard: en.wikipedia.org/wiki/Data_Encryption_Standard - Find out more about the Clipper Chip: gizmodo.com/life-and-death-of-clipper-chip-encryption-backdoors-att-1850177832 - Or take a look at this NY Times article from 1994 (paywalled): nytimes.com/1994/06/12/magazine/battle-of-the-clipper-chip.html - Matt Blaze's flaw in the Clipper Chip: wired.com/1994/09/clipping-clipper-matt-blaze/ - NSA Data Center: wired.com/2012/03/ff-nsadatacenter/ - NSA holding data: nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html - An old website that helped you sign up to be an Arms Trafficker: http://online.offshore.com.ai/arms-trafficker/ - Here's some of the RSA illegal tattoos: http://www.geekytattoos.com/illegal-tattoos-rsa-tattoos/ - Phil Zimmerman's release of PGP: mit.edu/~prz/EN/essays/BookPreface.html - A documentary on this topic: reason.com/video/2020/10/21/cryptowars-gilmore-zimmermann-cryptography/ - The Reply All episode on Minitel: https://gimletmedia.com/shows/reply-all/8whoda
Welcome to the latest episode of Engineering Influence, a podcast from the American Council of Engineering Companies. In this episode, we are joined by Warren Linscott, the Chief Product Officer for Deltek. Warren dives deep into how Deltek is positioned as a leading technology provider within the Architecture and Engineering (AE) space, focusing on their ERP software solutions tailored for project-based businesses. Warren elaborates on how Deltek's solutions help small and medium-sized firms succeed by providing comprehensive project accounting, CRM, and opportunity identification tools. The discussion also covers Gov1IQ, an information solution tracking over $2.5 trillion worth of federal, state, and local opportunities, assisting firms in identifying lucrative projects. Compliance is another critical area where Warren explains how their ERP solutions aid firms in adhering to FAR compliance and managing ITAR-controlled information. The episode also explores the integration of emerging technologies like AI, and how Deltek's digital assistant, Della, is set to revolutionize operational efficiency within engineering firms.
In today's episode, Izzy discusses the importance of a marketing plan with Amanda Hudswell at Equatorial Launch Australia. A marketing plan provides a blueprint for your communication activities, maximizes your efforts by targeting the most important audiences, and determines the marketing activities that resonate with them. A plan transforms dreams into reality by establishing the steps necessary for an idea to come to fruition and it provides clarity for action for the entire company and its team. Amanda Hudswell Head of Marketing Communications and Public Affairs Equatorial Launch Australia https://ela.space CHAPTERS: 01:17 Importance of a marketing plan 03:01 Eclipse 04:27 Meet Amanda Hudswell 07:54 About ELA 13:59 When to bring in a marketing professional 16:24 The Marketing Plan 19:17 Your audience and crafting a message that resonates 22:25 Strategies and tactics of a marketing plan 24:02 Constructing the plan and getting scrappy 22:37 Measuring and testing 30:24 Non-digital results 32:52 Telling the space story 36:47 Your audience is the hero, your company is the guide 39:53 Marketing challenges 41:59 Marketing successes 44:17 Algorithms - shooting at a moving target 46:34 Bad actors, trolls, and grumpy people 53:59 The future of space 58:57 Final Thoughts MENTIONS: GSA Spaceport Summit - https://www.globalspaceportalliance.com/gsa-spaceport-summit-2/ Building a BrandStory by Donald Miller ITAR regulations - The International Traffic in Arms Regulations (ITAR) are a set of US government regulations that control the import and export of defense products, services, and information. The purpose of ITAR is to protect national security and advance American foreign policy interests. ITAR governs the following: Manufacture, Export, Temporary import, Provision of defense services, and Brokerage activities involving items described on the USML. https://www.pmddtc.state.gov/ddtc_public/ddtc_public?id=ddtc_kb_article_page&sys_id=24d528fddbfc930044f9ff621f961987 ABOUT IZZY Izzy's website - https://izzy.house Author of Space Marketing: Competing in the new commercial space industry AND Space Marketing: Spaceports on Amazon and Audible - https://bit.ly/Space-Marketing Podcast host for Space Marketing Podcast - https://spacemarketingpodcast.com Organizer for Space for Kentucky Roundtable - https://spaceforkentucky.com Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, Asitang Mishra, a senior data scientist from JPL NASA, and Nitish Kumar, an AI team lead from ISRO, discuss the current and future applications of Artificial Intelligence in space exploration. They delve into how AI is transforming space missions, from satellite imagery analysis and space debris modeling to the automation of spacecraft systems. The conversation also covers the challenges and opportunities AI presents, the integration of AI into space agency workflows, and potential AI-driven advancements in space technology. Furthermore, the discussion touches on the necessity of AI literacy among space professionals, the impact of AI on job roles within the space industry, and the impact of AI advancements on regulations like ITAR. The guests also explore the broader implications of AI on the future of work, emphasizing the growing importance of AI in making space exploration safer, more efficient, and more innovative.Chapters(00:00) - Welcome to Those Space People: NASA and ISRO Experts Share Insights (01:18) - AI's Role and Challenges in ISRO's Space Missions (03:30) - How NASA is Leveraging AI: From ChatGPT to Spacecraft Autonomy (05:05) - Exploring the Use of AI in Historical and Current Space Missions (07:33) - The Impact of ChatGPT and AI on Space Agencies (10:25) - The Future of AI in Space: Predictions and Possibilities (18:17) - Leveraging AI for Knowledge Management and Innovation (27:34) - Preparing for an AI-Driven Future in the Space Industry (32:31) - Exploring AI's Role in Hardware: Limitations and Potential in the Physical World (41:53) - Exploring the Capabilities of Large Language Models (LLMs) (47:53) - AI's Impact on Space Debris Management and Traffic (52:36) - The Future of Employment in the AI-Enhanced Space Industry (56:11) - Navigating ITAR and Open Source in Space Tech (01:01:10) - AI Teams and Projects Across ISRO Centers (01:03:29) - Concluding Thoughts on AI's Expansive Potential
Boeing continues to struggle with its core business activities. As troubles mount for Boeing, it is clear that it continues to suffer from real and pervasive culture issues that have been reflected in serious safety failures, financial difficulties, regulatory violations, and serious reputational damage. Boeing's troubles permeate every part of its organization -- from the board to senior executives to its operations and overall ethics and compliance commitment. As a result, Boeing stands at an important crossroads -- will it make a real commitment to change, reform, and ethics and compliance, or will it continue to limp along, suffering repeated incidents of harm?In its latest (mis)adventure, Boeing fell victim to a State Department fine for $51 million for violations of a number of export controls, including basic licensing requirements for exports to China and Russia. Boeing voluntarily disclosed the violations to the Directorate of Defense Trade Controls ("DDTC") in the State Department.The violations of the International Traffic in Arms Regulations ("ITAR") included illegal exports to foreign employees and contractors who work in more than 15 countries, a trade compliance specialist fabricating an export license to illegally ship defense items abroad, and violations of the terms and conditions of other export licenses, among other things.The DDTC's $51 million penalty is the largest administrative penalty imposed for ITAR violations since it imposed a $79 million penalty against BAE Systems in 2011. Under the terms of the settlement, Boeing must pay $27 million to the DDTC within two years and use the remaining $24 million to improve its compliance program and procedures. In addition, Boeing is required to hire a DDTC-approved special compliance officer to oversee its compliance with ITAR for the next three years. That officer will regularly report to the DDTC on Boeing's progress.Boeing faced a $51 million settlement for ITAR violations, including unauthorized exports and re-transfers to foreign employees and contractors, notably in China.Violations involved illegal downloads of ITAR-controlled technical data from Boeing's digital repository, which affected Pentagon platforms like the F-18, F-15, and F-22 aircraft and the AH-64 Apache helicopter.Boeing voluntarily disclosed violations to the Directorate of Defense Trade Controls (DDTC) and the State Department, leading to the $51 million penalty, the largest for ITAR violations since 2011.The settlement requires Boeing to pay the DDTC $27 million, improve its compliance program with the remaining $24 million, and hire a DDTC-approved special compliance officer for three years.Boeing must introduce a new automated export compliance system, update the State Department on its progress every six months, and undergo two export control audits by State Department-approved consultants.Despite the violations occurring mostly before 2020, Boeing made significant improvements to its trade compliance program, investigated issues, cooperated with authorities, and expressed regret.The case highlights the State Department and DDTC's aggressive enforcement of administrative controls over military items, signaling a broader crackdown on export control and sanctions violations.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group
The US Department of State has concluded an administrative settlement with The Boeing Company to resolve 199 violations of the Arms Export Control Act and the International Traffic in Arms Regulations. High winds and rough seas in the Atlantic have pushed back the launch of SpaceX Crew-8 Saturday at 11.16pm local time at the earliest, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you'll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Our guest today is Robert Kurson, author of Rocket Men: The Daring Odyssey of Apollo 8 and the Astronauts Who Made Man's First Journey to the Moon. The US Congress passing a Continuing Resolution which extends the deadlines for passing the FY2024 appropriations bills further into March. You can learn more about Robert Kurson's novels on his website. Selected Reading U.S. Department of State Concludes $51 Million Settlement Resolving Export Violations by The Boeing Company Boeing in talks to buy supplier Spirit AeroSystems, WSJ reports- Reuters Congress Clears New CR, Punting Shutdown Threat Further Into March – SpacePolicyOnline.com https://www.linkedin.com/feed/update/urn:li:activity:7169004907721654274/ NewsSpace ground tracking program to reach key milestone NASA delays space station crew rotation flight, makes way for SpaceX Starlink launch - CBS IM-1 | Intuitive Machines Sidus Space Announces Pricing of Public Offering | Business Wire NASA Selects ACMI as Second Approved Exploration Park Facility UK and France to deepen research and AI links following Horizon association - GOV.UK Funding boost to grow Aussie space sector Former NASA Administrator Richard Truly Passes Away – SpacePolicyOnline.com https://www.youtube.com/watch?v=5iwxO1ZiJ0k T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
https://annvandersteel.comhttps://annvandersteel.substack.comhttps://RightNow.NewsHARD HITTING TRUTH AND PERSONAL IMPACT STORIES THAT MAKE A DIFFERENCESPECIAL GUEST:COL JOHN MILLS (RET)https://gettr.com/user/ColonelRETJohnhttps://substack.com/@colonelretjohnhttps://www.amazon.com/Against-Deep-State-John-Mills/dp/B0CK3H51Y2/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1694490414&sr=8-1SHOW DESCRIPTION:The war against the deep state is daily. From elections, to media, to health, military, surveillance, law, courts and Hollywood. The people continue to fight back, but against who? How do we win?Colonel Mills delivers significant experience in Department of Defense (DoD) and Department of Homeland Security (DHS) cybersecurity, technology, and critical infrastructure programs. He has worked extensively in train and equip efforts using Foreign Military Sales (FMS), foreign military financing, ITAR, and international military education and training, and builds public-private defense and technology industrial base partnerships, including helping establish the DoD's Development Innovation Unit (DIU) in Silicon Valley.Prior to joining The SPECTRUM Group (TSG), Colonel Mills served as the Director for Cybersecurity Policy, Strategy, and International Affairs in the Office of the Secretary of Defense. His work included creating and implementing the first DoD and intelligence community (IC) scorecarding initiative, boosting whole-of government cybersecurity and multidomain responses to threat actor and nation hostile actions.Colonel Mills' 33-year U.S. Army and Army Reserves career culminated in his serving as a senior liaison between DHS and DoD for complex homeland security operations. Earlier, he helped establish and advise foreign national military and security forces in Iraq, Afghanistan, Yemen, Bosnia, South Korea, and the Kingdom of Saudi Arabia. His roles spanned joint and inter-agency operations, psychological operations (PSYOP), intelligence activities, special operations, strategic planning, and public affairs.In addition to his work at TSG, Colonel Mills serves as an adjunct assistant professor for the Cybersecurity Law and Policy program at the University of Maryland, Global Campus.KEY WORDS: ANN VANDERSTEEL, JOHN MILLS, DEEP STATE, INTELLIGENCE COMMUNITY, JOHN BRENNAN, JAMES CLAPPER, SUEZ CANAL, BEN GURION, GOLD, BRICS, CCP, RUSSIA, IRAN, COMMUNISM, NATO, UKRAINE, RUSSIA, BRICS, GOLD, VENEZUELA, TACTICAL CIVICS, INSURRECTION, STOLEN ELECTION, TRUMP, BIDEN.WE ARE BEING INVADED. WILL YOU STAND AND DEFEND OUR REPUBLIC?PLEASE SUPPORT GiveSendGo.com/BurningEdgeOPERATION BURNING EDGE is a serious operation studying the negative impacts and downstream carnage caused by the Biden policies and illegal unconstitutional border migration forever changing the tapestry of America.Cartels are in control of the border running drugs, people and disease into America. Zoonotic disease are jumping from people to animals and back again leaving our cattle industry very vulnerable to slaughter as TB is making a comeback into humans and animals. The U.S. government is funding this invasion and aiding and abetting the trojan army being installed in America. You can support this work at GiveSendGo.com/BurningEdge.Stay tuned for daily updates weeknights on Brighteon TV at 8pm and Rumble and the rest at 9pm.Please consider supporting Operation Burning Edge: https://givesendgo.com/burningedgeFamed war correspondent, Michael Yon, and I are organizing a Southern border Expedition in Texas and Panama for the months of August/September. We have the top of the line gear and security for this entire trip filled with migrant encounters, helicopters, fixed wing aircraft, Law Enforcement, Customs and Border Patrol, Congressman and more who all want to learn from the intel gathering we will be doing in the field. Live reporting daily from the field with the latest on the invasion and who is behind it along with who is REALLY TRYING to stop it.HELP US COVER THE INVASION:- Top of the line Military Grade Communications, Gear, and Accommodations - Military Grade Communications Gear for ground-to-ground, ground-to-air, and satellite comms.- Starlink for broadband communications and broadcasting- Various sensors, including $500,000 cooled thermal camera attached to an $80,000 fifty-foot mast.- Image intensifiers, handheld thermal scanners, high quality low-light optics including the most modern optics platforms.- IR spotlights & detectors- Helicopter coverage- Multiple aviation options including helicopters and various fixed wing aircraft allowing for video capture and real-time thermal imaging.- Advanced drone technology with FAA certified Drone pilots.- Advanced audio and video equipment for discreet and overt audio/video capture - Multiple vehicles, RVs, and staff with military trained securityFollow Michael & Ann on Twitterhttps://twitter.com/Michael_Yonhttps://twitter.com/annvandersteelLIVE: BRIGHTEON.TV 8PM ETSPONSORED BY:MAKE HONEY GREAT AGAIN: https://MakeHoneyGreatAgain.comPROMO CODE: AVRICHARDSON NUTRITIONAL STORE – LAETRILLE / APRICOT SEEDS FOR HEALTHhttps://RNCStore.com PROMO CODE “AV”SATELLITE PHONE STOREhttps://sat123.comLIGHTS OUT BEEFhttps://LightsOutBeef.comC60 EVO -My health and beauty secret!https://www.c60evo.com/annvandersteel/ PROMO CODE “EVAV” 10%FOR RADIANT ENERGY & MENTAL FOCUS, INCREASED FLEXIBILITY, IMMUNITY & LONGEVITYàFOR PEOPLE & PETSALIAS IDhttps://AliasID.com PROMO CODE “AV”MY PILLOWhttps://MyPillow.com PROMO CODE “AV”EMF DEFENSEhttps://www.ftwproject.com/ref/470/STREAMING 8PM EThttps://RightNow.NewsSTREAMING 9PM ETCLOUTHUB https://clouthub.com/c/gyFG3mMSRUMBLE https://rumble.com/AnnVandersteel/liveGETTR https://gettr.com/user/annvandersteelFACEBOOK https://www.facebook.com/ann.vandersteelYOURNEWS https://yournews.com/area/videos/TWITTER https://twitter.com/annvandersteelEMAILRightNowAnn@protonmail.comSNAIL MAILAnn Vandersteel℅ P.O. BOX 386Palm City, Florida [34991]SPONSORS:https://lightsoutbeef.comhttps://AliasID.com Promo Code AVhttps://zstacklife.com Promo FOUNDATIONhttps://www.mypillow.com/ Promo AVhttps://www.ftwproject.com/ref/470/Transform the harmful wireless fields from; cell towers, smart meters, smartphones, internet router and your television, into more beneficial energy for you and your plants and petsBECOME A CITIZEN JOURNALISThttps://yournews.com/become-a-yournews-citizen-journalist/FOLLOW & SUBSCRIBE:https://AnnVandersteel.Substack.comhttps://twitter.com/annvandersteelhttps://truthsocial.com/@annvandersteelhttps://gettr.com/i/annvandersteelhttps://t.me/AnnVandersteelTruthhttps://annvandersteel.locals.comhttps://app.clouthub.com/#/users/u/AnnVandersteel/postshttps://gab.com/AnnVandersteelhttps://facebook.com/annvandersteelhttps://www.linkedin.com/in/ann-vandersteel-312310260/FAIR USE NOTICE These pages may contain copyrighted material the use of which has not been specifically authorized by the copyright owner. In accordance with Title 17 U.S.C. Section 107, such material has been referenced to advance understanding of political, human rights, ecological, economic, scientific, moral, ethical, and social justice issues. This constitutes a "fair use" of any such material as provided for in section 107 of the US Copyright Law.
In this episode, host Tim O'Toole and guest Scott Gearity, President of the Export Compliance Training Institute (ECTI), talk in-depth about the International Traffic in Arms Regulations (ITAR). They discuss the growing importance of the regulations related to the provision of defense services abroad by U.S. persons, the jurisdictional implications of importing of foreign made defense articles into the U.S., the growing compliance challenges of the deemed export rule, the recently revised Directorate of Defense Trade Controls (DDTC) compliance guidelines and risk matrices, the reorganization of the ITAR, the 10-year anniversary of export control reform (ECR), and the effect ECR has had on the Export Administration Regulations (EAR). Roadmap: Introduction Defense services abroad Subject to the ITAR from coming into the U.S. Deemed export/SpaceX ITAR Part 120 rewrite DDTC revised compliance program guidance/risk matrix 10-year anniversary of ECR Complexity at the Bureau of Industry and Security (BIS) ******* Thanks to Scott Gearity for joining us: https://www.learnexportcompliance.com/people/scott-gearity/ Questions? Contact us at podcasts@milchev.com. EMBARGOED! is not intended and cannot be relied on as legal advice; the content only reflects the thoughts and opinions of its hosts. EMBARGOED! is intelligent talk about sanctions, export controls, and all things international trade for trade nerds and normal human beings alike. Each episode will feature deep thoughts and hot takes about the latest headline-grabbing developments in this area of the law, as well as some below-the-radar items to keep an eye on. Subscribe wherever you get your podcasts for new bi-weekly episodes so you don't miss out!
Dmitry Kagansky, State CTO and Deputy Executive Director for the Georgia Technology Authority, joins Corey on Screaming in the Cloud to discuss how he became the CTO for his home state and the nuances of working in the public sector. Dmitry describes his focus on security and reliability, and why they are both equally important when working with state government agencies. Corey and Dmitry describe AWS's infamous GovCloud, and Dmitry explains why he's employing a multi-cloud strategy but that it doesn't work for all government agencies. Dmitry also talks about how he's focusing on hiring and training for skills, and the collaborative approach he's taking to working with various state agencies.About DmitryMr. Kagansky joined GTA in 2021 from Amazon Web Services where he worked for over four years helping state agencies across the country in their cloud implementations and migrations.Prior to his time with AWS, he served as Executive Vice President of Development for Star2Star Communications, a cloud-based unified communications company. Previously, Mr. Kagansky was in many technical and leadership roles for different software vending companies. Most notably, he was Federal Chief Technology Officer for Quest Software, spending several years in Europe working with commercial and government customers.Mr. Kagansky holds a BBA in finance from Hofstra University and an MBA in management of information systems and operations management from the University of Georgia.Links Referenced: Twitter: https://twitter.com/dimikagi LinkedIn: https://www.linkedin.com/in/dimikagi/ GTA Website: https://gta.ga.gov TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: In the cloud, ideas turn into innovation at virtually limitless speed and scale. To secure innovation in the cloud, you need Runtime Insights to prioritize critical risks and stay ahead of unknown threats. What's Runtime Insights, you ask? Visit sysdig.com/screaming to learn more. That's S-Y-S-D-I-G.com/screaming.My thanks as well to Sysdig for sponsoring this ridiculous podcast.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Technical debt is one of those fun things that everyone gets to deal with, on some level. Today's guest apparently gets to deal with 235 years of technical debt. Dmitry Kagansky is the CTO of the state of Georgia. Dmitry, thank you for joining me.Dmitry: Corey, thank you very much for having me.Corey: So, I want to just begin here because this has caused confusion in my life; I can only imagine how much it's caused for you folks. We're talking Georgia the US state, not Georgia, the sovereign country?Dmitry: Yep. Exactly.Corey: Excellent. It's always good to triple-check those things because otherwise, I feel like the shipping costs are going to skyrocket in one way or the other. So, you have been doing a lot of very interesting things in the course of your career. You're former AWS, for example, you come from commercial life working in industry, and now it's yeah, I'm going to go work in state government. How did this happen?Dmitry: Yeah, I've actually been working with governments for quite a long time, both here and abroad. So, way back when, I've been federal CTO for software companies, I've done other work. And then even with AWS, I was working with state and local governments for about four, four-and-a-half years. But came to Georgia when the opportunity presented itself, really to try and make a difference in my own home state. You mentioned technical debt at the beginning and it's one of the things I'm hoping that helped the state pay down and get rid of some of it.Corey: It's fun because governments obviously are not thought of historically as being the early adopters, bleeding edge when it comes to technical innovation. And from where I sit, for good reason. You don't want code that got written late last night and shoved into production to control things like municipal infrastructure, for example. That stuff matters. Unlike a lot of other walks of life, you don't usually get to choose your government, and, “Oh, I don't like this one so I'm going to go for option B.”I mean you get to do at the ballot box, but that takes significant amounts of time. So, people want above all else—I suspect—their state services from an IT perspective to be stable, first and foremost. Does that align with how you think about these things? I mean, security, obviously, is a factor in that as well, but how do you see, I guess, the primary mandate of what you do?Dmitry: Yeah. I mean, security is obviously up there, but just as important is that reliance on reliability, right? People take time off of work to get driver's licenses, right, they go to different government agencies to get work done in the middle of their workday, and we've got to have systems available to them. We can't have them show up and say, “Yeah, come back in an hour because some system is rebooting.” And that's one of the things that we're trying to fix and trying to have fewer of, right?There's always going to be things that happen, but we're trying to really cut down the impact. One of the biggest things that we're doing is obviously a move to the cloud, but also segmenting out all of our agency applications so that agencies manage them separately. Today, my organization, Georgia Technology Authority—you'll hear me say GTA—we run what we call NADC, the North Atlanta Data Center, a pretty large-scale data center, lots of different agencies, app servers all sitting there running. And then a lot of times, you know, an impact to one could have an impact to many. And so, with the cloud, we get some partitioning and some segmentation where even if there is an outage—a term you'll often hear used that we can cut down on the blast radius, right, that we can limit the impact so that we affect the fewest number of constituents.Corey: So, I have to ask this question, and I understand it's loaded and people are going to have opinions with a capital O on it, but since you work for the state of Georgia, are you using GovCloud over in AWS-land?Dmitry: So… [sigh] we do have some footprint in GovCloud, but I actually spent time, even before coming to GTA, trying to talk agencies out of using it. I think there's a big misconception, right? People say, “I'm government. They called it GovCloud. Surely I need to be there.”But back when I was with AWS, you know, I would point-blank tell people that really I know it's called GovCloud, but it's just a poorly named region. There are some federal requirements that it meets; it was built around the ITAR, which is International Traffic of Arms Regulations, but states aren't in that business, right? They are dealing with HIPAA data, with various criminal justice data, and other things, but all of those things can run just fine on the commercial side. And truthfully, it's cheaper and easier to run on the commercial side. And that's one of the concerns I have is that if the commercial regions meet those requirements, is there a reason to go into GovCloud, just because you get some extra certifications? So, I still spend time trying to talk agencies out of going to GovCloud. Ultimately, the agencies with their apps make the choice of where they go, but we have been pretty good about reducing the footprint in GovCloud unless it's absolutely necessary.Corey: Has this always been the case? Because my distant recollection around all of this has been that originally when GovCloud first came out, it was a lot harder to run a whole bunch of workloads in commercial regions. And it feels like the commercial regions have really stepped up as far as what compliance boxes they check. So, is one of those stories where five or ten years ago, whenever it GovCloud first came out, there were a bunch of reasons to use it that no longer apply?Dmitry: I actually can't go past I'll say, seven or eight years, but certainly within the last eight years, there's not been a reason for state and local governments to use it. At the federal level, that's a different discussion, but for most governments that I worked with and work with now, the commercial regions have been just fine. They've met the compliance requirements, controls, and everything that's in place without having to go to the GovCloud region.Corey: Something I noticed that was strange to me about the whole GovCloud approach when I was at the most recent public sector summit that AWS threw is whenever I was talking to folks from AWS about GovCloud and adopting it and launching new workloads and the rest, unlike in almost any other scenario, they seemed that their first response—almost a knee jerk reflex—was to pass that work off to one of their partners. Now, on the commercial side, AWS will do that when it makes sense, and each one becomes a bit of a judgment call, but it just seemed like every time someone's doing something with GovCloud, “Oh, talk to Company X or Company Y.” And it wasn't just one or two companies; there were a bunch of them. Why is that?Dmitry: I think a lot of that is because of the limitations within GovCloud, right? So, when you look at anything that AWS rolls out, it almost always rolls out into either us-east-1 or us-west-2, right, one of those two regions, and it goes out worldwide. And then it comes out in GovCloud months, sometimes even years later. And in fact, sometimes there are features that never show up in GovCloud. So, there's not parity there, and I think what happens is, it's these partners that know what limitations GovCloud has and what things are missing and GovCloud they still have to work around.Like, I remember when I started with AWS back in 2016, right, there had been a new console, you know, the new skin that everyone's now familiar with. But that old console, if you remember that, that was in GovCloud for years afterwards. I mean, it took them at least two more years to get GovCloud to even look like the current commercial console that you see. So, it's things like that where I think AWS themselves want to keep moving forward and having to do anything with kind of that legacy platform that doesn't have all the bells and whistles is why they say, “Go get a partner [unintelligible 00:08:06] those things that aren't there yet.”Corey: That's it makes a fair bit of sense. What I was always wondering how much of this was tied to technical challenges working within those, and building solutions that don't depend upon things. “Oh, wait, that one's not available in GovCloud,” versus a lack of ability to navigate the acquisition process for a lot of governments natively in the same way that a lot of their customers can.Dmitry: Yeah, I don't think that's the case because even to get a GovCloud account, you have to start off with a commercial account, right? So, you actually have to go through the same purchasing steps and then essentially, click an extra button or two.Corey: Oh, I've done that myself already. I have a shitposting account and a—not kidding—Ministry of Shitposting GovCloud account. But that's also me just kicking the tires on it. As I went through the process, it really felt like everything was built around a bunch of unstated assumption—because of course you've worked within GovCloud before and you know where these things are. And I kept tripping into a variety of different aspects of that. I'm wondering how much of that is just due to the fact that partners are almost always the ones guiding customers through that.Dmitry: Yeah. It is almost always that. There's very few people, even in the AWS world, right, if you look at all the employees they have there, it's small subset that work with that environment, and probably an even smaller subset of those that understand what it's really needed for. So, this is where if there's not good understanding, you're better off handing it off to a partner. But I don't think it is the purchasing side of things. It really is the regulatory things and just having someone else sign off on a piece of paper, above and beyond just AWS themselves.Corey: I am curious, since it seems that people love to talk about multi-cloud in a variety of different ways, but I find there's a reality that, ehh, basically, on a long enough timeline, everyone uses everything, versus the idea of, “Oh, we're going to build everything so we can seamlessly flow from one provider to another.” Are you folks all in on AWS? Are you using a bunch of different cloud providers for different workloads? How are you approaching a cloud strategy?Dmitry: So, when you say ‘you guys,' I'll say—as AWS will always say—“It depends.” So, GTA is multi-cloud. We support AWS, we support OCI, we support Azure, and we are working towards getting Google in as well, GCP. However, on the agency side, I am encouraging agencies to pick a cloud. And part of that is because you do have limited staff, they are all different, right?They'll do similar things, but if it's done in a different way and you don't have people that know those little tips and tricks, kind of how to navigate certain cloud vendors, it just makes things more difficult. So, I always look at it as kind of the car analogy, right? Most people are not multi-car, right? You go you buy a car—Toyota, Ford, whatever it is—and you're committed to that thing for the next 4 or 5, 10 years, however long you own it, right? You may not like where the cupholder is or you need to get used to something, you know, being somewhere else, but you do commit to it.And I think it's the same thing with cloud that, you know, do you have to be in one cloud for the rest of your life? No, but know that you're not going to hop from cloud to cloud. No one really does. No one says, “Every six months, I'm going to go move my application from one cloud to another.” It's a pretty big lift and no one really needs to do that. Just find the one that's most comfortable for you.Corey: I assume that you have certain preferences as far as different cloud providers go. But I've found even in corporate life that, “Well, I like this company better than the other,” is generally not the best basis for making sweeping decisions around this. What frameworks do you give various departments to consider where a given workload should live? Like, how do you advise them to think about this?Dmitry: You know, it's funny, we actually had a call with an agency recently that said, “You know, we don't know cloud. What do you guys think we should do?” And it was for a very small, I don't want to call it workload; it was really for some DNS work that they wanted to do. And really came down to, for that size and scale, right, we're looking at a few dollars, maybe a month, they picked it based on the console, right? They liked one console over another.Not going to get into which cloud they picked, but we wound up them giving them a demo of here's what this looks like in these various cloud providers. And they picked that just because they liked the buttons and the layout of one console over another. Now, having said that, for obviously larger workloads, things that are more important, there is criteria. And in many cases, it's also the vendors. Probably about 60 to 70% of the applications we run are all vendor-provided in some way, and the vendors will often dictate platforms that they'll support over others, right?So, that supportability is important to us. Just like you were saying, no one wants code rolled out overnight and surprise all the constituents one day. We take our vendor relations pretty seriously and we take our cue from them. If we're buying software from someone and they say, “Look, this is better in AWS,” or, “This is better in OCI,” for whatever reasons they have, will go in that direction more often than not.Corey: I made a crack at the beginning of the episode where the state was founded 235 years ago, as of this recording. So, how accurate is that? I have to imagine that back in those days, they didn't really have a whole lot of computers, except probably something from IBM. How much technical debt are you folks actually wrestling with?Dmitry: It's pretty heavy. One of the biggest things we have is, we ourselves, in our data center, still have a mainframe. That mainframe is used for a lot of important work. Most notably, a lot of healthcare benefits are really distributed through that system. So, you're talking about federal partnerships, you're talking about, you know, insurance companies, health care providers, all somehow having—Corey: You're talking about things that absolutely, positively cannot break.Dmitry: Yep, exactly. We can't have outages, we can't have blips, and they've got to be accurate. So, even that sort of migration, right, that's not something that we can do overnight. It's something we've been working on for well over a year, and right now we're targeting probably roughly another year or so to get that fully migrated out. And even there, we're doing what would be considered a traditional lift-and-shift. We're going to mainframe emulation, we're not going cloud-native, we're not going to do a whole bunch of refactoring out of the gate. It's just picking up what's working and running and just moving it to a new venue.Corey: Did they finally build an AWS/400 that you can run that out? I didn't realize they had a mainframe emulation offering these days.Dmitry: They do. There's actually several providers that do it. And there's other agencies in the state that have made this sort of move as well, so we're also not even looking to be innovators in that respect, right? We're not going to be first movers to try that out. We'll have another agency make that move first and now we're doing this with our Department of Human Services.But yeah, a lot of technical debt around that platform. When you look at just the cost of operating these platforms, that mainframe costs the state roughly $15 million a year. We think in the cloud, it's going to wind up costing us somewhere between 3 to 4 million. Even if it's 5 million, that's still considerable savings over what we're paying for today. So, it's worth making that move, but it's still very deliberate, very slow, with a lot of testing along the way. But yeah, you're talking about that workload has been in the state, I want to say, for over 20, 25 years.Corey: So, what's the reason to move it? Because not for nothing, but there's an old—the old saw, “Well, don't fix it if it ain't broke.” Well, what's broke about it?Dmitry: Well, there's a couple of things. First off, the real estate that it takes up as an issue. It is a large machine sitting on a floor of a data center that we've got to consolidate to. We actually have some real estate constraints and we've got to cut down our footprint by next year, contractually, right? We've agreed, we're going to move into a smaller space.The other part is the technical talent. While yes, it's not broke, things are working on it, there are fewer and fewer people that can manage it. What we've found was doing a complete refactor while doing a move anywhere, is really too risky, right? Rewriting everything with a bunch of Lambdas is kind of scary, as well as moving it into another venue. So, there are mainframe emulators out there that will run in the cloud. We've gotten one and we're making this move now. So, we're going to do that lift-and-shift in and then look to refactor it piecemeal.Corey: Specifics are always going to determine, but as a general point, I felt like I am the only voice in the room sometimes advocating in favor of lift-and-shift. Because people say, “Oh, it's terrible for reasons X, Y, and Z.” It's, “Yes, all of your options are terrible and for the common case, this is the one that I have the sneaking suspicion, based upon my lived experience, is going to be the least bad have all of those various options.” Was there a thought given to doing a refactor in flight?Dmitry: So… from the time I got here, no. But I could tell you just having worked with the state even before coming in as CTO, there were constant conversations about a refactor. And the problem is, no one actually has an appetite for it. Everyone talks about it, but then when you say, “Look, there's a risk to doing this,”—right, governments are about minimizing risk—when you say, “Look, there's a risk to rewriting and moving code at the same time and it's going to take years longer,” right, that refactoring every time, I've seen an estimate, it would be as small as three years, as large as seven or eight years, depending on who was doing the estimate. Whereas the lift-and-shift, we're hoping we can get it done in two years, but even if it's two-and-a-half, it's still less than any of the estimates we've seen for a refactor and less risky. So, we're going with that model and we'll tinker and optimize later. But we just need to get out of that mainframe so that we can have more modern technology and more modern support.Corey: It seems like the right approach. I'm sorry, I didn't mean to frame that is quite as insulting as it might have come across. Like, “Did anyone consider other options just out of curi—” of course. Whenever you're making big changes, we're going to throw a dart at a whiteboard. It's not what appears to be Twitter's current product strategy we're talking about here. This is stuff that's very much measure twice, cut once.Dmitry: Yeah. Very much so. And you see that with just about everything we do here. I know, when the state, what now, three years ago, moved their tax system over to AWS, not only did they do two or three trial runs of just the data migration, we actually wound up doing six, right? You're talking about adding two months of testing just to make sure every time we did the data move, it was done correctly and all the data got moved over. I mean, government is very, very much about measure three, four times, cut once.Corey: Which is kind of the way you'd want it. One thing that I found curious whenever I've been talking to folks in the public sector space around things that they care about—and in years past, I periodically tried to, “Oh, should we look at doing some cost consulting for folks in this market?” And by and large, there have been a couple of exceptions, but—generally, in our experience with sovereign governments, more so than municipal or state ones—but saving money is not usually one of the top three things that governments care about when it comes to their AWS's state. Is cost something that's on your radar? And how do you conceptualize around this? And I should also disclose, this is not in any way, shape, or form intended to be a sales pitch.Dmitry: Yeah, no, cost actually, for GTA. Is a concern. But I think it's more around the way we're structured. I have worked with other governments where they say, “Look, we've already gotten an allotment of money. It costs whatever it costs and we're good with it.”With the way my organization is set up, though, we're not appropriated funds, meaning we're not given any tax dollars. We actually have to provide services to the agencies and they pay us for it. And so, my salary and everyone else's here, all the work that we do, is basically paid for by agencies and they do have a choice to leave. They could go find other providers. It doesn't have to be GTA always.So, cost is a consideration. But we're also finding that we can get those cost savings pretty easily with this move to the cloud because of the number of available tools that we now have available. We have—that data center I talked about, right? That data center is obviously locked down, secured, very limited access, you can't walk in, but that also prevents agencies from doing a lot of day-to-day work that now in the cloud, they can do on their own. And so, the savings are coming just from this move of not having to have as much locks away from the agency, but having more locks from the outside world as well, right? There's definitely scaling up in the number of tools that they have available to them to work around their applications that they didn't have before.Corey: It's, on some level, a capability story, I think, when it comes to cloud. But something I have heard from a number of folks is that even more so than in enterprises, budgets tend to be much more fixed things in the context of cloud in government. Often in enterprises, what you'll see is sprawl: someone leaves something running and oops, the bill wound up going up higher than we projected for this given period of time. When we start getting into the realm of government, that stops being a you broke budgeting policy and starts to resemble things that are called crimes. How do you wind up providing governance as a government around cloud usage to avoid, you know, someone going to prison over a Managed NAT Gateway?Dmitry: Yeah. So, we do have some pretty stringent monitoring. I know, even before the show, we talked about fact that we do have a separate security group. So, on that side of it, they are keeping an eye on what are people doing in the cloud. So, even though agencies now have more access to more tooling, they can do more, right, GTA hasn't stepped back from it and so, we're able to centrally manage things.We've put in a lot of controls. In fact, we're using Control Tower. We've got a lot of guardrails put in, even basic things like you can't run things outside of the US, right? We don't want you running things in the India region or anywhere in South America. Like, that's not even allowed, so we're able to block that off.And then we've got some pretty tight financial controls where we're watching the spend on a regular basis, agency by agency. Not enforcing any of it, obviously, agencies know what they're doing and it's their apps, but we do warn them of, “Hey, we're seeing this trend or that trend.” We've been at this now for about a year-and-a-half, and so agencies are starting to see that we provide more oversight and a lot less pressure, but at the same time, there's definitely a lot more collaboration assistance with one another.Corey: It really feels like the entire procurement model is shifted massively. As opposed to going out for a bunch of bids and doing all these other things, it's consumption-based. And that has been—I know for enterprises—a difficult pill for a lot of their procurement teams to wind up wrapping their heads around. I can only imagine what that must be like for things that are enshrined in law.Dmitry: Yeah, there's definitely been a shift, although it's not as big as you would think on that side because you do have cloud but then you also have managed services around cloud, right? So, you look at AWS, OCI, Azure, no one's out there putting a credit card down to open an environment anymore, you know, a tenant or an account. It is done through procurement rules. Like, we don't actually buy AWS directly from AWS; we go through a reseller, right, so there's some controls there as well from the procurement side. So, there's still a lot of oversight.But it is scary to some of our procurement people. Like, AWS Marketplace is a very, very scary place for them, right? The fact that you can go and—you can hire people at Marketplace, you could buy things with a single button-click. So, we've gone out of our way, in my agency, to go through and lock that down to make sure that before anyone clicks one of those purchase buttons, that we at least know about it, they've made the request, and we have to go in and unlock that button for that purchase. So, we've got to put in more controls in some cases. But in other cases, it has made things easier.Corey: As you look across the landscape of effectively, what you're doing is uprooting an awful lot of technical systems that have been in place for decades at this point. And we look at cloud and I'm not saying it's not stable—far from it—but it also feels a little strange to be, effectively, making a similar timespan of commitment—because functionally a lot of us are—when we look at these platforms. Was that something that had already been a pre-existing appetite for when you started the role or is that something that you've found that you've had to socialize in the last couple years?Dmitry: It's a little bit of both. It's been lumpy, agency by agency, I'll say. There are some agencies that are raring to go, they want to make some changes, do a lot of good, so to speak, by upgrading their infrastructure. There are others that will sit and say, “Hey, I've been doing this for 20, 30 years. It's been fine.” That whole, “If it ain't broke, don't fix it,” mindset.So, for them, there's definitely been, you know, a lot more friction to get them going in that direction. But what I'm also finding is the people with their hands on the keyboards, right, the ones that are doing the work, are excited by this. This is something new for them. In addition to actually going to cloud, the other thing we've been doing is providing a lot of different training options. And so, that's something that's perked people up and definitely made them much more excited to come into work.I know, down at the, you know, the operator level, the administrators, the managers, all of those folks, are pretty pleased with the moves we're making. You do get some of the folks in upper management in the agencies that do say, “Look, this is a risk.” We're saying, “Look, it's a risk not to do this.” Right? You've also got to think about staffing and what people are willing to work on. Things like the mainframe, you know, you're not going to be able to hire those people much longer. They're going to be fewer and far between. So, you have to retool. I do tell people that, you know, if you don't like change, IT is probably not the industry to be in, even in government. You probably want to go somewhere else, then.Corey: That is sort of the next topic I want to get into, where companies across the board are finding it challenging to locate and source talent to work in their environments. How has the process of recruiting cloud talent gone for you?Dmitry: It's difficult. Not going to sugarcoat that. It's, it's—Corey: [laugh]. I'm not sure anyone would say otherwise, no matter where you are. You can pay absolutely insane, top-of-market money and still have that exact same response. No one says, “Oh, it's super easy.” Everyone finds it hard. But please continue [laugh].Dmitry: Yeah, but it's also not a problem that we can even afford to throw money at, right? So, that's not something that we'd ever do. But what I have found is that there's actually a lot of people, really, that I'll say are tech adjacent, that are interested in making that move. And so, for us, having a mentoring and training program that bring people in and get them comfortable with it is probably more important than finding the talent exactly as it is, right? If you look at our job descriptions that we put out there, we do want things like cloud certs and certain experience, but we'll drop off things like certain college requirements. Say, “Look, do you really need a college degree if you know what you're doing in the cloud or if you know what you're doing with a database and you can prove that?”So, it's re-evaluating who we're bringing in. And in some cases, can we also train someone, right, bring someone in for a lower rate, but willing to learn and then give them the experience, knowing that they may not be here for 15, 20 years and that's okay. But we've got to retool that model to say, we expect some attrition, but they walk away with some valuable skills and while they're here, they learn those skills, right? So, that's the payoff for them.Corey: I think that there's a lot of folks exploring that where there are people who have the interest and the aptitude that are looking to transition in. So, much of the discussion points around filling the talent pipeline have come from a place of, oh, we're just going to talk to all the schools and make sure that they're teaching people the right way. And well, colleges aren't really aimed at being vocational institutions most of the time. And maybe you want people who can bring an understanding of various aspects of business, of workplace dynamics, et cetera, and even the organization themselves, you can transition them in. I've always been a big fan of helping people lateral from one part of an organization to another. It's nice to see that there's actual formal processes around that for you, folks.Dmitry: Yeah, we're trying to do that and we're also working across agencies, right, where we might pull someone in from another agency that's got that aptitude and willingness, especially if it's someone that already has government experience, right, they know how to work within the system that we have here, it certainly makes things easier. It's less of a learning curve for them on that side. We think, you know, in some cases, the technical skills, we can teach you those, but just operating in this environment is just as important to understand the soft side of it.Corey: No, I hear you. One thing that I've picked up from doing this show and talking to people in the different places that you all tend to come from, has been that everyone's working with really hard problems and there's a whole universe of various constraints that everyone's wrestling with. The biggest lie in our industry across the board that I'm coming to realize is any whiteboard architecture diagram. Full stop. The real world is messy.Nothing is ever quite like it looks like in that sterile environment where you're just designing and throwing things up there. The world is built on constraints and trade-offs. I'm glad to see that you're able to bring people into your organization. I think it gives an awful lot of folks hope when they despair about seeing what some of the job prospects are for folks in the tech industry, depending on what direction they want to go in.Dmitry: Yeah. I mean, I think we've got the same challenge as everyone else does, right? It is messy. The one thing that I think is also interesting is that we also have to have transparency but to some degree—and I'll shift; I know this wasn't meant to kind of go off into the security side of things, but I think one of the things that's most interesting is trying to balance a security mindset with that transparency, right?You have private corporations, other organizations that they do whatever they do, they're not going to talk about it, you don't need to know about it. In our case, I think we've got even more of a challenge because on the one hand, we do want to lock things down, make sure they're secure and we protect not just the data, but how we do things, right, some are mechanisms and methods. But same time, we've got a responsibility to be transparent to our constituents. They've got to be able to see what we're doing, what are we spending money on? And so, to me, that's also one of the biggest challenges we have is how do we make sure we balance that out, that we can provide people and even our vendors, right, a lot of times our vendors [will 00:30:40] say, “How are you doing something? We want to know so that we can help you better in some areas.” And it's really become a real challenge for us.Corey: I really want to thank you for taking the time to speak with me about what you're doing. If people want to learn more, where's the best place for them to find you?Dmitry: I guess now it's no longer called Twitter, but really just about anywhere. Twitter, Instagram—I'm not a big Instagram user—LinkedIn, Dmitry Kagansky, there's not a whole lot of us out there; pretty easy to do a search. But also you'll see there's my contact info, I believe, on the GTA website, just gta.ga.gov.Corey: Excellent. We will, of course, put links to that in the [show notes 00:31:20]. Thank you so much for being so generous with your time. I really appreciate it.Dmitry: Thank you, Corey. I really appreciate it as well.Corey: Dmitry Kagansky, CTO for the state of Georgia. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry, insulting comment telling me that I've got it all wrong and mainframes will in fact rise again.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
In this episode of From the Crows' Nest, we try to make sense of how to navigate the crazy labyrinth of the Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR) regulatory regime. Host Ken Miller is joined by friend and colleague Steven Casazza, President of Defense Trade Solutions, a company dedicated to helping clients holistically approach international defense business. Ken and Steven discuss best practices, the most common mistakes, and what needs to be done to make this process easier without compromising national security. Whether you're a US company selling abroad or a foreign company trying to do business in the US, this is an episode you don't want to miss. To learn more about today's topics or to stay updated on EMSO and EW developments, visit our homepage.
This is a hybrid event. Students are encouraged to attend in person: STEW G52(Suite 050B)As the commercial and international space community grows to reach the projected $1T for the global economy, the vast domain of space becomes increasingly congested and contested. In this Seminar the Space Information Sharing and Analysis Center (Space ISAC) and the National Cybersecurity Center (NCC) team up to share their perspectives and insights on the intersection of cyber and space, how the game is changing, and what effect this will have on government, industry and academia. This talk will discuss the technology trends in the industry, threats to space systems, and make recommendations to students and faculty about how to navigate the landscape of space domain cybersecurity over the next five years. About the speaker: Mr. Scott Sage is the Chief Operating Officer of the National Cybersecurity Center, a national-level nonprofit organization that provides collaborative cybersecurity knowledge and services to the United States. He encourages, engages, and equips others to solve worthwhile hard problems like his most recent assignment to develop a new space cybersecurity market for Peraton Inc. He also recently developed a complicated IR sensor development from a blank sheet of paper to launch and operation in under 24 months, and his prior conception and execution of an Insider Threat and Information Warfare Behavior Based Analytics R&D project that generated 2 patents and increased interest from DoD and Intelligence Community customers. Past accomplishments include: · Automated Mission Impact Assessment of Network Disruptions - Patent 8347145 · Concept to Low Earth Orbit IR Sensor for Space Development Agency < 2 years · Northrop Grumman Sector Cyber and Information Operations Strategy Development · Industry-leading technology development for scalability in satellite C2 automation · Increased worldwide frequency access for Low Earth Orbit satellite communications · House Armed Services Committee praise for highly classified space advocacy plan · Conceptualized, researched and constructed unique DoD Space Order of Battle Annex · Highly praised Master of Science thesis addressing satellite radiation effects Before devoting his work full time to visionary growth development for Peraton, Scott managed counter- hypersonics development for Northrop Grumman, advanced cyber defense systems development for AT&T, and advanced space operations programs for aerospace companies and the US Navy. Scott has published international export material on cybersecurity issues associated with virtualization and cloud computing and developed a nation-wide R&D network for Northrop Grumman that allowed critical technologies to be brought online for use on high priority captures worth over $8.6B in future revenue. Scott has also been a Certified Information Systems Security Professional (CISSP) and Homeland Security Expert since going to work after completing 15 years of US Navy service as a Commander. Scott volunteered as the co-chair of the Space ISAC Information Sharing Working Group and co-chair for the DHS CISA Future of Space Working Group and has volunteered at Penrose hospital and the Colorado Springs Rescue Mission, along with being a leader at his church. Formal degrees include a M.S., Space Systems Electrical Engineering from the Naval Postgraduate School in Monterey, B.S., Nuclear Engineering & B.A., Journalism & Mass Communication from Iowa State University, Ames, IA. Ms. Erin M. Miller is the Executive Director of the Space Information Sharing and Analysis Center (Space ISAC). Space ISAC serves as the primary focal point for the global space industry for "all threats and all hazards." Stood up at the direction of the White House in 2019, Erin led the Space ISAC to open its operational Watch Center, alongside its Cyber Malware and Analysis Vulnerability Laboratory in Colorado Springs, CO, USA. Under Erin's leadership, Space ISAC's headquarters facility is already serving several countries to achieve its mission of security and resilience for the global space industry. Each year Space ISAC puts on the Value of Space Summit (VOSS), co-hosted with The Aerospace Corporation at the University of Colorado Colorado Springs. Erin has over a decade of experience building meaningful tech collaborations and has formed hundreds of formal partnerships between government, industry and academia to solve problems for war fighters and national security. As a serial entrepreneur in the non-profit space, she thrives in launching new programs and new organizations from stand up through building and scaling operations. Erin was the Managing Director of the Center for Technology, Research and Commercialization(C-TRAC) and brought three USAF-funded programs to bear at the Catalyst Campus for Technology & Innovation (www.catalystcampus.org). Her expertise in brokering unique partnerships using non-FAR type agreements led to the standup of the Air Force's first cyber focused (#securebydesign) design studio,AFCyberWorx at the USAF Academy, and the first space accelerator, Catalyst Accelerator, at Catalyst Campus in Colorado Springs - in partnership with Air Force Research Laboratory and AFWERX. In 2020 Erin was a recipient of the Woman of Influence award. In 2018 Erin was recognized by the Mayor of Colorado Springs as Mayor's Young Leader (MYL) of the Year Award for Technology. She is also the recipient of Southern Colorado Women's Chamber of Commerce Award for Young Female Leader in 2018. In her previous roles she developed and managed intellectual property portfolios, technology transfer strategies, export control/ITAR, secure facilities, and rapid prototyping collaborations. Erin serves on the advisory board of CyberSatGov, CyberLEO and is a board member for the Colorado Springs Chamber of Commerce & EDC. She has guest lectured at Georgetown University, United States Air Force Academy, University of Colorado at Boulder, and Johns Hopkins University. She is frequently found public speaking at notable events like, Defense Security Institute's Summits, CyberSatGov, State of the Space Industrial Base, and other forum focused on security and space resiliency and critical infrastructure.
The news of Texas covered today includes:Our Lone Star story of the day: Texans for Lawsuit Reform, TLR, is a curiously center stage player in the upcoming show trial impeachment of Ken Paxton. Most curious is how the once respectable group has turned so arrogant that its own statements, its bullying, is laughably self-contradictory.It's rather clear to most honest insiders, even those like me who over the years allied with TLR on much, that the group's too-big-for-their-britches these days leaders are out for Paxton's political blood after the humiliation taken by TLR in the primary. TLR got poor Eva Guzman to give up a spot on the Supreme Court to run against Paxton, spent millions on her, and came in a distant third behind even to scandal plagued George P. Bush.This is another reason I maintain that impeachment was the wrong vehicle for issues with Paxton, whether true or not, because all of the impeachment process comes down to political scalp taking.Our Lone Star story of the day is sponsored by Allied Compliance Services providing the best service in DOT, business and personal drug and alcohol testing since 1995.Houston wins bid to host the 2028 Republican National Convention, the first for the Bayou City since Geo. H.W. Bush in 1992.Space X has successful engine test of Superheavy at Boca Chica. And, in another prong of the political attack on SpaceX and Elon Musk, Biden's “Justice” Department sues the company for only hiring U.S. Citizens or lawful Permanent Residents! (This despite ITAR rules that force such on SpaceX.) Read this story AND the informed comments and you'll understand how preposterous this is.Another big fall off in the oil and gas drilling rig count.Listen on the radio, or station stream, at 5pm Central. Click for our radio and streaming affiliates. www.PrattonTexas.com
Related material Main page: https://billatnapier.medium.com/cryptography-fundamentals-8-rsa-rivest-shamir-and-adleman-445b91932bd0 RSA: https://asecuritysite.com/rsa Introduction In August 1977, The Stranglers were in the music charts with “Something Better Change” and something really was changing, and it was something that would change the world forever. This was the month that Martin Gardner in his Scientific American column, posted a challenge of a method that has stood the test of time: RSA. It related to the work of R(ivest), A(dleman) and S(hamir) and was a puzzle on their discovery of a method which allowed two keys to be created, where one could encrypt and the other to decrypt. Their work had been based on a proposal from Whitfield Diffie and Martin Hellman on trapdoor functions that could be used to create the key pair. Mathematical Puzzles introducing RSA In order to explain the RSA concept, Martin's provided a background the Diffie-Hellman method for which he outlined: Then in 1975 a new kind of cipher was proposed that radically altered the situation by supplying a new definition of "unbreakable." a definition that comes from the branch of computer science known as complexity theory. These new ciphers are not absolutely unbreakable in the sense of the one-time pad. but in practice they are unbreakable in a much stronger sense than any cipher previously designed for widespread use. In principle these new ciphers can be broken. but only by computer programs that run for millions of years! Overall the Diffie-Hellman method has had a good run, but it has struggled in recent years to keep up with the processing power for computers, and the millions of years of running is not quite the case in the modern area, and where the original ciphers could now easily be broken with the simplest of computers within minutes. With the RSA method, Martin Gardner outlined: Their work supported by grants from the NSF and the Office of Naval Research. appears in On Digital Signatures and Public-Key Cryptosystems (Technical Memo 82. April. 1977) issued by the Laboratory for Computer Science Massachusetts Institute of Technology 545 Technology Square. Cambridge Mass. 02139.The memorandum is free to anyone who writes Rivest at the above address enclosing a self-addressed. 9-by-12-inch clasp. On receipt the requesters eventually (it took over four months in many cases) received a precious piece of history (Figure ref{fig03}). RSA research paper It seems unbelievable these days, but the original methods were based on two 63-digit prime numbers that would be multiplied to create a 126-digit value: Contrast this with the difficulty of finding the two prime factors of a 125- or 126-digit number obtained by multiplying two 63-digit primes. If the best algorithm known and the fastest of today's computers were used, Rivest estimates that the running time required would be about 40 quadrillion years' A 256-bit number, at its maximum, generates 78-digits: 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665, 640,564,039,457,584,007,913,129,639,936 Web: https://asecuritysite.com/encryption/keys3 The 40 quadrillion years has not quite happened, and where 512-bit keys are easily broken in Cloud. If you are interested, here is a 512-bit integer value and which has 148 digits, such as: 13,407,807,929,942,597,099,574,024,998,205,846,127,479,365,820,592,393,377,723,561,443,721,764,030,073,546,976,801,874,298,166,903,427,690,031,858,186,486,050,853,753,882,811,946,569,946,433,6 49,006,084,096 web: http://asecuritysite.com/encryption/random2 The search for prime numbers, too, has been progressive since 1977, and by 2014, the world discovered a 17,425,170-digit prime number. The finding of prime numbers make the finding of them in the RSA method must easier. So the RSA method has been under attack for years, from both discovering prime numbers and also in factorizing. Along with this computing power has increased massively. If think that 40 years that have passed, and take a quick assumption that computing power doubles every year then we get: 1977 4 Quadrillion Years (4,000,000,000,000,000)1978 2 Quadrillion Year1979 1 Quadrillion Year…2020 227 years2021 113 years2022 57 years2023 28 years and if we get a GPU card with 4,000 processors, we take it to less than a year, and we get of few of them today into a cluster, and we crack it within one day! The FREAK vulnerability was actually caused by the limiting of RSA keys, due to US Export controls, to 512-bits. The factorising of prime numbers too has generated methods which can quickly find the prime number factors The Tension of Crypto and Academic Freedom Once Martin had published the article, the requests for the article came rushing in, especially as the paper had not yet appeared in the Communication of the ACM. Initially there were 4,000 requests for the paper (which rose to 7,000), and it took until December 1977 for them to be posted. Why did it take so long to get the paper published and also to send them out? Well the RSA method caused significant problems within the US defence agencies. This was highlighted in a letter sent from J.A.Meyer to the IEEE Information Theory Group on a viewpoint that cryptography could be violating the 1954 Munitions Control Act, the Arms Export Control Act, and the International Traffic in Arms Regulations (ITAR), and could thus be viewed equivalent to nuclear weapons. In even went on to say that: Atomic weapons and cryptography are also covered by special secrecy laws The main focus of the letter was that any work related to cryptography would have to be cleared by the NSA before publication. In fact, the letter itself had been written by Joseph A Meyer, an employee of the NSA. Joseph had already been embroiled in controversy with a proposal to fit a tracking device to the 20 million US citizens who had been associated with crime. The tag would then be used to monitor the location of the “subscriber”, and to detect when they broke a curfew or committed a crime. In this modern era of GPS tracking of everyone's phones, Joseph's dream has actually become a reality, but now everyone is monitored. The RSA team thus had a major dilemma, as many of the requests for the paper come from outside the US. Martin Hellman, who was a co-author of the Diffie-Hellman method, had already had problems with ITAR, and even decided to present thep aper himself in 1977 at Cornell University rather than the practice of letting his PhD students present the work. His thinking was that the court case would be lengthy, and that it would damage his PhD student's studies (Ralph Merkle and Steve Pohlig), and so he stood up for academic freedoms. Initially the students wanted to present their work, but their families did not think it a good idea. Eventually though, Ralph and Steve stood beside Hellman on the stage to present the paper, but did not utter a word. With this stance the cryptographers held ground, and hoped that a stated exemption on published work within ITAR would see them through. The worry, though, did delay the paper being published, and for the posting of the article. In reply to Meyer's letter, the IEEE stood its ground on their publications being free of export licence controls, with the burden of permissions placed on the authors: RSA research paper and then additional response from the IEEE saying they put in place safeguards for the publishing of material. The scope of the impact of RSA was perhaps not quite known at the time with Len Adleman stating: I thought this would be the least important paper my name would ever appear on In fact, Adleman has said that he did not want his name on the paper, as he had done little work on it, but he did insist that his name went last. Often papers, too, have an alphabet order, and if so the method could have been known as the ARS method … not the kind of thing that you would want to say to audiences on a regular basis. RSA Within cryptography we typically use non-negative integer values, and perform integer operations. The challenge in public key encryption is to find a method which is computationally difficult for a computer to solve, if it does not know a given secret (normally the private key). One such problem is the difficulty in factorizing a value made up of the multiplication of two large prime numbers. In RSA, we take two large prime numbers — typically at least 512 bits long — and then multiply these together to create a modulus value, (N) (often at least 1,024 bits long). From this, we then derive a public exponent (e) and a modulus. The modulus N is thus determine by multiplying the two prime numbers (p and q): N = p x q The core challenge here is that it should be extremely difficult (and costly) to determine the two prime numbers which make up N. Next we select the value of our encryption key value for the public key (e). This is selected so that N and e do not share any factors: gcd(e,PHI)=1, and where PHI = (p-1)(q-1) This is known as Euler's totient function. The most typical value we use for e is 65,537 (0x10001). To produce a cipher (C), we convert our message into the form of an integer (M) and then use e and N to give: C = M^e mod N To decrypt this, we take the cipher (C), and recover the message value using the decryption exponent (d) and the modulus (N): M = C^d mod N To make RSA work, we then need to calculate the private exponent (d) to obey: (d x e) mod{PHI} = 1 and where phi is: PHI = (p-1)(q-1) We determine d by determining the inverse of e modulus phi: d = e^{-1} pmod {phi} So let's take p=11 and q=7, and pick e of 3. N will be: N=p.q = 77 PHI is 6x10=60 We can't pick e of 3 or 5, so we will pick e=7. Now we compute the decryption exponent of d = e^{-1} mod (PHI) >>> pow(7,-1,60) 43 If we select a message of 19, we get a cipher of: C=19⁷ (mod 77) = 68 Now to decrypt: M= 68⁴³ (mod 77) = 19 Our public key is then (e,N) and the private key is (d,N). The usage of the (mod N) operation is the magic that makes this work. Unfortunately, the RSA method has suffered from performance issues as we have increased the size of the prime numbers used. Thus, if researchers can crack a modulus of 1,024 bits, they will factorize the two 512-bit prime numbers used. At the current time, a public modulus of 2,048 bits is recommended. So while a modulus of this size is acceptable within a powerful computer, devices which have limited CPU resources often struggle in creating the keys, and in the encryption and decryption process. RSA Signatures With the mathematical operations involved, RSA is hardly ever used for core encryption, as symmetric key methods are much more efficient in their implementation. But it is fairly efficient when dealing with relatively small data sizes, such as for a symmetric key (typically only 128 bits or 256 bits long). For this, Alice might protect a symmetric key with her public key, and whenever she needs to use it, she will decrypt it with her private key. Another area where we use RSA is to take a hash of a message, and then encrypt this with the private key. As the hash is relatively small (such as 128 bits, 160 bits or 256-bits), it is relatively efficient on the use of the computing resources. Where public key encryption methods come in most use is within creating digital signatures, and where Bob can take a hash of a message, and then encrypt this hash with his private key. Alice can then also take a hash of the received message, and decrypt Bob's encrypted hash with his public key, and compare the values produced. If they match, she determines that it was Bob who sent the message and that it has not been changed by anyone. In Figure ref{fig_trust03} we see that Bob has a key pair (a public key and a private key). He takes a hash of the message and encrypts with his private key, and then appends this to the message. This and then message will be encrypted by the symmetric key that Bob and Alice share (typically this is either a long-term shared key, or has just been negotiated through a hand-shake). When she receives the ciphered message, she decrypts it with the shared symmetric key, and then takes her own hash of the message. She also decrypts the encrypted hash using Bob's public key, and then compares the hashes. As the public key and the private key work together, only the signing by Bob's private key will reveal the hash with his public key. Alice can then tell that the message has not been changed — as the hash would change if Eve has modified it — and that it was produced by Bob (and not by Eve pretending to be Bob). Obviously, we now have a problem in how we get Bob's public key. An important element here, is that they have to find a way for Bob to send Alice her public key in a trusted way, so that Eve cannot intercept it, and change the keys. For this, we introduce Trent, and who is trusted by Bob and Alice to prove their keys. For this Trent signs the public key of Bob with his private key, and then Alice uses Trent's public key to prove Bob's public key. For a few decades, RSA has been the main method in supporting public key encryption. We often use it when we connect to a secure Web site, and where the RSA method is used to prove the identity of the Web site. In this case the RSA public key of the site is presented to the user in the form of a digital certificate — and which is signed by a trusted source. The Web site can then prove its identity by signing a hash of the data with its private key, and the client can check this. A typical size of the public modulus is now 2,048 bits (created by two 1,024 bit prime numbers), and with some sites supporting 4,096 bits. So while desktop computers have the processing power to cope with these large numbers, less able devices (such as for low processing powered IoT — Internet of Things — devices) will often struggle to perform the necessary calculations. Simple example So let's take a simple implementation of RSA key generation, encryption and decryption. In this case the code is: Web: https://asecuritysite.com/encryption/rsa12 In this case, we generate two random prime numbers ($p$ and $q$) for a given number of bits. The more bits we use, the more secure the method is likely to be, as an increase in the number of bits increases the number of prime numbers that can be searched for. Once we have these, we then determine the public modulus ($N$) by multiplying the prime numbers together. The difficulty of the problem is then factorizing this modulus back into the prime numbers. If we have the public modulus, it is fairly simple to then find the decryption exponent value. In most modern examples of RSA, we select a public exponent value ($e$) of 65,537, and so our encryption key becomes $(65,537,N)$. The decryption exponent ($d$) is then the inverse of $e pmod {phi}$ (and where $phi=(p-1)(q-1)$). from Crypto.Util.number import *from Crypto import Randomimport Cryptoimport libnumimport sysbits=60msg="Hello"p = Crypto.Util.number.getPrime(bits, randfunc=Crypto.Random.get_random_bytes)q = Crypto.Util.number.getPrime(bits, randfunc=Crypto.Random.get_random_bytes)n = p*qPHI=(p-1)*(q-1)e=65537d=libnum.invmod(e,PHI)## d=(gmpy2.invert(e, PHI))m= bytes_to_long(msg.encode('utf-8'))c=pow(m,e, n)res=pow(c,d ,n)print ("Message=%snp=%snq=%snnd=%dne=%dnN=%snnPrivate key (d,n)nPublic key (e,n)nncipher=%sndecipher=%s" % (msg,p,q,d,e,n,c,(long_to_bytes(res))))end{lstlisting} A test run using 60-bit prime numbers is: Message=hellop=242648958288128614541925147518101769011q=299356840913214192252590475232148200447N=72638625604016464006874651287120524699932001616388639276131104258310920947917cipher=5847803746095553957863305890801268831081138920772806292673259864173015661385decipher=hello Conclusions RSA has been around for over 46 years, and is still going strong. It can encrypt and it can sign. While the prime numbers involved has got larger, and it needs to have padding applied, it is still one of the best public key methods around, and well used on the Web.
In this episode of the "Taps and Patience" podcast, hosts AJ from Design the Everything, Harrison from Precision Ingenuity, and James from Cerven Solutions discuss their recent podcast updates and the challenges they faced with the implementation of a new machine. They delve into the intricacies of 5-axis machining, including the options for true 5-axis movements and the limitations of their current software for ITAR compliance. James provides an update on Cerven Solutions, mentioning the sale of their previous machine, the hiring of their first employee, and their implementation of ProShop for improved quoting, scheduling, and inventory management. This episode offers valuable insights into the machining industry and the hosts' experiences with software tools and shop management systems. --- Support this podcast: https://podcasters.spotify.com/pod/show/tapsandpatience/support
In recent news, the United States and the Dutch government have announced tighter regulations on exports of certain circuit boards and semiconductor chips to China. Tom Dunlap discusses the importance of understanding three essential rules for exporting and importing from the United States.Export Administration Regulations (EAR): Deals with commercial goods and non-controlled, non-military items.International Traffic in Arms Regulations (ITAR): Involves the US Munitions List (USML) and is more stringent, aimed at preventing military-use items from reaching unfriendly foreign countries.Office of Foreign Assets Control (OFAC): Administers economic sanctions against countries and individuals, making it vital to check for prohibited items and persons when dealing with exports to certain countries.To find more information, one can visit export.gov, the state department's website, or the OFAC website. It's crucial to seek advice from an attorney or an expert in ITAR, EAR, and OFAC Rules before exporting anything of potential military value, such as software or items related to space.Overall, understanding these regulations is essential to comply with export and import requirements properly.
There is a widening disparity in the manufacturing industry: Insanely busy shops and shops that are barely treading water. In any business, there will always be companies that thrive and grow and those that don't. But successful shops are doing something differently. In this episode of MakingChips, Kelsey Heikoop shares four things you can do differently to get more business and make more chips. Because if you're not MakingChips, you're not making money. BAM! – Paul Van Metre Segments [0:15] Industrial Buying Engine at Thomas™ [5:52] The Leader Spotlight: Hernan Ricaurte [8:36] The gap between the haves and have nots [11:33] Solution #1: Become a sales-driven organization [18:04] Solution #2: Consistent adoption of technology [26:16] The Lean Setup Guide from ProShop [30:44] Solution #3: Invest in quality certifications (ISO, ITAR, etc.) [39:05] Solution #4: Invest in cybersecurity Resources mentioned on this episode Paul Van Metre Kelsey Heikoop Hernan Ricaurte Ricaurte Precision Thomasnet™ Industrial Digital Marketing Services The Lean Setup Guide from ProShop The Cybersecurity Maturity Model Certification (CMMC) program Connect With MakingChips www.MakingChips.com On Facebook On LinkedIn On Instagram On Twitter On YouTube
Price tag aside, one of the biggest obstacles to the success of AUKUS is export controls. Stakeholders in all three AUKUS countries are increasingly concerned that the United States International Traffic in Arms Regulations (ITAR) present a significant challenge to the timely sharing of equipment, information, and technology between the three countries. These challenges are not new, but the stakes have never been higher. Realising the full potential of AUKUS hinges on timely ITAR reform. Indeed, ITAR reform is essential to the delivery of Australia's nuclear-powered submarines under AUKUS Pillar I and fostering genuinely trilateral collaboration on advanced capabilities under AUKUS Pillar II.How might ITAR provisions hamper the implementation of the AUKUS agreement? Why did previous efforts to reform US export controls for Australia and the United Kingdom fall short? What sorts of revisions are being considered across the US system? Is the best route to enduring ITAR reform through legislative action or an executive order?In a report released prior to this webinar, non-resident fellow at the American Enterprise Institute, Dr William Greenwalt and USSC Research Fellow in the Foreign Policy and Defence program Tom Corben tackled these questions and provided a roadmap towards reforming ITAR to realise the full potential of AUKUS. The Centre hosted a webinar with the authors, along with USSC non-resident fellow Jennifer Jackett, for a discussion on reforming US export controls to realise the potential of AUKUS.
In this episode of the Defence Connect Spotlight podcast, Tony Howell, global chief architect, defence and intelligence at archTIS, joins host Liam Garman to assess how Australian businesses can utilise the AUKUS agreement to expand into British and American markets. The podcast begins with a discussion as to whether the introduction of critical military technologies under AUKUS, including nuclear propulsion, will make Australian companies the targets of sophisticated overseas cyber threat actors, before unpacking how local companies can protect themselves. Howell then provides insight for Australian defence companies looking to expand into the US and the UK markets, and what regulatory and legislative data requirements they are likely to face. The pair then wrap up the podcast analysing the future of ITAR, and how archTIS can support companies navigating ITAR requirements in their growth cycle. Enjoy the podcast, The Defence Connect team
Trade compliance officers were recognized as the "Person of the Year" in 2022. Michael Volkov welcomes Alex Cotoia, Regulatory Manager, to discuss this development. Alex sheds light on the challenges faced by these professionals over the past year: from navigating the global pandemic to ensuring compliance with sanctions regulations, trade compliance officers have done it all. Alex Cotoia, Regulatory Manager at The Volkov Law Group, is a seasoned trade compliance expert with extensive knowledge across ITAR compliance, BIS compliance of commerce, and opacity sanctions. She brings valuable insights on the crucial role of compliance in the world's rapidly changing landscape.Key ideas you'll hear Michael and Alex discuss:The unprecedented challenges faced by trade compliance professionals. The global pandemic and the rapid and constant changes in the regulatory climate had a major impact on trade compliance professionals.The importance of trade compliance professionals was demonstrated this year, as they were seen as unsung heroes who played a crucial role in ensuring compliance with regulations.The invasion of Ukraine by Russia led to a more fulsome political response compared to the invasion of Crimea in 2014, which further highlights the significance of trade compliance in today's world.The recommended approach for trade compliance is to consider the market exposure to sanctions risk and adopt measures that are reasonably designed to deter and detect infractions.Increased importance of end-user certificates: The use of end-user certificates became more important in ensuring compliance with regulations in exports to Russia.Michael and Alex emphasize the need for verifying the end use of products purchased from a third party to ensure it's for a permissible purpose. Alex stresses the need for international organizations with broad exposure to invest heavily in trade compliance, including having a trade compliance officer and choosing the right tools. Michael highlights the importance of integrating the overall trade compliance function into the overall ethics and compliance function. This requires a strategic approach for trade compliance and sanctions risks, including education, internal controls, and technology solutions that integrate sanction screening, third-party risk management, incident reporting, and trade compliance.The responsibility for internal controls lies with the leadership team and the board of directors.Trade compliance should be part of compliance education.Trade compliance is an industry that's here to stay.KEY QUOTES:“Consider where the greatest sanction risk lies from a market exposure perspective and then adopt measures that are reasonably designed to deter and detect inflections.” - Alex CotoiaResources:Alex Cotoia on LinkedIn | EmailThe Volkov Law Group
Colonel Mills delivers significant experience in Department of Defense (DoD) and Department of Homeland Security (DHS) cybersecurity, technology, and critical infrastructure programs. He has worked extensively in train and equip efforts using Foreign Military Sales (FMS), foreign military financing, ITAR, and international military education and training, and builds public-private defense and technology industrial base partnerships, including helping establish the DoD's Development Innovation Unit (DIU) in Silicon Valley. Prior to joining The SPECTRUM Group (TSG), Colonel Mills served as the Director for Cybersecurity Policy, Strategy, and International Affairs in the Office of the Secretary of Defense. His work included creating and implementing the first DoD and intelligence community (IC) scorecarding initiative, boosting whole-of government cybersecurity and multidomain responses to threat actor and nation hostile actions. Colonel Mills' 33-year U.S. Army and Army Reserves career culminated in his serving as a senior liaison between DHS and DoD for complex homeland security operations. Earlier, he helped establish and advise foreign national military and security forces in Iraq, Afghanistan, Yemen, Bosnia, South Korea, and the Kingdom of Saudi Arabia. His roles spanned joint and inter-agency operations, psychological operations (PSYOP), intelligence activities, special operations, strategic planning, and public affairs. In addition to his work at TSG, Colonel Mills serves as an adjunct assistant professor for the Cybersecurity Law and Policy program at the University of Maryland, Global Campus. You can purchase his book here: https://amzn.to/3W4FZIy
Orgs in the DIB need to protect CUI in alignment with the NIST 800-171 cybersecurity standard—and soon the Cybersecurity Maturity Model Certification (CMMC) requirements—or face legal and compliance penalties as well as potential lost business. To clarify the biggest questions and reveal the most dangerous unknowns in the convoluted realm of CUI, your host John Verry, Pivot Point Security CISO and Managing Partner, sits down with Stephanie Siegmann, Partner and Chair at Hinckley Allen to share her knowledge on the subject. Join us as we discuss: · The difference between CUI Basic and CUI Specified · Criminal penalties for “export controlled” CUI violations that will probably shock you · Sound advice on handling data subject to ITAR, NOFORM and other regulations · How to get your CUI questions answered—and what to do if you're still not sure · The US Department of Justice Civil Cyber Fraud initiative, the False Claims Act, and why you don't want to fire the whistleblower To hear this episode, and many more like it, we would encourage you to subscribe to The Virtual CISO Podcast here. You can find all our full length and short form episodes here. Listening on a desktop & can't see the links? Just search for The Virtual CISO Podcast in your favorite podcast playerVCISO YouTube
In this episode of the Defence Connect Spotlight podcast, chief executive officer and managing director of archTIS Daniel Lai joins host Liam Garman to discuss securing sensitive information amid growing cyber insecurity. Lai begins the podcast providing critical cyber security advice to businesses operating in the defence supply chain, and outlines how the company keeps controlled information secure amid increasing uncertainty in the cyber domain. The podcast continues by unpacking how archTIS has helped customers manage Australian Defence information security and export control requirements. The pair wrap up the podcast discussing how archTIS helps Australian companies meet their ITAR requirements, as well as their Microsoft collaboration solutions. Enjoy the podcast, The Defence Connect team
By the hour we grow more aware that our planet's resources are scarce, and that we urgently must shift from an exploitative to a regenerative architecture. But how? What resources do we have at hand, how are new materials engineered and experienced, and what new materials and design solutions will we have to get used to? In this episode of Let's talk architecture we went to France to explore the sensuous French-ness and talk about how we must rethink our resources in the way we build. We invited ourselves to ITAR architectures to talk to the founding partner Ingrid Taillandier, and she explained how they focus on densification as a way of reducing the use of land as resource. We also brought Scottish born architect Susan Carruth, who is partner GXN, a research based architectural firm with Danish roots. Together they talk about how new stories and aesthetics play a crucial role for reducing our use of resources – and how we get used to new materials and designs. Michael Booth is the host of Let's Talk Architecture, a Danish Architecture Center podcast. You can hear previous episodes here. This episode is organized in collaboration with UIA2023CPH, and Creative Denmark and produced by Munck Studios.
Join us as we discuss the U.S. export control system and how it affects your business. This episode provides essential information about the U.S. Export Administration Regulations (EAR), International Traffic in Arms (ITAR), and regulations within OFAC to help reduce your risk of violating these federal laws. Our guest, Jennifer Saak of Traliance, covers export control concepts one needs to understand in order to execute core business operations at a manufacturer, research & development facility, or university in a compliant manner. She provides our audience with an understanding of the basis and scope of the EAR, ITAR, and OFAC; a look at managing license requirements and practical concepts for implementing export controls compliance procedures. We also go into some tips on how to get assistance if you don't know where to start when it comes to getting started with compliance programs. Host: Andy Shiles: https://www.linkedin.com/in/andyshiles/ Host: Lalo Solorzano: https://www.linkedin.com/in/lalosolorzano/ Producer: Juliza Sofia Giron: https://www.linkedin.com/in/juliza-sofia-giron/ Show references: Global Training Center - www.GlobalTrainingCenter.com Simply Trade Podcast - twitter.com/SimplyTradePod Jennifer Saak - https://www.linkedin.com/in/jennifersaak/ Traliance - https://traliance.com/ Contact SimplyTrade@GlobalTrainingCenter.com or message @SimplyTradePod for: Advertising and sponsoring on Simply Trade Requests to be on the show as guest Suggest any topics you would like to hear about Simply Trade is not a law firm or an advisor. The topics and discussions conducted by Simply Trade hosts and guests should not be considered and is not intended to substitute legal advice. You should seek appropriate counsel for your own situation. These conversations and information are directed towards listeners in the United States for informational, educational, and entertainment purposes only and should not be In substitute for legal advice. No listener or viewer of this podcast should act or refrain from acting on the basis of information on this podcast without first seeking legal advice from counsel. Information on this podcast may not be up to date depending on the time of publishing and the time of viewership. The content of this posting is provided as is, no representations are made that the content is error free. The views expressed in or through this podcast are those are the individual speakers not those of their respective employers or Global Training Center as a whole. All liability with respect to actions taken or not taken based on the contents of this podcast are hereby expressly disclaimed.
Kim Daniels, CEO of Mercantile Logistics & International Trade, has years of experience translating the complex regulations, classification requirements, and intricacies of the best way to move your products around the world. If you took marketing in college, you learned about the 4 P's of marketing – product, price, promotion, and place. This episode of the Global Marketing Show covers Place – how to get your product from place A to place B. We asked Kim to explain, why would consumer product companies bother exporting bins of products rather than just selling through ecommerce. She gave a great example of a swim wear company that she worked with – by sending their products to the Caribbean and Mexico, they increased their sales by 30%. It made sense because when people travel, they may forget their bathing suits, they spend more time shopping, and are willing to spend money. For the companies that she works with, she suggests that they look for the following criteria in a market. Look for free trade zones to avoid heavy taxes and duties. Find markets where clients want your goods (Mexico was a better choice than Canada for bathing suits!) Avoid markets where the products are in an industry that the country wants to protect. Start small, figure out the process, and then grow. Look for a market close to you to minimize shipping costs. Expand! One key component is to get the classification of your products right to avoid hold ups at the border, fines, or getting a bad reputation and having problems forever more. There are thousands of classifications – for example, if you manufacture footwear, there are type classifications such as boots, sneakers, flip flops, AND there are further sub-classifications for the materials the products contain. It's worth talking to an experienced customs broker to get the classification code accurate. Once you know the code, you can have the customs broker do the paperwork, or you can spend the hour on the government site filling out the paperwork. Kim says she's willing to spend an hour on the phone consulting for free to help companies with their exporting journey. One warning – if you sell any good that are controlled, you need an additional ECCN# and if you have products that could be used for military or parts of military products, you are regulated by ITAR (International Traffic Arms Regulations). Violating any export regulations could lead to HUGE fines. To protect the safety of the US, these regulations are strict and people who violate them are considered guilty unless proven innocent. Step #1 is to make sure your products are not under ITAR regulations. One opportunity – Craft beers are highly regarded in the UK. If you create craft beers in the US and want to increase your sales, reach out to Kim fast! She can help you make connections to send vats of your beer to the UK, where they can bottle and sell it. As for “Made in America” versus “international trade”? Kim is a fan of trade. She cites research that shows that the more a company trades, the better their economy. (In an upcoming episode, we'll talk about the “container graveyard” that contains all the empty containers that brought goods into the US. US companies that fill those containers and send goods out, perform better than those that just sell in the US. Since the graveyard is so big, we need to start exporting more.) Kim's final recommendations – Trade works best when it's a holistic process. For example, the US exports textiles to be made into shirts that we import back in. This benefits both countries. Foreign trade zones can be used to your advantage – Mercedes, Honda, and Toyota import parts to build the cars in foreign trade zones. By manufacturing the final products here, they lower their import taxes while creating jobs here. Do a feasibility study to find the best place to export your goods. Her favorite foreign word? Schadenfreude – as she says it's got a frenemy feel to it. This German word has no English equivalent, it translates into that feeling of pleasure derived from another person's misfortune. Links: https://www.mlitinc.com/ Connect with Wendy - https://www.linkedin.com/in/wendypease/ Connect with Kim - https://www.linkedin.com/in/kim-daniels-a5b9268/ Music: Fiddle-De-Dee by Shane Ivers - https://www.silvermansound.com
Ulrus has requested a meeting and has a wish he would like Itar to fulfill.
Today, we're going to talk about contract manufacturing. Do you have a circuit assembly that needs to be built? Don't have the equipment in-house or enough bandwidth or specialized expertise to build it? You may be best served by utilizing the services of a contract manufacturer.Contract manufacturers come in all shapes, sizes and capabilities.Should I seek out a Tier 1 manufacturer? How about Tier 2, 3, 4? What does tier stand for anyway?should I have my assemblies built overseas or in-country? What about issues such as ITAR? Who will be providing the components? What if I need more than just boards assembled such as design, testing and box build?To answer these and so many more questions I've invited my friend and colleague David Raby to be my guest.David is the president of STI electronics, founded in 1982 by David's father the late Jim Raby. Those of you who have been around the electronics industry for some time will know Jim Raby for his work with the US Navy in establishing military standards for electronics manufacturing and the development of the NASA and Department of Defense Soldering Schools. Over the past 40 years, STI Electronics has expanded its focus from consulting and technical seminars to providing training, laboratory analysis, advanced research and development, microelectronics assembly, prototyping, and small to medium volume PCB contract assembly for the electronics industry.David graduated from Auburn University with a bachelors degree in Aviation Management.David Raby's Contact Info:draby@stiusa.comwww.stiusa.comThe Concept to Creation Podcast episode featuring David Raby:https://www.youtube.com/watch?v=szJ06lnmXb4&t=6s
Today, we're going to talk about contract manufacturing. Do you have a circuit assembly that needs to be built? Don't have the equipment in-house or enough bandwidth or specialized expertise to build it? You may be best served by utilizing the services of a contract manufacturer. Contract manufacturers come in all shapes, sizes and capabilities. Should I seek out a Tier 1 manufacturer? How about Tier 2, 3, 4? What does tier stand for anyway? should I have my assemblies built overseas or in-country? What about issues such as ITAR? Who will be providing the components? What if I need more than just boards assembled such as design, testing and box build? To answer these and so many more questions Mike Konrad turns to his friend and colleague David Raby. David is the President of STI electronics, founded in 1982 by David's father the late Jim Raby. Those of you who have been around the electronics industry for some time will know Jim Raby for his work with the US Navy in establishing military standards for electronics manufacturing and the development of the NASA and Department of Defense Soldering Schools. Over the past 40 years, STI Electronics has expanded its focus from consulting and technical seminars to providing training, laboratory analysis, advanced research and development, microelectronics assembly, prototyping, and small to medium volume PCB contract assembly for the electronics industry. David graduated from Auburn University with a bachelor's degree in Aviation Management.
On this episode, we have compiled all-things JWST after the 1st images were released on July 11th-July 12th! We are living in a post-JWST world and already the amazing piece of space technology is a suitable successor for the Hubble Space Telescope. And NASA/ESA/CSA are just getting started, as images continue to be released and show us even more about the unseen infrared spectrum of the universe. We share a whole lot of info in this episode, including: What to look for when you're looking at JWST images Where to find the original images and explore, as well as process your own images to share with others! The Challenge of JWST's release schedule and keeping the average citizen up-to-date on the latest discoveries Reflections on what JWST has already shown us We answer some of the questions you reached out to us about on the podcast: What are we seeing in these first images from JWST? How Hubble & JWST are different? How JWST moves in space and how it gained it's usable fuel to extend its lifetime almost double? What are we excited for next from JWST? All this and more on this episode of Today In Space! Support the podcast: Get 20% OFF @manscaped + Free Shipping with promo code SPACE at MANSCAPED.com! #ad #manscapedpod Buy a 3D printed gift from our shop ag3dprinting.etsy.com Donate at todayinspace.net Follow us on social: - @todayinspacepod on instragram & twitter - @todayinspace on TikTok - /TodayInSpacePodcast on Facebook Share the podcast with friends & family! Episode Timeline: 00:30 Living in a Post-JWST world / What to expect on this Episode 02:51 AG3D Lab / JWST Coaster & Spacecraft 3D prints / Design for 3D Printing 07:53 We had a great experience for JWST reveal / JWST 3D Print, Paint 08:40 Staying away from social media to keep ideas fresh for the podcast 09:50 1st images from JWST are mindblowing... 11:00 Manscaped Ad - Be ready to represent humanity well when you get abducted by Aliens! You're our only hope! Get 20% OFF @manscaped + Free Shipping with promo code SPACE at MANSCAPED.com! 13:26 What to look for in JWST images when they come out 17:02 Hexagon Star Streak Indicator from JWST 17:38 REACTION: JWST's 1st Deep Field Image 18:36 JWST is a time-viewing machine! 20:36 JWST image covers THIS MUCH of the night sky 22:11 Great place to zoom into JWST images - WebbTelescope.org 23:36 The only downside for JWST - no easily-accessible feed of truth for image releases. Too many website to view for the average citizen 26:36 Processing and releasing your own JWST images 28:06 Reflections from Dr. Z - Associate NASA Administrator 30:36 JWST can find the oldest galaxy / Observing the Sky is observing the past 32:36 JWST is a great piece of Space Technology 33:26 JWST: Exoplanet Hunter 36:36 JWST: Did you know YOU could request observation time? 37:41 What did the 1st JWST images mean to me? 39:26 How much are we desensitised to the universe around us with light-pollution and "in-the-planet" thinking? 40:06 With JWST reveal of so much out there, can the Drake equation assumptions still hold up? 41:06 YOUR questions answered: Why is secret clearance needed to lead JWST team? ITAR & secret clearance (I do not have secret clearance) 44:22 YOUR questions answered: JWST launch doubled it's 10 year lifetime and has more fuel, but what does that mean? What is JWST's orbit? 47:31 YOUR questions answered: Is the Hubble Telescope now a relic of the past? How did Hubble get us to here with JWST? How do JWST and Hubble compare? 55:24 YOUR questions answered: What is JWST's focus moving forward? What am I excited about JWST discovering? 58:18 What do I hope we discover about the universe and humanity through JWST? Exoplanets/ Oumuamua / TRAPPIST-1/ Thinking "outside the box"
On todays episode I'm joined by Greg Linares and John Wetzel to discuss insider threats, what you should look for and how to help mitigate them. We also discuss some of the tactics, techniques and procedures (TTPs) employed by the Lapsus$ Group over the last few months to help you build your insider threat hunting program. The general consensus seems to be no data loss prevention (DLP) system gets you where you need to be in securing your data. Greg Linares' professional career in cybersecurity began in 2006, when he joined eEye Digital Security as a Security Researcher. During his tenure, he was accredited with the discovery of several vulnerabilities in major vendors such as Microsoft, CA, Yahoo, Bitdefender and AFLAC, as well as doing development on the Retina Network Security Scanner. Over the next several years he performed many lead roles in reverse engineering, penetration testing, malware analysis, threat intelligence, and security software development. Currently he is a heading up a security team at a Venture Capital firm in CA and has a passion for helping and supporting others at all stages in their cybersecurity career. John Wetzel is currently the Director of Intelligence Solutions at Recorded Future. John is an experienced security intelligence leader building strategic, global teams. Hands-on technical leader passionately merging technical, business, product knowledge to achieve strategic business outcomes. Strong communicator for boards of directors and C-suite to practitioners. Previously DOD counterintelligence and compliance officer (NISPOM, ITAR, EAR) with strong relationships to federal law enforcement. Writer and speaker on cyber threat intelligence applications, insider threat programs at SANS CTI Summit, Kaspersky SAS 2019, Predict host and trainer 2016-2020. Co-author, The Security Intelligence Handbook (available on Amazon). This episode is available on YouTube: https://youtu.be/N4frDXTusBU Greg Linares https://twitter.com/laughing_mantis https://www.youtube.com/channel/UCSnNQ4Rah04sokjkLI8NAJg John Wetzel https://www.linkedin.com/in/johnawetzel https://twitter.com/johnwetzel https://recordedfuture.com Shiva Maharaj https://www.linkedin.com/in/shivamaharaj https://twitter.com/kontinuummsp https://www.kontinuum.com/ --- Support this podcast: https://anchor.fm/amplifiedandintensified/support
Hello hello hello Welcome to another installment of Ink n Bones: Game Day. We will be jumping back into our game Lament of Serverance and starting in earnest. Before we can do so however let's discuss a few things. Namely, schedule, I'm currently producing bi weekly content, this will change to a weekly AP on Fridays and bi weekly commentary on Mondays as normal. I am still working some format kinks out and appreciate any feedback you have. If you are not apart of The Inkyard smash that subscribe button for your next Exceptional Yes and may the bones be ever in your favor. Already part of The Inkyard, share this with someone who'd enjoy it.Last TimeYou can check out our character creation here.Having played through a bit of backstory between Kal and Atliss.I had to make a decision do we keep with that theme or move directly into the story? Normally I like to build out a ton of backstory but I'd like to discover Kal along side you. So here are somethings we can infer starting out. Kal might have a chip on his shoulder. We also got a back story NPC Old Man Worthy. I've no idea where the story will take us but let's touch base with our Oracle and get started.Adventure SetupFirst let's roll up a scene setup Event focus; d100 -> [93] -> npc positiveMeaning; 2d100 -> [71, 78] -> trick massesSo our Event focus is an NPC Positive the Meaning is trick masses? We are going to interpret this but in order to do that I want to learn a bit more about this NPC. Let's go to the UNE supplement! 2d100 -> [55, 90] -> Elderly CharmerTheir motivation? 2d100 -> [66, 40] -> Persecute The ChurchOh boy 🤣 the dice are in kahoots today it seems. So an Elderly Charmer with a motive to Persecute the Church.Something good happened that furthers his motives to Persecute the Church. I'm 🤔 thinking it may not have been him who tricked the masses. From here on I'll be using the Mythic Variations Fate Check ✅ as a stand in for the fate chart oracle. Makes things a bit snappier. Here are the basics you need to know.Roll 3d10. 2d10 for your Fate die and 1d10 for your Chaos die. Adding modifiers for odds. Our Fate die must roll above an 11 for our answer to be yes.Was there something revealed about the church? Odds: Likely CF3 2d10+2+2 -> [5, 7]+2+2 -> Yess!!d10 -> [3] -> ExceptionalOh boy so we have to talk a little bit more about the CF here. When we roll within the Range of the CF which is ≤ 3 some things happen based on our Fate Die.If Fate Die are:Odd|Exceptional answer.Even|Random EventDoubles|Exceptional and RandomWhich for us this means this is an exceptional yes.What was revealed? Detail check CF3 2d10+2 -> [10, 7]+2 -> CalmAction meaning: 2d100 -> [65, 16] -> Inquire IntriguesDescriptor: 2d100 -> [6, 97] -> awkwardly warmAlrighty so our Scene Setup is Something was revealed about the church which furthers our elderly charmers motive of persecution of said church. Calm we will interpret as it being the neutrality of the church. Their truce is a falsehood of some kind. Oh I got it. This NPC has found evidence that the church uses some level of compulsion or suggestion to keep the peace amongst their followers. It is stripping people of their will and is used to extract secrets and information from the laymen and nobles alike. Pretty broad strokes, but I think this is a solid set up. Kal is newly out to adventure the world, so we'll say he is tasked with finding the one responsible for spreading these 'rumors' about mind control we'll see if there is any merit to it. This all reminds me of two very specific characters.So we will name this NPC Mindsrel Titanshard, why? We will be setting this in the starting city of Sericun Petrum. A city built in conjunction with my main group using Sorry Did You Say Street Magic and Ex Novo.(some of my favorite worldbuilding games) This description simply fits the narrative we have setup about Mindsrel, a bard who spends his days in front of the sanctuary orating on the folly of belief in the gods or the church. Having Contextualized everything we can jump into the narrative.SeriKal made his way into the city of Sericum Petrum with his Scalehound, Atliss in tow. The city wasn't overly big but it was pretty old, and densely populated. Atliss slipped a large tusk beneath Kal's arm and stayed tight at his heel. He'd been instructed to make his way to The Sanctuary, to begin his rite, the Lorn March, a pilgrimage out of the glade. Kalzussis was no stranger to the near by cities and towns of Cham Roulan and the southern Cimdel forest. He'd traveled to the Shimmering Lake and explored the grounds of the World Spire. He was a pain. The Lorn was sacred in its way, to leave the Glade possibly never to return, not to Kal. There was a pride about him that made it impossible for him not to want to make his mark. Here he was the youngest of his brood to venture on this path. He grinned and took in the sights.He was to meet with Rongar Primem the Keeper, at The Sanctuary. Impossible to miss, that's what Old man Worthy told him any way. A large ornate building with white smoke coming from the courtyard, smells of mint and vetiver. Can't follow the smoke, follow the smell. Granted even with clear instructions the amount of people made it hard to navigate to The Sanctuary, the street rats and urchins were out en mass looking to beg, or snatch what coin they could. Easily dissuaded with a bit of guile from Kal. Using Atliss as a scapegoat, offering rides instead of coin in exchange for a guide. Which made his journey that much longer. He didn't mind though, the children were knowledgeable in ways adults weren't. Pointing out the different landmarks of the city, places that had the best scraps, the nicest person in town Lady Shiversalt, and the spookiest people in Seri the Acolytes of Ego. Two of the small gaggle that'd been following him for the better part of the last two hours bolted when they saw the Acolytes."Rongar the Golden? That's what people call him?" Kal asked the little hobgoblin boy. The boy put out his hand wordlessly. Kal rolled his eyes and chuckled as he reached back into his pouch and pulled out a bit of cheese and a few more river stones. This had been their routine the past two hours, every few questions he needed to pay up. The kid drove a hard bargain. He bit into the river stone and then handed the cheese to Atliss as he pet him aimlessly. "Aye, that's what the Acolytes have started to call him. He's different, still nice, but different." He shrugged and looked up pulling at Kal's tunic. "That's him."At the gates to The Sanctuary stood two men some three to four decades his senior having what looked to be an argument."YOU WILL NOT SILENCE ME RONGAR! THE PEOPLE WILL KNOW. YOU ARE NO MORE A SAINT THAN I! YOU COWARD!" The flamboyantly dressed half elf spat at the mans feet. The man Kal assumed to be Rongar, an almond skinned Elderly Half- Orc, with golden eyes and golden hair, wisp of silvery white at his temples. The creases in his cheeks and around the eyes said he was used to laughing. Now he just looked tired."Mindsrel, you gossip. I have done you the kindness these few years of allowing you to continue your slander before The Sanctuary. We welcome all under the simple request they stay any grudges they may have at these gates.""YOU-” Rongar's hand snapped up, his eyes cold.“I was not finished," he gave a nod to some of the fellowship as they passed through the gate his eyes warm once again, "As I was saying, you can continue to spew your maladies as much as you like Howler5. The issue comes when it begins to stir commotion within these walls. There was yet another report of one of your ilk, defacing altars with false and inadequate sacrament." Rongar's face knotted “and in my opinion simply filthy.”“Simply means others are starting to learn the truth, Keeper, or should I start calling you The Golden One?" Said the half-elf.Rongar sighed and waved a hand dismissively. "Go Howler, there is no telling what might happen.""That a threat?""A warning that you have enemies and I am but an old fool who thinks you a friend, Howler Mindsrel. I can’t keep them from you if you press me so."Mindsrel scoffed and gave Rongar another once over.“Nor I yours from you…friend.” He gave a flourishing bow and walked away. He paused for a second and locked eyes with Kalzussis and gave a tip of his hat before he disappeared into the crowd. Kal turned to speak to the children who'd 'guided' him.only to see them pattering off after the Howler, who could be heard lifting into song. He chuckled to himself“Forest breeze upon you, I take it you are Rongar the Keeper of the Sanctuary? I am Kalzussis, child of Elava.” Kal said as he stepped forward to greet Rongar. Rongar stood with rubbing his temples visibly calming himself. He squinted and smiled exhaustedly.“Yes, I received a letter of your arrival a few days ago. Come, come there is much to discuss. Your companion is welcome within as well,” he said smiling at Atliss. Rongar bowed slightly in the Elava tradition of greeting and motioned for them to enter. Kalzussis made note of the of grey clad figures walking briskly with buckets down one hall.“Apologies for the commotion. There have been a number of problems with the Howler outside our gates as of late.” There came a shout from the hall Kal made note of. He could see Rongars almond cheeks flush. “Do pardon any distractions as best you can, we are currently in the process of clean up. Other wise your welcome would have been a proper Elav one.”Kal shook his head. He was never one for ceremony. “Im here to start my March tis all. A welcome is unnecessary.” he said“You could have gone any where to do that young Elav.” Rongar said “Are not all Lorn Marches started hear at The Sanctuary?” Kal asked.“Ah a misconception, at some point during your march you are to stop here to pay respects.” “Respects?” He asked a bit confusedRongar chuckled a bit, “They did mention you weren't exactly an Elav devout. Yes your respects to Eas-Azï that your passage and path be clear, where you step again you do so anew. Along thier travels many of the Elava happen to stop here often.”Kal nodded taking it in. He'd heard of plenty of his clan leave the glade to settle else where but he found it hard to believe they would settle in a city. They rounded a corner and down two flights of stairs before the floor plan opened up once again into another large courtyard. This one about half the size in length but what it lacked in length it made up for in depth. There were a full eight stories beneath him. He smiled at the massive Cimdel Iiappa,The Living Tree in the common tongue, the smell, like a taste of home.“That's a-” Kalzussis started.“An Iiappa,” Rongar finished, “that it is. As it grows members of your Clan and others like the followers of Itar. Come to prune it's branches. The wood is then used to fashion remedies and cure ailments. Your clan specifically is the only clan granted the privilege of fashioning weapons from this particular Tree. That is if she deems it so.”Kalzussis looked at Rongar with a raised eyebrow. “Is this where respects are paid as well?”“No, the altar is through that arch there. He pointed at the second floor.” He then pointed at the fourth floor. “Floors four through seven are lodging. Floor eight is kitchen and mess. The third floor is for those who have been accepted and only those who have been accepted.” Rongar said“Itano said he had no doubts about you. So you can relax.”Kal's smile faded, ‘Itano had been the one to write the letter?’ He thought He turned to Rongar holding his head a bit higher. “Direbone knows little about me. He may have raised me but he was no father.” Kal said.Rongar gave a gentle smile. The same kind of smile Old Man Worthy would give him when he would run out to his neck of the woods, that same patient knowing smile. “Yes,he said something to that effect. You have no need to be on guard here. Your march is your own young Elav.” Rongar said placing a hand on his shoulder.“When you've finished meet me in the upper courtyard. There is one other thing we ought to discuss. Or more accurately a request I have of you.”‘Right, of course that bastard wouldn't claim me.’ Kal nodded to shake the thought from his head. He gave a smile that didn't touch his eyes.He made his way down the stairs. He was met by two Elav sisters, they didn't speak but held their hands out stretched. Kal sighed, slowly disarming himself, he handed over his weapons and pack. As the sisters disappeared to put away his things. He stood in silence the sound of their feet echoed back to him. On either side of the arch way leading to the court yard was a basin. He knew the drill, and begrudgingly stripped to wash. The mud and dirt from travel dropped into the cracks and crevices of the stonework at his feet. Down the slope and to the basin of the Iiappa in the courtyard. As he finished there stood a sister silent as always. She held for him a simple brown Sarang and Iiappa oil. He wrapped the Sarang about his person and anointed himself from head to toe. Before heading to the chamber of Azï. The door was heavy, cut from an ancient Kest Tree. The polished pink amber in the middle of the door glowed with an inner fire. Inside was a small room, floor covered in Ash, in the center an altar made of intricately woven branches. Whether they were stone or live was hard to tell. Upon it sat a single burning flower, untouched by the heat it bloomed with the seasons. Kalzussis began his sacrament. Walking about the altar he sang and marched until the stone walls resonated and the ash danced and shook with the rhythm. He sang and marched until all he could feel was the heat, the flames of rebirth. He flopped on to the ground the single flower nearly a bonfire the ash covered nearly ever inch of him. After he took a second to calm his pounding heart he went to the altar. Place his hands in the fire and began to bathe in the flames. Licking away the oil, and sweat, the ash left him feeling invigorated as he left the small chamber. The sisters met him at the archway to the Iiappa. The one on his left gave him a small wooden knife."Is this to prune the tree?" He asked confused. Only to be met with silence as they stepped aside and beckoned him to proceed.In front of the Iiappa was a bench woven from its roots and flowers. Fairybugs lit the branches and leaves with a warm amber glow. Not knowing what to do next Kal sat down on the bench. The heaviness of the courtyard finally pressed upon him, the silence deafening. Just as it became overwhelming he heard her."Now, isn't that curious. You are no Elav." The voice cooed into his mind. He could feel the Iiappa pressing further and deeper into his skull. He pushed back to no avail."Now, child don't be stubborn. This goes easier if you aren't." The voice cooed again.He could feel its presence like vines slowly constricting his conscious. His vision blurred as pain seared through him."You are not Elav by blood, nor by choice it seems, but rather circumstance. You carry yourself with their self reliance but none of their joy. How curious a specimen. There is much you wish to prove." it said.The pain subsided and his vision clarified. "Will you grant me the strength to do so?" Kal asked."Power? Power is not what we grant. But for you we grant the closest thing to power.” From the top branches unfurled a gnarled cracked limb. Crystallized sap sparkled from the wounds."Take from me and find yourself the Ravens Slumber. The Master of the Hunt will fashion it into it's appropriate form."Kal took the wooden blade and touched it to the limb.“The Master of the Hunt?” He asked.Again, silence. That's what he hated most, the blind belief, the blind faith he needed to have. He cursed beneath his breath and started to carved into the limb.I think this is a great spot to end on. I was not expecting some of the rolls that came up at all. I was half expecting Kal to just get the option to fashion a new weapon but that goes to show you just how fickle the dice can be.But thanks again as always for being part of this journey. Excited to see how the next session plays out. What do you all think of the Howler and the Keeper? Drop your response in the comments! Get full access to Ink n Bones at theinkyard.substack.com/subscribe
On todays episode we're joined by John Wetzel the Director of Intelligence Solutions at Recorded Future and we discuss: Technology and gear left in Afghanistan, ARM chips and more. John is an experienced security intelligence leader building strategic, global teams. Hands-on technical leader passionately merging technical, business, product knowledge to achieve strategic business outcomes. Strong communicator for boards of directors and C-suite to practitioners. Previously DOD counterintelligence and compliance officer (NISPOM, ITAR, EAR) with strong relationships to federal law enforcement. Writer and speaker on cyber threat intelligence applications, insider threat programs at SANS CTI Summit, Kaspersky SAS 2019, Predict host and trainer 2016-2020. Co-author, The Security Intelligence Handbook (available on Amazon). John Wetzel https://www.linkedin.com/in/johnawetzel https://recordedfuture.com https://twitter.com/johnwetzel Eric Taylor https://www.linkedin.com/in/ransomware/ https://twitter.com/barricadecyber https://www.barricadecyber.com Shiva Maharaj https://www.linkedin.com/in/shivamaharaj https://twitter.com/kontinuummsp https://www.kontinuum.com/ If you are interested in CrowdStrike and/or Dark Cubed or just want to have a conversation, please feel free to get in touch with us. Buy Eric a Coffee Eric Taylor is Educating folks around cyber security Buy Shiva a Coffee IT support that's actually supportive. --- Support this podcast: https://anchor.fm/amplifiedandintensified/support
John Wetzel is currently the Director of Intelligence Solutions at Recorded Future. John is an experienced security intelligence leader building strategic, global teams. Hands-on technical leader passionately merging technical, business, product knowledge to achieve strategic business outcomes. Strong communicator for boards of directors and C-suite to practitioners. Previously DOD counterintelligence and compliance officer (NISPOM, ITAR, EAR) with strong relationships to federal law enforcement. Writer and speaker on cyber threat intelligence applications, insider threat programs at SANS CTI Summit, Kaspersky SAS 2019, Predict host and trainer 2016-2020. Co-author, The Security Intelligence Handbook (available on Amazon). John Wetzel https://www.linkedin.com/in/johnawetzel https://recordedfuture.com https://twitter.com/johnwetzel Eric Taylor https://www.linkedin.com/in/ransomware/ https://twitter.com/barricadecyber https://www.barricadecyber.com Shiva Maharaj https://www.linkedin.com/in/shivamaharaj https://twitter.com/kontinuummsp https://www.kontinuum.com/ If you are interested in CrowdStrike and/or Dark Cubed or just want to have a conversation, please feel free to get in touch with us. Buy Eric a Coffee Eric Taylor is Educating folks around cyber security. Buy Shiva a Coffee IT support that's actually supportive. --- Support this podcast: https://anchor.fm/amplifiedandintensified/support
Jeff Grody, CEO of EasyExport, is a regulatory and legal expert on selling firearms and parts internationally. His activities bring him into contact with regulations in 82 countries. Hear about how EasyExport helps U.S. exporters navigate the regulations safely. A must-listen-to- episode for anyone exporting under ITAR or EAR controls. Connect with Wendy - https://www.linkedin.com/in/wendypease/ Connect with Jeff - https://www.linkedin.com/in/jeffreygrody/ Music: Fiddle-De-Dee by Shane Ivers - https://www.silvermansound.com
In this episode of the True North podcast, IpX Director of Program Management, Brandy Taylor, and Chief CM2 Architect, Eddie Kolesar, discuss export compliance and why it's a crucial implementation for reducing risk that all businesses, big and small, need to consider. Brandy and Eddie identify the key factors of a good Export Compliance Plan and share their experience and knowledge including: What export compliance is and why It should be considered in your change processThe difference between export compliance regulating agencies, ITAR and EARGuidance for small businesses starting with the importance of correctly classifying your products and technologyThe importance of routine internal audits to hold people accountable and uncover inconsistencies, risks, and deficiencies in your Export Compliance PlanConnect with IpX to learn more about our Service opportunities to assess, support, and/or build your Export Compliance Plan and processes. https://ipxhq.com/
Companies involved in the export and import of defense products and services face significant risks surrounding compliance with the International Traffic in Arms (ITAR) statute and regulations. The US State Department's Directorate of Defense Control (DDTC) tightly regulates the defense industry and aggressively enforces ITAR rules and regulations. In this episode, Michael Volkov interviews Colleen Hurson, Of Counsel at The Volkov Law Group, who specializes in ITAR compliance and enforcement matters. Colleen can be reached at churson@volkovlaw.com.
This is the inaugural episode of Vuurwapen Blog Radio. In it, we discuss proposed changes to ITAR, cans and muzzle flash, bolt carrier group finishes, and Battle Rifle Company.
I spoke with Bill O'Brien, the chief operating officer at Brainloop, a cloud-based document management, storage, and collaboration software company. We discussed Brainloop's technology, with a specific focus on how it helps clients ensure compliance with ITAR (International Traffic in Arms Regulations), the ramifications of not adhering to ITAR, and his predictions for the future of cybersecurity in the legal industry.