Podcast appearances and mentions of John Gilroy

Technology is changing so fast that it is impossible to predict the next twelve days. Despite that, we have asked Travis Rosiek, Public Sector CTO at Rubrik, to gaze into his crystal ball and make some predictions for the next twelve months. The good news is that Rosiek sees a shift from intellectual property theft to disruptive attacks on critical infrastructure. The bad news is that Rosiek thinks attacks are increasing to the point that an event will light a fire under the current cybersecurity plans. During the interview, the concept of Zero Trust was unpacked. The idea is that federal systems have already been breached. As a result, the focus must be on microsegmentation, with permission as the limiting factor. Roseik's opinion is that malicious actors have planted code into systems that are acting as "sleepers." At one time in the indeterminate future, this code can be invoked, and severe damage can take place. If this nightmare situation occurs, the best defense is to have recovery built in. Today, leaders must have a system in place to restore data from backups. Unfortunately, malicious actors know this plan as well and have been known to insert code into backups that renders them useless. In a complex game of attack and counterattack, Roseik believes that a recovery strategy that includes immutable backups and an audit mechanism is the best approach in the 21st-century world of threats and countermeasures. He also stressed the necessity of reducing complexity to enhance cybersecurity and the need for initiative-taking measures, including regular stress testing and resilience training. = = Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  

It is always tricky to compare commercial networking challenges with those faced by federal leaders. For example, the military and intelligence agencies require traffic encryption. How can an organization detect threats while observing this traffic? Today, we discuss Vectra AI's network threat detection capabilities with Wes Nagel, DoD sales manager, and Gage Cowger, a security engineer. With technology from Vectra AI, network traffic can be analyzed for timing, size, direction, and protocol use. These can give behavioral patterns for network visibility without worrying about encryption. Cowger will argue that behavioral patterns are more effective than signatures, especially in mitigating alert fatigue. Signatures can overwhelm monitors with false positives; Vectra's AI and ML capabilities provide trustworthy alerts. This ability positions Vectra AI to adapt to new networking initiatives, such as software-defined and OT/IoT networks, which will be prevalent in the future. The discussion also touches on the future of network detection, emphasizing the need for real-time, behavior-based detection to counteract advanced threats and adapt to evolving networks. Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com    

One of the biggest trends in software development over the past 10 years is the shift from writing code to "assembling" code from off-the-shelf components. During today's interview with Javed Hasan from Lineaje, we learned that 70% of that pre-assembled code is open source. In other words, an anonymous person in some countries modified software instructions. This casual approach may be fine for small businesses, but an organization like the federal government must be highly cautious. Hasan describes how his company was one of the first to work with the federal government to set standards for this existing code. These initial efforts began ten years ago and resulted in Executive Order #14028, which requires a Software Bill of Materials for any organization selling to the federal government. This initiative expanded in 2021-2022 when NIST published related guidelines. These efforts are a good start. However, federal leaders must evaluate SBOM technology from many perspectives. For example, how to incorporate this mandate into air-gapped networks, legacy COTS, or even in a classified environment. System administrators also need to know if they are exposed. Further, every organization has a varying definition of what "deep software transparency" is. Hassan also discusses Lineage's innovative approach to creating "Gold open source" software, ensuring it is free of malware and vulnerabilities. If you are interested in seeing a demonstration of how Lineaje can help with software forensics, there is an event at the Carahsoft office in Reston, Virginia, on January 30 = = Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  

In the past 10 years, Amazon Web Services has gone from a niche player in the federal government to being responsible for billions in sales. One key aspect of this is how Amazon integrates leadership with innovation to address complex federal requirements. Today, we sit down with Andrew Christian to get an overview of concepts like customer obsession, working backwards, and the sixteen leadership principles that AWS implements to accomplish that drastic growth. ONE Customer-focus In the commercial marketplace, the concept of being  "customer-focused" is certainly not breaking news. However, as Christian explains, AWS tries to understand (almost obsessively) what the requirements are for federal systems. No, technically, they are not "customers," but they are the end users for any technology project. This focus has given AWS remarkable success in the commercial world, and when they apply it to federal technology, they can succeed where others have failed. TWO  Working Backwards Christian explains that "working backwards" is a concept where a team is forced to write a mock press release and FAQ for a future project. This is before they build anything. This helps to clarify the customers' needs by identifying gaps early. THREE    encouraging innovations Many describe innovation as failing fast, then recovering. That may hold up in a commercial application where lives are not at stake. During the interview, Andrew Christian differentiates between the importance of making quick, reversible decisions (two-way doors) versus long-term, impactful ones (one-way doors). He encourages federal agencies to adopt these principles to enhance their innovation and adapt to a world co constantly changing technology. Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we have an experienced tech veteran, Bob Stevens from GitLab, offering insights on how he sees the federal government overcoming three main technology challenges in 2026. Challenge ONE:   Software improvement on scale. Stevens observed that everyone has seen AI's ability to review code. It has passed the basic phase, and now, in 2026, it cannot only review code but also identify security vulnerabilities, ensure compliance, and even generate documentation. This means that older, expensive-to-maintain systems can be transitioned to more flexible, economical cloud models. Challenge TWO:   Going away from reacting. The word "continuous" has been the goal for cyber defenders for the past several years. Fortunately, AI is allowing that noble goal to be put into practice. When applied appropriately, newer technology can achieve lower breach rates and faster threat response times. Challenge THREE:   emergence of a "universal" developer. Traditionally, requirements would be gathered by an intermediary and then translated into instructions for software developers. Stevens shows how newer AI-based approaches can eliminate that intermediary step. In other words, a pilot can precisely describe what they want in an avionics system, and the developers can work from that description. That means solving domain-specific problems with traditional development skills. Ideally, subject matter experts directly translate their knowledge into functional software systems. Some call this the "universal" developer approach. Stevens emphasized the importance of AI, security, and flexibility for future developers. GitLab's DevSecOps platform integrates AI across the entire software development process.

(We recorded this interview at Monk's BBQ in lovely downtown Purcellville, VA) Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Defrauding the federal government is like the weather; everyone wants to complain, but nobody can do anything about it. For example, a joint DOL-SBA report from December 2024 revealed $2.3 billion in potentially fraudulent payments. Today, we sat down with Jeff Gallimore from Excella, where he will diagnose the problem of federal waste, fraud, and abuse. From there, he presents a solution that has already saved millions of dollars. The problem: too many silos From a data management perspective, most enterprise computational capabilities evolved through a federated approach. From a historical perspective, it makes sense that each agency would have its own computers and storage. It makes sense that individual data stores in this environment would be separated, or perhaps the word "siloed", into distinct areas. Now, if you have one silo, you can protect it; if you have a thousand, then there is a problem. During the interview, Gallimore mentioned an agency that manages 9,000 grants. That is a lot of data to coordinate when it is stored in its "silos." The solution:  gap analysis   Silos can be secure, but the architecture can allow for gaps in security coverage. These gaps, or seams, can allow fraudsters to exploit this structure. For example, an agency may have a division that has identified a person as a fraudster. If that information is not shared, this person can use the same exploit on another area of the agency. Further, interlinks between federated systems can allow adversaries to gain access. Excella has a profile of how they have managed to fill in the gaps in siloed data architecture.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When cloud computing was introduced, it was quite a simple concept: leverage other people's hardware to scale easily. Not too much to manage. However, today's cloud world has metastasized. Today, federal leaders live in a world of on-prem, multiple clouds, private clouds, hybrid clouds, and even sovereign clouds. Complications arise when they are burdened with compliance requirements and staff reductions. Today, we sat down with Ryan McArthur from Zscaler to discuss how to effectively manage a cloud environment when challenged with deploying Zero Trust. He begins by sharing his experience helping federal leaders understand the inherent risks of the VPN system. Few realize that VPN technology was first introduced by Microsoft back in 1996, and then popularized with Windows 4.0, which included built-in support. Thirty-year-old technology can present severe limitations. Unfortunately, the popularity of VPN technology increased with the demands of remote computing during COVID. We are now in a situation where many enterprises have built their architecture on this dated technology. Ryan mentions that one key to juggling clouds is to focus on the applications themselves. He emphasized Zscaler's ability to securely connect users. If you want more information about Zscaler, you should attend the Zscaler Public Sector Summit in March, where you can discuss and collaborate further.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We are at the point where AI is almost expected in any technology offering. Today, we sat down with John Kindervag from Illumio to learn how AI can be applied to the world of federal Zero Trust. Some have characterized today's current cybersecurity situation as an arms race; some call it a whack-a-mole game. An innovative technology, such as AI, becomes popularized, and adversaries use it to improve attacks. As a result, the defenders of data must bolster their response, and they, in turn, use AI to defend. He highlights the importance of visibility, using AI to quickly parse logs, and the concept of dwell time, in which attackers can remain undetected for extended periods. To protect valuable data, Kindervag distinguishes between the attack surface and the defense surface. Although a malicious actor can instigate AI-driven attacks across any surface, sensitive information can be protected by thorough segmentation of the protected surface. During the interview, Kindervag provides tactics to manage legacy technology, fragmented data, and the critical topic of risk-averse culture.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com It is rare to see AI applied to federal cybersecurity mandates. However, today, we will sit down with Louis Echenbaum from Color Tokens. He will unpack the concept of using AI to help federal leaders improve their ability to implement microsegmentation. We all know about Executive Order 14028 and the OMNB Memo M-22-09, which are forcing federal agencies to deploy a robust Zero Trust framework. The key components include identity and access management, asset management, continuous monitoring, and micro segmentation. During the interview, Louis Echenbaum expands on current challenges like legacy systems and visibility. For example, what happens once a malicious actor breaches a federal system? Some call this east-west traffic. The general response is to prioritize and segment data so the intruder is denied access. This concept looks good on paper, but in the real world, leaders encounter some issues. First, how can they know exactly what is on their network? This is perplexing in environments where endpoints are in areas that cannot be upgraded. Further, the move to a hybrid cloud offers varying levels of data segmentation. One system administrator may be competent with a specific cloud service provider but does not know all the details of another company. This skills gap can lead to coverage gaps and opportunities for attack. The solution Echenbaum suggests is to leverage AI to improve visibility and give leaders ways to prioritize datasets into appropriate microsegments.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In the world of federal technology we are being deluged with so much information about Artificial Intelligence that we may not see what some of other technologies that may have as great an impact as AI.  The White House, the OMB (M-23-02), the Office of the National Cyber Director have made it clear that the time to prepare for post-quantum cryptography is now.  Agencies are required to inventory cryptographic systems, prioritize high-value assets, and build migration plans in line with NIST standards. Today, we sit down with Eric Hay from Quantum Xchange to look at making this transition.  During the interview, Hay handles issues like technology, operations and appropriate strategy. He highlights the role of NIST in developing and approving new algorithms like NIST PQC Post Quantum Encryption, ML, and CHEM. Eric explains the five-step process for transitioning to these new standards: discovery, prioritization, deployment, monitoring, and management. Rather than spending time evaluating algorithms, Eric Hay stresses the importance of a network-centric approach, suggesting that agencies focus on securing data transport first. Eric predicts Q day, when current encryption methods could be compromised, within 3-5 years, with some European partners aiming for 2029.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com John Kindervag began the concept of Zero Trust; he probably did not realize the impact it would have on the technological community. Today, we look at the federal government and Zero Trust implementation from 40,000 feet. Kindervag will opine on topics such as browser security, the importance of data, and operational technology. Instead of using his technical knowledge as a cudgel, Kindervag reinforces the importance of a balanced approach in which federal leaders consider both technological and behavioral aspects of implementing Zero Trust. People with a basic understanding of Zero Trust can disregard the importance of data; he calls it the 'protect surface'. This involves identifying and securing the smallest space within the network, as well as the entire network itself. One missing link in the move to Zero Trust is Operational Technology. When looking at the Department of War, it has assets deployed all over the world. They have thousands of sensors that may or may not be part of a network. Kindervag suggests that when you have a protected surface that is a critical asset, which means it can be included in data sets. The interview ended with comments regarding the challenges of implementing zero trust, particularly the need for strong leadership and the potential of AI to enhance cybersecurity measures, while acknowledging the complexities of data classification and the evolving threat landscape. Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com A quick review of malicious activity shows large-scale cyberattacks being run without any human intervention. That means traditional penetration testing, which occurs once a year, can be easily defeated by massive, systematic attacks. During the interview with Snehal Antani, CEO of Horizon Three, he highlights the importance of continuous autonomous penetration. He suggests that it may be the only response to a non-human automated attack. Horizon3 has recently collaborated with the NSA's Cybersecurity Collaboration Center to develop the Continuous Autonomous Penetration program. He details identifying critical vulnerabilities not only in federal systems, but also in the Defense Industrial Base.] Today's cyber threat landscape is rapidly evolving, with artificial intelligence fueling a new wave of increasingly sophisticated attacks. Malicious actors now leverage AI to automate and scale their operations, resulting in large-scale, highly coordinated cyberattacks requiring little to no human oversight. This surge in automation on the offensive side has exposed a significant gap in the traditional cybersecurity strategies of federal agencies, which still largely rely on manual or scheduled defense mechanisms such as annual penetration testing. These legacy approaches are woefully inadequate against relentless, continuously evolving threats executed by automated tools that probe for weaknesses around the clock. Federal leaders, traditionally cautious about deploying automated systems for cybersecurity, now face a crucial crossroads. The old paradigm—where automation in cyber defense was seen as risky—must be reconsidered in light of real-world evidence that manual processes cannot keep pace with automated adversaries. In a recent interview, Snehal Antani, CEO of Horizon3, emphasized the critical need for continuous, autonomous penetration testing. He argued that just as attackers use automation to identify and exploit vulnerabilities at scale, defenders must employ similar automation to uncover and remediate those weaknesses swiftly and continuously. To advance this approach, Horizon3 has partnered with the NSA's Cybersecurity Collaboration Center, launching the Continuous Autonomous Penetration program. This initiative aims to proactively identify critical vulnerabilities not just in federal government networks, but also across the Defense Industrial Base. By integrating automated, persistent penetration testing into daily operations, federal agencies can better defend against the nonstop, AI-driven threats now targeting every aspect of their infrastructure.            

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The good news is that federal security measures are preventing successful attacks; the bad news is that adversaries are examining every nook and cranny of a federal system and increasingly targeting the browser itself as an attack vector. During the interview, Scott "Monty" Montgomery gives a quick overview of Enterprise Browsers and Secure Enterprise Browsers.  After all, browsers have been around since 1994. It may be the only application ubiquitous on home-based machines and in enterprise systems. They were not designed for security; they were intended to open the internet to the World Wide Web, full of images, links, and audio. Malicious actors did not have to focus on an app with limited use; by targeting a browser, they have almost unlimited targets to attack. Montgomery mentions the increase in browser-based attacks. In fact, they increased by 198% in the second half of 2023. Scott explains that phishing persists because people are curious or fearful, leading them to click on malicious links. A Secure Enterprise Browser can help prevent many common phishing exploits. Additionally, an SEB can support policies and controls. This means that an SEB fits completely with any current Zero Trust initiatives across all agencies. Beyond that, SEBs can be configured to manage legacy systems and even operate in low-bandwidth environments.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Every federal agency prepares a backup strategy to protect data. This is a rigorous endeavor in which teams practice what to do in the event of a breach or system failure. However, nobody really has a plan for a temporary federal shutdown. Any political pundit worth his salt knows there will be another federal shutdown sometime in the future. It is reasonable to consider automation to see how it can be used to bridge services during a temporary shutdown. David Grundy is the Public Sector CTO for Tines. He has decades of experience in and outside the federal government. He highlights the challenges of human-centered workflows. For example, just because the staff is reduced does not mean attackers will take the day off. Adversaries work 365 days a year and are immune to political infighting. Based on David Grundy's experience, an agency should start with visibility to know which workflows exist. From there, document processing can be detailed, enabling scaling. During the interview, Grundy shares his experience in a federal agency that had to make digital transitions while complying with federal regulations. He is optimistic that operational resilience can be achieved through initiative-taking by all federal agencies.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In a recent report from Microsoft, they share that foreign adversaries are increasing attacks on American infrastructure. One variation is that they will not penetrate systems and attack, but they will steal credentials and install code to act in stealth mode. This code can hide for years and be deployed when the antagonist wants. Today, we sat down with Travis Roseik from Rubrik to try to find some options for defending against this hidden attack. Let us say an agency has improved its resistance to foreign attacks. This is satisfactory progress, but what happens in a situation where the malicious code was planted prior to the increased defense. Further, during the interview, Roseik states that companies may be able to leverage AI to improve defense, nation states will be using that same AI to improve attack methods. If malicious code is within the walls of an organization, whether by AI or user error, Roseik makes the point that a defensive posture may not be enough in today's sophisticated world of attack. He recommends moving from a defensive approach to an initiative-taking threat hunting strategy. Even if Zero Trust and threat hunting fail, the best response is to have immutable backups. For example, if a breach occurs and the system recovers quickly, then the attackers will go after more vulnerable targets. The conversation underscores the urgency for organizations to adapt and innovate to counteract these threats.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The federal government recognizes that threats are multiplying at an exponential level. In fact, in October 2025, CISA released a free vulnerability scanner, and 10,000 organizations have signed up. Today, CISA is at its current capacity. Today, we examine solutions from a successful startup called CrunchAtlas. One of the co-founders, Ben Fabrelle, will share with the audience his experience in threat hunting in the federal government and why he combined with another veteran to form a company that can assist in threat intelligence, data analysis, and automation. During the interview, Fabrelle says that CrunchAtlas likes to attack "wicked" complex problems. One of the most complicated problems the federal government has is identifying threats in a world where the DoD is being attacked by malicious actors every day. Fabrelle suggests that the solution is a persistent cyber-hunt platform. It can search for threats in a wide range of environments. This means it can be deployed on-prem, in the cloud, or in an air-gapped environment. The founders view that a platform approach is the best way to scale against these adversaries. One of the key differentiators for CrunchAtlas is its ability to operate in the cloud, on-prem, and even in an air-gapped environment. In fact, their offering's code stack, from design, operates in an air-gapped environment. Automation in this kind of environment will allow for a reduction in false positives, which will, in turn, reduce fatigue and decrease the need for human threat hunters.  

Ep. 281 How Zero Trust Automation Helps Federal Agencies do More with Less Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com As this interview was recorded, the federal government was in the middle of a shutdown. Hundreds of pundits have given interviews about the politics of the situation; very few have looked at the impact on cybersecurity during a phase of workforce reduction. Today, we sat down with Gary Barlet, the Public Sector CTO at Illumio, to see whether Zero Trust can help the federal government bridge this short personnel gap. Barlet begins by giving an overview of Zero Trust and automation. Rather than having human beings vet entry into federal systems, the concept is to use an automated process that reviews credentials and decides on permission. Barlet emphasizes the importance of Zero Trust in automating security tasks and maintaining operational resilience, especially with reduced staff. He continues to mention several other benefits of Zero Trust in a federal environment. Compliance:  A well-thought-out Zero Trust architecture will enable managers to collect data to demonstrate policy enforcement. Legacy: One can effectively take existing systems and "ring fence" them off. This approach creates hundreds and hundreds of rings of defense. Design:  During the interview, Gary recommends that you have a handle on the real traffic to reduce complexity. That way, when policies change, the rules can adapt to the environment. Maturity Level:  Although CISA has a maturity level for Zero Trust. Barlet distills down some of the requirements for which efforts can be applied to sensitive systems. He suggests focusing on security, not necessarily on a grade. Additionally, he addresses the challenges of managing complex, hybrid environments and the emergence of shadow AI models, stressing the need for robust policies and controls.            

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we sat down with Chris Wysopal from Veracode to talk about how to leverage the power of AI to increase productivity in federal systems. It seems like every headline you read talks about AI speeding up the process of writing code. However, there may be mixed messages here. Wysopan read some academic reports that talked about vulnerabilities being introduced in human code as well as AI code. Because this has been a concern for a while, He initiated the Gen AI Code Security report. They examined a wide range of LLMs to get a fair overview. They discovered 45% introduced vulnerabilities. What is even more shocking is this is similar to the rate from regular, old, garden variety software developers. You can get more details from the Veracode's 2025 Gen AI Code Security Report. It details methodology and notes despite improvements in syntax; security remains a concern. When he presented at a recent Billington Cyber Summit, he was deluged with people interested in problems with AI generated code. The overview is Implement a centralized risk management approach to prioritize and address the most critical vulnerabilities.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com MongoDB has spent years earning a formidable reputation in the developer world; today, we will unpack some of its capabilities for project managers and federal leaders so they can understand where MongoDB may fit in their stack. Conventional wisdom is that MongoDB is a flexible open-source database. Although that is true, this does not do justice to some characteristics that will appeal to the federal audience. ONE: An agency may have restrictions on where the cloud is not suitable for storage. Because of its ability to use flexible, JSON-like documents, MongoDB has listened to those needs and can have storage in many varying regions.   In fact, we have seen a movement to move cloud applications back on premises. MongoDB provides flexibility for working in both hybrid and on-premises environments. TWO:  Most readers have studied encryption and think of it primarily as data at rest. Cloud storage transitions have forced a method where data is encrypted during transit. MongoDB can take encrypted data and search while it remains encrypted. Some will describe encryption at rest, in transit, and now, data in use.  THREE   MongoDB has listened to the federal community and is offering something called MongoDB Atlas for Government. It is a secure, fully managed cloud database service for U.S. Government agencies to modernize applications and oversee sensitive data. During the interview, Ben Cephalo revealed the effort MongoDB is making to serve federal agencies that require FedRAMP high capabilities.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Elastic has been around since 2012 and has been gradually gaining traction in the commercial world. In fact, Elastic has recently signed agreements with Nvidia and Google to improve integration with its distributed search analysis. All this assists with AI search and observability. Today, we sat down with Chris Thompson from Elastic to highlight how commercial success can be applied to the federal world. Looking back at his decades of work with federal agencies, he sees one of the problems in acquisition. In a world of rapid change, it is challenging to acquire technology that can keep pace with the fast pace of change. During the interview, Thompson discusses a recent strategic agreement developed by Elastic working with the GSA and other companies. This streamlines the process of providing technology to federal professionals. This agreement accomplished several tasks at once: >>It leverages the GSA's collective buying power. Rather than negotiating separate prices for dozens of agencies, it has substantial discounts with all the major cloud providers. >>>  It reduces duplication. We know several federal agencies are facing similar tech challenges. Rather than duplicating requirements gathering and testing before making a purchase, the GSA approach eliminates this duplicative process. >>With numerous AI tools flooding the market, this agreement enables the accelerated use of these tools.  >> When you have standardized contracts, enhanced security is typically the result. No contract is perfect, and people who have developed this agreement know it is a living document that can flex and adapt to technical situations as they arise. GSA officials have stated this is an evolving approach, giving it the ability to adapt to innovative technology, new companies, and a rapidly changing cyber threat.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Many listeners have become so familiar with AI that they may have assumed it has been around for decades. Today, we sat down with Will Angel from Excella to explore the application of AI to federal technology from a more nuanced perspective. We dive into three main aspects of AI:  challenges of integrating AI services, Model Context Protocol, and security considerations with agentic systems. Challenges: No company has grown as fast as ChatGPT; in fact, it is the fastest-adopted consumer application in history. Today, it has an estimated eight hundred million weekly users. This has attracted developers who work on federal projects. Wil Angel recommends careful consideration of people arbitrarily porting data to or from products like ChatGPT because it can compromise data security. MCP In certain circles, the term “Model Context Protocol” is used constantly. It has become so popular that people do not realize it was just coined by Anthropic in November of 2024. During the interview, Angel presents variations on MCP for software development and warns about the hype surrounding the relatively new standard for AI systems. Agentic AI  Autonomous systems have been the holy grail for every software developer. The promise of Agentic AI is so powerful that some have jumped into applications without a more prudent approach. When a series of tasks is assembled, unintended consequences can come into play. It is one thing in the commercial world to reveal essential data; it is a completely different situation when the DoD is dealing with life and death situations. Angel predicts significant changes in AI over the next few years, with large language models revolutionizing software systems.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Many listeners have become so familiar with AI that they may have assumed it has been around for decades. Today, we sat down with Will Angel from Excella to explore the application of AI to federal technology from a more nuanced perspective. We dive into three main aspects of AI:  challenges of integrating AI services, Model Context Protocol, and security considerations with agentic systems. Challenges: No company has grown as fast as ChatGPT; in fact, it is the fastest-adopted consumer application in history. Today, it has an estimated eight hundred million weekly users. This has attracted developers who work on federal projects. Wil Angel recommends careful consideration of people arbitrarily porting data to or from products like ChatGPT because it can compromise data security. MCP In certain circles, the term “Model Context Protocol” is used constantly. It has become so popular that people do not realize it was just coined by Anthropic in November of 2024. During the interview, Angel presents variations on MCP for software development and warns about the hype surrounding the relatively new standard for AI systems. Agentic AI  Autonomous systems have been the holy grail for every software developer. The promise of Agentic AI is so powerful that some have jumped into applications without a more prudent approach. When a series of tasks is assembled, unintended consequences can come into play. It is one thing in the commercial world to reveal essential data; it is a completely different situation when the DoD is dealing with life and death situations. Angel predicts significant changes in AI over the next few years, with large language models revolutionizing software systems.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, the plow must go deeper. Current approaches to Zeer Trust implementation can leave gaps in security. Today, we sat down with Akamai's Mike Colson to discuss the concept of combining Identity Credential Access Management with Least Permissive Trust. Setting the stage, Mike Colson details some of the challenges in the varying kinds of Zero Trust that are being applied in the Federal Government. The standard way of implementing ICM can result in assigning more resources than necessary, leading to permission creep and inflexible permission. Over provisioning: The amount of data being created is almost impossible to manage. A person may be given access to a data set they are not permitted to see. A “just in time” permission structure would help avoid that situation. Stale:  Just because a person has access to a data set on a Tuesday does not mean he has access on a Wednesday. People can leave the workforce, be reassigned, or change roles. Access must be constantly updated. Static:  Ron Popiel made the phrase, “Set it and forget it,” memorable. Unfortunately, this approach can lead to a permission structure that may limit access to key data. This may be considered under-provisioning, potentially leading to time delays in obtaining key information. Colson took the listeners through several iterations of access control, including Role-Based Access Control and Attribute-Based Access Control. On top of these old favorites, Colson discussed what may be called Context-Based Access Control, or what he calls Least Permissive Trust. Least permissive trust is a concept Colson outlined, which uses user behavior, device health, and contextual factors to grant permission dynamically. The conclusion is simple:  not all Zero Trust is created equal.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The impact of AI in software development in the federal government is so pervasive that, in July of 2025, the President of the United States released a White House AI Action Plan. Today, we sat down with Bob Stevens from GitLab to put this development into perspective, examine some use cases, and suggest methods that federal agencies can use to prepare for this technological shift. What precipitated the initiative is the recognition that change is occurring so rapidly in the world of software development that the federal government must adapt more quickly than in the past, or it will be vulnerable to cyberattacks. Stevens notes that the federal government has been targeting modernization, producing software faster, and being more efficient, for a decade. AI will help them get there, with some possible cost reduction. For example, in the past, a vulnerability may have taken weeks to discover. Utilizing AI allows federal software developers to reduce that discovery to minutes. That ties in with one essential element in the White House initiative: security. In fact, one of the pillars of the Action Plan is titled “Promoting Secure-by-Design AI Technologies and Applications.” Stevens has been involved in federal software development for decades and thinks that a platform approach best serves the essential objectives of this Action Plan. The conversation concludes with the potential for AI to streamline government processes and improve operational efficiency. If you are interested in learning more about the economics of this approach, you can download The Economics of Software Innovations: $750 billion Opportunity at a Crossroads.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We are recording this at the Air Force Air, Space, & Cyber Conference. During the second day of the conference, General B. Chance Saltman, Chief of Space Operations at the Space Force, talked about a “focus on readiness.” Our guest, Rob Bocek from Virtualitics begins the interview by talking about the concept of readiness being applied to AI. In fact, Bocek recently did an in-depth discussion of this topic at a conference he led titled The Frontiers of AI for Readiness. Today, we combine some of the lessons learned from that gathering with some of the goals and aspirations that were given at presentations at this year's Air Force Air, Space, & Cyber Conference. In a wide-ranging interview, Bocek comments on topics like guardrails, leadership, procurement, and collaboration. GUARDRAILS Even the casual observer will notice that AI will have an impact on the DoD. However, the DoD deals with life and death decisions daily and cannot be subject to data poisoning and LLM attacks. During the interview, Bocek commented on implementing guardrails when experimenting with AI. LEADERSHIP In the corporate world, leaders will justify a blind jump into AI with assertions like, “if they don't jump in, their competitors will.”  The DoD deals with much more than a profit and loss statement. Military leaders must step up with understanding the positives and negatives of AI, and lead technology experts into correct implementations. PROCUREMENT When General B. Chance Saltman was presenting nobody in the audience thought he would include acquisition reform as one of his three main points. He reinforced the concept of living in a contested world where adversaries can adapt quickly, and the American military cannot be held back by antiquated procurement processes. Listen to the podcast to get an idea of some of the solutions available for federal leaders trying to use AI in a responsible manner.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Ten years ago, Nutanix exploded on the federal scene. By now, just about every listener has heard of Nutanix partnering with the federal government in a wide range of projects. Today, an update with Greg O'Connell from Nutanix. He demonstrates how federal agencies can leverage Nutanix's experience to achieve mission success across various cloud environments. During the interview, O'Connell gives a basic comparison of multi-cloud vs. hybrid cloud. From his perspective, a multi-cloud environment includes one or more public cloud providers. A hybrid cloud enables a system that combines on-premises infrastructure with public cloud services. This allows a single, integrated environment, providing more control over access, compliance, and ability to connect with legacy systems. Existing applications and data always present a challenge in moving to the scalability and flexibility of the cloud. Nutanix brings to federal technology its ability to work with legacy systems in a system that has been evaluated over time. Most federal leaders may wonder what is taking place in other agencies. To that end, Nutanix provides an annual report on cloud activities. The 7th Annual Nutanix Enterprise Cloud Index Report highlights that 94% of US government entities utilize AI, but 76% require infrastructure improvements. Liten to this podcast to get an update on innovation from Nutanix and download the report to gain a better understanding of activities in the federal tech community.            

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Most listeners are familiar with LMI as a sixty-year-old nonprofit, providing logistics management services and related research to the federal government. Today, LMI is a for-profit organization that leverages its decades of experience to gain a competitive advantage in understanding use cases where AI can reduce costs, enhance security, and facilitate the analysis of unstructured data. An engagement with LMI does not begin with clients explaining federal regulations; it starts with mission-ready products and platforms that are built on a deep understanding of the need for trust, transparency, and compliance. During the interview, Bettina Koleda explains that the federal government is getting pressured to do more with less. Additionally, because of the importance of the data inherent in many federal applications, users must trust that the data is not being compromised in any manner. LMI has developed a platform called LIGER that combines the need for reduced costs while maintaining compliance. Bettina Koleda explains how it can help translate mission goals into software requirements and continuously refine solutions through feedback from federal agencies. Kaleida is optimistic about the future of AI, believing it can help solve significant global issues if managed effectively.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com It is difficult to pinpoint an exact number, but some statistics show an executive is five times more likely to be attacked than a regular employee. It makes sense. If you receive a suspicious email from a fellow employee, do not respond. However, if you receive an email from the CEO, you are more likely to react more aggressively. In today's interview, Richard Fleeman and Ricky Freeman from Fortreum Labs discussed the increased risk executives face, citing a 74% human error rate in breaches. How do malicious actors get personal information on an executive? Sometimes, leaders are too active on social media and, for example, post when they are on vacation. If an employee gets fooled, he may transfer assets online. Okay, we know ransomware is on the rise drastically, and companies are vulnerable – what can an executive do to prevent this activity? Richard Fleeman observes that once the money is transferred, it is exceedingly difficult to find a resolution. He suggests that prevention is the best approach. Start with social media and see if you are revealing your email or confidential information. Some call this oversharing. Multi Factor Authentication is a terrific way to limit access to your accounts. People often use the same password. Humans tend to repeat passwords. "Password spraying" can be used to break into accounts. Fortreum offers a service to help executives avoid these common pitfalls. They can start with publicly available data and then move onto the dark web. Ricky Freeman notes that attacks like the OMB breach often result in data for sale on the dark web. He has developed tools that enable the scraping of the dark web to determine if an executive can compromise sensitive information. Hard to expunge – easier to opt out Dark web. Even if your compromised information is extant on the dark web, you may not be able to do anything about it. Fortreum's services include manual testing, attack surface analysis, and dark web scraping to identify vulnerabilities and provide recommendations. You can get an idea of your vulnerability by taking advantage of guides to see if you are exposed. 

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The federal government manages a great deal of sensitive information that it is reluctant to share with other agencies or organizations. However, isolation means important decision-making data can be inadvertently withheld from leaders. The simple term "collaborate" can be easily applied in a classroom. Still, it becomes almost impossible with petabytes of data that have varying levels of security, such as classified, secret, and top secret. Even if the puzzle of sharing data is solved, the issue of data classification changes and data being attacked with malicious code remains. Sean Berg is the CEO of Everfox, a company that has spent the last twenty-five years solving this data problem by using cross-domain technologies. During the interview, Sean Berg discusses the role of AI in ensuring data integrity, the challenges posed by legacy systems, and the critical nature of data management in national security and digital transformation. Sean Berg moves beyond Cross Domain Solutions to Everfox's Content Disarm and Reconstruct (CDR) technology. With this approach, the document is opened and examined for malicious code, then copied. CDR is a tool for ensuring data integrity and preventing malware infiltration, allowing for safe and secure collaboration between federal entities.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, a company becomes so large that it is difficult to be specific about how it can help any organization, especially one as vast as the federal government. Today, we sit down with Ron Bushar, Chief Information Security Officer & Managing Director – Google Public Sector. We address many of the significant concerns federal technology leaders have regarding topics such as cloud-native, edge computing, and Zero Trust. This is a rudimentary overview of working with Google Public Sector. If you would like to connect in more detail, you can attend the free Google Public Sector event in late October. The focus will be on the investments Google Public Sector has made in AI and security. Ron Bushar begins the discussion by highlighting the benefits of transitioning to cloud-native applications. Modern applications demand availability anytime and anywhere. Emphasizing applications that can leverage the cloud provides scalability and security that are often lacking in older systems. Furthermore, when one combines cloud-native with AI, the result is a lighter-weight platform that can be used worldwide to support missions. This “anywhere” concept encompasses areas of the world that require remote access, which is increasingly referred to as edge computing. Google has provided international access since its early years, and it has the capability that can allow federal technology to be connected at the edge. Most federal security conversations today involve the concept of Zero Trust. Ron Bushar makes the point that Google was a pioneer in Zero Trust. Listen to the interview to hear about ·      70% discount ·      Agentic AI ·      Hardening of Google   ·      Gemini and federal applications Even better, attend the Google Public Sector event on October 29, 2025. 

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Virtualitics, a company spun out of Caltech and NASA JPL in 2016, focuses on applying advanced AI to mission-critical challenges, including asset availability, personnel readiness, and supply chain optimization. During the interview, Rob Bocek, Chief Revenue Officer at Virtualitics, provides listeners with insight into how his company can enhance Air Force readiness while ensuring explainability and democratizing AI. Sometimes, AI is described as a “black box” where one pours in data and out pops an answer. In a life-or-death scenario that many military organizations face, this arbitrary approach will not suffice. As a result, solutions provided by Virtualitics, document the process carefully. Listening to the customer is key to understanding supply chain problems.  Rob Bocek details how his team will get close to the end user. This can be a “democratic” approach where a wide variety of input is absorbed. Virtualitics aims to identify the root causes of pain and determine what specifically needs to be solved. He highlights their ability to detect anomalies, optimize training pipelines, and anticipate equipment failures. Once these preliminaries are brought together, the most tremendous success will be accomplished when leadership takes risks. Looking ahead, Virtualitics is hosting the Frontiers of AI for Readiness Summit at Caltech to convene DoD leaders, academics, industry, and investors. Bocek emphasizes partnerships across technology providers, cloud platforms, and startups as essential to scaling AI solutions and accelerating the DoD's adoption.  

"I have friends everywhere." In this special episode, we're joined by Tony Gilroy, the creative force behind the electrifying Star Wars series Andor. Critics and activists on the frontlines in America have praised Andor for its powerful portrayal of resistance, and with Season 2 up for 14 Emmy Awards, it's clear this is no ordinary space opera. Gilroy's vision grounds the story in centuries of history, showing us what it means to resist empire in all its brutality. Andor is an urgent guide for Americans today.  For more than three decades, Gilroy has been shaping modern cinema with blockbusters and fearless storytelling. He gave us Rogue One: A Star Wars Story, and wrote and directed the critically acclaimed political thriller Michael Clayton, which earned him Oscar nominations for both screenplay and direction. His credits include Armageddon and the first four entries of the Bourne series (in which he directed the fourth), Devil's Advocate, Dolores Claiborne, The Cutting Edge, State of Play, and many, many other films.  The son of World War II veteran and Tony and Pulitzer-winning playwright and filmmaker Frank Gilroy, and brother to acclaimed film editor John Gilroy and Oscar-nominated writer-director Dan Gilroy (an Emmy-nominated writer on Andor), Tony Gilroy doesn't just tell stories: he builds immersive worlds where power, corruption, and resistance collide, worlds that help us make sense of our own. We're thrilled to welcome him to Gaslit Nation to discuss this dark chapter in America's history and, through his art, remind us of the courage it takes to stand and fight back. For Gaslit Nation listeners who want the full breakdown of the convicted felon/war criminal distraction circus and what comes next for the Free World, our latest salon digs into the Putin-Trump gaslighting sideshow in Alaska and how the war can actually end. You can watch the recording at Patreon.com/Gaslit. Thank you to everyone who makes our independent journalism possible! Don't miss Monday's salon at 4pm ET, only on Patreon, where we'll dive into two powerful films about resisting dictatorship: The Lives of Others and I'm Still Here.  The Lives of Others tells the haunting story of artists defying the East German Stasi, while I'm Still Here tells the story of a woman whose husband is disappeared by Brazil's military dictatorship in the 1970s, and how she transforms her country for the better.  These two films are reminders that light will always defeat darkness: it's just a matter of time, and collective courage and defiance.    Want to enjoy Gaslit Nation ad-free? Join our community of listeners for bonus shows, exclusive Q&A sessions, our group chat, invites to live events like our Monday political salons at 4pm ET over Zoom, and more! Sign up at Patreon.com/Gaslit!   Show Notes:   Trailer: Andor (Season 2) https://www.youtube.com/watch?v=AE4wxt70aUM   Andor Clip featured in episode: “You're coming home to yourself.” https://www.youtube.com/watch?v=rugpDpd0aV4   'The world is behaving irrationally' - Putin's warm welcome gets cold reaction in Ukraine https://www.bbc.com/news/articles/ckg4mj4011lo   Kremlin critics say Russia is targeting its foes abroad with killings, poisonings and harassment https://apnews.com/article/russia-attacks-poisoning-killing-litvinenko-skripal-5ddda40fd910fe3f8358ea89cb0c49f1?utm_source=copy&utm_medium=share   Gaslit Nation Action Guide: https://www.gaslitnationpod.com/action-guide  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In 1987 Microsoft introduced PowerPoint, it is one of the few applications that has endured almost four decades! Today, we look at some options that incorporate more flexible ways to innovate. Charles Firey from Excella provides listeners three ways to make a transition from PowerPoint to modern applications.  He discusses setting temporary instances of a modification, making sure this approach is consistent, and where to look for opportunities to apply this dynamic method. Sandbox. Instead of worrying about managing sensitive data, create a sandbox or synthetic data environment to enable quick concept demonstrations without compromising security or compliance. Once a federal leader can see the proposed solution, iterations can take place in a more effective manner. Consistent. Once the concept of a “sandbox” has been established, think about federal security considerations. Develop a consistent approach for creating prototypes that align with production-ready compliance requirements that include protecting data at rest and data in transit. Opportunities  - Identify opportunities to incorporate rapid prototyping as part of the method. Not every technical problem can be solved with improving interactions with websites; however, many areas can be helped if you know how to apply an iterative approach to software development. Charles notes that Excella uses synthetic data and consistent workflows to ensure prototypes align with production standards. The conversation also touches on the cost-effectiveness and future potential of AI-driven prototyping in federal projects.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In boardrooms across America, members are slowly starting to notice the proliferation of cyber-attacks. It is one thing to recognize the danger, quite another to do something about it. Board members may ask, how does a company's risk profile compare to others? What is a reasonable amount of money to budget for cybersecurity? What about company growth & change? Are there tools to use to approximate risk level? Today, Ben Scudera from Fortreum jumps feet first and answers the tough questions Ben admits that financial estimates are always difficult, he suggests  a typical  spend of   ½ % - 2%  of a company's annual budget for a typical company. If you are in a regulated environment, perhaps one like a hospital or bank, you may need to revise that estimate. Risk prioritization will have to vary based on the circumstances of each organization. Some start at a weak baseline, others can be quite safe. Even if you are secure, what happens in the future is your company acquires another? What about drastic growth in sales and plant expansion? How to keep up with new attack vectors? Ben's goal is to provide an understanding of the threat without any scare tactics. One approach is to use a guideline from Fortreum's Cyberfoundation  that includes eighteen metrics. This view allows leaders to prioritize remediation efforts. He highlights the importance of continuous risk management and education to combat evolving threats like ransomware and phishing attacks. Here is a link to the guidelines from Fortreum:

Ep. 264 How Automation Is Accelerating Digital Transformation Across Federal Agencies Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In this episode of the Federal Tech Podcast, host John Gilroy interviews Nabil Amiri, Vice President of Business Development for the federal practice at NWN. The discussion introduces NWN's expanding role in helping federal agencies adopt advanced technologies, particularly artificial intelligence (AI), as part of broader digital transformation efforts. Amiri explains NWN's recent acquisition of Leverage Information, a move that brought deep federal experience—especially with defense, intelligence, and civilian agencies—into NWN's already strong commercial portfolio. This merger allows NWN to deliver robust, secure IT solutions tailored to the complexities of federal requirements such as FedRAMP, STIGs, and Zero Trust. He emphasizes that innovation and compliance can—and must—coexist in the federal space. The conversation touches on the real-world challenges federal agencies face, like outdated systems, budget cuts, workforce reductions, and tool sprawl. Amiri critiques the proliferation of “single panes of glass” in IT environments, which often complicate rather than simplify operations. NWN's strength lies in delivering visibility across systems, reducing complexity, and enabling security and automation through integrated, scalable platforms. Key themes include Zero Trust architecture, infrastructure modernization, automation, and streamlining tech procurement. NWN's flexible acquisition pathways (e.g., via GSA and SEWP contracts) make it easier for agencies to respond quickly to crises like COVID or cyberattacks. On AI, Amiri emphasizes its role in real-time data analysis to improve visibility and prevent outages, critical for mission continuity. NWN remains vendor-neutral, working with a broad ecosystem of partners to deliver best-in-class, mission-focused outcomes. Looking ahead, Amiri confidently predicts that AI will become foundational to all federal IT strategies, driving operational resilience and transformation in the next five years. The interview sets the stage for deeper dives into emerging topics like agentic AI and cloud-native strategies in future discussions.

Ep. 263  How Microsoft Drives Cloud-Powered Transformation in Federal Agencies   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Microsoft has been a behemoth in the world of information technology since its founding in 1985. The only way to understand how Microsoft can impact the federal government is to take a topic like AI and conduct a thorough analysis. Today, we sat down with Wole Moses, the Chief AI Officer for Microsoft Federal. He shares his perspective on how Microsoft's innovation can help federal agencies achieve their ambitious goals. Essentially, we discuss AI's role in cyber threats, legacy infrastructure, and compliance. Moses explains that Microsoft's AI assistant, Copilot, is integrated into various products to enhance productivity. He emphasizes the importance of a strategic approach to AI, aligning projects with agency missions and goals. Moses discusses the potential of AI to modernize legacy systems and processes, improve cybersecurity, and support software developers. In AI, multimodal refers to a system that utilizes text, images, audio, and even video. He also highlights the need for multimodal AI to expand communication capabilities and the importance of compliance with frameworks like FedRAMP and NIST RMF.   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we discuss the importance of user experience for federal websites with guests Amanda Chavez and Rishi Vajpayee from Qualtrics. The expansion covers topics such as cost savings, automation, and the impact of unstructured data on how websites provide information. COST SAVINGS Older systems in the federal government may have been designed to optimize for one function. When new administrations are elected, it is possible that alterations can be made, and the existing system can lead to inefficiency and slow data utilization. During the interview, Amanda Chavez details how a company like Qualtrics can help federal leaders understand friction points. This is especially effective when making a transition to the cloud. Bottlenecks are identified, and the remedy is provided, enabling the complete flexibility of the cloud to be leveraged. AUTOMATION Federal agencies are encouraged to do more with less. Automation can provide the solution to this challenge. Frequently, self-service channels can provide information to citizens faster and more reliably than a traditional human in a call center can. UNSTRUCTURED DATA Rishi Vajpayee discusses some of the weaknesses in how surveys about web experience have been conducted. He notes that unstructured data, such as text, email, and feedback, provides a much richer and deeper understanding of how to enhance a website's effectiveness. Qualtrics' upcoming federal summit in August aims to address these issues and improve service delivery. The Qualtrics Federal Summit event in August 2025 will discuss improving the federal website.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The current administration has a focus on reducing costs while also improving the delivery of goods and services. When it comes to handling data, innovations in code generated by artificial intelligence have enabled this remarkable goal. The challenge arises when transitioning from the data center to the hospital. " Fail early" may be a mantra for a software developer, but in a healthcare situation, it is unacceptable.   Today, we sat down with two executives from Phillips and explored the value of applying mobile technology to reduce cost and enhance patient outcomes in hospitals. Both gentlemen are military veterans, and the focus of the discussion is the Department of Veterans Affairs, which operates 170 medical centers and employs over 470,000 staff members. When examining the population of veterans, we can see that it has a wide distribution in rural areas. This can mean long trips for patients to get care. During the interview, we look at wearable devices that can provide information to physicians to help make treatment decisions. These can provide real-time health monitoring to act as an "early warning" system for patients. For example, it can detect signs of infectious diseases before symptoms appear.   Advances in machine learning and artificial intelligence enable Phillips to develop a risk score calculation that reduces exposure to vulnerable populations. Explore opportunities to further deploy Philips' remote monitoring and telehealth technologies within the VA healthcare system.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com According to Forrester, 48% of organizations have more than one hundred tools in a typical toolchain. How many are not being used? How many duplicates are there? How many can remove abilities in other tools? When you deal with a company, they are getting paid to focus on their solution and ignore others. When you deal with a reseller, they have biases, respond to changes quickly, and understand the complexities of vendors in “swim lanes,” which can include competitors. Today, we sit down with Sam O'Daniel, the President and CEO of TVAR. The conversation ranged from selection of the correct tool to procurement and licensing models. For example, in a recent interview, Scott Rose from NIST talked about modern technology that may include IPv6. The sad news is that it prevents scanning address blocks because it cannot scan all the addresses that IPv6 covers. TVAR collaborates with numerous vendors and is familiar with the strengths and weaknesses of each. Additionally, he understands which vendors work well together and respects the concept of their “swim lanes” in the context of federal technology. A typical federal leader cannot spend five hours a day keeping up with modern technology; resellers must maintain updated knowledge, which they can provide federal agencies with a perspective that few have. The conversation also addresses the challenges of procurement and the need for tool consolidation to minimize government waste.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com   Artificial Intelligence can dazzle people to the point where they lose focus on the objectives of the federal agency. In today's interview, Adam Lurie from Knexus begins by discussing a corporate strategy that combines research and innovation with engineering. This approach has been consistent over decades of serving the federal government. One stellar example of this fusion was their success in the $919 million 10-year Supply Chain Risk Illumination Professional Tools and Services (SCRIPTS) Blanket Purchase Agreement from the GSA. One of the challenges in “applied” AI is the data itself. Often, particularly in the federal government, there are strict rules governing the handling of data. We have all heard about the encryption of data at rest and data in transit. Given this limitation, it may be challenging to establish an iterative process that optimizes security and reliability. The answer from Knexus is to use synthetic data to emulate an actual sensitive federal data set. That way, several methods can be used to rapidly identify foreign influence, monitor vendor integrity, and visualize complex risk management scenarios. This innovation enables developers to optimize the security of a supply chain, taking into account variations that incorporate modern technologies and adapt to emerging threats. A key partner in this creative approach is Google. Knexus was recently named 2025's Google Cloud Business Application Partner of the Year for Government. Retaining security while innovating will be the key to applying AI to solve federal business needs now and in the future.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Fifteen years ago, Vivek Kundra began the “Cloud First” policy in the federal government.  It took five years for people beginning to talk about “cloud native” applications.  In other words, instead of a lift and shift to the cloud, developers could take advantage of the cloud's capabilities resulting in increased agility, scalability, and resilience. Well, here we are in 2025, and it sure looks like the early days of cloud computing.  Lots of dazzling, but few people know how to leverage efficiency, speed, and personalization of AI. Today, we sat down with Sri Iyer, CTO and Co-founder of a company called KOVR.AI.  Finally, he presents to listeners how AI can be applied to the tedious process of federal certification. We look at the complex process of CMMC. One aspect of CMMC is CUI.  It does sound simple, but if a company over scopes or under scoped CUI it can make for difficulty in completing the certification. Further, assets are changing all the time.  How can a company provide a detailed report of its assets at a specific moment in time?  Next, the employees in a typical federal contractor are billing 40 hours a week.  Is a business owner supposed to pull people off a revenue-generating position to complete CMMC tasks? Finally, what about the companies who supply the DIB?  In a normal supply chain, more than just the company seeking CMMC is part of the puzzle. Listen to the interview to see how the innovation Sri Iyer can be applied to making the CMMC process faster and easier to document. Iyer emphasizes the importance of proper documentation and training for CUI (Controlled Unclassified Information) and offers practical advice for companies to prepare for CMMC, including creating an inventory of IT systems and vendors, and seeking expert help.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Zebra Technologies is the best-kept secret in town. The reason is simple: Zebra Technology has been in business for 55 years and has achieved an impressive amount of success in the commercial world. Jan states that 80% of Fortune 500 companies rely on Zebra for asset tracking. Yet, if one were to walk through a federal technology trade show, one would never identify Zebra. In today's interview, we focused on how Zebra Technologies has had a relentless focus on replacing pen-and-paper systems with modern technology. One unexpected benefit of streamlining asset tracking is the reduction in time to prepare reports. Jan Ruderman states that audit preparation can be reduced from eight hours to twenty minutes. Federal technology leaders are drowning in data, much of which is generated by devices such as Operational Technology under the control of Information Technology. Logistics management is the only way to get control of a rapidly changing system. The real lesson is an application of commercial success to the needs of a federal government that is increasingly operating at the edge.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com There is a whirlwind of change in federal technology. For example, Federal News Network has reported that 25% of the IRS technology staff have left. Additionally, funding has been reduced, data stores are increasing, and we are all trying to understand the impact of Artificial Intelligence. Today, we sat down with Phoebe Nerdahl and Sayed Said from SNYK. They offer solutions to address the challenges of changing technology in this environment. The approach from SNYK is to start at the beginning of the code development process, what is called a shift left. They discussed the need for a secure framework for AI adoption, leveraging Snyk's proprietary database and security research team to enhance code security. The conversation also touches on the evolving definition of AI and its integration into various applications. Snyk's AI Trust Platform aims to protect against insecure AI-generated code, emphasizing continuous security monitoring and automation. They have a vulnerability database, which enables them to review code for potential issues. Further, their platform can automate this needed remediation.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Gregory Garrett, Chief Operating Officer at REI Systems, discussed digital transformation and innovation at the AWS summit in Washington, DC.  He has a fascinating background that includes a career as a fighter pilot, the publication of twenty-four books, and guest lecturing at Georgetown University. The stated goal of today's administration is to reduce costs and eliminate waste. Today's aging systems are prime candidates for innovation. Unfortunately, there is no "innovation" button that a federal leader can press to have a variety of suggestions at their fingertips, allowing them to choose the best alternatives for improvement. He has applied all this experience in dealing with talented software developers by organizing a competition for new ideas. It is REI's "REI Innovation Competition," which generated over 100 white papers and led to a proof of concept for government agencies. From REI's perspective, digital modernization must address issues such as legacy systems, code revision, and improved code documentation. As a case in point, Gregory Garrett reviews the success REI has had in the federal grants management program. During the interview, he delves into topics such as quantum computing and interoperability. Listen to the perspective of a digital leader who can extract innovation and leadership out of highly skilled software professionals.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Many of today's archaic federal systems have been built over decades. As a result, they are perfected but also fragile. One obvious source of vulnerability is the workforce that created it. It is hard to believe that COBOL was released in 1960 and is still active in some federal systems. The individuals who developed the code for these systems are now long past retirement age. Some code was accurately documented, and some were not. As a result, the process of transferring to a newer environment is fraught with concern. Until AI, the only way to understand the underlying code was for a human being to review it line by line. Everyone realized that this process was so tedious and time-consuming that an informal policy emerged, essentially patching the system. They kicked the can down the road for the next generation. Well, AI is her. It has the unique ability to review code, identify problems, and provide solutions quickly. This will drastically reduce the risk of moving antiquated systems from aging code systems. Today, we sat down with Kartik Mecheri from Karsun Solutions and Alan Thomas, former Commissioner of GSA FAS. During the interview, they offered suggestions on how best to accomplish the challenging task of digital modernization. Kartik emphasizes the value of a platform like ReDuX. Utilizing Amazon's Bedrock, ReDuX allows system developers to create a blueprint for the existing system. When combined with humans, this platform will save money on maintaining older systems and bring much-needed flexibility to new applications. Listen to learn how Karsun Solutions can reduce costs, increase flexibility, and improve efficiency in the process of digital modernization. The conversation also touched on the challenges of mission-critical systems, the role of AI in reducing risk, and the evolving job market, suggesting a shift towards strategic and innovative roles.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com How do you defend your website against an attack that can reach one hundred million requests a second? The federal government is in an unusual position: in addition to the "garden variety" attacks, such as phishing and ransomware, it is also subject to political attacks with a specific agenda. Ostensibly, they do not have financial motivation; their motivation is a political statement. Welcome to hacktivism. The tool they use is a tried-and-true, good, old-fashioned Distributed Denial of Service (DDoS) attack. If you consult your history books and shake off the dust, you will find that the first DDoS attack was recognized in 1996. Advances in cloud computing and AI have been a force multiplier for malicious actors to shut down websites. In the past, the attacker would remain anonymous; not today. Today's hacktivist often claims responsibility for the attack and publicize their demands. It has gotten to the point where DDoS attacks are available to consumers as DDoS-as-a-service. Pascal Geenes has authored an article about a particularly nasty DDoS attack, appropriately called "DieNet."  It attempts to instill doubt and chaos in a federal site. What is the defense? Pascal Geenes has identified vulnerabilities in APIs as a key attack vector. Many federal agencies are not aware of their API inventory. It is possible to scan a federal site, identify a flaw in an unused API, and leverage that knowledge to launch a DDoS attack. Radware's solutions, including AI-driven security, help mitigate these attacks quickly, reducing the mean time to resolution (MTTR). Heenan emphasizes the importance of being initiative-taking in cybersecurity. = = =

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, one plus one is three. Back in 2021, McAfee's Enterprise business merged with FireEye to form Trellix. Today, the net result is a company that generates $1.2 billion globally and $400 million in the public sector. In today's interview, Ken Karsten details how federal leaders can use Trellix to improve cybersecurity in a federal world with rapidly increasing end points. Setting the stage, Ken Karsten reviews an Executive Order 14028  from 2021 that encouraged federal agencies to aggressively protect endpoints, sometimes called Endpoint Detection and Response. In four short years, AI has transformed the way malicious actors attack end points and the defense had to be improved. Enter, Extended Detection and response. During the interview, Ken Karsten gives listeners an overview of XDR's continuous monitoring, advanced analytics, and rapid threat assessment and response capabilities. Advances in AI have allowed Trellix to deliver EDR and XDR capabilities at a drastically reduced cost. Topics in the discussion include Operational Technology, 5G, and Trellix's recent DoD IL5 authorization. Provide a link to download the Trellix Cyber Threat Report.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com If you are a regular listener, you know that I interview tech companies to have them elucidate the ways they can help federal agencies reach goals. Today, I will pull back the curtain and sit down with an HR professional from a successful company to understand his business and how he is hiring technical staff. First, Kentro has been in business for over twenty years and has a formidable reputation for ethical and responsible assistance in federal projects. Jun Choi is the Senior Vice President of Human Capital Services at Kentro. His company focuses on digital modernization, cybersecurity, and data and AI services. During the interview, Jun Choi highlights the importance of a growth mindset, adaptability, and practical experience over formal education. The focus is on growth because nobody has a crystal ball to divine what will happen in the next five years.  If the past is prologue, Kentro will expand, but where? Procurement methods are rapidly changing along with technology itself. Many of the skills needed today were not taught in universities in the past. As a result, Jun Choi likes to discover whether a candidate has been in situations where a flexible mindset has been the key to success. He has seen college graduates with simply basic skills. Unfortunately, today's AI can do all the basics easily. Humans need critical thinking when they understand the implications of a large language model. Choi remains optimistic about the future, predicting stabilization and innovation driven by AI.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Years ago, the headline “Data Breach” was shocking; today, it is common. That may not be a problem for some, but the federal government maintains data stores that contain information about finances, health, and military matters. A recent report has shown that 50% of federal agencies have reported data breaches. It appears that it's time to find a solution. Today, we sat down with Blain Canavan from Thales Group to examine the usual suspects and the potential threats ahead. THE USUAL SUSPECTS:   MFA:  Protecting data can be accomplished with something as basic as phishing-resistant Multi-Factor Authentication. The first step in identity management can significantly reduce threats. Encryption: Deploying encryption can protect data at rest, in transit, and memory. Keys to the Kingdom: Little-known methods of managing the PKI system can help reduce risk in protecting data. THEAT DOWN THE ROAD: QUANTUM Now that you have checked the boxes for basic data protection, it is time to get a grasp on what lies ahead. We have read about quantum cryptography for twenty years. Today, we have pre-standardized quantum-resistant cryptographic algorithms available. One needs to take action a little sooner. During the interview, Blair Canavan highlights the proactive measures taken by the US federal government, including the implementation of PQC-safe digital signatures by 2025. The “down the road” also has a delimitation -- Blair emphasizes the urgency of replacing outdated cryptographic methods, such as RSA and ECC, by 2030 and 2035, respectively. Include the 2024 data threat report. = ==

In this episode of the Federal Tech Podcast, host John Gilroy sits down with Vishwas Lele, CEO and co-founder of pWin.ai, and Larry Katzman, President and CEO of Applied Information Sciences (AIS), to explore how technology leaders can write smarter proposals in an increasingly complex federal landscape. The conversation dives into the current state of the government contracting industry, including how shifting policy initiatives are shaping new opportunities—and new challenges—for contractors. Larry shares firsthand insights on how AIS is adapting to these changes, the role of pWin.ai RFP tool in improving proposal efficiency and win rates, and what lessons they've learned along the way.