Back

Explore every episode of the podcast Tech Transforms

Dive into the complete episode list for Tech Transforms. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.

Rows per page:

1–50 of 84

TitlePub. DateDuration
Exploring AI Trends and Cybersecurity Evolution in the Federal Tech Landscape with Jason Miller10 Apr 202400:46:04

Jason Miller is the Executive Editor of Federal News Network and has covered the federal technology space over the course of five Presidential administrations. He brings his wealth of knowledge as he joins Tech Transforms to talk about AI, the top things government agencies are working towards this year and his predictions around FedRAMP changes. Jason also pulls on his decades of experience as he discusses events that changed the nation's approach to cybersecurity and the longstanding need to have data that is better, faster and easier to use.

Key Topics
  • 00:00 AI's impact on texting and cloud's significance.
  • 04:17 Federal Enterprise Risk Management in government tech.
  • 07:20 AI trends shifting toward real-time application.
  • 11:22 2025 and 2027 deadlines for zero trust.
  • 13:31 CISOs and CIOs adapting to modern technology.
  • 16:45 Frustration with FedRAMP leads to reform efforts.
  • 21:39 Applying similar model to expand decision-making.
  • 23:37 GSA discussed OSCAL at private industry day.
  • 27:55 CISA's role has grown within DHS.
  • 30:33 Increased transparency in cybersecurity changed approach significantly.
  • 34:17 Reflecting on the 2006 significance of data.
  • 39:19 AFCEA events bring together good people.
  • 42:53 Fascination with government architecture and dedicated government workers.
  • 44:35 Promoting positivity and accountability in government industry.

Cybersecurity Evolution: Examining Technology's Political Neutrality and AI Commitment Through Administrative ChangesConsistent Focus on Cybersecurity Evolution Across Political Administrations

Jason expressed a clear conviction that technology issues are largely immune to political fluctuation and are a continuity in government agendas. Reflecting on his experience across five administrations, he noted that the foundational technological discussions, such as cloud adoption, cybersecurity enhancement and overall IT improvement are fundamentally preserved through transitions in political leadership. He highlighted that the drive to enhance government IT is typically powered by the resilience and dedication of public servants, who generally carry on valuable reforms and initiatives regardless of the sitting administration's politics. These individuals are essential to sustaining progress and ensuring that technology remains a key priority for effective governance.

Federal IT Policies Consistency: "No one comes in and says, I'm against AI, or cloud is bad, move back on premise, or cybersecurity, defund cybersecurity. I think those are the issues that stay the same." — Jason MillerExecutive Orders and AI Adoption

Addressing the specifics of executive orders, particularly those influencing the implementation and development of artificial intelligence (AI), Jason examined their historical persistence and their potential to shape operational practices in the government sector. He and Mark discussed how the stability of AI-related orders through various administrations is indicative of a broader governmental consensus on the integral role AI holds in modernizing federal operations. Despite changes in leadership, the incoming officials frequently uphold the momentum established by their predecessors when it comes to leveraging AI. Indicating a shared, bipartisan recognition of its strategic importance to the government's future capabilities and efficiencies.

Cybersecurity Evolution: Zero Trust Principles and Network Security Challenges in Federal AgenciesZero Trust and Cybersecurity Budgeting

During the podcast, Carolyn and Jason delve into the current trends and expectations for federal cybersecurity advancements, with a particular focus on zero trust architecture. Their discussion acknowledged that agencies are on a tight schedule to meet the...

So What?: Understanding Disinformation and Election Integrity with Hillary Coover27 Mar 202400:40:42

Can you spot a deepfake? Will AI impact the election? What can we do individually to improve election security? Hillary Coover, one of the hosts of the It’s 5:05! Podcast, and Tracy Bannon join for another So What? episode of Tech Transforms to talk about all things election security. Listen in as the trio discusses cybersecurity stress tests, social engineering, combatting disinformation and much more.

Key Topics
  • 04:21 Preconceived notions make it harder to fake.
  • 06:25 AI exacerbates spread of misinformation in elections.
  • 11:01 Be cautious and verify information from sources.
  • 14:35 Receiving suspicious text messages on multiple phones.
  • 18:14 Simulation exercises help plan for potential scenarios.
  • 19:39 Various types of tests and simulations explained.
  • 23:21 Deliberate disinformation aims to falsify; consider motivation.
  • 27:44 India election, deepfakes, many parties, discerning reality.
  • 32:04 Seeking out info, voting in person important.
  • 34:18 Honest cybersecurity news from trusted source.
  • 38:33 Addressing bias in AI models, historic nuance overlooked.
  • 39:24 Consider understanding biased election information from generative AI.

Navigating the Disinformation QuagmireDissecting Misinformation and Disinformation

Hillary Coover brings attention to the pivotal distinction between misinformation and disinformation. Misinformation is the spread of false information without ill intent, often stemming from misunderstandings or mistakes. On the other hand, disinformation is a more insidious tactic involving the intentional fabrication and propagation of false information, aimed at deceiving the public. Hillary emphasizes that recognizing these differences is vital in order to effectively identify and combat these issues. She also warns about the role of external national entities that try to amplify societal divisions by manipulating online conversations to serve their own geopolitical aims.

Understanding Disinformation and Misinformation: "Disinformation is is a deliberate attempt to falsify information, whereas misinformation is a little different." — Hillary CooverThe Challenges of Policing Social Media Content

The episode dives into the complexities of managing content on social media platforms, where Tracy Bannon and Hillary discuss the delicate balance required to combat harmful content without infringing on freedom of speech or accidentally suppressing valuable discourse. As part of this discussion, they mention their intention to revisit and discuss the book "Ministry of the Future," which explores related themes. Suggesting that this novel offers insights that could prove valuable in understanding the intricate challenges of regulating social media. There is a shared concern about the potential for an overly robust censorship approach to hinder the dissemination of truth as much as it limits the spread of falsehoods.

The Erosion of Face-to-Face Political Dialogue

The conversation transitions to the broader societal implications of digital dependency. Specifically addressing how the diminishment of community engagement has led individuals to increasingly source news and discourse from digital platforms. This shift towards isolationistic tendencies, amplified by the creation of digital echo chambers, results in a decline of in-person political discussions. As a result, there is growing apprehension about the future of political discourse and community bonds, with Hillary and Tracy reflecting on the contemporary rarity of open, face-to-face political conversations that generations past traditionally engaged in.

The Shadow of Foreign Influence and Election IntegrityChallenges in India’s Multiparty Electoral System

In the course of the discussion, the complexity of India's...

Patrick Johnson on Unlocking the Potential: Enhancing Cyber Workforce and Technology in the Department of Defense29 Nov 202300:47:01

Have no fear, your new wingman is here! AI is by your side and ready to help you multiply your abilities. Patrick Johnson, Director of the Workforce Innovation Directorate at the DoD CIO discusses how his team is working to further implement AI ethically and safely in areas such as human capital to expedite finding talent. Patrick also shares his passion for building cyclical pipelines to ensure that talent, and ideas, flow seamlessly between the government and private sector. Join us as we dive further into AI’s benefits and how government and industry can be cyber workforce innovation partners.

Key Topics
  • 02:06 Lag in civilian workforce training upscaling needed.
  • 03:19 Balancing talent, training and automation for better security.
  • 08:22 Leaders understand AI as a force multiplier.
  • 12:15 Our motivations are different; utilizing AI for advancement.
  • 15:25 AI used for maintenance, scheduling, monitoring issues. Embracing technology.
  • 18:35 Questioning impact of technology on workforce integration.
  • 21:45 Knowledge, skills, ability, competency. Task-focused performance. Workforce coding. Qualification program ensures necessary skill sets. Tracking mechanism being developed. Vast department with skill spread.
  • 25:26 Real-time data for proactive leadership and action.
  • 27:05 Retention strategy includes talent competition and permeability.
  • 30:36 Improving marketing for civilian DoD jobs.
  • 33:49 It works for all sectors, find talent.
  • 40:19 Government employees and veterans bring valuable skills.
  • 41:27 Promote supply, train, partner for innovation.
  • 45:33 Virtual reality: future of government services and museums.

The DoD's Cyber WorkforceCyber Workforce Improvement Is Crucial

Patrick states that the Department of Defense's (DoD's) total cyber workforce, comprising military, civilian and industry partner contractors, is around 225,000 people. He notes that the DoD has the biggest gap in the civilian cyber workforce, which makes up about 75,000 people. According to Patrick, one of the key problems when bringing new cybersecurity technologies online is failing to adequately train the existing workforce on how to use and get value from those technologies.

Training and Upscaling the Current Cyber Workforce

Rather than pursuing full re-skilling of employees which can set them back, Patrick advocates for upskilling the current DoD cyber workforce. This involves assessing talent and capability gaps. Then providing the workforce with the necessary training to perform new technologies appropriately. Patrick states that partnering workforce members with automated processes like AI can help them become more effective by highlighting key info and threats.

The Importance of Training and Upscaling in the Cyber Workforce: "Well, it's great to put new technology on the table. But if you don't take the time to train the workforce you have in the programs or the systems you're bringing online, you lose that effectiveness and you don't really gain the efficiencies or the objectives that you need to be."— Patrick JohnsonAutomation and AIAI Is Seen as a Partnership With the Human Cyber Workforce

Patrick views AI as a partnership with the human workforce rather than a threat. He emphasizes that AI should be seen as a "wingman or wingperson" that boosts productivity and acts as a force multiplier. Patrick explains that AI excels at rote, tedious tasks allowing the human workforce to focus more on creativity.

AI Helps With Rote and Tedious Tasks

According to Patrick, AI is adept at attention-to-detail tasks that would be tedious for a human to manually perform. He provides the example of a cybersecurity analyst or defender whose productivity can be enhanced by AI highlighting anomalies in data...

Unraveling SBOM Challenges: AI, Transparency and Policy Perspectives in Software Security15 Nov 202300:46:45

Meet the man on a mission to make software bill of materials (SBOMs) boring. In this So What? episode, Tracy Bannon and Carolyn Ford sit down with Allan Friedman the Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency (CISA). Allan tells us about how he is working to change how all software on the planet is made and sold, no big deal right? Join us as we dive into the world of SBOMs, xBoMs, and Secure by Design.

Key Topics
  • 03:59 Track open source licenses, establish shared vision.
  • 08:47 Discussing US government requirements, diversity in software.
  • 12:07 Framework helps organizations with secure software development.
  • 13:49 Organizations unaffected, prepare for impending software changes.
  • 17:40 Concerns about sharing software with potential security risks.
  • 20:59 Concerns about network security and regulatory pushback.
  • 24:14 Enhanced security measures save thousands of hours.
  • 27:53 Applying AI and data bombs in conversation.
  • 32:38 Discusses the importance of SBOM in cybersecurity.
  • 36:29 Rewriting global code is a complex task.
  • 39:39 At RSA, little focus on secure design.
  • 41:53 Organization's need for SBOM, call to action.
  • 43:55 Cooking for diverse family, diverse food requirements.

Challenges and Implementation of SBOMsSelf-Attestation for SBOMs

Allan Friedman explained that there is currently a self-attestation model for SBOMs, where companies can sign a form stating that they have implemented SBOMs, rather than providing the actual SBOM data. This allows flexibility for organizations that are not yet ready to fully comply. However, it means buyers have to trust the attestation rather than seeing the SBOM details directly.

Secure Software Development Model Compliance: "The challenge there is turning the framework back into a compliance model. Because, again, at the end of the day, everyone wants to think about things. Right? Understand your risk, but you still need to make that yes or no decision."— Allan Friedman

Tracy Bannon noted some companies have concerns about sharing their SBOM data with customers, worrying that the customer may not have secure enough practices to properly protect the SBOM. Allan Friedman explained SBOMs do not need to be public - they can be shared privately between supplier and customer. Known unknowns in the SBOM can also help address concerns about revealing proprietary information.

Debate About the Risk of Sharing SBOMs as a Road Map for Attackers

Allan Friedman argued that sophisticated attackers likely do not need the SBOM, as they have other ways to analyze and reverse engineer software. Automated attacks also do not leverage SBOMs. He noted defenders actually need the visibility an SBOM provides into components and dependencies. There may be some risk of exposing attack surface, but the benefits seem to outweigh that.

The Importance of SBOM for Product Security: "If we had this, we had SBOM across our products today, it would save us thousands of hours a year Because whenever the next Log4j comes out, if you have a centralized machine readable, scannable system, It's not that hard." — Allan Friedman

Allan Friedman noted there has been some lobbyist pushback against SBOM mandates, often coming from trade associations funded by companies already implementing SBOMs. He said while healthy debate is good, many of the lobbyist complaints seem misguided or overblown.

The Potential Role of AI in Creating SBOMs and Its Implications for Security

Carolyn Ford asked whether AI could help automate SBOM creation, especially for legacy systems. Tracy Bannon cautioned that AI is not yet at the point where it can reliably generate code or understand large complex...

It's Time To Bust the Ghosts in Our Cars with Eric Monterastelli Halloween Series Part III31 Oct 202300:39:22

In the final, crossover episode of our three-part Halloween series, Eric Monterastelli, Public Sector SE at Delinea, Founder, Crew Chief of Gran Touring Motorsports and Host of the Break/Fix Podcast, joins Carolyn Ford and Tracy Bannon to discuss the scary reality of car security. Is your car spying on you? Can a nefarious actor take over your car? Does your car know your deep personal data like your immigration status, race and more? Hint: It can and it does.

Key Topics
  • 00:02:05 Technology advances put vehicles at risk.
  • 00:06:25 Hijacked Jeep's wireless signal, turning it off.
  • 00:07:35 Chrysler systems hacked due to digital admission.
  • 00:10:47 New EV platforms streamline technology for efficiency.
  • 00:15:13 Disconnect, purge and be careful: data can be accessed.
  • 00:18:58 Using TrueCar, author obtained personal information illegally.
  • 00:21:54 Pre-OBD2 Mercedes is OBD1.
  • 00:25:12 Mozilla uncovers alarming auto data collection.
  • 00:28:29 Future vehicles will have integrated alcohol-detection systems.
  • 00:32:48 Routers, cars can be hacked, collect data.
  • 00:35:42 Read your vehicle's owner's manual for instructions.
  • 00:36:55 Speak to rental clerk about removing data.

The Intersection of Cybersecurity, Car Security and the Ghostbusters MissionGhostbusters Mission: Car Security & Car Hacking

Eric Monterastelli talks about how cars have evolved to include more computing technology, which opens them up to potential attacks. He gives the example of a Jeep that was hacked to shut off while driving, demonstrating the real dangers.

Tracy Bannon contrasts U.S. car manufacturers that use many third-party components versus Tesla's more integrated system. She argues Tesla's approach may lend itself to more car security. The hosts explore different potential attack vectors into vehicles, like Bluetooth connections.

Mozilla Participants Share Automotive InfoSec Insights

Eric Monterastelli shares findings from a Mozilla report about the wide range of deep personal data that can be collected from cars. Including things like facial expressions, weight, health information and more. The hosts are alarmed by the privacy implications.

Tracy Bannon advocates that car manufacturers need to make cybersecurity a priority alongside traditional safety. She indicates cars are data centers on wheels, collecting information that gets sent back to big cloud data centers. They emphasize the need for vigilance from car owners about what information they allow their vehicles to collect.

Concerns About Data Collection in Modern VehiclesModern Car Security: Braking, Speed and Steering Patterns

Eric discusses the extensive data that is now collected by modern vehicles, especially EVs. He notes that information is gathered on things like stopping distances, brake pressure applied, vehicle speed and overall driving habits. This data is no different than the type of driver performance analysis done in race cars. Automakers are collecting real-world usage data from customer vehicles to analyze driving patterns and vehicle responses. Tracy adds that the average new vehicle contains over 100 different computers and millions of lines of code that are all networked together. This networked data covers areas like powertrain functions, safety features and infotainment systems. All of this interconnected data presents opportunities for tracking very detailed driving behaviors.

Privacy Risks in Driving: Collecting Personal Data and Concerns

Eric cites a concerning report that modern vehicles can potentially collect extremely sensitive personal data simply through normal driving. Including information on immigration status, race, facial expressions, weight,...

Insider Threats, Critical Infrastructure and Evolving AI, Oh My! with Grant Schneider Halloween Series Part II18 Oct 202300:44:49

In the second episode of our 3-part Halloween series, Grant Schneider, Senior Director of Cybersecurity Services at Venable and former federal CISO, discusses the frightening implications of insider threats, how we are protecting critical infrastructure, and what it was like working on cybersecurity in the White House under both President Obama and President Trump.

Key Topics
  • 00:03:59 Increased consequences led to rise of cybersecurity
  • 00:08:47 Insider threat, screening, hiring, malicious actor, Manning, Snowden
  • 00:09:53 Snowden challenges legality of government surveillance
  • 00:15:00 Adversary gains access, steals information, demands ransom
  • 00:19:19 Different levels of readiness present challenges
  • 00:23:15 Helping clients & coalitions for cybersecurity policy
  • 00:24:58 Consistency in technology and cybersecurity under past presidents
  • 00:27:47 Cybersecurity is like warfare or terrorism
  • 00:32:30 AI tools and data drive persuasive information
  • 00:34:50 National Cybersecurity Awareness Month raises awareness on cybersecurity and encourages action to protect businesses
  • 00:42:40 Diversity of experiences leads to career growth
  • 00:44:01 Adaptive, willing, and able to learn

Introduction to National Cybersecurity Awareness MonthPurpose of Raising Awareness About Cybersecurity

Grant explained that one of the great things about National Cybersecurity Awareness Month is exactly raising awareness and providing an opportunity to hopefully spend time thinking about and discussing cybersecurity. He noted that for organizations already focused on cybersecurity daily, the awareness month may not raise their awareness much more. However, many organizations don't constantly think about cybersecurity, so for business leaders and executives who may now recognize the existential threat a cyber incident poses, the awareness month offers a chance to have important conversations they may have previously avoided due to lack of understanding.

National Cybersecurity Awareness Month: "You're only one bad kind of cyber incident away from your organization not existing anymore."— Grant SchneiderOpportunities for Organizations to Have Conversations About Cybersecurity

According to Grant, leaders who don't grasp cybersecurity risks may personally fear initiating conversations to ask what the organization needs to do to address risks. National Cybersecurity Awareness Month provides an opportunity for these leaders to have the necessary conversations and gain education. Grant said the awareness month is a chance to discuss basics, like implementing multifactor authentication, patching and updates. He observed that much of the content produced for the awareness month focuses on cybersecurity fundamentals, so it allows organizations to dedicate time to shoring up basic defenses. Overall, Grant emphasized National Cybersecurity Awareness Month facilitates essential cybersecurity conversations for organizations and leaders who otherwise may not prioritize it consistently.

Evolution of Insider Threat in the Intelligence CommunityScreening Out Bad Actors During the Hiring Process

Grant explains that in the early days of his career at the Defense Intelligence Agency (DIA), insider threat mitigation focused on screening out bad actors during the hiring process. The belief was that malicious insiders were either people with concerning backgrounds trying to get hired, or nation-state actors attempting to plant individuals within the intelligence community. The screening process aimed to identify and reject potentially problematic candidates.

Nation-State Actors Planting Individuals Within the Community

He mentions the...

Unmasking the Specter: Mr. Egts' Journey into the Impact of Generative AI on Government Transformation | Halloween Series Part I04 Oct 202300:49:59

In the first episode of our 3-part Halloween series, Dave Egts, Mulesoft Public Sector Field CTO at Salesforce, details what's scaring the public sector most and how Salesforce is utilizing - and securing - AI to improve customer experience with their Einstein Trust Layer. Additionally, Carolyn and Dave dive into the spooky worlds of brain cell chips, mind-reading AI and more.

Key Topics
  • [02:17] Starting the Dave & Gunnar Show
  • [04:14] Dave's Role At Salesforce
  • [05:18] What's Scaring the Public Sector Most?
  • [10:22] Ways Agencies are Attracting Talent
  • [13:56] How Agencies Are Handling Legacy Systems
  • [15:45] What MuleSoft Does & Generative AI's Role
  • [22:44] Salesforce's Einstein Trust Layer
  • [29:21] PoisonGPT
  • [36:07] Brain Organoids & Other Spooky, Ethically Questionable Experiments
  • [42:15] Tech Talk Questions: Halloween Edition 

Quotable Quotes

Considerations for the Public Sector While Using AI: "As you're going on your AI journey, you've got to be looking at the EULA [End User License Agreement] and making sure that, okay, if I give you data, what are you going to do with it?"

On Bias & Disinformation in Generative AI: "There were some previous studies that show that people are more likely to go with the generative AI results if they trust the company and they trust the model. So it's like, 'Oh, it came from Google, so how can that be wrong?' Or 'I'm trusting the brand,' or 'I'm trusting the model.'"

About Our Guest

David Egts is MuleSoft’s first-ever Public Sector field CTO. Outside of MuleSoft, David is the founding co-chair of the WashingtonExec CTO Council, where he advises numerous companies on working with the public sector. David has received numerous industry-wide recognitions, including as an FCW Federal 100 winner, a FedScoop 50 Industry Leadership awardee and one of WashingtonExec’s Top Cloud Executives to Watch. He has won multiple employee honors from Red Hat, Silicon Graphics and Concurrent Technologies Corporation.

Episode Links

Dave & Gunnar Show Episodes


Additional Links


So What? China's Grip on Telecommunications with Jon Pelson, Author of "Wireless Wars"27 Sep 202300:49:16

In this So What? episode, Jon Pelson, author of the best-selling book "Wireless Wars," discusses China’s impact on the telecommunications space. He also shares the frightening security concerns around Chinese components in 5G networks and discusses why the FCC's ban on these components may not be enough.

Key Topics
  • [01:30] China's Success in the Telecom Industry
  • [05:12] China's Grip on 5G
  • [08:29] Are Your Communications Ever Private?
  • [13:00] The Influence of Technology
  • [15:53] What Would Happen if China Got Control?
  • [19:20] FCC Ban on Chinese Components
  • [24:50] Huawei's Placement Strategy
  • [30:05] Is the FCC Ban a Good Start?
  • [38:42] How America Takes Back Control
  • [44:51] Tech Talk Questions

Quotable Quotes

On Huawei's Tower Placement: "Our nuclear missile bases, our special operations command at the nuclear sub base are all served by Huawei cell equipment." I said, 'That's impossible. They have like 0.1% market share. How could they have every nuclear missile site?' I started looking into it. The reason I called the book 'Wireless Wars' is because it's a war that's being fought through what appears to be business means. This is not business." -Jon Pelson

On Why We Should Protect Data: "People say, 'I have nothing to hide.' Especially the younger generation says, 'Look, my privacy, in that regard, is not that important.' I was asked at the end of an interview, 'What would happen if China got control over us the way they're trying to?' I said, 'You don't have to scratch your head and do scenario planning. Look at places where China has control over the population.' -Jon Pelson

About Our Guest

Jon Pelson spent nearly 30 years working as a technology executive, including serving as vice president at Lucent Technologies and chief of convergence strategy for British Telecom. His work with China’s telecom industry during this time led Pelson to write his best-selling book "Wireless Wars" China’s Dangerous Domination of 5G and How We’re Fighting Back."

Episode Links
Insights from the Billington Cybersecurity Summit with Willie Hicks, Federal CTO at Dynatrace20 Sep 202300:22:32

On this special episode, Willie Hicks and Carolyn Ford discuss the Billington Cybersecurity Summit, as well as insights from panels, led by Willie, on workforce automation and zero trust.

Key Topics
  • [00:22] Willie's Workforce Automation Panel Highlights
  • [03:28] The Difference Between Training & Education
  • [11:11] Securing Data In A Zero Trust World Panel Highlights
  • [16:31] Willie's Experience with Constant Reverification While Working in Financial Data Protection
  • [20:44] Overarching Impressions from the Billington Cybersecurity Summit

Quotable Quotes

On the Human Factor: "I think this is always the case, that the human's usually going to be the weakest link. We're always the weakest link. But that's why that constant reverification is so critical."

On Generative AI: "We can't fear these things like generative AI. We've got to embrace it. We've got to use it. We've got to figure out how to use it and use it right and use it appropriately. But we have to figure out how to use it because you know who's using it? Our adversaries."

About Our Guest

Willie Hicks is the Public Sector Chief Technologist for Dynatrace. Willie has spent over a decade orchestrating solutions for some of the most complex network environments, from cloud to cloud native applications and microservices. He understands tracking and making sense of systems and data that has grown beyond human ability. Working across engineering and product management to ensure continued growth and speed innovation, he has implemented Artificial Intelligence and automation solutions over hundreds of environments to tame and secure their data.

Episode Links
Keeping Your Eyes Open For Opportunity with Sandi Larsen, Vice President of Global Security Solutions at Dynatrace06 Sep 202300:33:13

Sandi Larsen, Vice President, Global Security Solutions at Dynatrace, joins our host Carolyn Ford to share her perspectives on the relationship between zero trust and defense in depth. She also discusses her storied career, leadership and what it's like to be a woman in technology (although she dislikes the term). Additionally, Sandi shares her advice on identifying mentors, finding your voice and battling imposter syndrome.

Key Topics
  • [00:00] Introduction
  • [01:10] Sandi's Role at Dynatrace
  • [03:11] Sandi's Take on Zero Trust & Defense in Depth
  • [09:21] Sandi’s Career Path
  • [19:01] People in Technology and the Gender Gap
  • [25:26] Sandi's Key Takeaway for Listeners
  • [27:37] Tech Talk Questions

Quotable Quotes

On Finding Inspiration: “You just can't sleep on these pivotal people in your career whether they're ahead of you or beside you or even behind you, I’ve been inspired by people that I am mentoring.”

On Having Mentors: “Find mentors, they are just invaluable and will be throughout your whole entire career, no matter what stage you're in. At the beginning, at the middle, later in your career, they will always be indispensable for you.”

On Using Your Voice: “Speak up. Just have a voice. And if that voice in your head is planting doubt, don't listen to it. If it's coaching you on what to say and what not to say, and being wise about that, listen to that. But if it's planting seeds of doubt, you've got to you have to push it aside. And you have to take that step. Because if you don't, you might be missing out on the next best thing.”

About Our Guest

Sandi Larsen currently serves as the Vice President of Global Security at Dynatrace. Prior to joining Dynatrace in November 2020, Sandi held various positions, including sales and systems engineering roles in cybersecurity and financial services organizations.

Episode Links
Building a Community of Trust with Tom Billington, CEO of Billington CyberSecurity23 Aug 202300:38:51

Tom Billington, CEO of Billington CyberSecurity and Producer of the Billington CyberSecurity Summit, joins Carolyn and co-host Mark Senell to discuss the upcoming 14th Annual Billington CyberSecurity Summit, what goes into creating a valuable community for both the government and the commercial sector, and the important topics that will be the basis for this year's conference.

Key Topics
  • [02:58] - Founding the Billington Cybersecurity Summit
  • [09:59] - Developing Conference Topics
  • [12:43] - Bridging Federal and Commercial Cybersecurity
  • [16:02]- Critical Infrastructure at Billington
  • [19:04] - Commercial Industry at Billington
  • [21:45] - Registering for The Summit
  • [22:49] - Preparing Key Conference Themes
  • [24:46] - Hottest Topics at Billington This Year
  • [27:03] - What’s New About Zero Trust
  • [28:22] - Tech Talk Questions

Quotable Quotes

On Founding Billington Cybersecurity Summit: "I really started this business to be distinctly patriotic, to provide a serious dialogue in a way that I felt wasn't really being done at that time...So breaking into the federal cybersecurity community, to be honest, was hard as an entrepreneur. We had to build trusted relationship after trusted relationship. Over the course of 14 years, it's become decidedly easier now, now that we have had the privilege of having those trusted relationships."

On Zero Trust: "Many of the areas that zero trust encompasses have been around since the profession has existed in cybersecurity. But at no other time has the U.S. government proclaimed the importance of this overarching field as it has in the last few years. So it becomes important for the government. It becomes important for the industry leaders who serve them."

On International Cyber Collaboration: "So it's not just the U.S. team sport. It's an international team sport. The partnership with our international allies is crucially important."

About Our Guest

Before launching his company in 2010, Tom Billington spent nearly two decades producing hundreds of events, publications and articles for four of the world’s leading media companies: Reader’s Digest, Phillips Business Information, BNA (now Bloomberg BNA) and Thomson Reuters. Now, Tom is the CEO and Founder of Billington CyberSecurity, a leading independent education company founded in 2010 with an exclusive focus on cybersecurity education. Every year, he hosts the Billington Cybersecurity Summit, which is known as the world's leading government summit on cybersecurity with the unique educational mission of convening the who's who in cybersecurity: the senior leadership from the U.S. government, our allied partners, and their industry and academic partners.

Episode Links
Developing the Collective Defense with Ann Dunkin, CIO at the U.S. Department of Energy09 Aug 202300:38:25

Ann Dunkin, Chief Information Officer (CIO) at the U.S. Department of Energy (DOE), joins Carolyn and guest host Willie Hicks to discuss the National Cybersecurity Strategy and what it takes to secure a large agency like the DOE, as well as how agencies balance cybersecurity compliance and risk management. She also highlights the DOE's role in the Partnership for Transatlantic Energy and Climate Cooperation (P-TECCC) and the agency's relationship with its industry partners.

Key Topics
  • [01:47] - Affect of the National Cybersecurity Strategy on DOE Modernization Initiatives
  • [07:59] - Risk vs. Compliance
  • [14:17] - Protecting a Large Agency like DOE vs. Smaller Agencies
  • [16:49] - P-TECC Overview & DOE's Work with P-TECC
  • [23:14] - Implementing Lessons Learned from the Global Community
  • [26:11] - DOE Modernization Efforts & The Role of Public-Private Partnerships
  • [30:26] - Where Industry Can Improve
  • [36:03] - Tech Talk Question

Quotable Quotes

On the Collective Defense: "The principles of collective defense, which underlie the cybersecurity strategy are incredibly important. That concept that we can't individually be safe, we have to work together. Once upon a time, you'd say, oh, if my cybersecurity's better than the guy down the street, they'll go down the street and forget about me. And we just can't do that. We're too interconnected. There's too much work we do together. There's too many interconnections between our systems. We absolutely positively have to develop that collective defense. In addition, part of that collective defense is ensuring that the burden of defense falls to those most able to deliver on that." - Ann Dunkin

On balancing risk vs. compliance: "The reality is we can't do all the compliance. And so we absolutely have to look at risk to prioritize it. But I would argue that you should always look at your risk and balance that against your compliance exercises. Because number one, if you do all the compliance and then you start risk mitigation, you may be missing something big. But number two, because you probably don't have enough money to do all the compliance anyway." - Ann Dunkin

On workforce development: "I firmly believe that we need pathways to move people in between the private and public sectors. And we need to make it easier for people to cycle between those places over the course of their career to leave government, to come back to government and to learn from each other. And also for the government through DOE and through other places to help build a workforce within the government that looks like America. And then to help the rest of America grow their workforce capabilities." - Ann Dunkin

About Our Guest

Ann Dunkin serves as the Chief Information Officer at the U.S. Department of Energy, where she manages the Department’s information technology (IT) portfolio and modernization; oversees the Department’s cybersecurity efforts; leads technology innovation and digital transformation; and enables collaboration across the Department. Ms. Dunkin is a published author, most recently of the book Industrial Digital Transformation.

Episode Links
Advancing USPTO's Mission: Insights from Deputy CIO Deborah Stephens13 Mar 202400:45:12

Deborah Stephens, the Deputy Chief Information Officer for the United States Patent and Trademark Office (USPTO), “grew up” so to speak in the USPTO. Deborah led the USPTO on its agile journey. As the agency took on its “New Ways of Working, '' by moving people and resources closer to the work, she helped empower employees to build and deploy software. Deborah shares how she guided the agency through this 4-year change journey, gaining buy-in from the organization, which was proved by an engagement rate increase from 75% to 85%. Deborah also talks about what it means to be a HISP, running USPTO as a business that is entirely self-sustaining, and, in honor of Women’s History Month, the women who have inspired her along the way.

Key Topics
  • 05:54 Some embraced digital change, others struggled with it
  • 08:53 Most employees were ready for telework
  • 10:59 USPTO shifts to agile approach for IT
  • 16:41 Gathering feedback led to 10% engagement increase
  • 23:50 Customers submit 600,000+ patent and trademark applications yearly
  • 26:51 Agency conducts outreach through webinars and trademarks
  • 31:06 Customer experience and UX processes are fundamental
  • 33:45 USPTO offers different fee structures for entities
  • 35:30 USPTO runs efficiently with prioritization and budgeting
  • 39:43 Acknowledging strong women, personally and professionally
  • 43:21 Seek guidance and practice for success

Growth in Patent and Trademark RequestsSurge in Applications at USPTO

Deborah Stephens highlights a significant increase in the number of patent and trademark applications received by the USPTO over the years. This growth, from approximately 350,000 to 400,000 applications in 2012, with numbers continuing to rise, underscores the vibrant culture of innovation and creativity in the United States. The upward trend of applications is a positive sign of the country's ongoing commitment to innovation. However, it also presents logistical challenges for the USPTO. Including the need to process a higher volume of applications efficiently while ensuring the quality of examination does not diminish.

Transition to New Ways of Working in U.S. Patent and Trademark Office: "And so in around late 2018, 19, we began our, what we referred to as our agile journey. We named it our New Ways of Working, which essentially is an entire USPTO effort. Including our business unit with 12 other business units, moving people and the resources closer to the work. Giving them that empowerment, to build, deliver, deploy software, product services for our business stakeholders, and that's both internally and externally." — Deborah StephensUSPTO is Adapting to Increased Demand

In response to the growing demand for intellectual property protection, the USPTO has been proactive in seeking ways to maintain and improve service delivery. Deborah discusses the agency's approach to managing the influx of applications, focusing on scalability and efficiency. Despite the challenges posed by the increase in applications, the USPTO's designation as a High Impact Service Provider (HISP) has had minimal impact on its existing customer experience strategy. The agency's foundational commitment to delivering exceptional service to inventors and entrepreneurs remains steadfast. With an emphasis on continuous improvement and the adoption of new strategies to better meet the needs of the U.S. innovation community.

USPTO's Fee-Funded Model and Fiscal StrategyUSPTO’s Fee-Funded Operations

Deborah highlights the United States Patent and Trademark Office's (USPTO) operational model, which is uniquely self-sufficient. Relying entirely on fees collected from patent and trademark applications.

Supply Chain Meets Modernization with Dr. Aaron Drew26 Jul 202300:51:23

Dr. Aaron Drew, Technical Director for the Supply Chain Management (SCM) Product Line at the U.S. Department of Veterans Affairs Office of Information and Technology, joins Carolyn to discuss the challenges of supply chain, modernization and risk management. Dr. Drew outlines the steps an organization can take to modernize and maximize applications for end users as well as capitalize on data analytics to better prepare our nation for times of need.

Key Topics
  • [01:15] - Scale of Veterans Affairs
  • [05:21] - Supply Chain Tools and Challenges
  • [13:54] - Advice for Supply Chain Management
  • [20:24] - Tech Procurement
  • [24:10]- User Acceptance
  • [27:37] - Risks of not Modernizing
  • [32:29] - Security Requirements
  • [36:13] - Steps to Acquisition
  • [40:10] - Tech Talk Questions

Quotable Quotes

On identifying a need for a new tool: "If the tools you had before don't address that shift [in business], that change of dynamics, then that's when we have this gap. That's that delta between how you did business then and how I expect to do business tomorrow that will signify or call that ignition of this solution acquisition process." - Dr. Aaron Drew

On understanding user needs: "Either you are meeting them [users] where they are, which is very important, or you've lived it, which allows you to relate and commiserate with those who are working across a day-to-day basis, that's what's going to bring you organically to the problem. That's going to allow both parties then to own the solution." - Dr. Aaron Drew

About Our Guest

Dr. Aaron J. Drew is the Technical Director for the Supply Chain Management (SCM) Product Line at the U.S. Department of Veterans Affairs. Previously, Dr. Drew simultaneously served as the Chief Engineer & Chief Architect for the Financial Management Business Transformation Special Program Office (FMBT-SPO) and the Chief Engineer & Chief Architect for the Supply Chain Modernization Program. 

Episode Links
So What? Generative AI with Tracy Bannon12 Jul 202300:35:18

Tracy Bannon, Senior Principal/Software Architect & DevOps Advisor at MITRE, returns to Tech Transforms for our So What segment to discuss all things generative AI. Following Tracy's presentation at the RSA Conference 2023, she and Carolyn discuss everything from software development lifecycle to the potential that various AI models may have.

Key Topics
  • [01:29] - Software Development Lifecycle: RSA Conference Recap
  • [04:48] - Generative AI as a Service
  • [07:36] - Potential for Disinformation
  • [12:04] - Potential of AI for Developers
  • [17:15] - Low Code / No Code Capabilities
  • [26:14] - Discussion Roundup
  • [31:14] - Tech Talk Questions

Quotable Quotes

Definition of generative AI: "Generative AI is under the umbrella of large language models. And a large language model is just that. It is a model where vast amounts of text data have been fed in and it uses statistical analysis to figure out the likelihood that words or phrases go together." - Tracy Bannon

On generative AI models: "It's only as good as the information that's going in, garbage in, garbage out." - Tracy Bannon

Generative AI advice: ''Know that we have to really get focused on the ethics of using these tools. Know that there are big security risks, but get familiar. Get familiar. It isn't going to take your job today. It is going to augment many jobs, but it's not going to take them completely away." - Tracy Bannon

About Our Guest

Tracy Bannon is a Senior Principal with MITRE Lab's Advanced Software Innovation Center. She is an accomplished software architect, engineer and DevSecOps advisor having worked across commercial and government clients. She thrives on understanding complex problems and working to deliver mission/business value at the speed. She’s passionate about mentoring and training, and enjoys community and knowledge building with teams, clients and the next generation. Tracy is a long-time advocate for diversity in technology, helping to narrow the gaps as a mentor, sponsor, volunteer and friend.

Episode Links
Developer User Experience With Alan Gross21 Jun 202300:44:21

Alan Gross, Solutions Architect & Tech Lead at Sandia National Laboratories, joins Carolyn to talk about how DevOps is being leveraged to support the Department of Energy's contractor operated research lab. Alan dives into some of the initiatives at Sandia National Laboratories, and how he is applying his personal philosophy around user experience ops, or "UX Ops," to support the mission.

Key Topics
  • [01:12] About Sandia National Laboratories
  • [03:50] Sandia's role in national security
  • [06:25] DevOps versus DevSecOps
  • [13:45] Department of Energy and Sandia
  • [17:40] Sandia initiatives: a year of climate in a day & Hypersonic weapons
  • [21:00] Alan's DevOps journey and advice for developers
  • [33:55] Tech Talk questions

Quotable Quotes

Alan on DevOps: " DevOps is about trying to deliver quickly and learn from your mistakes as fast as you can. So shifting left is part of that philosophy. If you have security issues with your software, you want to know about that as quickly as possible, because if you've already deployed to production, it's almost too late." - Alan Gross

On what advice Alan would give to new developers: "It's about failing fast and failing forward...How quickly can you learn new things, get new code and new products out in front of your users, and understand how they engaged with that." - Alan Gross

About Our Guest

Alan works as a full stack developer and technical lead at Sandia National Labs, with six years of experience in web technologies development. He develops within Python, Angular and .NET ecosystems, with a focus on enabling the developer experience at Sandia with novel solutions for the labs’ diverse development, software governance, security and business intelligence needs. Alan leads a team that is committed to reducing technical debt by emphasizing DevSecOps, modern application architecture (such as microservices) and data-driven outcomes.

Episode Links
Power in the Age of AI with Author Paul Scharre07 Jun 202300:47:20

Paul Scharre, Vice President and Director of Studies, at Center for a New American Security (CNAS), joins Carolyn and Mark to dive into his newest book, Four Battlegrounds: Power in the Age of Artificial Intelligence. From the first time he recognized the power AI could hold, to the ways AI may put us on a path to global peace, Paul offers valuable insight and perspective on the field of artificial intelligence and machine learning.

Key Topics
  • [01:44] About Paul Scharre
  • [02:50] When Paul Scharre recognized the power of AI
  • [07:17] The four Elements of the Battlegrounds
  • [12:57] Paul Scharre's take on the technological divide in the United States, and how we can solve it
  • [20:10] U.S.'s standing in comparison to Nation-State adversaries
  • [26:18] Establishing globally agreed upon AI guardrails
  • [31:45] The exponential growth of AI
  • [42:12] Top requirements to achieve global peace

Quotable Quotes

On Paul's main focus when working at the Pentagon: "How can we use robotics to help create more distance between our service members and threats?" - Paul Scharre

Role of humans in AI: "Having data and computing hardware, having chips alone, doesn't get you to some meaningful AI tool. You also need the human talent" - Paul Scharre

On adversary AI advancement: "Fundamentally, both the US and China are going to have access to AI technology, to robust AI ecosystems, big tech companies, startups within each country, and the bigger challenge is going to be: How does the military take this technology, work with its civilian AI scientists, and then translate this into useful military applications?" - Paul Scharre

About Our Guest

Paul Scharre is the Vice President and Director of Studies at the Center for a New American Security. Prior to this role and becoming an award-winning author, Scharre worked in the Office of the Secretary of Defense (OSD) where he played a leading role in establishing policies on unmanned and autonomous systems and emerging weapons technologies. He led the Department of Defense (DoD) working group that drafted DoD Directive 3000.09, establishing the department’s policies on autonomy in weapon systems. He also led DoD efforts to establish policies on intelligence, surveillance, and reconnaissance programs and directed energy technologies.

Episode Links
Automated Governance with Michael Edenzon25 May 202300:38:44

This week, Michael Edenzon, Co-Founder of Fianu Labs, joins Tech Transforms to talk about why automated governance is so critical to mission success. Michael also provides some great insight into his recently co-authored book Investments Unlimited.

Key Topics
  • [02:08] About Fianu Labs
  • [04:54] What passes as evidence and how does it play into automated governance?
  • [09:29] Michael's book: Investments Unlimited
  • [16:50] Automated governance vs. Authority to Operate
  • [28:33] Taking software asset inventory
  • [35:40] Tech Talk Q&A

Quotable Quotes

On what counts as evidence in the context of software governance: "Our real focus in that regard is trying to get people to realize that evidence isn't just this random metadata that's captured from here and there, but instead it's going through all of the enrichment and providing all of the context that's necessary for an auditor to come and reproduce those results that you're using to base your enforcement off of." - Michael Edenzon

On how automated governance relates to Authority to Operate: "It [automated governance] is a method for achieving the ATO. So it can accelerate your ATO process and it can help you reach it faster, but what automated governance really is, is a means of achieving continuous ATO." - Michael Edenzon

About Our Guest

Michael Edenzon is a senior IT leader and engineer that modernizes and disrupts the technical landscape for highly-regulated organizations. Michael provides technical design, decisioning, and solutioning across complex verticals and leverages continuous learning practices to drive organizational change. He is a fervent advocate for the developer experience and believes that enablement-focused automation is the key to building compliant software at scale.

Episode Links
The Scoop with Nihal Krishan Part 2: TikTok11 May 202300:35:34

In this episode of Tech Transforms, Nihal Krishan, tech reporter at FedScoop, discusses how and where the American government is lagging behind in technology, but there is a focus on modernization to improve the situation. We also talk about the need for comprehensive data privacy legislation and how budget caps may impact government agencies' modernization initiatives. Additionally, we explore concerns surrounding TikTok's ownership and data privacy, as well as the addiction and potentially harmful effects of the platform. We also touch on the importance of respecting sources as a journalist and provide a few podcast recommendations. Finally, we look at the challenges in understanding algorithms used by TikTok and how they could be used to promote divisive content. Join us to learn about these transformative topics in the tech world!

Introducing Our Guest, Nihal Krishan

Nihal Krishan is a journalist who has covered the controversies surrounding TikTok. He highlights the privacy violations committed by the company when it accessed journalists' personal information to control their narrative. Krishan also acknowledges the legitimate fears surrounding the app since TikTok's parent company is based in China. However, he notes that there is no objective evidence of the Chinese government misusing American data obtained through TikTok. He raises the question of whether American social media companies are any better at safeguarding data than TikTok. Krishan argues that the debate over TikTok highlights the need for data privacy legislation in Congress.

Key Topics:
  • Government Budget and IT Modernization
  • Privacy and Security on TikTok
  • Social Media and Data Privacy

Episode Highlights:
  • [00:00:57] TikTok has been criticized for invading journalists' privacy to control their perceptions of the app, but the evidence for harm is primarily based on perception and politics. There are concerns about Chinese government access to American data, but it has not been proven yet. The issue of data privacy is a larger problem for social media companies in general and calls for legislation.
  • [00:06:04] TikTok is a popular Chinese-owned social media platform with almost a billion users, mainly Gen Z, and its popularity has caused concerns about national security and data privacy in the US.
  • [00:10:13] Understanding TikTok's algorithms is like understanding Facebook and Google's algorithms. The government is concerned that TikTok could sow seeds of discord like how Russians did in 2016 on Facebook. It's a complicated problem faced by all social media platforms.
  • [00:12:29] TikTok is highly addictive and has a powerful algorithm that tailors to a user's preferences. Instagram and other apps are trying to copy its success. Concerns arise over its safety and effects on users, especially children and those with attention issues, requiring regulations.
  • [00:14:57] Data privacy laws are crucial for people who don't have time to limit their phone and social media use. Bipartisan support exists for Children's data and app time protection, but comprehensive legislation is still needed.
  • [00:18:54] US government lags behind in technology; modernization is a key issue for federal agencies and Congress has formed an IT Modernization Committee to improve it, but bureaucracy and political battles affect appropriations for IT modernization.
  • [00:22:31] Caps on spending for agencies may hamper modernization efforts.
  • [00:24:18] Budget cuts expected on unspecified agencies and programs; impact and details unknown. Reporting on changes to come. Cybersecurity noted.
  • [00:25:50] Journalists rely on trust to get information and protect sources. Most people's comments are not newsworthy, and journalists don't report everything they hear. Building relationships and protecting sources is important for breaking good...
The Scoop with Nihal Krishan Part 1: ChatGPT09 May 202300:28:45

Nihal Krishan, Tech Reporter at FedScoop joins Carolyn for a special two-part episode to talk about some of the hottest topics in government tech. In Part 1, Nihal gives some eye-opening insight on all things ChatGPT including security, privacy, and national bans.

Episode Table of Contents
  • [0:25] Introducing Our Guest, Nihal Krishan
  • [7:39] We Need to Upskill
  • [15:45] How the U.S. Government Is Dealing With ChatGPT
  • [23:00] Stanford University Human Center Artificial Intelligence Index Report of 2023
  • Episode Links and Resources

Episode Links and Resources
Baked-In Security with Col. Frost at U.S. Cyber Command26 Apr 202300:50:42

Col. Candice Frost, JIOC Commander at United States Cyber Command joins Carolyn and Mark to talk about her journey as a lifelong-learner, and how she is applying her skills to the innovative work at Cyber Command. From the importance of public-private partnerships, to teaching our kids healthy cyber security habits, Col. Frost offers her valuable insights on how we can all think innovatively and better secure our nation.

Episode Table of Contents
  • [0:29] Col. Frost’s Journey to Being the JIOC Commander at US Cyber Command
  • [8:04] How US Cyber Command Came to Be
  • [16:04] Understanding the Nature and Psychology of War
  • [23:35] The Parts Played by US Cyber Command in Our Security
  • [30:46] The Thrill of Working at US Cyber Command
  • [37:55] How US Cyber Command Keeps Everyone Safe
  • [44:31] Nothing is True and Everything is Possible

Episode Links and Resources
Design, Build, Deploy, and Maintain with Commander Jonathan White at U.S. Coast Guard12 Apr 202300:50:09

Commander Jonathan White, Cloud and Data Branch Chief at the United States Coast Guard joins Carolyn and Mark to talk about the groundbreaking developments his team is doing with C5I. Commander White stresses the importance of public-private partnerships, and gives tips on how agencies can better approach the future of technology.

Episode Table of Contents
  • [0:33] What Is C5I?
  • [7:54] What Are the Goals of C5I
  • [15:12] What the Future Holds for C5I
  • [22:35] Commander White’s Favorite Project Pre C5I
  • [29:39] What Role Has Industry Played for C5I
  • [35:14] Pieces of Advice
  • [40:23] From the First Piece of Technology to C5I
  • [45:16] Introduction to AI
  • Episode Links and Resources

Episode Links and Resources
Safeguarding Our Most Trusted Software with Open Source Technology with Stephen Magill29 Mar 202300:41:41

Stephen Magill, Vice President, Product Innovation at Sonatype dives into the complexities of open source and software security. Find out how government agencies are utilizing open source, and what Sonatype is doing to help secure our most trusted software.

Episode Table of Contents
  • [0:23] The Core Focus Area of Open Source Technology
  • [7:24] The Security Measures Open Source Implements
  • [14:32] A Vulnerability in the Open Source
  • [21:42] The Vulnerability Log4j Poses in the Open Source
  • [29:06] Identifying the Root of the Problem
  • [36:01] Watching Out for Malicious Code

Episode Links and Resources
Beyond Compliance: Elevating Cybersecurity Practices with Travis Rosiek28 Feb 202400:42:26

As technology rapidly evolves we as a nation need to anticipate the attacks that may come about as a result of that innovation. Travis Rosiek, the Public Sector CTO at Rubrik and former Leader at the Defense Information Systems Agency (DISA), joins Tech Transforms to talk about how the government’s approach to technology and relationship with industry has evolved over the last twenty years. He also discusses compliance, including FedRAMP compliance, managing the vast amount of data that is generated daily across the government and industry, and the importance of the U.S. Government building cyber resilient systems. Catch all this and more on this episode of Tech Transforms.

Key Topics
  • 00:00 Government fielded and tested tech capabilities, explained compliance.
  • 05:23 Enhanced security collaboration, compliance, and risk minimization.
  • 09:14 Experience in government and commercial capabilities. Innovation.
  • 10:12 Commercial companies prioritize profitability over long-term planning.
  • 14:38 Challenges in public sector recruiting and retention.
  • 18:49 Outsourcing SaaS applications frees up resources. AI evolving, human input remains essential.
  • 22:33 Assessing incident response: Operational evaluation, not just compliance.
  • 25:57 Vendors and program office face process challenges.
  • 29:46 Secure cloud data access: visibility, risks, controls.
  • 32:27 Emphasizing need for security in IT systems.
  • 36:44 CISOs face challenges in evolving tech landscape.
  • 38:11 Support CISOs, recruit and retain talent, accountability.

Evolving Cybersecurity Practices: A Shift to 'Cloud Smart' StrategiesTravis's Perspective on Cloud Misconceptions

Travis discusses the early days of cloud adoption, which were often fueled by misconceptions about its benefits. The migration toward cloud computing was commonly believed to be a cost-effective solution that would reduce expenses and simultaneously enhance security. However, he points out that this was not always the case. Many organizations have since realized that the initial cost of moving to the cloud can vary greatly based on specific use cases and applications. This realization has led to a strategic shift toward what Travis refers to as a "cloud smart" approach. Highlighting the need for a more discerning and tailored evaluation of how cloud resources are utilized.

The Role of Commercial Companies vs. Government in Problem-Solving: "Industry is great about solving problems. You know, driving that capitalism type of culture, building capabilities, selling solutions. And they're quicker to implement, adapt and deploy capabilities where the government is very slow in implementation of these you know, they can figure out the problem." — Travis RosiekThe 'Cloud Smart' Strategic Approach

Taking a "cloud smart" approach indicates a maturation in the perception of cloud services by government agencies and businesses alike. Rather than a blanket strategy of cloud-first, Travis indicates that there is now a more nuanced consideration of when and how to use cloud services. He underscores the importance of aligning cloud adoption with an organization's unique needs. Including the potential scalability, security and cost implications. This approach suggests a collaborative and informed decision-making process. Recognizing that the cloud offers a variety of solutions, each with different features, advantages and trade-offs that must be carefully weighed against organizational goals and objectives.

Navigating Cybersecurity Practices in Cloud MigrationThe Balance of Technical and Non-Technical Implications in Cloud Migration

Travis discusses the intricacies involved in organizational cloud migrations. Emphasizing that these undertakings are not solely about technological transitions but...

The Scoop on Federal Technology with Billy Mitchell15 Mar 202300:43:49

Billy Mitchell, Editor-in-Chief at FedScoop joins Carolyn to discuss surveillance, national intelligence, the benefit of partnerships, and more. Billy gives his perspective on today's hot topics in federal technology, and what he thinks may be coming next.

Episode Table of Contents
  • [0:23] Federal Technology and Its Battle Against Balloons
  • [7:18] Varying Opinions Towards Federal Technology Problems
  • [14:41] Federal Technology Embraces Industry Technology
  • [21:56] Federal Technology Means Business
  • [29:33] Implementation of Zero Trust in Federal Technology
  • [36:54] Billy Mitchell’s First Encounter With Technology

Episode Links and Resources
Veterans Affairs: Better, Faster, Safer with Dan McCune, Deputy Chief Information Officer01 Mar 202300:45:04

Dan McCune, Deputy Chief Information Officer at U.S. Department of Veterans Affairs joins Carolyn and Mark to discuss the transformative work happening at the VA. With millions of end users, Dan explains how his dedicated teams are working to make the VA better, faster, and safer for our veterans.

Episode Table of Contents
  • [0:29] The Place to Go for Veterans Affairs
  • [7:51] Veterans Affairs Approach Towards Modernization
  • [14:53] The Forcing Function of Veterans Affairs
  • [21:48] Veterans Affairs Makes Things Easy for Veterans
  • [31:29] How AI Can Improve Veterans Affairs Services
  • [40:44] The Next Big Leap in Technology

Episode Links and Resources
UK Home Office: Metrics Meets Service with Dimitris Perdikou08 Feb 202300:36:54

Dimitris Perdikou, Head of Engineering at the UK Home Office, Migration and Borders joins Carolyn and Mark to discuss the innovative undertakings of one of the largest and most successful cloud platforms in the UK. With over 3,000 technical users, and millions of end users, Dimitris sheds some light on his experience with SRE, User Experience, and Service Monitoring.

Episode Table of Contents
  • [0:21] Inside the Massive Programs That the UK Home Office Offers
  • [7:00] The Importance of Observing Cost Efficiency
  • [12:25] The Monitoring Pack of the UK Home Office
  • [17:59] UK Home Office Take on a Good User Experience
  • [24:09] Why UK Home Office Didnt Have to Reinvent the Wheel
  • [30:20] Let the Experts Do Their Job
  • Episode Links and Resources

Episode Links and Resources
N.W.O.W. with Jamie Holcombe, Chief Information Officer at USPTO25 Jan 202300:45:56

Jamie Holcombe, Chief Information Officer at USPTO joins Carolyn and special guest host Willie Hicks to talk about Zero Trust, PMO, encryption and more. Listen in to learn about the innovative steps USPTO has taken to develop New Ways of Working.

Episode Table of Contents
  • [0:41] Zero Trust According to Jamie Holcombe, CIO of USPTO
  • [7:56] The Effects of Reauthentication
  • [13:09] You Need to Have a Focus and a Mission
  • [18:46] New Ways of Working
  • [25:43] Not Everything Needs to Be Protected
  • [32:59] USPTO’s Four Pillars of Intellectual Property
  • Episode Links and Resources

Episode Links and Resources
Feed Drop: Willie Hicks On Federal Tech Podcast05 Jan 202300:28:57

Willie Hicks, Dynatrace’s Federal Chief Technologist recently appeared on the Federal Tech Podcast. It is such a great interview we wanted to make sure our Tech Transforms audience got to listen. Enjoy this crossover episode with Federal Tech Podcast!

Episode Links and Resources

Ep. 42 Vulnerability Management for Federal Systems

Federal Tech Podcast

Willie Hicks

So What? Taking A Closer Look with Nicolas Chaillan, Former Air Force Chief Software Officer21 Dec 202200:52:05

Nicolas Chaillan joins Carolyn and Tracy to shed some light on his experience in the Air Force and gives his thoughts on government movement in the past year. Nicolas talks about the importance of social media privacy and protection.

Episode Table of Contents
  • [0:59] Introducing Our Guest, Nicolas Chaillan
  • [10:06] Have We Regressed in Cyber?
  • [17:58] There Is a Reward for Not Taking Risks
  • [24:29] The Worst Thing That Ever Happened Was Agile
  • [31:46] The Amount of Information TikTok Gather
  • [40:17] We Need to Teach the Basics of Life to Kids
  • Episode Links and Resources

Episode Links and Resources
Armchair Quarterback: Tech Trends with John Curran14 Dec 202200:33:24

John Curran, Executive Editor at MeriTalk joins Carolyn to discuss 2022 technology trends and shares his predictions for federal technology in 2023.

Episode Table of Contents
  • [0:25] The Armchair Quarterback
  • [8:08] Are There Agency Efforts in 2022?
  • [15:45] Technology Trends on Implementing DevSecOps
  • [21:36] The Big Technology Trends Coming on 2023
  • [26:56] Technology Trends Need to Be User Friendly
  • Episode Links and Resources

Episode Links and Resources
Application Management for Federal Government16 Nov 202200:40:32

Andrey Zhuk, Federal Security Architect at CTG joins Tech Transforms to unpack the topic every agency is talking about: cybersecurity mandates. Listen in to learn more about Andrey's recent eBook breaking down who mandates affect, why they are important, and how agencies can successfully meet requirements.

Episode Table of Contents
  • [00:24] Introducing Our Guest, Andrey Zhuk
  • [08:48] The Rate of Change in Cybersecurity Mandates
  • [18:43] Break and Inspect
  • [28:26] Show Progress on Cybersecurity Mandates
  • Episode Links and Resources

Episode Links and Resources
So What? Federal News Roundup on Psychological Safety02 Nov 202200:56:35

Duong Hang, Deputy Director at the Department of Defense Platform One joins Tech Transforms to address a topic that's been circulating recent headlines: Psychological Safety. Listen live as Carolyn and Tracy learn how agencies and organizations can implement psychological safety to improve retention and operations.

Episode Table of Contents
  • [04:00] What Is Psychological Safety
  • [10:35] The Challenge of Safeguarding Employee’s Psychological Safety
  • [19:48] Command and Control
  • [28:56] Closer Proximity Help Build Psychological Safety
  • [35:56] Psychological Safety Starts From the Top
  • [44:14] Psychological Safety Can Be Observed

Episode Links and Resources
So What? Federal News Roundup on Zero Trust with Paul Puckett, Director of the Army’s Enterprise Cloud Management Agency28 Sep 202200:56:33

Paul Puckett, Director of the Army’s Enterprise Cloud Management Agency joins Tech Transforms to shed some light on one of government technology's most used buzzwords: Zero Trust. Listen in as Carolyn and Tracy learn what it really means to remove implicit trust and how agencies are prioritizing user experience and data protection.

Episode Table of Contents
  • [01:03] The Enterprise Cloud Management Agency
  • [10:41] The Context of Zero Trust
  • [19:55] A Zero Trust Reference Architecture
  • [29:28] Protecting the Data that Falls to the Zero Trust Architecture
  • [39:00] The Traditional Dogma
  • [50:07] Data Sharing on Zero Trust
  • Episode Links and Resources

Episode Links and Resources
From Special Ops to Cybersecurity: A Veteran's Journey in National Security14 Feb 202400:50:48

Sebastian Taphanel has spent his life on the cutting edge of technology and innovation. This week on Tech Transforms, Sebastian is sharing tales and lessons learned from his 20 years in DoD Special Ops and intelligence and 20 years implementing sound security engineering practices focused on implementing zero trust and highly resilient environments. Join Sebastian as he recounts his time in Special Forces taking his units out of the dark ages from secure fax communications to setting up an intranet, and how he continued with that innovative spirit through his 40-year career. He also shares his new passion, encouraging the industry to utilize disabled veterans to help fill both the cybersecurity and AI workforce gaps. They, after all, already have a call for the mission.

Key Topics
  • 03:38 ODNI CIO responded quickly with Microsoft Azure.
  • 07:03 Protecting data via application container, expanding capabilities.
  • 11:01 Zero Trust redrawn cybersecurity model, data-centric approach.
  • 13:57 Developing zero trust plan for downstream organizations.
  • 18:50 Ensuring security while sharing information and protecting IP.
  • 21:35 APIs, containers enable fluid, flexible data access.
  • 24:20 Data protection systems allow secure sharing and storage.
  • 27:02 Addressing cybersecurity workforce gap and AI need.
  • 29:39 In 1998, new commander requests secure WAN.
  • 33:49 Applied for certified protection professional, highest security certification.
  • 36:28 Passionate about supporting disabled vets in cybersecurity.
  • 39:55 Mentoring government employees for cybersecurity and AI/ML.
  • 45:32 Using advanced generative AI solutions for copywriting.
  • 47:19 Update cybersecurity tools and systems for new threats.
  • 49:50 Respect for those dedicated to automation.

Enhancing Secure Communication and Cloud Environments in Special OpsSpecial Ops Agility: Adapting to Remote Collaboration with Secure Cloud-Based Workspaces

Sebastian Taphanel’s experience spans twenty years in DOD Special Ops and Intelligence, followed by consulting in security engineering. The focal point of this episode is his role in advancing cybersecurity practices at the ODNI. Particularly emphasizing resilient cloud-based environments.

Sebastian describes the quick adaptation during the pandemic which led to the rollout of an ad hoc cloud-based workspace to ensure the ODNI's mission could endure despite the workforce being remote. GCC High, or Government Commercial Cloud High as conceived by Microsoft, is revealed as the successor to the initial setup. Providing a more secure platform managed strictly by U.S. persons. The approach highlighted the agility of cloud technology for remote collaboration within federal agencies.

Cybersecurity in Intelligence Sharing: "Essentially, reciprocity is a process and also a culture of accepting each other's risks. And that's really the bottom line on all that." — Sebastian TaphanelUnfolding the GCC High Environment

The intricacies of implementing Microsoft Azure and M365 (Office 365) are detailed as Sebastian underlines their pivotal use in creating an intranet with controlled document sharing and editing. These implementations include robust Mobile Device Management. Then a BYOD Mobile Application Management system that protects sensitive data in government and personal devices. Thereby, ensuring operational security and flexibility.

Special Ops Communication Evolution

Sebastian advanced from using secure faxes for interstate communication within military units to establishing a multi-state secure WAN. This resulted in a significant leap in communication efficacy for special operations. Sebastian shared the...

Government Technology News: Funding, Contracting and Defense with Ross Wilkers21 Sep 202200:47:48

Ross Wilkers, Senior Staff Reporter at Washington Technology talks to Carolyn and Mark about some of the hottest topics in government technology news. With insight on the 2023 Defense Funding Bill, government contracting and Alliant 3, Ross provides a unique perspective on what defense IT teams may see in the coming months.

Episode Table of Contents
  • [00:56] Government Contracting and Government Technology News
  • [09:21] Programs to Help Agencies
  • [20:08] Fishing on a Boat for Government Technology News
  • [31:37] Government Technology News Just Dominate
  • [41:03] Trying to Capture HQ2
  • Episode Links and Resources

Episode Links and Resources
The Power of Partnerships: Bringing Speed and Security with Amy Belcher14 Sep 202200:27:57

Amy Belcher, Independent Software Vender Sales and Go To Market Leader at Amazon Web Services joins Tech Transforms to talk about her team's mission to satisfy compliance for agencies across the globe. With speed to deployment, flexibility and security, Amy and her team support organizations maximizing local control and global reach.

Episode Table of Contents
  • [00:52] The Importance of Industry Partnerships
  • [08:19] Productive and Creative Partnerships
  • [18:24] The Depth of Partnerships
  • Episode Links and Resources

Episode Links and Resources
The Scoop on Defense with Colin Demarest31 Aug 202200:36:09

Colin Demarest, Defense Networks and Cyber Reporter at C4ISRNET joins Tech Transforms to talk about some of his recent articles focused on 5G, aerial networks, and upcoming Capability Sets. Listen in as Carolyn and Mark learn about the ever-evolving field of defense and what emerging technology can do to support the mission.

Episode Table of Contents
  • [00:30] Getting to Know Colin Demarest, a Defense Networks and Cyber Reporter
  • [08:45] 5G Defense Investigation
  • [12:28] Issues of Compatibility in the Defense World
  • [17:51] Capability Sets 21 and 23
  • [25:25] Another Layer of Defense
  • Episode Links and Resources

Episode Links and Resources
AI: Success is in the Research with Daniel Chenok24 Aug 202200:47:17

Daniel Chenok, Executive Director at IBM Center for The Business of Government joins Carolyn and Mark to talk about the importance of AI in the field. From democratizing data to improving office operations, application research is a key component for any government agency looking to integrate artificial intelligence into their mission.

Episode Table of Contents
  • [01:02] A Top Government Story
  • [08:33] How AI Enables Us to Do Our Jobs Better
  • [17:36] The Challenges We Have on Cybersecurity
  • [28:47] What Does Research Tell Us About AI?
  • [36:29] How AI Can Solve Problems at a National Scale
  • [44:40] How to Implement AI
  • Episode Links and Resources

Episode Links and Resources
Security Metrics: Measure Twice, Cut Once with Rick Stewart22 Jun 202200:45:30

Rick Stewart, Chief Software Technologist at DLT Solutions joins Tech Transforms to give insight on Open Source, Platform One, and DORA initiatives. Listen in as Carolyn and Mark learn about the importance of focusing on the right metrics when managing security bottlenecks.

Episode Table of Contents
  • [00:48] Old Ways of Doing Things
  • [11:55] Security Metrics That Need Improvement
  • [22:54] Deploying Security Metrics Using Scheduling Techniques
  • [33:19] Continuous Authority to Operate Security Metrics

Episode Links and Resources
Old Ways of Doing Things

Carolyn: Today, we get to talk to Rick Stewart, a good friend. Rick Stewart is a Chief Software Technologist at DLT for more than 34 years. Do you really want me to tell people that Rick? That makes you sound super old?

Rick: No, it has some relation to the old way of doing things, traditional ways.

Carolyn: He knows the old stuff and the new stuff with 34 years of diverse experience in the IT industry. He’s progressing through technical and leadership roles in telecommunications, mobile entertainment, the federal government, and the manufacturing industries. Today, Rick is joining us to talk about DevOps research and assessments, or DORA, a term that is new to me. He’ll also talk about the four key metrics for increasing efficiency and delivering service. He will discuss how Platform One has advanced the cultural transformation to DevOps.

Mark: Welcome Rick. By the way, Rick started this when he was six.

Carolyn: That's right. I'm going, to be honest. I've been in the industry for a while, and I have never heard the term DORA. DevOps Research and Assessments make sense. I just haven't heard the acronym. They have four key metrics for increasing efficiency in delivering service. Those metrics are deployment frequency, lead time for changes, change failure rate, and time to restore to service. Will you unpack those for us?

Rick: It's interesting that you say that because I attend several different events and conferences where we have, especially in the public sector, astute people that have lots of experience.

Security Metrics As a First-Class Citizen

Rick: They're on this journey of DevOps or in the public sector. It's more DevSecOps, bringing security up as a first-class citizen. They were talking about the things that they capture, the journey that they're on, and their improvements. On one of these occasions, DORA was brought up. I think it may be a Q&A panel. It was surprising that a lot of them didn't know what this organization does, especially being so well versed in the cultural transformation, not knowing some of the things to focus on. I thought it was really important to shine a light on.

Carolyn: Is it a federal organization?

Rick: No, it's more of a community-based organization, an industry-based organization. We've got people like Jez Humble and Gene Kim and others that are involved with this. What they do is, they go out and they do surveys of not just the public sector, but the private sector, all organizations globally. They basically give them surveys and they talk about their...

Improving the User Experience in a Zero Trust World: Event Recap with Willie Hicks15 Jun 202200:29:59

Willie Hicks, CTO of Public Sector at Dynatrace joins Carolyn and Mark to unpack the recent ATARC event: Improving the User Experience in a Zero Trust World. At this federal breakfast summit, sponsored by Dynatrace and Amazon Web Services, we heard from some of the most prominent technology leaders focused on Zero Trust including Nicole Willis, Jamie Holcombe, Mickey Iqbal, and more. Listen in as Mark and Willie give highlights and takeaways from the event. Be sure to follow the link in the show notes to see the full event On-demand!

Episode Table of Contents
  • [00:30] Guest Speakers at the ATARC Event: Improving the User Experience in a Zero Trust World
  • [07:55] Zero Trust Should Be a User Experience Enabler
  • [14:41] OMB Is Pushing to Move Too Fast
  • [20:05] How to Ensure Zero Trust Does Not Disrupt the Employee User Experience

Episode Links and Resources
Guest Speakers at the ATARC Event: Improving the User Experience in a Zero Trust World

Carolyn: So today we're reviewing top takeaways from ATARC 's Federal Breakfast Summit, Improving the User Experience in a Zero Trust World. Which those two things, user experience, and zero trust, are kind of a direct conflict for me, but we'll get to that. The conference was sponsored by AWS and Dynatrace, and it's available on-demand for our listeners at ATARC.org. Also, we have Willie Hicks, our Federal Chief Technologist at Dynatrace.

Willie, you were a keynote speaker at the event. I'm too biased to say you were my favorite so I won't say that. I mean, everybody was really good. Jamie was super exciting. Let me just review who our speakers were.

So our keynote speaker around zero trust was Grant Schneider. He brought a really interesting perspective because he's former white house. So he was the senior director of cybersecurity services. So former federal CISO, and now he's in industry at Venable. Then we had our next keynote around the user experience was the very entertaining Jamie Holcomb. He's the CIO at U.S. Patent and Trademark office. And then my favorite, Willie, Federal Chief Technology Officer here at Dynatrace. Then we had a panel that brought the user experience and zero trust together and how we reconcile those two and how they work together. And on that panel, we had Nicole Willis, Chief Technology Officer, OIG, at the U.S. Department of Health and Human Services.

Is User Experience Unrelated to Zero Trust?

Carolyn: Jamie came back on the panel. We had Mickey Iqbal, he's the Public Sector Solution Architect and Chief Technologist at Amazon Web Services. Willie on the panel. And then we had our moderator, Tom Suder, who's fantastic. He's been in this business so long that he had a lot of really good insights too.

Now that I've given our listeners the overview of who participated, first of all, I was thrilled to see that we had a packed room. We had a standing room only, and that was really, really nice to see. It was lovely to have people in person and to be able to interact with one another personally....

Hyperautomation with Bob Stevens08 Jun 202200:16:40

This week, Carolyn is joined again by Bob Stevens, AVP Public Sector at GitLab, this time to talk about the power of hyperautomation. Listen in as Carolyn learns what can be gained through fast, accurate application security.

Episode Table of Contents
  • [00:32] What is Hyperautomation
  • [09:02] What Has Changed in Hyperautomation

Episode Links and Resources
What is Hyperautomation

Carolyn: I'm excited to welcome back Bob Stevens, Area Vice President of Public Sector at GitLab. Bob is a seasoned veteran in public sector technology with over 36 years of experience.

As the AVP at GitLab, he is responsible for helping government organizations become more productive, efficient, and effective. Bob has experience on both the industry and the government side of things. Prior to industry, he served in the United States Air Force as a computer specialist at the White House Communications Agency.

Today, we are going to talk about artificial intelligence, machine learning, and what hyperautomation is exactly. Why Bob thinks it will be 2022's biggest trend. Bob, welcome back to Tech Transforms.

Bob: I'm happy to be here. Thank you. Appreciate it.

Carolyn: I'd like to talk about an episode that you just did with GovExec Daily. And on this episode, you mentioned that hyperautomation will be 2022's biggest trend. I'm going to be honest. I haven't really heard hyperautomation. And I get automation. I can deduce what hyperautomation is, but I would love for you to explain it to me. What's the difference between automation, hyperautomation, DevOps, all of that?

Bob: Yes, I mean, it's the strict definition of the word.

It's rapidly identifying, vetting in automated processes in order to produce whatever it is that you're working on as fast as you possibly can. And it trends today because if you think about the government space, they have a lot of compliance issues that they need to deal with. The Benefits of Hyperautomation

Bob: If they can automate those compliance processes and ensure that when they build software, in the end it's going to be compliant and they don't have to go back and vet it. I mean, that's going to save them a world of time.

Carolyn: Are you talking about missed compliances, automating some of those missed controls? There's 300 of them, I think.

Bob: Yes, those. I think you're talking about FedRAMP.

Carolyn: Yes. One of. Or authority to operate has all of those. Right? I mean, I don't know all the details.

Bob: Yes, no. There's the STIGs. That the government has to put all software through and that's all about compliance. The government has to get the authority to operate, ATOs, for everything that they run.

Carolyn: And renew them every two or three years.

Bob: Or sooner. It depends on how much of a change occurred in the application. If you can hyperautomate all of that by the use of AI or machine learning. Again, and so by the time you produced that software, all those compliance issues are addressed. You know they're addressed because you've got confidence in the system and the way that it was done. It didn't require as little human intervention as possible, which is unfortunately, where some mistakes are injected.

Then you've saved a world of time and you've made life really, really easy for the folks that are doing the development. As well as the folks that are using the applications in the end. Because they don't have to sit and wait to get the authority to operate, which sometimes can take a year.The Bad News: We Haven’t Tried...
A Company Culture We Can Trust with Sara Jones01 Jun 202200:46:48

Sara Jones, CEO of InclusionPro joins Carolyn and Mark to talk about all things diversity, equity, and inclusion. Sara explains gaps in authenticity and perception and gives tech leaders everywhere new goals to strive for when it comes to company culture.

Episode Table of Contents
  • [00:54] Why We Always Go Back to Company Culture
  • [10:38] How Leaders Respond to Employees’ Desire
  • [23:03] What Attracts People of Color to Apply
  • [30:54] Why Leaders Avoid the Important Things About Company Culture
  • [41:37] What Technology Can Never Replace

Episode Links and Resources
Why We Always Go Back to Company Culture

Carolyn: Today I am really happy to have Sara Jones with us. Sara's a friend and we've spoken before. Almost all of our guests, even though we're talking about tech, they always go back to culture. We're going to talk about that with Sara today.

Sara Jones is the CEO of InclusionPro. She has over 20 years of experience in technology, business development, law, and leadership. You were a practicing attorney, right Sara?

Sara: For 10 years. I'm still recovering.

Carolyn: So as the CEO of InclusionPro, her mission is to guide leaders in building inclusive company culture that promotes team performance and team innovation. She's written a book recently called Inclusive Leadership and the Authenticity Gap, that we get to talk about today.

Sara: Thank you. And this is a fun opportunity for me to merge my love of technology with diversity, equity, and inclusion. As most folks know, it is pretty hard to do. I've had a couple of decades talking about this, so hopefully, we can share some really great learnings. Most importantly, I think for the folks listening that might be thinking "DEI again."

Carolyn: Which stands for?

Sara: Diversity, Equity, and Inclusion. A lot of things have shifted. I think a lot of folks come to this type of conversation with the old thinking in mind. I'd just like to invite listeners to get rid of what you know. Just be open to hearing some new thoughts around diversity, equity, inclusions, and things that we're able to do now that we weren't able to do even five years ago. That's my little plug for saying, "Open-minded today?"

InclusionPro

Carolyn: That leads really nicely into my first question about being a recovering attorney, your love for tech. What inspired you to create InclusionPro?

Sara: InclusionPro is the end of a long 20-year journey having diversity, equity, inclusion as part of my personal career journey. Now, it may not be part of everyone's and a significant part of that is because I did start in patent law. Having an engineering degree and a law degree, put me in an industry that had only 5% women and people of color. I get...

So What? Federal News Roundup on Remote Work with Elizebeth Varghese25 May 202200:48:31

Join us on Tech Transforms Federal News Round-up segment, So What? Hosted by Carolyn Ford and Tracy Bannon. This week, we talk to Elizebeth Varghese, Global and Americas Leader – HR Transformation Client Offerings at IBM about one of the biggest topics in federal news: remote work. Listen in to find out how agencies can implement a smarter protocol, how remote work impacts the trust equation and the role technology can play in the workforce culture.

Episode Table of Contents
  • [00:40] The Future of Work for Federal Employees
  • [11:28] Work-Life Balance Expectations in a Remote Work
  • [19:01] Big Push in In-Person Protocol
  • [26:12] Do You Need a Home Office for Remote Work?
  • [32:01] Provide Options to Persuade People to Stay and Junk Remote Work
  • [39:04] The People Who Are Not Approving Remote Work

Episode Links and Resources
The Future of Work for Federal Employees

Carolyn: This month, we're hosting Elizebeth Varghese, Global & America's Leader: Client Offerings in Talent and HR Strategy at IBM. And outside of IBM she's an active board member at South Asian Youth Action, a nonprofit providing after-school programming, education, and college support.

She was recognized as Global Top 100 Influencer in HR for 2020. And we are glad to have you joining us today, Elizebeth, to discuss returning to the office, the great resignation, and companies potentially switching to a four-day workweek hybrid, all of that. Welcome Elizebeth, how are you?

Elizebeth: Great, thank you so much, Carolyn. Wonderful and delighted to be here. Great to be back on here with Tracy as well, friend from a couple of years ago as we've been going through some of these pandemic podcasts. So thank you for inviting me and I am looking forward to this.

Carolyn: Yes, well this one's going to be a fun one and it might get a little heated. I've already seen some stuff on LinkedIn. I'm like, oh, that gets my blood boiling about returning to the office. And I want to start off with a question, there's an article called "Three ways the future of work must change for federal employees."

The article states that at the end of the day, we need to have an IT and HR Alliance. This was due to exceptional communication between the agency's chief information officer and HR functions. In

The Speed of the Mission with Bob Stevens18 May 202200:30:45

Bob Stevens, AVP Public Sector at GitLab joins Tech Transforms to talk about the imperative mission of DevOps to combine efficiency, speed and security. With emphasis on empowering teams to fail fast, moving security to the left, and a deep dive into Platform 1, you won't want to miss this episode!

Episode Table of Contents
  • [00:27] DevSecOps’ Speed of the Mission
  • [09:02] The Cultural Shift That Needs to Occur to Upgrade the Speed of the Mission
  • [19:21] The Future of DevOps

Episode Links and Resources
DevSecOps’ Speed of the Mission

Carolyn: This week Bob Stevens, Area Vice President of Public Sector at GitLab is joining me. Bob is a seasoned veteran in public sector technology with over 25 years of experience. As the AVP at GitLab, he is responsible for helping government organizations become more productive, efficient, and effective.

Bob also has experience on both the industry and the government side of things. Prior to industry he served in the United States Air Force as a computer specialist at the White House Communications Agency. I am excited today to dive in and talk about the ways that we can use DevOps to modernize and secure government IT, and what the outlook for DevOps is. How are you doing, Bob?

Bob: I'm doing great. The weather's getting better in DC, so it's good to see the sun from time to time versus what we've had. But yes, doing fantastic.

Carolyn: Well, good to hear it. So let's just dive in. And let's walk through what DevOps is and why implementing these practices is critical to helping modernize and improve government IT?

Bob: Great. So I guess DevOps is combining efficiency, speed, and security all into one. And creating software at what I like to refer to as the speed of the mission for the government. The business side is a little different. But for the government, it's all about the mission and you being able to accomplish the mission faster and stay ahead of our adversaries. In the case of DoD and on the civilian side, it’s to ensure that all of the citizens that any given agency supports gets the best possible support that they can. If you look at the organizations like the Veterans Administration. You can imagine they've got a lot of applications that they've written.

The Platform the Government Is Looking For to Improve the Speed of the Mission

Bob: To help the vets accomplish what they need to accomplish in a timely manner. So DevOps really will help them to produce the software at speed, more securely, more efficiently, and provide the most or the best service that they possibly can to all of the veterans out there, just as one example.

Carolyn: So, you know Tech Transforms is vendor agnostic. And I would love for you to just take a couple of minutes and talk about how GitLab helps with that. And just what GitLab does. I've read the marketing statements and it's a little nebulous for me. I would love to have you explain what GitLab does and how it's helping agencies achieve this?

Bob: I appreciate that you're letting me do this...

Harnessing AI for Cyber Innovation: Insights from Dr. Amy Hamilton at National Defense University31 Jan 202400:45:13

The real question is, what doesn’t Dr. Amy Hamilton do? She’s currently the visiting Faculty Chair for the Department of Energy (DOE) at National Defense University and the DOE Senior Advisor for National Cybersecurity Policy and Programs, and has had previous stops in the U.S. Army Reserves, NORAD and U.S. European Command, just to name a few.

At National Defense University, Amy draws on all of this expertise to educate the workforce on AI and finding the right balance between automation and workforce training. Amy also explores how she teaches her students that cybersecurity has to be more than a 9-5 job, the balance of security vs. convenience, and how it will take the entire country getting on board to make the implementation of cybersecurity best practices truly possible. In this episode, we also dive into the realm of operational technology and the need to look to zero trust as we allow more smart devices into our lives and government ecosystems.

Key Topics
  • 00:00 Importance of training, education and AI integration.
  • 06:52 Cybersecurity, AI and building codes challenges.
  • 09:47 Nuclear facilities need caution, open labs innovative.
  • 11:58 Helping students understand federal government and cybertech.
  • 15:37 Cyber college compared to traditional university programs.
  • 17:18 National Defense University offers master's degree programs.
  • 22:06 Addressing the urgent need to combat intellectual property theft.
  • 24:32 Passionate plea for cybersecurity vigilance and dedication.
  • 26:40 Using automation to streamline cybersecurity operations and training.
  • 32:06 Policy person struggles to tie guidance together.
  • 33:02 Collaboration is needed for addressing industry issues.
  • 38:25 Rethink security for devices in smart tech.
  • 41:16 Choosing sustainability as a guiding principle.
  • 43:22 Overcome writing and presenting challenges for success.

Leveraging AI and Automation for Cyber InnovationEmphasizing Efficiency in the Generation of Abstracts

Dr. Amy Hamilton underlines the capabilities of artificial intelligence to streamline time-consuming processes, specifically the creation of abstracts. This innovation allows for a transition from mundane, repetitive tasks to pursuits that require a deeper cognitive investment. Therefore, elevating the nature of the workforce's endeavors. Dr. Hamilton's discussion focuses on the practical applications of this technology, and she cites an instance from the National Defense University's annual Cyber Beacon Conference. Here, participants were challenged to distinguish between AI-generated and human-generated abstracts, often finding it challenging to tell them apart. This exercise not only highlighted AI's proficiency but also introduced the workforce to the safe and practical application of this emergent technology.

How do we use AI in a way that goes from low-value to high-value work? If I'm not doing abstract, what other things could I be doing and spending my brain calories towards? - Dr. Amy HamiltonPreparing the Workforce for Cyber Innovation

Dr. Hamilton stresses the necessity for workforce education in the context of AI and automation. Aiming for a future where employees are neither intimidated by nor unfamiliar with the advancing technological landscape. She illustrates the Department of Energy's proactive role in integrating AI into its training programs. Thus, ensuring that employees are well-acquainted with both the operational and potential ethical dimensions of AI deployment. Acknowledging the diverse range of operations within the DOE, including nuclear and environmental management, Dr. Hamilton notes that the appropriateness of AI application varies by context. Signifying the...

Observability Explained with Mike Maciag11 May 202200:46:23

Mike Maciag, Chief Marketing Officer at Dynatrace joins Tech Transforms to talk about the power of observability. Careful monitoring is of paramount importance for any successful operation, and observability can take your agency to the next level. Listen in as Carolyn and Mark get some tips and tricks for improving cybersecurity posture with the most accurate technology.

Episode Table of Contents
  • [00:31] The Vital Role That Observability Plays in IT
  • [10:40] Observability: When You’re Asking the Systems to Share
  • [22:48] The President’s Memo on User Experience
  • [34:01] Let Machines Do the Stuff That Doesn’t Matter

Episode Links and Resources
The Vital Role That Observability Plays in IT

Carolyn: Today, we get to welcome Mike Maciag, who is Chief Marketing Officer of Dynatrace. One of our own, one of the clan is here with us today. And as CMO, Mike is responsible for Dynatrace's global marketing organization. We're really excited to hear his expert opinion on observability and the vital role that it plays in IT, and especially the cloud.

Mike: Thank you, Carolyn. Mark, nice to be with you both today. And I know this is a long time in coming, but I'm excited to be sitting down and talking to you today.

Carolyn: We've been able to talk to a few of our guests a little bit about APM. And just recently we talked to a former CIO at VA. He is very bullish on APM, and he talked a lot about the advances that they were able to make in the VA with APM. Just that at least within the VA, APM moved from a nice to have to a must-have. And what I'd really like to hear you talk about, just to dive right in, Mike, is so there's the APM part. But then in my mind and I might be positioning this wrong. In my mind, I think that observability is like APM 2.0. But can you speak to that APM versus observability? What's the difference?

Mike: As long as we're talking about terms, we might want to mix monitoring in there as well. All terms that are thrown around, is it monitoring, is it APM, is it observability? And it's changed, it's changed a lot. Let me start with the simplest definition, then maybe we can unpack it from there. Think of observability as the umbrella term, as the broadest umbrella term that goes above all of this.

Monitoring, APM, ObservabilityMike: Observability fully includes APM, and observability also subsumes monitoring, both of the things that we've been doing. There are kind of two megatrends in the industry that have been driving this move towards observability. One is the move to the cloud.

More and more systems are moving to cloud architectures, probably more important digitally native architectures. We're going from monolithic systems that we could understand, that we could see, that we could touch. We could understand what's happening with them into cloud increasingly complex, even multi-cloud architectures that are driven by microservices and the like.

The reason for that movement is it has made digital transformation, application development faster and easier in that regard. Which is this digital transformation fundamentally looking at everything that I've been doing in every aspects of my business. Whether it be on the front end or in the services I provide. Whether it be on the front end or in the backend machine to machine conversations is happening in cloud architectures. And we're trying to figure out how we can automate more of it and things are happening that...

Threat Team Purple with Richard Ford04 May 202200:36:11

Richard Ford, Chief Technology Officer at Praetorian joins Tech Transforms to talk about the cyber security threat landscape. Red team versus Blue team is a common and effective threat protection practice, but what could cyber security experts gain from team Purple? Listen in as Carolyn and Mark learn about the importance of managing your attack surface, implementing multi-factor authentication, and protecting against cyber phishing attacks.

Episode Table of Contents
  • [00:30] Our Biggest Cybersecurity Threat in the Last Quarter
  • [07:39] Which Is Easier: Defense or Offense
  • [16:40] Why Do We Need Single Sign-on
  • [24:54] The Team Purple Idea

Episode Links and Resources
Our Biggest Cybersecurity Threat in the Last Quarter

Carolyn: So today our guest is actually an old friend, Richard Ford, who is Chief Technology Officer at Praetorian. For over 25 years, Richard has been able to design and implement NextGen product strategies and provide customers with the best threat detection available. Today, we're going to talk to Richard about the cyber threat landscape and what a good defense looks like.

Richard: Hi, it's nice to be back on a call with you Carolyn, and Mark, it's good to see you.

Carolyn: Yes, really good to have you today. So let's just jump right in. I want to know what your view is, what are our biggest cybersecurity threats? What does the cyber security threat landscape look like and how do we defend ourselves from it? So there's like three-part question there.

Richard: So, we're starting with an easy question. I think the threat landscape is incredibly messy and I think that the most important part to think about is change. So if you think about just the last quarter or two that we've gone through you had, like log4shell someone we're all running around looking for log4j vulnerabilities. Then it's Spring4Shell, which wasn't as serious, but was still pretty nasty if you were impacted.

The problem, we have this tremendous rate of change so the thing that was important to you yesterday may not be the thing that's important to you today. It's unlikely to be the thing that's most important for you tomorrow. So when we think about the threat landscape, the first thing to say is, if I give you an answer, it's like looking at a single, still image from a movie and telling you've watched the movie, right?Cyber Security Threat Landscape

Richard: Then as soon as we go click, you know that threat landscape will change. With that said, I do think there are some common themes that keep coming back, right? So there's a threat we have around being desperately short of people. There's a threat around, we don't know what assets we have. Even if we did know what assets we have, we don't know what they're running.

Then the business conditions are driving us forward so quickly that...

So What? Tech Transforms Federal News Round-up with Katy Craig27 Apr 202200:36:12

Join us on Tech Transforms Federal News Round-up segment, So What? Hosted by Carolyn Ford and Tracy Bannon. This week, we talk to Katy Craig, retired Navy Chief, now Adjunct Faculty at National University, & Director, Security Architecture at Aquia, Inc. about some of the biggest news in the federal space. Listen in to hear her thoughts around deep fakes, non-traditional warfare, and President Biden's recently released announcement to protect against cyber attacks.

Episode Table of Contents
  • [00:25] Monthly Federal News Roundup
  • [02:20] Federal News #1: President Biden’s Cyber Security Fact Sheet
  • [10:12] The Catalyst
  • [14:24] Federal News #2: Zelenskyy’s Deepfake
  • [20:55] Federal News #3: The Threat Model
  • [25:26] Federal News #4: Russia Is Running Out of Storage Space

Episode Links and Resources
Monthly Federal News Roundup

Carolyn: This week, we are launching our newest series, 'So what?' It is Tech Transforms' federal news roundup. Every month, Tracy Bannon, senior principal at MITRE joins me to unpack some of the biggest trending news topics in federal technology. Tracy, we've been trying to do this, make this happen for a while. I am so happy that this is our inaugural episode.

Tracy: Thank you. I'm really excited because there's so much incredible stuff going on and we keep talking and now we want to talk with others and I'm doubly excited to have a good friend and mentor with us today for our first episode, Katy Craig.

Carolyn: Yes, and Katy is a return guest. We've had her in the past on Tech Transforms and Katy is Acquia's chief of staff, cyber security expert, and retired Navy chief. Today, we're going to talk about, really the number one headline in the news these days.

We keep hearing terms like nontraditional warfare, which is essentially the fifth domain of cyber, and President Biden's recent cyber security fact sheet. And just what it all means, like why is it all happening right now? And I want to just go straight to President Biden's recent announcement, this fact sheet that is. It's titled 'Act Now to Protect Against Potential Cyberattacks'. I want to go to you Tracy, and just unpack this for us. What does it mean?

Federal News #1: President Biden’s Cyber Security Fact Sheet

Tracy: So I believe it was March 21st, the White House released this set of guidance and it is really practical, general guidance. And it really is focused on two different areas. It's kind of like for everybody, for corporate America back up your data, use multifactor authentication, encrypt your data. There's also a call to arms, to tech companies and software organizations that says, you know what, there's a NIST standard and we have an order out here, it's order 14028. We can provide all the links later.

But those two things, they're saying we got to get real about this. And the reason that it came out now is that we need to hear it now with all of the things that are going on in the Ukraine. It was an opportune time. We've had all kinds of security incidents and breaches and other things over the last year or two, but...
Women in Tech Part 2 with Space Force's Jazmin Furtado and U.S. Army's Kris Saling20 Apr 202200:26:02

Listen in for part 2 of our women's panel with Kris Saling, Chief Analytics Officer for the Army Talent Management Task Force and Director of People Analytics in the office of the Assistant Secretary of the Army (Manpower & Reserve Affairs), and Jazmin Furtado, Liaison at AI Accelerator and Data Strategy Lead at US Space Force. In this episode, Carolyn, Kris, and Jazmin get real about the power of the collective, emerging solutions, and the importance to assess and provide within federal government technology.

Episode Table of Contents
  • [00:31] Meditation Is Really Good
  • [07:40] Where Are We Going With AI
  • [13:14] Are Women in Tech Paid Equal Like Their Male Counterparts
  • [20:40] Tell People How Much You’re Making

Episode Links and Resources
Meditation Is Really Good

Carolyn: We are in part two of our women in technology panel, with Kris Saling, Deputy Director of Army People Analytics, and Captain Jazmin Furtado a Data Strategy Lead at the US Space Force and Space Force Liaison at the MIT AI Accelerator.

On today's episode, we're going to dive more into government technology in general. I get Kris and Jazmin to do a little fortune-telling on where tech is headed. What advancements they've seen in their careers. And we get real with some salary talk. Just a little reminder, the views of Kris and Jazmin are their own and do not necessarily reflect the views of their agencies. Now let's get to it on Tech Transforms with our women panel.

I know that meditation is really good for the monks that live in caves in India. And I know that I should probably do it. Until I saw the science behind it and what it can really do for my brain. I dabbled in it. I never fully embraced it. And once I started understanding why it was working and that there was true science behind it, man, I'm all in. I'm just thinking of just one example of things that are good for me in my life, that I've been able to embrace and bring into my life because I understand them. I understand how they work rather than like you said, Kris, the leadership saying, "No, we don't give a shit about how you got there. Just give us the answer."

Make The Process More Efficient

Carolyn: But now you're getting people who really want to understand why. I would imagine that the program for the answers that you've been spoonfeeding them. The programs are becoming a lot more powerful and effective. Because the people who are taking those in the past spoonfed answers. Now really understanding them can truly implement them at a level that is a lot more powerful. Is that true?

Kris: I would say that's definitely true because we're working on a couple of projects right now where we are trying to integrate machine learning into promotions and selections as a decision support tool. I'd never in a million years, would've thought we'd get a chance to work on that data and introduce something that is an algorithm into a just intrinsically human process.

But we have enough people thinking along this vein. We have enough people looking at the data we've collected about how we read records and how we read files. And they're like, "There's got to be an easier way to do this. There's got to be something we can do to support the...

© My Podcast Data