Tech Transforms podcast artwork

PODCAST · technology

Tech Transforms

Global technology is changing the way we live. Critical government decisions affect the intersection of technology advancement and human needs. This podcast talks to some of the most prominent influencers shaping the landscape to understand how they are leveraging technology to solve complex challenges while also meeting the needs of today's modern world.

  1. 125

    Episode 127: AUKUS and the Industrial Base Race: Building the Future of Subsea Capability

    ** When most people hear "AUKUS," they think of submarines. But according to Lee Davis, Senior Director at Honeywell Aerospace Australia, that's only part of the story. In this episode of Tech Transforms, Carolyn Ford sits down with Lee Davis to explore how AUKUS is driving one of the most ambitious industrial transformations ever attempted across Australia, the United Kingdom, and the United States. Beyond submarines, AUKUS is reshaping how allied nations share information, align security frameworks, coordinate manufacturing capacity, and collaborate across complex defense supply chains. Davis explains why the biggest challenge isn't technology, workforce, or even production capacity, it's enabling secure, real-time collaboration between governments, primes, suppliers, and manufacturers across three different nations. The conversation examines export control reforms, digital engineering environments, industrial interoperability, and the role secure cloud infrastructure will play in accelerating defense innovation. The discussion also explores how lessons learned through AUKUS are already benefiting other initiatives, including Australia's Guided Weapons and Explosive Ordnance (GWEO) program, and why AI may become a critical enabler for future industrial collaboration. Show Notes: LinkedIn: https://www.linkedin.com/in/lee-davis-82323633/ Honeywell Aerospace Website: https://www.honeywellaerospace.com Australia GWEO Enterprise: https://www.defence.gov.au/about/who-we-are/organisation-structure/guided-weapons-explosive-ordnance-group **

  2. 124

    Episode 126: The Undefended Front Line: Rethinking Cyber Coordination in an AI Age

    What if the most vulnerable targets in a cyber conflict aren't power plants, military systems, or critical infrastructure? What if they're the everyday technologies we depend on without a second thought? In this episode of Tech Transforms, Kurt Sanger, retired U.S. Marine Corps judge advocate, former Deputy General Counsel at U.S. Cyber Command, and cybersecurity attorney at Buchanan Ingersoll & Rooney, explores what he calls the "undefended front line." Kurt argues that modern cyber conflict is no longer confined to government networks or battlefield systems. The front line now includes airport parking systems, boarding passes, water utilities, small businesses, and countless interconnected technologies that shape daily life. Because cyber operations can be calibrated to disrupt rather than destroy, adversaries can influence behavior, create uncertainty, and impact society in ways that traditional warfare never could. The conversation examines why operational coordination—not just information sharing—is becoming essential to national cyber defense, the growing role of public-private collaboration, and whether the United States needs a dedicated Cyber Force to meet evolving threats. Carolyn and Kurt also tackle one of the most pressing challenges facing organizations today: artificial intelligence. As AI systems become increasingly autonomous, questions of accountability, governance, and responsibility become far more complex. From cyber hygiene and critical infrastructure protection to AI ethics and national security strategy, this episode offers a thoughtful look at how cybersecurity has become everyone's responsibility. Show Notes: Email: [email protected] LinkedIn: https://www.linkedin.com/in/kurtsanger Commission on U.S. Cyber Force Generation – CSIS https://www.csis.org Buchanan Ingersoll & Rooney https://www.bipc.com US Cyber Command - https://www.cybercom.mil/ National Security Agency/Central Security Service - https://www.nsa.gov/about/cybersecurity-collaboration-center/

  3. 123

    Episode 125: Modernizing the Mission: Secure AI, Cyber Resilience, and the Future of Energy IT

    Carolyn Ford sits down with Dawn Zimmer, CIO of the United States Department of Energy, for a deep dive into what it really takes to modernize one of the most complex technology environments in government. From managing decades-old legacy systems across national labs and critical infrastructure to securely integrating AI into everyday operations, Zimmer shares how her team is transforming DOE technology at what she calls “the speed of need.” The conversation explores DOE’s internally developed platforms, including Quanta, a secure data environment designed to break down long-standing data silos across the department, and Joulix, an AI-enabled workspace that gives employees access to powerful AI capabilities while keeping sensitive DOE data fully protected. Zimmer explains how her team is embedding cybersecurity into every modernization effort from the start, not as a roadblock, but as a foundational enabler that allows innovation to move faster and more safely. Throughout the episode, Zimmer offers a candid look at balancing mission objectives, AI adoption, governance, operational continuity, and cyber hygiene in an era of rapid technological change. She discusses everything from modernizing HR systems in manageable phases to using AI for proactive IT support, cost reduction, and enterprise-wide cyber visibility through DOE’s new Echo initiative. The discussion ultimately highlights a new model for government technology leadership, one built on agility, mission alignment, reusable platforms, and secure innovation at scale. ShowNotes: U.S. Department of Energy: https://www.energy.gov DOE National Laboratories: https://www.energy.gov/national-laboratories DOE Office of Cybersecurity, Energy Security, and Emergency Response: https://www.energy.gov/ceser/office-cybersecurity-energy-security-and-emergency-response

  4. 122

    Episode 124: So What: Kingpin's in Charge Now

    In this fast-moving and deeply candid episode of Tech Transforms: So What?, host Carolyn Ford reconnects with technologist and enterprise architect Trac Bannon to examine what has changed inside the Department of Defense since their last conversation just 60 days earlier. What emerges is a picture of an AI ecosystem accelerating at extraordinary speed — where acquisition behavior, trust, governance, and operational readiness matter far more than organizational charts. The discussion dives into the Pentagon’s evolving AI consolidation efforts under CTO Emil Michael, the growing influence of the Chief Digital and Artificial Intelligence Office (CDAO), and the rapid deployment of generative AI tools across government-furnished devices through genai.mil. Trac shares firsthand observations about how AI adoption is changing the way government teams review work, collaborate, and make decisions — while also raising concerns about overreliance on AI-generated output, information overload, and the expanding trust gap between humans and machines. The conversation then shifts into one of the most provocative topics in cybersecurity today: Anthropic’s controversial Mythos model — an advanced cybersecurity AI reportedly so powerful at identifying vulnerabilities that Anthropic restricted access to a select group of organizations. Carolyn and Trac unpack the implications of private companies controlling potentially transformative cybersecurity capabilities, the governance vacuum surrounding advanced AI models, and the blurred lines between national security, corporate influence, and AI competition. They also tackle the Department of Defense’s proposed acceleration of $152 billion in AI and technology spending, debating whether rapid investment is necessary to keep pace with innovation or whether “fast money with slow governance” risks creating chaos, opportunism, and massive waste. Throughout the discussion, Trac emphasizes the importance of infrastructure, workforce upskilling, governance, and ethical oversight — warning that technology is evolving faster than institutions are prepared to manage. The episode closes with a nuanced and thoughtful conversation about diversity in technology and defense environments. Rather than focusing on political rhetoric, Trac reframes the discussion around “thought diversity,” arguing that resilient systems require teams built from varied experiences, perspectives, and backgrounds. Together, Carolyn and Trac explore the difficult balance between merit, inclusion, operational readiness, and the evolving realities of workforce policy in defense and cybersecurity. This episode is equal parts AI strategy briefing, cybersecurity ethics discussion, and real-time reflection on how quickly technology, governance, and society are colliding in the defense space. Show Notes Links: Trac's website: https://tracybannon.tech/ Trac's email: [email protected] LinkedIn: https://www.linkedin.com/in/tracylbannon/ Anthropic Mythos leak: https://fortune.com/2026/03/26/anthropic-says-testing-mythos-powerful-new-ai-model-after-data-leak-reveals-its-existence-step-change-in-capabilities/ DoD $152B spending: https://federalnewsnetwork.com/defense-news/2026/02/dod-plans-to-spend-entire-152-billion-from-reconciliation-bill-in-one-year/ Judge blocks Anthropic ban: https://www.washingtontechnology.com/companies/2026/03/judge-blocks-dods-ban-anthropic-calls-it-first-amendment-retaliation/412451/ DEI executive order: https://www.washingtontechnology.com/companies/2026/03/federal-contractor-dei-initiatives-singled-out-latest-trump-executive-order/412456/

  5. 121

    Episode 123: Breaking the 18-Month Barrier: How StormBreaker is Trading Red Tape for Rapid Delivery

    In this episode of Tech Transforms, Carolyn Ford sits down with Dave Raley, Chief Digital Business Officer at Marine Corps Community Services, to unpack one of the most persistent challenges in federal IT: why innovation moves so slowly and how that can change. At the center of the conversation is Operation Stormbreaker, the Marine Corps’ only RAISE-certified software factory, designed to eliminate the inefficiencies that plague government technology deployment. Dave explains how agencies fall into a “maintenance trap,” where nearly 80% of IT budgets are consumed by legacy systems, leaving little room for modernization. The root issue, he argues, isn’t just technology, it’s architecture. By shifting from rebuilding infrastructure for every application to a shared platform-as-a-service model, Stormbreaker allows mission owners to inherit infrastructure, security, and authorization dramatically reducing both cost and complexity. The impact is significant. What once took 12–18 months to deploy can now be achieved in minutes through automated pipelines, containerized workloads, and continuous authorization. Rey breaks down how this model transforms the notoriously slow Authority to Operate (ATO) process, enabling faster innovation without sacrificing security. The discussion also highlights how this approach lowers barriers for vendors, accelerates adoption of emerging technologies like AI, and creates a more agile, production-focused culture within government. Beyond the technical architecture, the episode explores the cultural resistance to change across federal systems and the need to simplify complex cybersecurity processes for mission owners. Rey emphasizes that true modernization isn’t about new tools, it’s about rethinking how systems are built, secured, and delivered at scale. Show Notes: Dave Raley LinkedIn: https://www.linkedin.com/in/daveraley/ Marine Corps Community Service: https://www.usmc-mccs.org/ White Paper: Clarifying Cloud Foundations: Understanding PaaS vs. IaaS Operation StormBreaker: https://operationstormbreaker.usmc-mccs.org/

  6. 120

    Episode 122: Making the Complex, Comprehensible

    Today we shift the focus from cyber threats to a challenge that may be just as critical: how to communicate complex technology in a way that actually resonates. Joined by Dharma Pachner, Founder and Chief Creative Officer of Contrast & Co., the conversation explores why even the most advanced cybersecurity solutions fail if their value isn’t clearly understood and how better storytelling can change that. Dharma breaks down the art and science of simplifying the abstract, showing how strong brand foundations, metaphors, and visual storytelling can transform highly technical concepts into ideas people immediately grasp. From replacing overused “binary code and padlock” imagery with meaningful visual systems, to building foundational brand ideas that elevate messaging beyond features, the discussion highlights how clarity, emotion, and differentiation are essential in crowded tech markets. The episode also brings these principles down to a practical level, offering exercises and frameworks that anyone—not just designers—can use to improve communication, whether pitching a solution, securing budget, or aligning a team. Ultimately, the conversation reinforces a powerful idea: in cybersecurity and beyond, success isn’t just about what you build—it’s about how well you make others understand, remember, and care about it. Show Notes: Contrast & Co - https://www.contrastandco.com/ Dharma Pachner - https://www.linkedin.com/in/dpachner/ INKY: https://inky.com DarkWebID: https://www.darkwebid.com CyCognito: https://www.cycognito.com OWL Cyber Defense: https://owlcyberdefense.com Worksheet: https://www.dropbox.com/scl/fi/36n0zjooq4pi7mlv6ugkt/OWL_podcast_worksheets.pdf?rlkey=ssdpyio5cqktsakz5s1vdogcu&dl=0

  7. 119

    Episode 121: Flying Through Chaos: How to Stay Mission-Ready in High-Stress Environments

    In this episode of Tech Transforms, Carey Lohrenz shares powerful lessons from her experience as the first female F-14 Tomcat pilot and author of Span of Control. Rather than focusing on aviation war stories, the conversation dives into how high performers navigate overwhelm, uncertainty, and pressure by narrowing their focus to what they can actually control. Drawing on both combat aviation and personal hardship, Carey reframes stress as a necessary component of performance—and offers practical strategies to manage it effectively. The discussion explores how elite performers build resilience through training, prioritization, and teamwork—from cockpit checklists to the “meatball, lineup, angle of attack” mindset used in high-stakes landings. Carey also highlights the importance of shared load, trust, and even small moments of celebration in sustaining high-performing teams. Ultimately, this episode is a grounded, relatable guide for leaders and professionals alike—showing how to stay focused, effective, and human when everything feels like it’s moving at once. Show Notes: Carey Lohrenz Website: ➤ https://careylohrenz.com/ Carey on LinkedIn: ➤ https://www.linkedin.com/in/careylohrenz/ Carey’s Podcast: ➤ Welcome to My Office: https://podcasts.apple.com/us/podcast/trailer-welcome-to-my-office/id1564095883?i=1000520362663 Carey’s Book: ➤Span of Control - https://a.co/d/04zCzjdf

  8. 118

    This One Trick Transforms Tech Briefings Into Mission-Ready Action

    Host Carolyn Ford sits down with Eric Monterastelli, technologist at ATP Gov and creator of the BLUF podcast, a new format designed to distill dense technical content into concise, decision ready insights. Faced with an overwhelming volume of webinars, white papers, and vendor messaging, Eric saw a critical gap. Even seasoned technologists were walking away from 90 minute briefings unsure of what actually mattered. His solution is simple. Apply a military principle, Bottom Line Up Front (BLUF), to modern tech communication. Eric shares how he transforms hours of complex material into 10 minute, highly digestible episodes that help decision makers quickly understand what a technology does, why it matters, and how it applies in real world environments. In this conversation, we explore: The growing noise problem in cybersecurity and government tech Why frameworks like zero trust are often misunderstood and over marketed How storytelling and trust outperform AI generated summaries The emerging risks in operational technology and infrastructure systems A behind the scenes look at Eric’s process for distilling complex information without losing accuracy This episode is for anyone navigating today’s crowded tech landscape, from engineers and marketers to executives making high stakes decisions. Key takeaway: In a world flooded with information, clarity is power. The ability to distill complexity may be the most valuable skill in tech today.

  9. 117

    Episode 119: 5 Steps to Zero Trust

    In this follow-up episode of Tech Transforms, Carolyn Ford continues her conversation with Michael Blake of Owl Cyber Defense, shifting from the theory of Zero Trust to the realities of implementing it. The discussion explores the first practical step, network discovery and why organizations are often surprised by shadow IT and legacy systems still operating inside their environments. From there, Ford and Blake walk through the key stages of a Zero Trust journey, including microsegmentation, access management, and auditing privileges to prevent lateral movement and privilege creep. They also discuss the operational realities leaders face—budgeting, prioritizing critical assets or “crown jewels,” and ensuring organizations have the talent and resources needed to sustain a Zero Trust architecture. The takeaway: Zero Trust isn’t a single deployment, it’s an ongoing journey that evolves alongside emerging threats and technologies. Show Notes: Michael Blake: https://www.linkedin.com/in/michael-blake-734b0a21/ | Email: [email protected] DoW resources https://dowcio.war.gov/Library/: security controls, checklist, self assessment, Penn test guidelines etc Zero Trust | www.dau.edu Dell Technologies Project Fort Zero to Transform Security | Dell USA MITRE papers on evolving threats of giving AI access to network - https://ctid.mitre.org/blog/2025/05/09/secure-ai-v2/ Owl ZT resources: https://owlcyberdefense.com/zero-trust-cds/ Vendors that assist with ZTX, listen to the BLUF Podcast summaries to know if they might be able to help you: https://theblufpodcast.podbean.com/e/thebluf_episode12/ https://theblufpodcast.podbean.com/e/thebluf_episode13/

  10. 116

    Episode 118: Zero Trust ≠ Zero Risk: Debunking the Myths and Building Real Resilience

    In this episode of Tech Transforms, Carolyn Ford sits down with Michael Blake of Owl Cyber Defense and Chris Rule of GME to unpack one of cybersecurity’s most misunderstood concepts: Zero Trust. What begins as a discussion of architecture quickly evolves into something broader, an exploration of mindset, modernization, and the reality that today’s networks must operate under the assumption that a breach has already occurred. The conversation breaks down the core principle behind Zero Trust: minimizing the “blast radius” of a breach. Instead of assuming everything inside a network is safe, Zero Trust requires constant authentication, strict access controls, and segmentation so that even if an attacker gains entry, they cannot move freely across systems. We explore common misconceptions, especially the idea that Zero Trust is a product that can simply be purchased and installed. In reality, it’s a whole-of-organization approach involving people, processes, infrastructure modernization, and ongoing monitoring. Legacy systems, skill shortages, and the sheer complexity of modern networks make implementation a long-term journey rather than a quick fix. The discussion highlights why segmentation, boundary management, and cross-domain inspection remain critical even in a Zero Trust architecture—particularly in environments with legacy infrastructure, international partnerships, and tactical edge deployments. As AI systems and autonomous technologies increasingly interact with sensitive networks, the need to treat AI as another “actor” with controlled privileges becomes essential. The episode concludes with practical guidance for leaders beginning their Zero Trust journey—from inventorying everything on their network and planning segmentation, to implementing role-based access controls, budgeting for modernization, and ensuring organizations have the skilled personnel required to sustain the architecture. Ultimately, the takeaway is clear: Zero Trust isn’t a tool—it’s a strategy for operating in a world where persistent threats are the norm. Show notes: GME - www.gme.net.au Owl Cyber Defense - www.owlcyberdefense.com Modern Defense Architecture (Australia) - https://www.cyber.gov.au/business-government/secure-design/secure-by-design/modern-defensible-architecture Chris Rule - https://www.linkedin.com/in/christopher-rule-fieaust-cpeng-gaicd-05600b30/ Michael Blake - https://www.linkedin.com/in/michael-blake-734b0a21/

  11. 115

    Episode 117: 2026 Predictions. What's Now. What's Next. What's Urgent.

    In this special 2026 Predictions episode of Tech Transforms, Carolyn Ford is joined by Brian Carter, Scott Orton, Ralph Spa, and Michael Blake from Owl Cyber Defense for a no-crystal-ball conversation about the signals already flashing across cybersecurity, defense, and digital trust. This isn’t speculation. It’s trajectory. The group tackles the accelerating collapse of content trust in a world of deepfakes, AI-generated media, and short-form misinformation. As generative tools become indistinguishable from reality, they predict a sharp shift toward deep identity assurance—powered by behavioral biometrics, cryptographic validation, and provable content provenance. In a future where “guaranteed human” becomes a competitive advantage, digital identity won’t be optional—it will be foundational. From there, the conversation moves into AI containment. The panel argues that we must stop treating AI like helpful software and start treating it like a privileged insider—with unpredictable outputs and real liability attached. The solution? Deterministic boundaries enforced in hardware. As Scott puts it: if you want to confine a tiger, you don’t build the cage out of meat. The episode also explores: The federal government’s accelerating shift from legacy primes to agile, non-incumbent innovators delivering 80% solutions faster Why battlefield communications must evolve beyond encryption to real-time, hardware-enforced trust How AI-powered offensive attacks are shrinking from teams to individuals—sometimes in Power Ranger suits The limits of Zero Trust when complexity, cost, and talent gaps collide Why cross-domain solutions and data diodes may be the real fail-safes in an increasingly networked world Throughout the discussion, a clear thread emerges: software alone won’t save us. As systems grow more interconnected, autonomous, and AI-driven, trust must be anchored in hardware—simple, enforceable, and resistant to both human error and machine-scale attack. The takeaway for 2026? Security leaders won’t lose because they lacked tools. They’ll lose because they trusted the wrong ones. This episode challenges listeners to rethink modernization, containment, and what real trust looks like when machines are making decisions at machine speed. Stay curious. The future isn’t waiting. Shownotes Scott Orton: LinkedIn | Email: [email protected] Brian Carter: LinkedIn | Email:[email protected] Ralph Spada: LinkedIn | Email: [email protected] Michael Blake: https://www.linkedin.com/in/michael-blake-734b0a21/ | Email: [email protected] Owl Cyber Defense: owlcyberdefense.com Download the 2026 Predictions Report: https://owlcyberdefense.com/resource/decision-advantage-forecast-five-security-shifts-in-2026/ Story - Power Ranger Hacker: https://futurism.com/artificial-intelligence/tinder-for-nazis-hacked

  12. 114

    Episode 116: So What Returns.....Can the Pentagon Really Boil the Ocean?

    n this return episode of So What? on Tech Transforms, host Carolyn Ford reconnects with co-host Tracy Bannon to unpack one of the most significant structural shifts happening inside the Pentagon: the consolidation of R&D, AI, and data organizations under a single Chief Technology Officer. On paper, it looks like bureaucratic reorganization. In practice, it could redefine how innovation moves from research to battlefield deployment. Tracy, who regularly briefs at the Pentagon, explains why this move is less about reshuffling boxes on an org chart and more about breaking down long-standing silos between research, prototyping, operational deployment, and data governance. By bringing organizations into tighter alignment, the goal is parallel execution with shared visibility, faster momentum without sacrificing mission integrity. But speed brings risk. Cultural friction between research environments (where failure is tolerated) and operational environments (where failure carries consequences) could become the real test of whether this consolidation succeeds. Rather than leaving AI adoption to fragmented pilot programs or shadow experimentation, leadership is pushing controlled, enterprise-scale access. Carolyn and Tracy explore why offering multiple models matters strategically, how secure infrastructure is already in place to support it, and what it means when leadership says, “Use it—prove you can’t.” They also examine the restructuring of Advana, the Pentagon’s enterprise data platform, and what its breakup signals about data ownership, governance, and the ongoing battle between centralized visibility and cultural resistance. The real friction point, Tracy argues, isn’t technology, it’s data stewardship, policy alignment, and whether organizations are willing to move from “my system, my risk” to shared mission accountability. Throughout the episode, they return to the central question of the series: So what actually changes? They outline the signals they’ll be watching over the next three months, speed of adoption, policy adaptation, cross-organizational collaboration, and whether cultural barriers soften or harden under pressure. This is a conversation for leaders navigating large-scale transformation, those wrestling with how to accelerate innovation without losing control, and how to align people, process, and technology when the mission demands both speed and accountability. Show Notes: LinkedIn: https://www.linkedin.com/in/Tracyylbannon/ E-mail: [email protected] Website: https://Tracybannon.tech/ Breaking Defense: Pentagon Reforms R&D and AI- https://breakingdefense.com/2026/01/pentagon-rolls-out-major-reforms-of-rd-ai/ Tracy Bannon Blog: https://straighttalk4gov.org/ GenAI.mil Info: https://www.war.gov/News/Releases/Release/Article/4354916/the-war-department-unleashes-ai-on-new-genaimil-platform/ Advana background: https://www.ai.mil/Initiatives/Analytic-Tools/ Moltbook: https://www.moltbook.com/

  13. 113

    Episode 115: The Uncle Rufus Problem: Fixing Cyber’s Weakest Links Before It’s Too Late

    Retired Rear Admiral Mark Montgomery joins Tech Transforms for a blunt, practical look at the cyber risks the U.S. keeps underestimating—and why “Uncle Rufus’s rail switch” may be the weak link that matters most. Montgomery breaks down military mobility as a national security problem hiding in plain sight: once equipment leaves the secure “Noah’s Ark” of a base and hits rural rail networks and switching systems, it enters a “Mad Max” environment with limited redundancy, limited cyber expertise, and huge strategic consequences. From there, the conversation moves into what it would take to fix the problem before a crisis: recurring federal assessments, targeted grant programs for smaller operators, and the messy reality of congressional jurisdiction that slows action. Montgomery also makes the case for a dedicated Cyber Force—arguing the current “force generation” model across military branches can’t recruit, train, and retain cyber talent at the scale needed. Finally, the episode tackles the cyber insurance market: why organizations are underinsured, why risk is hard to price, and why the most promising models pair insurance with real assessments, remediation, and recurring validation. Montgomery closes with updates on Cyberspace Solarium 2.0 progress, what’s stalled, what’s “backsliding,” and what measurable wins still matter—plus a rapid-fire “Tech Talk” round that includes Batman, battleships, and top-down cyber hygiene. Show Notes: Foundation for Defense of Democracies - fdd.org LinkedIn: https://www.linkedin.com/in/mark-montgomery-b8932810/ Twitter: @MarkCMontgomergy Cyber Insurance Reform Op-Ed: https://cyberscoop.com/congress-cyber-insurance-reform-op-ed Cyberspace Solarium Commission Reports: https://cybersolarium.org

  14. 112

    Episode 114: Trust by Design: Why AI Needs a New Digital Foundation

    In this episode of Tech Transforms, Carolyn Ford sits down with Will Roper, one of the key architects of modern defense digital transformation, for a wide-ranging conversation that challenges a core assumption of today’s tech landscape: what if AI can’t scale because the Internet was never designed to support it? Drawing on his experience leading Project Maven, overseeing the Air Force’s cloud adoption, and placing AI on a U-2 spy plane, Roper explains why the real barrier to AI adoption isn’t algorithms, it’s infrastructure. He explores how today’s Internet favors centralization, making it powerful for consumers but fundamentally misaligned with highly regulated, IP-sensitive industries like aerospace, defense, and critical infrastructure. The conversation dives deep into sovereign data territories, zero-trust collaboration, and why data should never have to move in order to be useful. Using vivid analogies—from Formula One racing and digital twins to The Matrix, Roper outlines a new model for federated infrastructure that enables secure collaboration without sacrificing ownership, trust, or governance. Carolyn and Will also explore digital certification, continuous airworthiness, and the idea of a “digital flight envelope,” where physical systems can validate and recertify themselves in real time, reshaping how safety, speed, and innovation coexist. The episode wraps with rapid-fire Tech Talk questions, a philosophical discussion on simulations and trust, and a look ahead at what the next decade of technology may bring. This is a must-listen episode for leaders rethinking infrastructure, AI readiness, and what it truly means to build systems that scale—securely, ethically, and intelligently. Show Notes: Email: [email protected] LinkedIn: https://www.linkedin.com/in/williamroper/ Summary "There is No Spoon" Talk: https://www.youtube.com/watch?v=dEcPlqImjWc Dr. Roper’s Paper: There Is No Spoon - The New Digital Acquisition Reality https://www.af.mil/Portals/1/documents/2020SAF/There_Is_No_Spoon_Digital_Acquisition_7_Oct_2020_digital_version.pdf Official Bio: https://www.af.mil/About-Us/Biographies/Display/article/1467795/dr-will-roper/ Istari https://www.istaridigital.com/ Flyer One: https://www.executivebiz.com/articles/istari-digitals-flyer-one-x-plane-on-track-for-digital-certification-will-roper-quoted

  15. 111

    Episode 112: Tech Transforms – Live from the Owl Evolution Summit

    Tech Transforms went live in front of an in-person audience (and simultaneously on the virtual platform and LinkedIn Live) for a special episode featuring Steve Stratton, retired Green Beret, former White House and Secret Service professional, and award-winning author of Skip Jack (included in attendees’ welcome package). The conversation explored why storytelling beats “speeds and feeds” when it comes to helping leaders and teams understand technology, remember what matters under pressure, and create real decision advantage. Steve explains how story creates emotional connection, strengthens recall, and gives context that data sheets can’t. Together, the hosts dig into the OODA loop, using a visceral film clip from We Were Soldiers to illustrate what decision-making looks like in chaos—then fast-forward to the near-future battlefield described in Skip Jack, where leaders are overwhelmed by sensors, AI, intel feeds, and massive data volume. A highlight is the reading from Chapter Five, where the commander describes mining high-threat networks and the dark web, relying on data diodes to stop malicious payloads hidden in media files, and pushing decisions to the point of information to speed response in a “nonkinetic war… at the speed of the internet.” The episode closes with rapid-fire “Tech Talk” questions—night vision tech, dream casting for Nicky Fury, and fictional worlds worth visiting—before the live audience transitions into the event’s first mission brief.

  16. 110

    Episode 113: Decoding a Career: Mike Beckerle on Data, DFDL, and Doing the Hard Stuff

    In this special holiday episode of Tech Transforms, we’re joined by Mike Beckerle—Chief Software Architect at Owl Cyber Defense, co-creator of the DFDL standard, and a foundational force behind the Apache Daffodil open-source project. Mike’s career has been a masterclass in solving some of the most complex challenges in data interoperability and secure information sharing—often behind the scenes, but always with massive impact. As he steps into retirement (though we’re not totally convinced he’ll slow down), we take a moment to reflect on the legacy he leaves behind—from his pioneering work at Tresys and Owl to shaping real-world standards that actually work. This episode is a celebration of big ideas, mentorship done right, and the kind of quiet brilliance that transforms entire fields. As longtime colleague Stephen Lawrence said best: “Mike didn’t just solve hard problems—he helped the rest of us learn how to solve them too.” If you've ever wrestled with legacy data or wondered what true tech leadership looks like, this one’s a gift.

  17. 109

    Episode 111: One Woman’s Rebellion Against Reckless AI

    In this thought-provoking episode of Tech Transforms, host Carolyn Ford welcomes Janet Kang, a Silicon Valley entrepreneur turned nonprofit leader whose work sits at the intersection of AI innovation, ethics, and long-term societal impact. After building companies since age 13, launching multiple ed-tech ventures, and incubating AI-powered products in a corporate venture studio, Janet experienced firsthand the exhilarating speed and unsettling risks of deploying AI in real-world environments. Those experiences ultimately led her to join Just Horizons Alliance, a nonprofit committed to developing open protocols, ethical frameworks, and real-time auditing tools that help organizations build and deploy AI responsibly. Janet shares candid stories from the early days of AI adoption, where models behaved inconsistently, guardrails lagged behind product timelines, and the pressure to scale fast often overshadowed deeper questions of safety and accountability. She explains why today’s biggest risk isn’t far-off superintelligence; it's the immediate, under-regulated integration of AI into education, healthcare, hiring systems, and public services. For younger users especially, she warns, AI already shapes communication, decision-making, confidence, and even identity and most tech leaders lack the tools to properly assess or mitigate those risks. Carolyn and Janet explore why ethical AI requires more than thought leadership and policy statements. It requires action: adversarial testing, real-world simulations, contextual frameworks, and independent audits that account for messy human behavior, not just ideal use cases. They also discuss the structural barriers women face in tech, the mentors who “give up their seat” to make space, and the mindset shift that comes with parenthood thinking in decades, not quarters. Looking ahead, Janet envisions a future where AI becomes “infrastructure, not the main character” as invisible and reliable as flipping a light switch because circuit breakers, safety layers, and accountability systems are finally in place. Until then, she calls on builders, executives, educators, and policymakers to take practical steps now: test relentlessly, understand failure modes, prioritize vulnerable users, and choose impact over speed. This is an episode for leaders who want to innovate boldly and responsibly, those wrestling with how to balance progress with protection, and how to shape an AI-powered future worthy of the next generation. Show Notes: www.justhorizons.org https://www.linkedin.com/in/kangjanet/ Pause superintelligence petition - https://www.axios.com/2025/10/22/superintelligence-ai-pause-yoshua-bengio Books Mentioned Empire of AI — Karen Hao The Alignment Problem — Brian Christian The Broken Earth Trilogy — N.K. Jemisin (recommended by Carolyn)

  18. 108

    Episode 110: Stealth Mode: Unmasking Cyber Threats Hiding in Plain Sight

    In this episode of Tech Transforms, host Carolyn Ford welcomes Connor Morley, Head of Security Research at Glasswall, for a deep dive into the spy-thriller world of modern file security. From malware hidden in images and PDFs to “polyglot” files that can appear as multiple formats at once, Morley exposes how attackers are redefining what a “safe file” really means. They explore how artificial intelligence is supercharging phishing and social-engineering campaigns, making malicious messages nearly indistinguishable from legitimate ones. Morley explains the evolution of steganography—the art of concealing code inside digital images and why emerging threats like QR-code hijacking (“quishing”) have become one of the easiest ways to breach both corporate and personal devices. But this isn’t a doom-and-gloom story. Morley shows how zero-trust file filtering and Content Disarm & Reconstruction (CDR) can neutralize hidden payloads without disrupting everyday workflows. He also reveals how these proactive defenses reduce “SOC noise,” giving security teams back valuable focus time and keeping threats from ever reaching end users. From AI-powered deception to invisible payloads hidden in plain sight, this conversation uncovers the unseen layer of cyber defense and reminds leaders that innovation, not fear, is the best shield against tomorrow’s threats. Show Notes: • Whitepapers: Polyglot Files: Unmasking Images & PDFs Steganography: Smudging the Invisible Ink QR Codes: Neutralizing Threats with CDR • Webinar: File Analysis & CDR: Forging A Formidable Defense • Website: https://www.glasswall.com/ • Connor Morley - https://www.linkedin.com/in/connormorley/

  19. 107

    Episode 109: Brewing AI: Tricks, Treats & Tech Myths (Chills & Thrills Finale)

    For our Halloween finale, Carolyn Ford invites two favorite “AI conjurers”, Dave Egts “Mr. X,” public-sector field CTO at Mulesoft, and Laura Klebanow, founder & chief storyteller at Show & Tell, into the Tech Transforms cauldron. Each brings a “secret AI ingredient”: Carolyn composes whimsical Suno-generated theme music (after a prompt-crafting detour through ChatGPT), Laura pushes image creation and Gemini’s career-planner for playful, practical use, and Dave reimagines Gemini’s children’s-storybook gem to craft customer-hero narratives, plus a Scooby-Doo-style Tech Transforms tale. Then we stir in the shadows: misinformation at scale, AI “rights,” bioethics (organoids/bodyoids), job disruption vs. reskilling, and how creativity can demystify AI without sugarcoating risks. The trio closes with rapid-fire “treats & tricks,” classroom-to-boardroom starter tips (talk with AI, don’t just query it; red-team your ideas), and a reminder to “find your beautiful” use the tools to clear the junk so humans can do what only humans do. Brewed takeaways Prompt craft matters; collaborate across tools (Suno, Gemini, ChatGPT). Creative play ≠ fluff: it’s a safe on-ramp to literacy and adoption. AI will change jobs; map “jobs to be done,” automate the rote, upskill the rest. Ethics aren’t optional: teach harm awareness early (mis/dis/malinformation, bullying). Start small today: keep a running dialogue with AI and build a personal “advisory board” of model personas. **Show Notes: Dave Egts - LinkedIn: https://www.linkedin.com/in/davidegts/ Laura Klebanow - Email: [email protected] - LinkedIn: https://www.linkedin.com/in/lauraklebanow/ Suno - https://suno.com/ My storybook: https://g.co/gemini/share/56bbf0498a84 Dave & Gunner Show: www.dgshow.org

  20. 106

    Episode 108: The Curious Case of AI - Part 2 ('The Thrills)

    In the “Thrills” side of our Halloween series, host Carolyn Ford and futurist Joseph Bradley shift from fear to possibility, exploring how AI can amplify human potential and unlock joy at scale. Bradley introduces the “happiness paradigm,” the idea that AI’s true value isn’t just about productivity, but about helping people find more meaning, connection, and time for what matters most. From digital “twins” that make leaders more effective, to AI tools that give disabled creators new ways to express themselves, to cognitive cities designed around citizens rather than assets, this is AI as an amplifier of identity and humanity. Instead of focusing on what we might lose, Bradley shows how leaders and organizations can build trust, align AI with values, and use it to create more satisfying workplaces, communities, and lives. If the “Chills” episode raised the hard questions, this one paints the vision of what’s possible when we get it right. Mentioned in this episode: Joseph Bradley - www.josephmbradley.com Joseph Bradley’s book You to the Power of 2 (Pre-order: josephmbradley.com | ​​https://shop.u-x2.ai/) The Happiness Paradigm- https://www.linkedin.com/posts/josephmbradley_happiness-successmindset-activity-7284796402122072065-Gl68/

  21. 105

    Episode 107: The Curious Case of AI - Part 1 (The Chills)

    The Curious Case of AI - A Two-Part Special (“The Chills”) In this Tech Transforms Halloween “Chills” episode, host Carolyn Ford and futurist Joseph Bradley explore the eerie, but essential, questions AI raises. Using Star Trek as their guide, they look at how “identic AI”, technology that mirrors identity, preferences, and even purpose can feel both thrilling and unsettling. Bradley, a strong believer in AI’s potential, points out that every powerful tool comes with risks if it’s misused. Together, he and Carolyn discuss what happens when efficiency is valued over happiness, how bias can creep in if we aren’t intentional, and why cognitive cities must be built with trust and ethics at the core. Think less “the end is near” and more “what safeguards do we need to make sure this future works for people?” This episode sets the stage for leaders, innovators, and everyday users to think critically about how AI shapes identity, relationships, and society, while remembering that the choices we make now will decide whether the future feels like The Borg… or The Federation. Mentioned in this episode: Joseph Bradley’s book U to the Power of 2 (Pre-order: josephmbradley.com | ​​https://shop.u-x2.ai/) Paperclip dilemma thought experiment - https://nickbostrom.com/ethics/ai Smart vs. Cognitive Cities https://www.pwc.com/m1/en/publications/documents/cognitive-cities-a-journey-to-intelligent-urbanism.pdf Questioneering: The New Model for Innovative Leaders in the Digital Age

  22. 104

    Episode 106: Influence, Intel, and Insider Threats: The Human Side of Cyber Risk

    In this episode, host Carolyn Ford sits down with Julie Laurin, a cyber threat intelligence consultant with the Mining and Metals ISAC. Julie brings two decades of expertise in software, a sharp eye for overlooked risks, and a deep curiosity about the intersection of humans and technology. Together, they explore the evolving landscape of cyber threats, from social engineering tactics like the Clickfix malware to the critical role of human behavior in cybersecurity. Julie shares fascinating insights into the vulnerabilities of critical infrastructure, the geopolitical implications of mining and minerals, and the challenges of navigating leadership as a woman in tech. They also dive into the neurodiverse superpowers that thrive in the fast-paced world of cybersecurity and the importance of empathy in the digital age. With humor, candor, and thought-provoking anecdotes, this episode will leave you rethinking the way we approach technology, security, and the human element. Tune in for a conversation that’s equal parts enlightening and entertaining. Stay curious and keep imagining the future! Summary Notes Julie’s LinkedIn Profile: https://www.linkedin.com/in/jlaurin/ Mining and Metals ISAC - https://mmisac.org/ ClickFix Analysis - https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/ ISO/IEC 27001 - https://www.iso.org/standard/27001

  23. 103

    Episode 105: From Compliance to Capability: Securing the Federal Software Supply Chain in the Age of AI

    On this episode of Tech Transforms, host Carolyn Ford welcomes Antoine Harden, Regional VP of Federal at Sonatype, to unpack one of the most urgent challenges in federal cybersecurity: securing the software supply chain. With more than 25 years of experience at Oracle, Google, and now Sonatype, Antoine shares why software supply chain risks from SolarWinds to Log4j have pushed SBOMs (Software Bills of Materials) and continuous monitoring into the spotlight. Together, they break down what SBOMs are (think nutrition labels for software), how mandates like Executive Order 14028 and frameworks like NIST’s Secure Software Development Framework (SSDF) and DoD’s SWFT are changing the compliance landscape, and why automation is essential to get from static ATOs to continuous authorization. Antoine also explains how Sonatype uses AI and software composition analysis tools to close critical gaps in open source and AI-heavy environments, helping agencies shift left, reduce vulnerabilities, and accelerate secure delivery of mission-critical systems. Along the way, the conversation covers everything from JFK delays caused by vulnerabilities, to the risks of “ludicrous speed” AI adoption, to the surprising history of Project Pigeon in WWII. For federal leaders ready to take action, Antoine offers one concrete step: start with a single mission-critical application, mandate an SBOM, and see what hidden risks you uncover. Show Notes: Connect with Antoine https://www.linkedin.com/in/antoine-harden-mba-035a441/ Executive Order 14028NIST Secure Software Development Framework (SSDF) CISA Zero Trust Maturity Model DoD’s SWFT (Software Fast Track Initiative) Sonatype Resource Center

  24. 102

    Episode 104: Securing the Future: AI, Cyber Risk, and the Federal Mission

    In this episode of TechTransforms, host Carolyn Ford sits down with Martin Stanley, Senior Advisor at NIST, to explore how AI is reshaping federal cybersecurity. They dive into NIST’s AI Risk Management Framework, the growing need for secure and resilient AI systems, and what it takes to build a “risk-aware” culture in government. Stanley shares insights on guarding against threats like model theft and prompt injection, how agencies are adapting zero trust principles for AI, and why explainability is essential in machine learning models. Whether you're new to AI governance or advancing your cybersecurity strategy, this episode offers practical guidance for navigating the evolving AI risk landscape. Show Notes: NIST AI resources: https://www.nist.gov/artificial-intelligence/ai-resources AI Risk Management Framework https://www.nist.gov/itl/ai-risk-management-framework NIST-AI-600-1: AI RMF Generative AI Profile https://airc.nist.gov/docs/NIST.AI.600-1.GenAI-Profile.ipd.pdf Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile https://doi.org/10.6028/NIST.SP.800-218A Email: [email protected] LinkedIn: https://www.linkedin.com/in/mcs729/

  25. 101

    Episode 103: From GOTS to COTS: How Policy and Innovation Are Reshaping the Tactical Edge

    *COTS vs. GOTS: What the Federal Mandate Really Means with Dom Perez * In this episode of Tech Transforms, host Carolyn Ford is joined by Dominic Perez, CTO of Curtiss-Wright Defense Solutions, to break down one of the hottest topics in defense tech: the federal government’s new COTS-first mandate. What happens when agencies must justify government-off-the-shelf (GOTS) solutions in 60 days or lose funding? Dom shares what this means for acquisition teams, why the policy might create more confusion than clarity, and how commercial solutions for classified (CSfC) are transforming secure communications in the field. From rugged mesh networks to “MacGyvered” mission-ready tech, Dom takes us behind the scenes of CSFC innovation, explaining how rapid deployment, lifecycle savings, and mission flexibility are driving real change. If you’ve ever wondered how defense innovation happens at the speed of relevance or what’s really in that “Rubbermaid tote” this one’s for you. Topics include: The 60-day COTS mandate and its real-world impact CSFC vs. Type 1: Speed, security, and scale What government and industry must do better Why the coolest tech might not come from GOTS anymore The value of failure, fast iteration, and field-informed design Follow Dom Perez on LinkedIn for more insights and check out Curtiss-Wright’s whitepapers on modular open systems, CSFC, and edge AI. Dominic Perez LinkedIn: https://www.linkedin.com/in/dominicperez/ Curtiss Wright White Papers: https://www.curtisswrightds.com/resources/white-papers

  26. 100

    Episode 102: Jurassic Networks: High Threat, Low Defenses, and the OT Reckoning

    In this episode of Tech Transforms, Daryl Haegley, Technical Director for Control Systems Cyber Resilience at the Department of the Air Force, shares insights from his nearly four decades of federal service, discussing the evolving landscape of cybersecurity for operational technology and control systems. He talks about the importance of creating a culture of security across government and industry, the challenges of modernizing legacy systems, and the urgent need to address cybersecurity gaps before adversaries exploit them. From developing a first-ever scorecard for facility cybersecurity to his mission of aligning cyber practices with national defense priorities, Haegley underscores the critical role of leadership, collaboration, and continuous innovation in securing the nation’s most vulnerable systems. For an even deeper dive, here are additional resources for your convenience: · Annual Threat Assessment Report: 2024 DNI ATA and 2025 DNI ATA · Cyber Resilience Office for Control Systems (CROCS): Watch · “OT: Lock It Down” Music Video: Listen here · Articles Referenced: Wired for Risk – SC World Cyber Skills Gap – Federal News Network Cyber OT training: [Article]

  27. 99

    Episode 101: The Fast Track to Global Defense Collaboration

    What happens when bureaucratic red tape meets bold collaboration? In this episode of Tech Transforms, Carolyn Ford is joined by Mat Cantagallo, Defense Director at Austrade, to explore how OWL, GME, and Austrade became the first to successfully leverage the AUKUS exemption, cutting through years of export restrictions to enable real-time defense collaboration between the U.S. and Australia. From simplifying tech transfer to accelerating mission-critical training, this conversation offers a powerful look at how smart policy and strategic partnerships are setting a new benchmark for global security innovation. If you’re in defense, cybersecurity, international trade, or just love a good story about making the impossible possible, this one’s for you. Contact Mat https://www.linkedin.com/in/mat-c-a377937/

  28. 98

    Episode 100: Trusting AI and Warfighting Technologies

    What does it take to trust AI in the highest-stakes environments and how do we make sure people stay at the center of every innovation? In our milestone 100th episode, Lt. General Susan Lawrence, President & CEO of AFCEA International and former CIO of the U.S. Army, joins host Carolyn Ford for a compelling conversation about the future of national defense in an AI-powered world. Together, they unpack: Why cybersecurity and data integrity must be the foundation of AI adoption How real-world conflicts like Ukraine are reshaping battlefield technologies What ethical AI deployment looks like across the military, government, and industry Why collaboration, not competition, is key to staying ahead of adversaries How to prepare today’s workforce for tomorrow’s digital fight Whether you're in the public sector, tech, or defense, this episode is packed with powerful insights on innovation, leadership, and national resilience.

  29. 97

    Cyber Resilience Starts with Culture: Building Trust in the Age of AI

    Why do phishing scams still work, even on the savviest among us? In this episode, host Carolyn Ford welcomes Bart McDonough, Founder of Agio and author of Cyber Smart and Cyber Guardians to break down the human side of cybersecurity. Bart shares practical tips to protect yourself and your organization from today’s most common threats, explains why a resilient cyber culture matters more than ever, and reveals how AI is shaping both the future of cyber defense and cybercrime. Packed with relatable stories and expert advice, this conversation is a must-listen for anyone who thinks they’re too smart to get hacked. Key topics: Why social engineering remains the top attack vector How to build defense-in-depth at work and at home Practical habits for better passwords and safer devices The evolving role of AI in cyber threats and defense Why a strong cyber culture starts with open, blame-free communication Tune in and level up your cyber smarts today!

  30. 96

    Episode 98: SCRM: Securing the Federal Technology Supply Chain

    What do Dune’s spice trade, HAL 9000, and federal supply chains have in common? They all reveal how deeply our systems rely on trust—and how dangerous things get when that trust breaks down. I’m joined by Timothy Amerson, CEO of CASMO Consulting, former Chief Information Security Officer at the Social Security Administration, and Army veteran, to explore why Supply Chain Risk Management is no longer just a CISO concern. From insider threats to shifting geopolitical pressures, Tim brings sharp, actionable insight for leaders navigating today’s complex cyber landscape. If you’re serious about moving from compliance to real resilience, this episode is for you.

  31. 95

    Prompting the Future: AI, Leadership, and the Military Mindset with Capt. M. Scott Austin, USCG

    When military leaders say, “Get me some of that AI,” what are they really asking for? In this episode of Tech Transforms, host Carolyn Ford is joined by Capt. M. Scott Austin, a Fellow at the Carnegie Mellon Institute for Strategy and Technology and a U.S. Coast Guard veteran. Together, they unpack what “prompt engineering” really means—not just for AI users, but for mission-driven leaders. Capt. Austin challenges the hype, emphasizing the need for clear problem definition, strategic alignment, and human-centered design when applying AI in defense and beyond. They explore how AI can “buy back time,” why empathy is a critical leadership skill in tech adoption, and whether C-3PO or R2-D2 is the better model for agentic warfare. You’ll hear: Why the best prompt engineering starts with leadership, not code What military organizations can teach us about AI adoption and design thinking The difference between generative and agentic AI—and why it matters A surprising take on AI’s boot camp curriculum (spoiler: not swimming) Whether you're building policy, coding tools, or just trying to avoid another expense report, this episode will expand your thinking about AI’s role in high-stakes environments.

  32. 94

    Episode 96: Tech Transforms + ATARC: AI, Oceans, and Innovation with NOAA’s Frank Indiviglio

    Show Notes: In this special Tech Transforms + ATARC crossover episode, Carolyn Ford talks with Frank Indiviglio, Chief Technology Officer at NOAA, about how AI, data science, and high-performance computing are transforming weather forecasting, climate modeling, and ocean research. Frank shares how NOAA uses tools like REMUS underwater vehicles, balances open data with cybersecurity, and drives innovation through cross-sector collaboration. Resources & Links: 🌐 Learn more about NOAA’s AI initiatives: noaa.gov/ai 🔗 Connect with Frank Indiviglio on LinkedIn: Frank Indiviglio Tune in for insights on the future of AI, oceans, and innovation!

  33. 93

    Zero Trust at the Edge: Securing Data, Devices, and Decisions

    What if we could trust the data flying out of streetlights, drones, and smart thermostats — right from the source? In this episode of Tech Transforms, Randy Clark breaks down the principles of zero trust data and its transformative power for smart cities, IoT, and AI at the edge. Randy shares why protecting data packets (not just networks) is critical for security and innovation—and how it opens up new opportunities for collaboration, compliance, and even battlefield awareness. Tune in for a fascinating conversation on the future of digital trust.

  34. 92

    Episode 94: Special Crossover Episode: Boosting Federal Cyber Resilience Through Cross-Domain Solutions

    In this special crossover from the Federal Tech Podcast hosted by John Gilroy, I’m excited to share a powerful conversation featuring Tim Fahl, CTO at Owl Cyber Defense. Tim dives into how cross-domain solutions are playing a crucial role in boosting cyber resilience across federal agencies—enabling secure information sharing in even the most sensitive environments. We explore how Owl Cyber Defense is bridging security gaps, ensuring that mission-critical data can flow safely and efficiently between networks of differing classifications. If you’re passionate about securing federal systems and fascinated by the intersection of innovation and infrastructure, this episode is a must-listen. Originally aired on the Federal Tech Podcast. Huge thanks to John Gilroy for the opportunity to bring this conversation to the Tech Transforms audience.

  35. 91

    Episode 93: Skipjack Series ep2: White Heron and the Edge of Conflict

    Guest: Award Winning Author Steve Stratton, Retired Green Beret, Former Secret Service Agent, Cybersecurity Expert, Author of Operation Skipjack Summary: In this special episode of Tech Transforms, part of our ongoing Skipjack Series, host Carolyn Ford reconnects with Steve Stratton to discuss his latest story: Operation White Heron. Building on the world of Operation Skipjack, this installment dives into the often-invisible frontlines of modern warfare—where shaping operations, secure communications, and real-time intelligence determine outcomes before the first shot is ever fired. From special forces training with partners in the Pacific to disinformation campaigns and environmental sensors used for threat detection, Stratton breaks down how fiction rooted in reality can help decision-makers reframe the future of conflict. It’s a powerful conversation about leadership at the edge, data as a weapon, and the value of multi-domain coordination. If you’re in national security, tech, or just curious how stories can shape strategy, this episode is for you. Key Takeaways – Operation White Heron Episode Conflict Doesn’t Start with Gunfire Modern warfare is already happening—in cyberspace, in social media, and through economic and information pressure. Operation White Heron explores the reality of “pre-hostility” operations where shaping activities and influence campaigns define the battlespace before combat begins. Operate at the Point of Information Admiral Nikki Furry empowers her teams to make decisions where the data is collected—not after it's passed through layers of bureaucracy. This shift mirrors real-world changes in how the U.S. military and intelligence community are adapting to fast, decentralized decision-making. Multi-Domain Awareness Requires Unconventional Sensors From tidal sensors to AI-enhanced intel fusion, the story shows how unconventional data sources—when securely correlated—can detect threats others might miss. The key is recognizing that anything connected to the environment can become part of your sensor network. Real-Time Data Sharing Is the New Tactical Advantage Tactical data has a short shelf life. Whether stopping swimmers from landing on a hostile coast or responding to disinformation in real-time, secure and fast communications between allied forces is a game-changer. Useful Fiction Makes the Tech and Stakes Real By embedding real technology—like Owl’s PACSTAR kits and cross-domain guards—into a compelling narrative, Stratton helps readers understand the why behind secure communications, not just the how. This Is a Continuum, Not a Moment From pre-conflict shaping to full kinetic operations and post-conflict recovery, modern warfare requires continuous situational awareness, massive data ingestion, and the ability to act inside the adversary’s decision loop. 📘 Read the First Chapters Now — and Be the First to Read the Latest Installment: Operation White Heron The Skipjack series continues. Start with the opening chapters already available—and be among the first to read Operation White Heron, launching May 5 at SOF Week. 👉 owlcyberdefense.com/operationskipjack 📬 Connect with Steve Stratton 📧 Email: [email protected] 🌐 Website: stevenstrattonusa.com 🔗 LinkedIn: Steve Stratton 📱 Instagram/X/Facebook: @StrattonBooks

  36. 90

    5 AI Predictions for 2025 & How to Build Intelligent Agents with Dave Egts

    In this episode, Carolyn welcomes back Dave Egts, Field CTO at MuleSoft, to explore the transformative power of AI in 2025. They dive into Dave’s top five AI predictions, with a special focus on the rise of agentic AI—AI that doesn’t just suggest, but acts. Dave explains the difference between generative AI and intelligent agents, why integration via APIs is the key to agent success, and how government agencies can prepare now. Listeners will learn: What “large action models” (LAMs) are, and how they differ from large language models How AI agents are already reducing friction in Salesforce and Slack Why AI success depends on access to high-quality, actionable data What’s driving the shift toward small language models and what that means for secure, on-device AI Why “agent-washing” is the new “AI-washing”—and how to spot it What makes a truly impactful agent vs. a glorified chatbot Dave’s favorite sci-fi robot, a monkey’s paw superpower wish, and what tech breakthrough he thinks is coming next 📌 Show Notes: Guest: Dave Egts, Field CTO at MuleSoft, a Salesforce company 🔗 Follow Dave on LinkedIn 🎧 Listen to the Dave & Gunnar Show Key Topics: [00:00] Intro & Dave’s blog: “5 AI Predictions for 2025” [03:00] What’s an AI agent? Why they’re different from GenAI [07:30] Real-world examples from Salesforce: Agentforce in action [14:00] The importance of APIs for agent success [15:45] Government use cases & security considerations [18:00] Internal AI agents that reduce toil (meeting schedulers, IT help, expense reports) [22:00] Cylon references & the power of digital labor in public sector [29:00] Small Language Models: Why smaller might be better [36:00] LLM Routers explained [38:00] Fun Tech Talk Q&A (Superpowers, overhyped trends, sci-fi names) Resources Mentioned: 📖 Dave's Blog: 5 AI Predictions for 2025: Opportunities Tech Leaders Must Seize This Year 💡 Trailhead Learning Platform from Salesforce: Learn to build your own agent 🤖 Help.Salesforce.com – Try Agentforce 📺 Forbidden Planet (Robby the Robot) 🐒 Monkey’s Paw story reference

  37. 89

    Useful Fiction with Steve Stratton: A Story You Can't Afford to Ignore

    What if the next global conflict begins not on the battlefield, but in cyberspace? In this thrilling episode of Tech Transforms, host Carolyn Ford welcomes author, former Special Forces operator, and intelligence professional Steve Stratton to discuss Operation Skipjack—a useful fiction thriller that feels ripped straight from today’s headlines. This isn’t just a story; it’s a wake-up call. Set in one of the world's most volatile geopolitical hotspots, Operation Skipjack explores a high-stakes cyber warfare scenario where adversaries leverage stealth technology, artificial intelligence, and quantum computing to disrupt global military operations. While the narrative is fictional, the threats, technologies, and strategic maneuvers are real—many of them already in development or active use. What You’ll Learn in This Episode: 🚀 The Real-World Tech Behind the Fiction: Every piece of technology in Operation Skipjack—from quantum radar to cross-domain security solutions—is either operational, in prototype, or on the near horizon. Learn how emerging innovations are shaping modern defense strategies. 🕵️ Why “Useful Fiction” Is More Than Just a Story: Unlike traditional fiction, useful fiction blends real-world intelligence, defense strategies, and cutting-edge tech into an engaging narrative. Find out how military leaders and decision-makers use fictionalized scenarios to prepare for real threats. 🌍 The Cyber War That’s Already Happening: Steve Stratton reveals why cyber warfare isn’t a future possibility—it’s a daily battle being fought in the shadows. From state-sponsored hacking to AI-powered cyber attacks, the game has changed, and national security is on the line. 🔒 The Role of Cross-Domain Solutions in Defense: Discover how Owl Cyber Defense’s technology is ensuring secure, real-time data transfers in high-risk military environments—and why this matters in a world of increasing cyber threats. 🎥 If Operation Skipjack Became a Movie: Who would play Admiral Nikki Fury? Steve and Carolyn share their dream cast picks for a blockbuster adaptation of this intense cyber thriller. Exclusive Access to Operation Skipjack Operation Skipjack will be officially unveiled at Distributech on March 24, 2025, but you don’t have to wait. 🔗 Get exclusive early access to the full chapter! Sign up at owlcyberdefense.com/operationskipjack/ to receive your copy as soon as it’s released. 📢 Stay Connected: Follow Owl Cyber Defense on LinkedIn for updates. Connect with Steve Stratton at [stevenstrattonusa.com](stevestrattonusa.com) Final Thought: This episode isn’t just about a book—it’s about the future of warfare, technology, and national security. Are we ready for what’s coming? 🎧 Listen now and stay ahead of the cyber threats shaping tomorrow’s battles.

  38. 88

    Open Source for Classified Environments

    🔒 How do we secure software in an era of open-source dominance and AI-driven threats? On this episode of Tech Transforms, Scott Orton and Mike Mehlberg join Carolyn Ford to explore the future of secure software development. They tackle: ✅ The Power of SBOMs – Why software transparency is a game-changer (and why some companies still resist it) ✅ Open-Source Risks – How attackers exploit vulnerabilities in widely used packages and what to do about it ✅ Rust Programming Language – The case for transitioning to a more secure, memory-safe coding environment ✅ AI in Software Development – How AI is transforming cybersecurity, from automated vulnerability detection to mitigating risks before they happen ✅ Cross-Domain Solutions – The push toward hygienic networks and a proactive approach to security in classified environments They also discuss real-world security threats, including a recent open-source software attack that nearly went undetected. Plus, Scott shares his vision for AI inspired by non-human intelligence (think squids and insects! 🦑). 🔹 If you're in software development, cybersecurity, or tech leadership, this episode is a must-listen! 📲 Connect with Scott and Mike on LinkedIn for more insights. 🎧 Listen now and stay ahead in the world of secure software and cyber defense!

  39. 87

    Blockchain Intelligence: Tracking Crime and Securing Nations

    💡 Is blockchain just for crypto bros, or is it the future of financial security? In this episode, Carolyn Ford welcomes Don Spies, CEO of Outrider Analytics, to unravel the complexities of blockchain intelligence. They discuss how digital assets are transforming crime fighting and how law enforcement agencies use blockchain analysis to track illicit activity—from fraud and ransomware to cyber warfare and terrorist financing. Pop culture meets cybersecurity as Don speculates how blockchain could change classic crime stories like Ocean’s 11 and shares his vision for a blockchain-themed thriller (Encrypted Justice, anyone?). Key Topics Covered: ✔️ Blockchain 101 – Explained like you’re in eighth grade ✔️ How criminals leverage digital assets & how investigators track them ✔️ Real-world cases of financial crime solved through blockchain ✔️ Common misconceptions about cryptocurrency & security risks ✔️ The role of government regulation in shaping the future of digital assets Listen now to discover how blockchain is reshaping global security! 🔗 Learn more about Don Spies and Outrider Analytics

  40. 86

    Exploring Human-Machine Teaming with General Michael Groen

    Explore the transformative potential of AI in this compelling conversation with retired Lieutenant General Michael Groen, former director of the Joint Artificial Intelligence Center (JAIC). General Groen discusses how AI is reshaping industries, national security, and human potential. He delves into the challenges of fostering innovation in large organizations, the necessity of cultural shifts, and the critical role of leadership in navigating this technological revolution. Whether you’re an AI enthusiast, a tech skeptic, or just curious about the future, this episode will inspire you to imagine the possibilities.

  41. 85

    Episode 87: The Future of Tactical Networks: Connecting Warfighters in Real Time

    How do we empower warfighters with real-time, secure communication in the most challenging operational environments? In this episode of Tech Transforms, Carolyn sits down with Dan O'Donohue, VP of Secure Communications at Owl Cyber Defense and retired U.S. Marine Corps Lieutenant General, to explore the cutting-edge of tactical network technologies. With firsthand experience leading Marine Forces Cyber and Joint Force Development, Dan discusses the evolution of secure data exchange, the integration of AI, and the significance of adaptability in disrupted environments. Discover how secure communication networks drive operational success, how cross-domain solutions enhance coalition interoperability, and why a modernized, data-driven military is essential in today’s battlespace. Whether you're a tech enthusiast or a leader seeking insights on the future of tactical networks, this episode will transform the way you think about secure communications. Tune in for expert perspectives and actionable takeaways from one of the foremost leaders in the field.

  42. 84

    Episode 86: Navigating AI in Sensitive Environments: What You Need to Know

    In this episode of Tech Transforms, Tracy Bannon, a software architect and researcher at MITRE, dives into the exciting potential and challenges of using generative AI in the Software Development Lifecycle (SDLC). Tracy explores how AI can revolutionize workflows, enhance testing, and even act as a collaborative team member. From addressing human trust issues with AI to building decision-making tools, Tracy shares her journey in navigating the evolving role of generative AI. Tune in for actionable insights and learn how careful integration of AI can unlock innovation while maintaining security and trust. Key Topics Covered: Integrating generative AI into the SDLC Trust and human factors in using AI tools Promising applications of AI in software development Security considerations and risks of AI-generated code Shaping the future of AI in a responsible way Sponsor: This episode is brought to you by OWL Cyber Defense, leaders in secure data transfer solutions for critical networks.

  43. 83

    New: Building a Stronger Team: How Data is Transforming Workforce Development in the Public Sector

    In this episode of Tech Transforms, host Carolyn Ford welcomes back Kris Saling, the Director of Talent Analytics and Data Strategy for the U.S. Army, to discuss her new book, Data-Driven Talent Management. Kris shares how analytics is reshaping recruitment, retention, and employee engagement across both the public sector and private industry, providing leaders with powerful tools to build stronger, more motivated teams. From the value of non-monetary incentives to the evolving role of AI in hiring, Kris reveals practical ways data can transform talent management. Whether you're in marketing, cybersecurity, or beyond, this episode is packed with actionable insights on creating a people-first workplace. Join us for a deep dive into the future of workforce management!

  44. 82

    Episode 85: Exploring AI Trends and Cybersecurity Evolution in the Federal Tech Landscape with Jason Miller

    Jason Miller is the Executive Editor of Federal News Network and has covered the federal technology space over the course of five Presidential administrations. He brings his wealth of knowledge as he joins Tech Transforms to talk about AI, the top things government agencies are working towards this year and his predictions around FedRAMP changes. Jason also pulls on his decades of experience as he discusses events that changed the nation's approach to cybersecurity and the longstanding need to have data that is better, faster and easier to use.Key Topics00:00 AI's impact on texting and cloud's significance.04:17 Federal Enterprise Risk Management in government tech.07:20 AI trends shifting toward real-time application.11:22 2025 and 2027 deadlines for zero trust.13:31 CISOs and CIOs adapting to modern technology.16:45 Frustration with FedRAMP leads to reform efforts.21:39 Applying similar model to expand decision-making.23:37 GSA discussed OSCAL at private industry day.27:55 CISA's role has grown within DHS.30:33 Increased transparency in cybersecurity changed approach significantly.34:17 Reflecting on the 2006 significance of data.39:19 AFCEA events bring together good people.42:53 Fascination with government architecture and dedicated government workers.44:35 Promoting positivity and accountability in government industry.Cybersecurity Evolution: Examining Technology's Political Neutrality and AI Commitment Through Administrative ChangesConsistent Focus on Cybersecurity Evolution Across Political AdministrationsJason expressed a clear conviction that technology issues are largely immune to political fluctuation and are a continuity in government agendas. Reflecting on his experience across five administrations, he noted that the foundational technological discussions, such as cloud adoption, cybersecurity enhancement and overall IT improvement are fundamentally preserved through transitions in political leadership. He highlighted that the drive to enhance government IT is typically powered by the resilience and dedication of public servants, who generally carry on valuable reforms and initiatives regardless of the sitting administration's politics. These individuals are essential to sustaining progress and ensuring that technology remains a key priority for effective governance.Federal IT Policies Consistency: "No one comes in and says, I'm against AI, or cloud is bad, move back on premise, or cybersecurity, defund cybersecurity. I think those are the issues that stay the same." — Jason MillerExecutive Orders and AI AdoptionAddressing the specifics of executive orders, particularly those influencing the implementation and development of artificial intelligence (AI), Jason examined their historical persistence and their potential to shape operational practices in the government sector. He and Mark discussed how the stability of AI-related orders through various administrations is indicative of a broader governmental consensus on the integral role AI holds in modernizing federal operations. Despite changes in leadership, the incoming officials frequently uphold the momentum established by their predecessors when it comes to leveraging AI. Indicating a shared, bipartisan recognition of its strategic importance to the government's future capabilities and efficiencies.Cybersecurity Evolution: Zero Trust Principles and Network Security Challenges in Federal AgenciesZero Trust and Cybersecurity BudgetingDuring the podcast, Carolyn and Jason delve into the current trends and expectations for federal cybersecurity advancements, with a particular focus on zero trust architecture. Their discussion acknowledged that agencies are on a tight schedule to meet the guidelines set forth by the Office of Management and Budget, which has highlighted 2025 as the target year for civilian agencies to embrace specific zero trust requirements. While the Department of Defense has until 2027. Moving past the traditional perimeter defense model, zero trust principles necessitate an ongoing and multifaceted approach to security, which includes sizable budget implications. Jason underscored the importance of the 2024 fiscal year. Noting it as the first time federal budgets are being crafted with clear delineations for zero trust capabilities. This shift in focus is exemplified by the rollout of endpoint detection and response (EDR) technologies. Vital components in this architecture that ensure rigorous monitoring and real-time responsiveness to cyber threats.Understanding the Cybersecurity EvolutionJason underscored the complexities of network security as federal entities confront the expanding cybersecurity landscape. Highlighted was the layered approach needed to fortify cybersecurity, starting with IAM. This segment illuminated the government's drive to update antiquated systems with modern identification and credentialing processes to better regulate access control. The discussion spilled into a critical analysis of data layer security, emphasizing the necessity for agencies to marshal their applications and data against unauthorized access. Furthermore, Jason hinted at the broader horizon of security measures, which now includes OT and IoT devices. The intertwining of these technologies with standard IT infrastructure adds layers of complexity for security protocols. The conversation shined a light on the massive task that lies ahead as agencies work to comprehend and safeguard the expanded network perimeters and develop strategies to encapsulate a variety of devices under a comprehensive cybersecurity shell.The Evolution of AI in Cybersecurity: "We can take data that was 3 years ago or data over the last 3 years and look for trends that we can then use for our future. I think what they're looking for now is more real time, more immediate, especially if you think about, like, cybersecurity." — Jason MillerInnovations and Challenges in Tech ReportingTimeliness in Problem ReportingJason believes that being proactive is vital when it comes to identifying and addressing potential issues within federal agencies. He highlighted that by the time an oversight report, such as those from the Government Accountability Office or an Inspector General's office, is made public, the concerned agency has likely been aware of the issue and has already taken steps to address it. This underlines the criticality of immediate agency reactions to problems. In the context of these reports, Jason suggested reading the agency's responses first. They provide the most current view of what's happening and the actions taken, often making them more newsworthy than the findings of the report itself.ACT-IAC and AFCEA Gatherings Key to Cybersecurity Evolution DialogueWithout specifically endorsing any one event, Jason acknowledged the importance of various industry gatherings where government and industry leaders convene to discuss pressing topics. He emphasized the ACT-IAC and the AFCEA events as beneficial arenas that enable him to engage deeply in conversations that can lead to actionable insights and meaningful connections. He also mentioned that these events provide an opportunity to interact with federal agency leaders outside the formal constraints of an office setting. This can lead to more open and candid exchanges of ideas and experiences within the government tech community. The ACT-IAC conferences and AFCEA's branch-specific IT days, according to Jason, yield particularly high-value discussions that contribute to both immediate news items and broader thematic reporting.Probing the Cybersecurity EvolutionJason's Insight on Federal Tech TrendsJason brings a wealth of knowledge specific to federal government technology trends. He highlights AI as a prevalent topic within current discussions. His emphasis on AI signifies the shift from its former buzzword status to a fundamental tool in federal IT arsenals, especially regarding applications in cybersecurity and immediate data analysis. Jason notes that this mirrors the pattern of past tech trends in the industry, where initial hype evolves into concrete implementations. The conversation underscores the fact that while AI is gaining traction in strategic planning and operations, it is critical to discern genuine AI adoption from mere marketing.AI Shift Reflects Cybersecurity Evolution and Predictive Technology Integration in Government OperationsAs the conversation progresses, Jason, Carolyn and Mark explore how the vigorous enthusiasm around AI aligns with patterns observed during the advent of previous technologies. The cycle of tech trends typically begins with a surge of excitement and culminates with the practical integration of technology within government operations. Jason points out that although AI is the topic du jour, the government's drive towards embracing real-time and predictive capabilities of AI is indicative of its elevated role compared to earlier technology hypes. This shift spotlights AI's increasing value in enhancing operational efficiency and decision-making processes across various federal agencies.Appreciating Government Employees: “There's so many great people who work for the government who want to do the right thing or trying to do the right thing, that work hard every day, that don't just show up at 9 and leave at 5 and take a 2 hour lunch." — Jason MillerThe FedRAMP Overhaul DebateRethinking FedRAMPFedRAMP's reform was a critical topic addressed by Jason, who noted industry-wide eagerness for revising the program's long-standing framework. Not only has the cost of compliance become a pressing issue for businesses aiming to secure their cloud solutions, but the time-consuming journey through the certification labyrinth has compounded their challenges. Advancements in technology and a shift towards better automation capabilities have supported the argument for modernizing FedRAMP. The white paper presented by the General Services Administration responded to such pressures with the goal of making the process more efficient. Jason also mentioned a legislative angle with Representative Connolly's involvement, marking the congressional ear tuned to the private sector's concerns about the program's current state.Predicting the Future of FedRAMPMoving forward, while discussing federal efforts to enhance cloud security protocols, Jason described the nuances in predicting FedRAMP's evolution. He cited the Department of Defense's actions as a positive development, in which they suggested frameworks for accepting FedRAMP certifications reciprocally, depending on security levels. This reciprocity aims to foster mutual trust and reduce redundancy in security validations. However, Jason exercised caution in providing a timeline by which tangible reforms might materialize for businesses pursuing FedRAMP accreditations. Despite the uncertainties, he recognized automation, specifically via OSCAL, as a potential accelerant for the much-needed reform, bringing about quicker, more cost-effective compliance processes.Tracking the Cybersecurity Evolution: From 2006 Data Breach to Contemporary Data Protection StrategiesAnalyzing the Cybersecurity Evolution Post-2006 Veterans Affairs Data MishandlingJason provided context on the evolution of cybersecurity. Drawing from an incident in 2006 when the Veterans Affairs department mishandled tapes containing sensitive data of millions of veterans. This episode, he explained, was an eye-opener, underscoring the importance of data security within the federal government. The aftermath was a pivot towards greater openness about cybersecurity issues. Moving away from a more secretive posture to one where sharing of information became essential for strengthening overall security. What we observe now is a more concerted effort within government circles to collaborate, engage with industry partners, and cultivate a proactive stance on cybersecurity threats, with agencies actively communicating about and learning from security incidents.Emphasizing Data ProtectionThe conversation highlighted the criticality of data protection as it has become the nucleus of many governmental operations and decision-making processes. Since the intrusion into the Office of Personnel Management's records, there has been a palpable shift, gearing towards more robust data safeguards. Jason pointed out how being well-informed about such dynamics is crucial. Entailing an immersion in various activities such as attending industry events, networking with key players, and thorough analysis of inspector general and Governmental Accountability Office reports. Such proactive engagement helps in staying abreast of the current and emerging landscape of federal technology, especially the methodologies and strategies deployed to protect the troves of sensitive data managed by government entities.About Our GuestJason Miller has served as executive editor of Federal News Network since 2008. In this role, he directs the news coverage on all federal issues. He has also produced several news series – among them on whistleblower retaliation at the Small Business Association, the impact of the Technology Modernization Fund and the ever-changing role of agency CIOs.Episode LinksFedRAMP Memo ACT-IAC EventAFCEA Events 

  45. 81

    Episode 84: So What?: Understanding Disinformation and Election Integrity with Hillary Coover

    Can you spot a deepfake? Will AI impact the election? What can we do individually to improve election security? Hillary Coover, one of the hosts of the It’s 5:05! Podcast, and Tracy Bannon join for another So What? episode of Tech Transforms to talk about all things election security. Listen in as the trio discusses cybersecurity stress tests, social engineering, combatting disinformation and much more.Key Topics04:21 Preconceived notions make it harder to fake.06:25 AI exacerbates spread of misinformation in elections.11:01 Be cautious and verify information from sources.14:35 Receiving suspicious text messages on multiple phones.18:14 Simulation exercises help plan for potential scenarios.19:39 Various types of tests and simulations explained.23:21 Deliberate disinformation aims to falsify; consider motivation.27:44 India election, deepfakes, many parties, discerning reality.32:04 Seeking out info, voting in person important.34:18 Honest cybersecurity news from trusted source.38:33 Addressing bias in AI models, historic nuance overlooked.39:24 Consider understanding biased election information from generative AI.Navigating the Disinformation QuagmireDissecting Misinformation and DisinformationHillary Coover brings attention to the pivotal distinction between misinformation and disinformation. Misinformation is the spread of false information without ill intent, often stemming from misunderstandings or mistakes. On the other hand, disinformation is a more insidious tactic involving the intentional fabrication and propagation of false information, aimed at deceiving the public. Hillary emphasizes that recognizing these differences is vital in order to effectively identify and combat these issues. She also warns about the role of external national entities that try to amplify societal divisions by manipulating online conversations to serve their own geopolitical aims.Understanding Disinformation and Misinformation: "Disinformation is is a deliberate attempt to falsify information, whereas misinformation is a little different." — Hillary CooverThe Challenges of Policing Social Media ContentThe episode dives into the complexities of managing content on social media platforms, where Tracy Bannon and Hillary discuss the delicate balance required to combat harmful content without infringing on freedom of speech or accidentally suppressing valuable discourse. As part of this discussion, they mention their intention to revisit and discuss the book "Ministry of the Future," which explores related themes. Suggesting that this novel offers insights that could prove valuable in understanding the intricate challenges of regulating social media. There is a shared concern about the potential for an overly robust censorship approach to hinder the dissemination of truth as much as it limits the spread of falsehoods.The Erosion of Face-to-Face Political DialogueThe conversation transitions to the broader societal implications of digital dependency. Specifically addressing how the diminishment of community engagement has led individuals to increasingly source news and discourse from digital platforms. This shift towards isolationistic tendencies, amplified by the creation of digital echo chambers, results in a decline of in-person political discussions. As a result, there is growing apprehension about the future of political discourse and community bonds, with Hillary and Tracy reflecting on the contemporary rarity of open, face-to-face political conversations that generations past traditionally engaged in.The Shadow of Foreign Influence and Election IntegrityChallenges in India’s Multiparty Electoral SystemIn the course of the discussion, the complexity of India's electoral system, with its multitude of political parties, is presented as an example that underlines the difficulty in verifying information. The expansive and diversified political landscape poses a formidable challenge in maintaining the sanctity of the electoral process. The capability of AI to produce deepfakes further amplifies the risks associated with distinguishing genuine content from fabricated misinformation. The podcast conversation indicates that voters, particularly in less urbanized areas with lower digital literacy levels, are especially vulnerable to deceptive content. This magnifies the potential for foreign entities to successfully disseminate propaganda and influence election outcomes.Election Integrity and AI: "Misinformation and disinformation, they're not new. The spread of that is certainly not new in the context of elections. But the AI technology is exacerbating the problem, and and we as a society are not keeping up with our adversaries and social media manipulation. Phishing and social engineering attacks enhanced by AI technologies are really, really stressing stressing the system and stressing the election integrity." — Hillary CooverCountering Foreign Disinformation Campaigns in the Digital AgeWith a focus on the discreet yet potent role of foreign intervention in shaping narratives, Hillary spotlights an insidious aspect of contemporary political warfare, the exploitation of media and digital platforms to sway public perception. This influence is not just limited to overt propaganda but extends to subtler forms of manipulation that seed doubt and discord among the electorate. As the podcast discussion suggests, the consequences of such foreign-backed campaigns could be significant, leading to polarization and undermining the foundational principles of democratic debate and decision-making. The potential for these campaigns to carry a vengeful weight in political discourse warrants vigilance and proactive measures to defend against such incursions into informational autonomy.Addressing the Impact of Disinformation Through AI's Historical Representation BiasTackling Disinformation: AI Bias and the Misrepresentation of Historical FiguresThe discussion on AI bias steers toward concrete instances where AI struggles, as Tracy brings forth examples that illustrate the inaccuracies that can arise when AI models generate historical figures. Tracy references a recent episode where Google's Gemini model was taken offline after it incorrectly generated images of German soldiers from World War 2 that did not match historical records. Similar errors occurred when the AI produced images of America's Founding Fathers that featured individuals of different racial backgrounds that did not reflect the true historical figures. These errors are attributed not to malicious intent by data scientists but to the data corpus used in training these models. This segment underscores the significant issues that can result from AI systems when they misinterpret or fail to account for historical contexts.The Necessity of Addressing AI BiasContinuing the conversation, Hillary emphasizes the importance of recognizing and addressing the biases in AI. She advocates for the vital need to understand historical nuances to circumvent such AI missteps. Both Hillary and Tracy discuss how biased news and misinformation can influence public opinion and election outcomes. This brings to light the critical role historical accuracy plays in the dissemination of information. They point out that to prevent biased AI-generated data from misleading the public, a combination of historical education and conscious efforts to identify and address these biases is necessary. The recognition of potential AI bias leads to a deeper discussion about ensuring information accuracy. Particularly with regard to historical facts that could sway voter perception during elections. Tracy and Hillary suggest that addressing these challenges is not just a technological issue but also an educational one. Where society must be taught to critically evaluate AI-generated content.The Challenge of Community Scale Versus Online InfluenceCombating Disinformation: The Struggle to Scale Community Engagement Versus Digital Platforms' ReachThe dialogue acknowledges the difficulty of scaling community engagement in the shadow of digital platforms' expansive reach. Hillary and Tracy delve into the traditional benefits of personal interactions within local communities, which often contribute to more nuanced and direct exchange of ideas. They compare this to the convenience and immediacy of online platforms, which, while enabling widespread dissemination of information, often lack the personal connection and accountability that face-to-face interactions foster. The challenge underscored is how to preserve the essence of community in an age where online presence has become overpowering and sometimes distancing.Navigating the Truth in the Digital Age: “Don't get your news from social media. And then another way, like, I just do a gut check for myself. [...] I need to go validate." — Hillary CooverImpact of Misinformation and Deepfakes on Political DiscourseThe episode reiterates the disquieting ease with which political discourse can be manipulated through deepfakes and misinformation. Showcasing the capabilities of AI, Tracy recalls a deepfake scam involving fake professional meetings which led to financial fraud. These examples underscore the potential for significant damage when such technology is applied maliciously. Hillary emphasizes the critical need to approach online information with a keen eye, pondering the origins and credibility of what is presented. Both Tracy and Hillary stress the importance of developing a defensive posture towards unsolicited information. As the blurring lines between authentic and engineered content could have severe repercussions for individual decisions and broader societal issues.Stress Testing and Mitigating Disinformation in Election Security StrategiesThe Role of Stress Tests in Election SecurityHillary and Tracy discuss the importance of conducting stress tests to preemptively identify and mitigate vulnerabilities within election systems. These tests, which include red teaming exercises and white hat hacking, are designed to replicate real-world attacks and assess the systems' responses under duress. By simulating different attack vectors, election officials can understand how their infrastructure holds up against various cybersecurity threats. This information can be used to make necessary improvements to enhance security. The goal of these stress tests is to identify weaknesses before they can be exploited by malicious actors. Thereby ensuring the integrity of the electoral process.Mitigating the Impact of DisinformationThe conversation emphasizes the urgent need for preemptive measures against disinformation, which has grown more sophisticated with the advent of AI and deepfakes. As these technological advancements make discerning the truth increasingly difficult, it becomes even more crucial for election officials to prepare for the inevitable attempts at spreading falsehoods. Through stress tests that incorporate potential disinformation campaigns, officials can evaluate their preparedness and response strategies. Including public communication plans to counteract misinformation. By considering the psychological and social aspects of election interference, they aim to bolster defenses and ensure voters receive accurate information.Election Security Concerns: "Other instances are going to happen where criminals are gonna be impersonating legitimate sources to try to suppress voters in that case, or steal credentials, spread malware." — Hillary CooverImportance of Proactive Approaches to Election SafeguardingThe exchange between Tracy and Hillary reveals a clear consensus on the necessity of proactive strategies for protecting elections. Proactively identifying potential threats and securing electoral systems against known and hypothetical cyber attacks are central to defending democratic processes. By focusing on anticipation and mitigation, rather than simply responding to incidents after the fact, authorities can improve election security and reinforce public trust. This proactive stance is also crucial in dealing with the spread of disinformation, which may be specifically tailored to exploit localized vulnerabilities in the electoral infrastructure.Reflecting on the Challenges of Election Security in the Digital EraThis episode serves as a thorough examination of the challenges posed by digital communication in modern democracies. They delve into the dangers of misinformation and the manipulation of public opinion, highlighting how biases in AI can affect the information that individuals receive. They underscore the importance of stress-testing election systems against digital threats and recognize the complexities inherent to securing contemporary elections. The episode ultimately helps listeners to better grasp the ever-evolving landscape of election security and the continued need for informed, strategic action to safeguard democratic processes.About Our GuestHillary Coover is one of the hosts of It’s 5:05! Podcast, covering news from Washington, D.C. Hillary is a national security technology expert and accomplished sales leader currently leading product strategy at G2 Ops, Inc.Episode LinksBilly Joel - Turn the Lights Back On Deepfakes and AI: How a 200 Million Scam Highlights the Importance of Cybersecurity VigilanceThe Ministry for the Future: A NovelIt’s 5:05! Podcast

  46. 80

    Episode 83: Advancing USPTO's Mission: Insights from Deputy CIO Deborah Stephens

    Deborah Stephens, the Deputy Chief Information Officer for the United States Patent and Trademark Office (USPTO), “grew up” so to speak in the USPTO. Deborah led the USPTO on its agile journey. As the agency took on its “New Ways of Working, '' by moving people and resources closer to the work, she helped empower employees to build and deploy software. Deborah shares how she guided the agency through this 4-year change journey, gaining buy-in from the organization, which was proved by an engagement rate increase from 75% to 85%. Deborah also talks about what it means to be a HISP, running USPTO as a business that is entirely self-sustaining, and, in honor of Women’s History Month, the women who have inspired her along the way.Key Topics05:54 Some embraced digital change, others struggled with it08:53 Most employees were ready for telework10:59 USPTO shifts to agile approach for IT16:41 Gathering feedback led to 10% engagement increase23:50 Customers submit 600,000+ patent and trademark applications yearly26:51 Agency conducts outreach through webinars and trademarks31:06 Customer experience and UX processes are fundamental33:45 USPTO offers different fee structures for entities35:30 USPTO runs efficiently with prioritization and budgeting39:43 Acknowledging strong women, personally and professionally43:21 Seek guidance and practice for successGrowth in Patent and Trademark RequestsSurge in Applications at USPTODeborah Stephens highlights a significant increase in the number of patent and trademark applications received by the USPTO over the years. This growth, from approximately 350,000 to 400,000 applications in 2012, with numbers continuing to rise, underscores the vibrant culture of innovation and creativity in the United States. The upward trend of applications is a positive sign of the country's ongoing commitment to innovation. However, it also presents logistical challenges for the USPTO. Including the need to process a higher volume of applications efficiently while ensuring the quality of examination does not diminish.Transition to New Ways of Working in U.S. Patent and Trademark Office: "And so in around late 2018, 19, we began our, what we referred to as our agile journey. We named it our New Ways of Working, which essentially is an entire USPTO effort. Including our business unit with 12 other business units, moving people and the resources closer to the work. Giving them that empowerment, to build, deliver, deploy software, product services for our business stakeholders, and that's both internally and externally." — Deborah StephensUSPTO is Adapting to Increased DemandIn response to the growing demand for intellectual property protection, the USPTO has been proactive in seeking ways to maintain and improve service delivery. Deborah discusses the agency's approach to managing the influx of applications, focusing on scalability and efficiency. Despite the challenges posed by the increase in applications, the USPTO's designation as a High Impact Service Provider (HISP) has had minimal impact on its existing customer experience strategy. The agency's foundational commitment to delivering exceptional service to inventors and entrepreneurs remains steadfast. With an emphasis on continuous improvement and the adoption of new strategies to better meet the needs of the U.S. innovation community.USPTO's Fee-Funded Model and Fiscal StrategyUSPTO’s Fee-Funded OperationsDeborah highlights the United States Patent and Trademark Office's (USPTO) operational model, which is uniquely self-sufficient. Relying entirely on fees collected from patent and trademark applications. This model ensures that the USPTO does not use taxpayer dollars, setting it apart from many other government agencies. By directly linking the agency's funding to the services it provides, the USPTO aligns its goals closely with the needs and successes of its primary users: inventors and businesses seeking intellectual property protection. This connection incentivizes the agency to continuously improve its processes and customer service. Additionally, Deborah mentions a tiered fee system that offers different rates for entities of various sizes. From individual inventors to large corporations. This structure is designed to lower barriers for smaller entities and encourage a wider range of innovation.USPTO’s Budgetary Discipline and ManagementFacing economic pressures such as inflation, the USPTO's approach to budget management becomes even more pivotal. Deborah discusses the importance of prioritization and strategic decision-making in maintaining the agency's financial health. Despite rising costs, the USPTO strives to keep its budget stable and even reduce it when possible, demonstrating a high level of fiscal responsibility. This is achieved through careful analysis of projects and initiatives, focusing resources on areas that promise the highest impact. The USPTO's disciplined budgetary approach not only ensures its operations are sustainable but also serves as a potential model for other federal agencies. By showcasing how to effectively manage finances in a challenging economic environment, the USPTO underlines the value of strategic planning and prioritization in government fiscal strategy.Telework Readiness and Agile Transformation at USPTOUSPTO’s Transition to Telework Prior to COVID-19Deborah highlights the USPTO's preparedness for telework well before the COVID-19 pandemic. With a significant portion of the workforce already equipped and familiar with remote working protocols, the USPTO had laid a robust foundation for telework readiness. This foresight into establishing a telework culture not only ensured the continuity of operations during unprecedented times. It also underscored the agency's commitment to leveraging modern work practices. The transition to a fully remote working environment, necessitated by the pandemic, was thus more seamless for the USPTO than for many other organizations. Demonstrating a proactive approach to business continuity planning.Introducing Change in Remote Work Environments: "There were every 2 weeks of what we refer to as, lunch and learns. And in the beginning, I was the prime speaker, saying, here's our New Ways of Working. Here's the structure. Here's how we're gonna move our processes, our procedures, and people would join in. And it was all remote. I'd have a big TV like producer kind of studio, and I'd be in front of the blue screen and talking to them about this change at least every 2 weeks, if not, sometimes more." — Deborah StephensAgile Transformation and Cultural Shift at USPTOThe shift from traditional waterfall methods to agile methodologies marked a significant transformation within the USPTO. Deborah emphasizes that this transition was not merely about changing project management techniques. It involved a deeper cultural shift within the organization. Achieving buy-in from both individuals and teams was crucial to fostering an environment that embraced agility, empowered employees and encouraged rapid deployment of products. Key to this cultural transformation were regular remote meetings and employee engagement surveys. This played a significant role in understanding and enhancing employee satisfaction. The notable increase in engagement levels from 75% to 85% during this period of change illustrates the effectiveness of the USPTO's approach in not only implementing agile methodologies but also in cultivating a culture that is receptive and adaptive to change.Tech Landscape and Patent Filing Insights at USPTOUSPTO’s "Fail Fast, Fail Forward" ApproachDeborah shares the USPTO's dynamic approach to technological innovation, encapsulated in the mantra "fail fast, fail forward." This methodology allows the USPTO to quickly test new ideas and technologies, while learning from any setbacks, and refining their strategies efficiently. By fostering an environment where experimentation is encouraged and failure is seen as a stepping stone to success, the agency ensures that it remains at the forefront of technological advancements. This approach is crucial in a rapidly changing tech landscape, as it enables the USPTO to adapt and innovate continuously. Deborah highlights how this philosophy has led to a more agile and responsive IT infrastructure within the agency. One capable of meeting the demands of modern patent and trademark processing.The Value of Mentorship: "I think you need to establish your go-to network of mentors, and don't be afraid to become a mentor." — Deborah StephensEmphasizing Customer Feedback in Patent and Trademark SubmissionsCarolyn brings attention to the importance of customer feedback in the process of patent and trademark submissions at the USPTO. Deborah explains how the agency values the insights gained from customer experiences and actively seeks out feedback to improve services. Through a variety of channels such as webinars, outreach programs and direct communication through customer service teams, the USPTO gathers valuable input from those who navigate the patent and trademark submission processes. This dedication to understanding and addressing the needs and challenges of its customers has led to significant enhancements in the USPTO's support structures. Deborah further discusses educational efforts aimed at demystifying the complexities of the patent filing process. Thereby making it more accessible and navigable for inventors and businesses alike.Digital Transformation at USPTOUSPTO’s Move from Paper-Based to Digital SystemsDeborah played a significant role in transitioning the agency from a paper-based application system to a fully digitized process. This monumental task involved not just the scanning of existing paper documents, but also includes integrating OCR technology to make historical patents searchable and accessible in digital form. Despite the sheer scale and potential logistical challenges of digitizing vast amounts of data, the initiative marked a pivotal moment in the agency's history. This transformation was not without its hurdles. Initial resistance to change was a significant barrier that needed careful navigation. However, through strategic planning and a commitment to modernization, the USPTO successfully overcame these challenges. Leading to a more efficient, accessible and streamlined patent application process.Efficient Budget Management at the USPTO: "Being able to maintain our budget or even maybe decrease the overall budget by 1%, but yet inflation going up 8, 9%, we've been able to do that. And it's about prioritization, and that's part of our New Ways of Working." — Deborah Stephens About Our GuestDeborah Stephens is the Deputy Chief Information Officer (DCIO) for the United States Patent and Trademark Office (USPTO). She has served at the USPTO for more than 30 years in multiple leadership roles, during which she has worked to improve the automated tools and informational resources that facilitate electronic processing of patent applications. In her current role, Deborah is the principal advisor to the Chief Information Officer (CIO) and responsible for managing day-to-day operations of the Office of the Chief Information Officer (OCIO) with significant oversight on information technology (IT) stabilization and modernization efforts. She guides teams towards continual improvements in IT delivery for maximum value to all stakeholders.Episode LinksHigh Impact Service Providers (HISPs)USPTO Fee ScheduleWomen’s History Month Blog

  47. 79

    Episode 82: Beyond Compliance: Elevating Cybersecurity Practices with Travis Rosiek

    As technology rapidly evolves we as a nation need to anticipate the attacks that may come about as a result of that innovation. Travis Rosiek, the Public Sector CTO at Rubrik and former Leader at the Defense Information Systems Agency (DISA), joins Tech Transforms to talk about how the government’s approach to technology and relationship with industry has evolved over the last twenty years. He also discusses compliance, including FedRAMP compliance, managing the vast amount of data that is generated daily across the government and industry, and the importance of the U.S. Government building cyber resilient systems. Catch all this and more on this episode of Tech Transforms.Key Topics00:00 Government fielded and tested tech capabilities, explained compliance.05:23 Enhanced security collaboration, compliance, and risk minimization.09:14 Experience in government and commercial capabilities. Innovation.10:12 Commercial companies prioritize profitability over long-term planning.14:38 Challenges in public sector recruiting and retention.18:49 Outsourcing SaaS applications frees up resources. AI evolving, human input remains essential.22:33 Assessing incident response: Operational evaluation, not just compliance.25:57 Vendors and program office face process challenges.29:46 Secure cloud data access: visibility, risks, controls.32:27 Emphasizing need for security in IT systems.36:44 CISOs face challenges in evolving tech landscape.38:11 Support CISOs, recruit and retain talent, accountability.Evolving Cybersecurity Practices: A Shift to 'Cloud Smart' StrategiesTravis's Perspective on Cloud MisconceptionsTravis discusses the early days of cloud adoption, which were often fueled by misconceptions about its benefits. The migration toward cloud computing was commonly believed to be a cost-effective solution that would reduce expenses and simultaneously enhance security. However, he points out that this was not always the case. Many organizations have since realized that the initial cost of moving to the cloud can vary greatly based on specific use cases and applications. This realization has led to a strategic shift toward what Travis refers to as a "cloud smart" approach. Highlighting the need for a more discerning and tailored evaluation of how cloud resources are utilized.The Role of Commercial Companies vs. Government in Problem-Solving: "Industry is great about solving problems. You know, driving that capitalism type of culture, building capabilities, selling solutions. And they're quicker to implement, adapt and deploy capabilities where the government is very slow in implementation of these you know, they can figure out the problem." — Travis RosiekThe 'Cloud Smart' Strategic ApproachTaking a "cloud smart" approach indicates a maturation in the perception of cloud services by government agencies and businesses alike. Rather than a blanket strategy of cloud-first, Travis indicates that there is now a more nuanced consideration of when and how to use cloud services. He underscores the importance of aligning cloud adoption with an organization's unique needs. Including the potential scalability, security and cost implications. This approach suggests a collaborative and informed decision-making process. Recognizing that the cloud offers a variety of solutions, each with different features, advantages and trade-offs that must be carefully weighed against organizational goals and objectives.Navigating Cybersecurity Practices in Cloud MigrationThe Balance of Technical and Non-Technical Implications in Cloud MigrationTravis discusses the intricacies involved in organizational cloud migrations. Emphasizing that these undertakings are not solely about technological transitions but also encompass a variety of non-technical considerations. The shift to cloud-based services goes beyond mere data storage and infrastructure changes. It affects strategic business decisions, financial planning and operational workflows. Necessitating a comprehensive evaluation of both the potential benefits and the challenges. Organizations must be acutely aware of the detailed shared responsibility models that cloud service providers outline, which delineate the security obligations of the provider versus the customer. Understanding these responsibilities helps in effectively managing the risks associated with cloud computing.The Importance of Human Oversight in AI: "But you still can't take the human out of the loop." — Travis RosiekThe Demand for Advanced Cybersecurity Practices in Multi-Cloud EnvironmentsTravis highlights a significant challenge in the cybersecurity landscape, which is the scarcity of skilled professionals equipped to manage and protect complex multi-cloud and hybrid environments. As organizations increasingly adopt a mix of cloud services and on-premises solutions, the demand for cybersecurity practitioners with the necessary expertise to navigate this complexity grows. However, attracting and retaining such talent is difficult due to competitive job markets and the limitations of government pay scales. This is compounded by the extensive skill set required for modern cloud environments, including not only security but also knowledge of cloud architecture, compliance and various cloud-specific technologies. Travis underscores the need for specialized personnel capable of addressing the advanced cybersecurity concerns that arise from this intricate, dynamic infrastructure.The Evolution of FedRAMP ComplianceFedRAMP Compliance: A Shared BurdenTravis sheds light on the evolution of the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security assessment, authorization and continuous monitoring. While it is often perceived as a costly and time-consuming barrier for vendors seeking to serve government clients, Travis emphasizes that the journey to FedRAMP authorization is not the sole responsibility of vendors. Government sponsors engaged in this process also bear a significant load. This dual burden requires commitment and collaboration from both parties to navigate the complexities involved in achieving FedRAMP compliance.Strategic Cybersecurity Practices to Navigate FedRAMP Compliance ChallengesTravis goes into further detail regarding the collaborative challenges of attaining FedRAMP compliance. On the government side, a sponsor’s role in shepherding vendors through the process can be incredibly taxing due to staffing and resource constraints. Furthermore, the procedural nature of the FedRAMP framework can prove to be a linear and lengthy ordeal for all involved. Travis suggests that greater investment to ease the procedural efforts for government stakeholders could potentially improve the efficiency of the overall process, helping it to mature and ultimately relieving some of the burden for both vendors and government sponsors.Addressing Data Volume and Security Risks in Modern Cybersecurity PracticesData Categorization and ClassificationCarolyn highlights the daunting challenge of classifying the vast amounts of data that individuals and organizations are responsible for. Travis acknowledges this burden, especially given the exponential growth of data in today's digital landscape. He underscores that as data multiplies rapidly and spreads across various platforms – from cloud services to mobile devices – accurately categorizing and classifying it becomes more critical yet more difficult. Ensuring the security and proper handling of this data is paramount as mismanagement can lead to significant security breaches and compliance issues.Cybersecurity in the Era of Cloud and Mobile Computing: "If you can't answer some of those basic questions on visibility, you're gonna struggle protecting it." — Travis RosiekAdapting Cybersecurity Practices to Combat Data Volume SurgeTravis points to a report produced by Rubrik Zero Labs that sheds light on the continuous surge in data volume within organizations, often experiencing growth by significant percentages over short periods. This expansion amplifies the challenge of safeguarding critical information. Moreover, the need to provide accurate access control increases in complexity when data resides in a hybrid environment. This includes multiple clouds, on-premise servers, and SaaS applications. The continuous monitoring and protection of data across these diverse and dynamic environments present an ongoing challenge for data security professionals.Complexities in Data Access ControlsCarolyn and Travis discuss the need for visibility in distributed data environments, as knowing what data exists, where it is stored and who has access to it is fundamental to securing it. Travis advocates for the NIST Special Publication 800-160 as an additional resource that can guide organizations toward building cyber resilient systems. Its principles of anticipating, withstanding, recovering and adapting offer a strategic approach to not just responding to cyber threats. It also prepares for and prevents potential data breaches in complex IT and data environments.Strategic Alignment of Cybersecurity Practices with Governmental Objectives and Zero Trust PrinciplesAligning Cybersecurity Practices with Governmental ObjectivesWhen considering the acquisition of technology within government entities, Travis highlights the importance of aligning with governmental objectives. Especially when it pertains to national defense, scalability becomes a paramount factor, as the technology adopted must cater to expansive operations and adhere to rigorous standards of security and efficiency. In the military and defense sectors, technologies must not only serve unique and highly specialized purposes but also be viable on a large scale. Travis notes that achieving this balance often requires a nuanced approach that can accommodate the specific needs of government operations, while also being mindful of the rapidly evolving landscape of technology.Cybersecurity and Organizational Resilience: "Having a false sense of security, you know, in anything we build, overly trusting things or having a false sense of security, is probably our Achilles' heel." — Travis RosiekEmphasizing Security Principles and Zero TrustTravis underscores the central role of security principles in the process of technology acquisition and he places particular emphasis on the concept of Zero Trust. An approach to cybersecurity that operates on the assumption that breaches are inevitable and thus requires constant verification of all users within an organization's network. Travis argues that adopting a zero trust framework is crucial for government agencies to protect against a vast array of cyber threats. By following this principle, organizations can ensure that their acquisition of technology not only meets current operational demands but is also prepared to withstand the sophisticated and ever-changing tactics of adversaries in cyberspace.The ABCs of Technology ImplementationThe Adoption, Buying and Creating StrategyTravis reflects on a strategic approach he learned during his tenure at DISA, known as the ABCs. A methodology imparted by then DISA director General Charlie Croom. This strategy prioritizes the use of existing commercial technologies, emphasizing 'adoption' as the primary step. By leveraging commercially available tech, organizations can tap into advanced capabilities and integrate them into their operations swiftly. The 'buy' component encourages the procurement of already fielded technologies or platforms. This may not be commercially created but has been proven in practical governmental applications. Lastly, 'create' is seen as a last resort. Reserved for instances where the needs are so specialized or critical that a bespoke solution is warranted. Often due to unique use cases or strict national security concerns.Strategic Balancing of Commercial Speed and Government Foresight in Cybersecurity PracticesIn discussing the rationale behind the ABCs framework, Travis reveals the nuanced balance required in government tech implementations. While commercial entities' speed to deploy novel solutions can address particular gaps, government institutions often play a crucial role in identifying and tackling long-term, complex challenges. Especially in defense, the need to build solutions from the ground up may arise when existing products fail to meet the stringent requirements of security-sensitive operations. Conversely, commercial technology's versatility is a critical asset. This marked a shift from the government's historical tendency to primarily develop its own technology solutions. Travis urges organizations to use this strategic framework to make informed, prudent decisions that consider both immediate needs and long-term strategic objectives.About Our GuestTravis Rosiek is a highly accomplished cyber security executive with more than 20 years in the industry. He has built and grown cybersecurity companies and led large cybersecurity programs within the U.S. Department of Defense (DoD). His experience spans driving innovation as a cybersecurity leader for global organizations and CISOs, to corporate executive building products and services. His impact has helped lead to successful IPOs (FireEye) and acquisitions (BluVector by Comcast). As a Cyber Leader in the U.S. DoD, he has been awarded the Annual Individual Award for Defending the DoD’s Networks. Travis currently serves as the Public Sector CTO at Rubrik helping organizations become more cyber and data resilient. Prior to Rubrik, Travis held several leadership roles including the Chief Technology and Strategy Officer at BluVector, CTO at Tychon, Federal CTO at FireEye, a Principal at Intel Security/McAfee and Leader at the Defense Information Systems Agency (DISA). He earned a Certificate from GWU in Executive Leadership and graduated from West Virginia University with Honors while earning multiple Engineering degrees. He also was one of the first of ten students from across the nation to be awarded a scholarship from the DoD/NSA’s in cybersecurity. His pioneering mindset has helped him better secure our nation and commercial critical infrastructure. Additionally, Travis is an invited speaker, author (blogs, journals, books) and has also served on the NSTAC, ICIT Fellow and multiple advisory boards.Episode LinksRubrik Zero Labs NIST 800-53NIST 800-160

  48. 78

    Episode 81: From Special Ops to Cybersecurity: A Veteran's Journey in National Security

    Sebastian Taphanel has spent his life on the cutting edge of technology and innovation. This week on Tech Transforms, Sebastian is sharing tales and lessons learned from his 20 years in DoD Special Ops and intelligence and 20 years implementing sound security engineering practices focused on implementing zero trust and highly resilient environments. Join Sebastian as he recounts his time in Special Forces taking his units out of the dark ages from secure fax communications to setting up an intranet, and how he continued with that innovative spirit through his 40-year career. He also shares his new passion, encouraging the industry to utilize disabled veterans to help fill both the cybersecurity and AI workforce gaps. They, after all, already have a call for the mission.Key Topics03:38 ODNI CIO responded quickly with Microsoft Azure.07:03 Protecting data via application container, expanding capabilities.11:01 Zero Trust redrawn cybersecurity model, data-centric approach.13:57 Developing zero trust plan for downstream organizations.18:50 Ensuring security while sharing information and protecting IP.21:35 APIs, containers enable fluid, flexible data access.24:20 Data protection systems allow secure sharing and storage.27:02 Addressing cybersecurity workforce gap and AI need.29:39 In 1998, new commander requests secure WAN.33:49 Applied for certified protection professional, highest security certification.36:28 Passionate about supporting disabled vets in cybersecurity.39:55 Mentoring government employees for cybersecurity and AI/ML.45:32 Using advanced generative AI solutions for copywriting.47:19 Update cybersecurity tools and systems for new threats.49:50 Respect for those dedicated to automation.Enhancing Secure Communication and Cloud Environments in Special OpsSpecial Ops Agility: Adapting to Remote Collaboration with Secure Cloud-Based WorkspacesSebastian Taphanel’s experience spans twenty years in DOD Special Ops and Intelligence, followed by consulting in security engineering. The focal point of this episode is his role in advancing cybersecurity practices at the ODNI. Particularly emphasizing resilient cloud-based environments.Sebastian describes the quick adaptation during the pandemic which led to the rollout of an ad hoc cloud-based workspace to ensure the ODNI's mission could endure despite the workforce being remote. GCC High, or Government Commercial Cloud High as conceived by Microsoft, is revealed as the successor to the initial setup. Providing a more secure platform managed strictly by U.S. persons. The approach highlighted the agility of cloud technology for remote collaboration within federal agencies.Cybersecurity in Intelligence Sharing: "Essentially, reciprocity is a process and also a culture of accepting each other's risks. And that's really the bottom line on all that." — Sebastian TaphanelUnfolding the GCC High EnvironmentThe intricacies of implementing Microsoft Azure and M365 (Office 365) are detailed as Sebastian underlines their pivotal use in creating an intranet with controlled document sharing and editing. These implementations include robust Mobile Device Management. Then a BYOD Mobile Application Management system that protects sensitive data in government and personal devices. Thereby, ensuring operational security and flexibility.Special Ops Communication EvolutionSebastian advanced from using secure faxes for interstate communication within military units to establishing a multi-state secure WAN. This resulted in a significant leap in communication efficacy for special operations. Sebastian shared the potency of secure, cloud-based tools in streamlining and securing government communications. As well as their inherent adaptability to contemporary operational needs.Zero Trust Implementation and Reciprocity in Security Controls: "Reciprocity, in some circles, it's a dirty word. Because everybody wants to do it, but nobody really wants to be first." — Sebastian TaphanelThe Shift to Cybersecurity Training and AI Special Ops to Cyber Ops: Training Disabled Veterans to Bridge the Cybersecurity Workforce GapSebastian recognizes the increasing importance of cybersecurity expertise in today's digital landscape. He points out the significant gap in the cybersecurity workforce and the untapped potential of disabled veterans who can be trained to meet this demand. This shift towards prioritizing cybersecurity skills reflects the industry's evolution as organizations increasingly rely on digital infrastructure. Thus, creating a fertile ground for cyber threats. By focusing on equipping disabled veterans, who already possess a strong sense of duty and protection, with the necessary technical skills to combat these threats, Sebastian believes that we can build a robust cybersecurity force that benefits not just the veterans but the nation's overall security posture as well.Training Disabled Veterans for Cybersecurity and AIBuilding upon his own transition from a military career to cybersecurity, Sebastian is passionate about creating opportunities for disabled veterans in the field. His experience has shown him that these individuals, with their ingrained ethos of national service, can continue their mission through careers in cybersecurity and artificial intelligence. Sebastian advocates for collaborations with major tech companies and training providers to establish programs specifically tailored for veterans. These developmental opportunities can help translate military competencies into civilian technology roles. As AI continues to influence various industry sectors, including cybersecurity, the need for skilled professionals who can leverage AI effectively is critical. By providing appropriate training and mentorship, Sebastian sees disabled veterans playing an integral role in shaping the future of cybersecurity and AI.Special Ops Veteran Illuminates Zero Trust as a Data-Centric Security Model and the Strategic Role of AI in CybersecurityZero Trust as a Data-Centric Security ModelIn the evolving landscape of cybersecurity, Sebastian brings to light the concept of zero trust. A framework pivoting away from traditional perimeter security to a data-centric model. He highlights zero trust as a foundational approach, which is shaping the way organizations safeguard their data by assuming no implicit trust, and by verifying every access request as if it originates from an untrusted network. Unlike the historical castle-and-moat defense strategy which relied heavily on securing the perimeters of a network, this paradigm shift focuses on securing the data itself, regardless of its location. Zero trust operates on the fundamental belief that trust is a vulnerability. Thereby, anchoring on the principle that both internal and external threats exist on the network at all times. It necessitates continuous validation of the security posture and privileges for each user and device attempting to access resources on a network.Zero Trust as a Data-Centric Security Model: “Zero trust now has essentially redrawn the lines for cybersecurity professionals and IT professionals. And I will say it’s an absolutely data-centric model. Whereas in previous decades, we looked at network centric security models.” — Sebastian TaphanelImplementing Zero Trust in Special OpsZero trust extends beyond theoretical formulations, requiring hands-on execution and strategic coherence. As Sebastian explains, the principle of reciprocity plays a vital role in the context of security authorizations among different agencies. It suggests that the security controls and standards established by one agency should be acknowledged and accepted by another. Thus, avoiding redundant security assessments and facilitating smoother inter-agency cooperation. However, applying such principles in practice has been sporadic across organizations, often hindered by a reluctance to accept shared risks. Driving home the notion that strategic plans must be actionable, Sebastian underscores the critical need to dovetail high-level strategies with ground-level tactical measures. Ensuring these security frameworks are not merely aspirational documents but translate into concrete protective actions.Special Ops in Cybersecurity: Harnessing AI and ML for Enhanced Defense CapabilitiesAmidst rapid technological advances, artificial intelligence (AI) and machine learning (ML) are being called upon to bolster cybersecurity operations. Sebastian champions the idea that AI and ML technologies are indispensable tools for cyber professionals who are inundated with massive volumes of data. By synthesizing information and automating responses to security incidents, these technologies augment the human workforce and fill critical gaps in capabilities. The agility of these tools enables a swift and accurate response to emerging threats and anomalies. Allowing organizations to pivot and adapt to the dynamic cyber landscape. For cybersecurity operators, the incorporation of AI and ML translates to strengthened defenses, enriched sense-making capabilities, and enhanced decision making processes. In a field marked by a scarcity of skilled professionals and a deluge of sophisticated cyber threats, the deployment of intelligent systems is no longer a luxury, it is imperative for the preservation of cybersecurity infrastructures.Looking Ahead: Collaboration, Reciprocity and AI/ML WorkforceAI/ML as a Cybersecurity Force MultiplierSebastian highlights the untapped potential of artificial intelligence and machine learning (AI/ML) as critical tools that can amplify the capabilities within the cybersecurity realm. As Sebastian provides his insights on the importance of AI/ML, it becomes clear that these technologies will serve as force multipliers, aiding overwhelmed cybersecurity professionals dealing with vast arrays of data. The envisaged role of AI/ML is to streamline sense making processes and facilitate prompt, accurate cyber response actions to threats and vulnerabilities. Sebastian portrays a future where strategic use of AI/ML enables swift and informed decision-making, freeing cybersecurity operatives to focus on critical tasks that require their expertise.AI/ML as a Cybersecurity Force Multiplier: “I believe what’s going to be needed is the understanding, a training and culture that accepts AI/ML as an enabler.” — Sebastian TaphanelEmpowering Special Ops Veterans for the Future Cybersecurity and AI/ML WorkforceSebastian asserts the urgency to prepare and equip individuals for the cybersecurity and AI/ML workforce. He envisions an actionable plan to invigorate the employment landscape, creating a resilient front in the fight against cyber threats. Sebastian calls for a strategic focus on training and knowledge dissemination, particularly for disabled veterans, to incorporate them into positions where they can continue serving the nation's interests in the digital domain. Recognizing the fast evolving nature of these fields, he stresses the need for a workforce that not only understands current technologies but can also adapt to emerging trends. Ensuring that collective efforts in data protection and cybersecurity are robust and responsive to an ever-changing threat landscape.About Our GuestSebastian Taphanel blends a more than 20-year DoD Special Ops and intelligence career with more than 20 years of sound security engineering practices focused on implementing Zero Trust and highly resilient environments through the use of innovative technologies and common sense business practices.

  49. 77

    Episode 80: Harnessing AI for Cyber Innovation: Insights from Dr. Amy Hamilton at National Defense University

    The real question is, what doesn’t Dr. Amy Hamilton do? She’s currently the visiting Faculty Chair for the Department of Energy (DOE) at National Defense University and the DOE Senior Advisor for National Cybersecurity Policy and Programs, and has had previous stops in the U.S. Army Reserves, NORAD and U.S. European Command, just to name a few. At National Defense University, Amy draws on all of this expertise to educate the workforce on AI and finding the right balance between automation and workforce training. Amy also explores how she teaches her students that cybersecurity has to be more than a 9-5 job, the balance of security vs. convenience, and how it will take the entire country getting on board to make the implementation of cybersecurity best practices truly possible. In this episode, we also dive into the realm of operational technology and the need to look to zero trust as we allow more smart devices into our lives and government ecosystems.Key Topics00:00 Importance of training, education and AI integration.06:52 Cybersecurity, AI and building codes challenges.09:47 Nuclear facilities need caution, open labs innovative.11:58 Helping students understand federal government and cybertech.15:37 Cyber college compared to traditional university programs.17:18 National Defense University offers master's degree programs.22:06 Addressing the urgent need to combat intellectual property theft.24:32 Passionate plea for cybersecurity vigilance and dedication.26:40 Using automation to streamline cybersecurity operations and training.32:06 Policy person struggles to tie guidance together.33:02 Collaboration is needed for addressing industry issues.38:25 Rethink security for devices in smart tech.41:16 Choosing sustainability as a guiding principle.43:22 Overcome writing and presenting challenges for success.Leveraging AI and Automation for Cyber InnovationEmphasizing Efficiency in the Generation of AbstractsDr. Amy Hamilton underlines the capabilities of artificial intelligence to streamline time-consuming processes, specifically the creation of abstracts. This innovation allows for a transition from mundane, repetitive tasks to pursuits that require a deeper cognitive investment. Therefore, elevating the nature of the workforce's endeavors. Dr. Hamilton's discussion focuses on the practical applications of this technology, and she cites an instance from the National Defense University's annual Cyber Beacon Conference. Here, participants were challenged to distinguish between AI-generated and human-generated abstracts, often finding it challenging to tell them apart. This exercise not only highlighted AI's proficiency but also introduced the workforce to the safe and practical application of this emergent technology.How do we use AI in a way that goes from low-value to high-value work? If I'm not doing abstract, what other things could I be doing and spending my brain calories towards? - Dr. Amy HamiltonPreparing the Workforce for Cyber InnovationDr. Hamilton stresses the necessity for workforce education in the context of AI and automation. Aiming for a future where employees are neither intimidated by nor unfamiliar with the advancing technological landscape. She illustrates the Department of Energy's proactive role in integrating AI into its training programs. Thus, ensuring that employees are well-acquainted with both the operational and potential ethical dimensions of AI deployment. Acknowledging the diverse range of operations within the DOE, including nuclear and environmental management, Dr. Hamilton notes that the appropriateness of AI application varies by context. Signifying the department's nuanced approach to the introduction of these technologies. Through education and exposure to use cases within a controlled environment, Dr. Hamilton envisions a workforce that is not only comfortable with AI but can also leverage it to enhance productivity and safety in their respective fields.Cyber Innovation and Collaboration in Government EnvironmentsDr. Hamilton's Role at National Defense UniversityAmy serves as a crucial beacon for educating Department of Defense personnel on comprehensive government functions. With a focus on the distinct agencies and their interaction within the broader governmental ecosystem, she acts as a conduit, clarifying for her students the intricate dance of interagency collaboration. Grants of knowledge on how certain branches, like the Treasury, interact during cyber events. Or the functions of varied components within the agency, serve to demystify the convoluted nature of interdepartmental cooperation. Her teaching elevates students' comprehension of the interconnected roles and responsibilities that propel our government forward.Environment for Cyber InnovationAt National Defense University, there's a particular distinction made between no-tolerance environments. Such as nuclear facilities, where repetitiveness and extreme scrutiny are valued over experimentation and open science labs that thrive on creativity and incessant innovation. Dr. Amy Hamilton underlines this dichotomy. She established the need for both the rigid reliability of technology in some contexts and the unabated exploration for new horizons in others. These contrasting settings ensure the Department of Energy's multifaceted missions are maneuvered through a lens of both caution and curiosity. Across a breadth of projects from the highly sensitive to the openly experimental.Attracting Talent to Federal GovernmentThe College of Information in Cyberspace, where Amy engages with the bright minds of the defense community, presents an academic path tailored for mid to senior career professionals. With a suite of master's degrees and certificate programs, the college not only imparts education but also fosters an ecosystem ripe for nurturing government leaders of the future. Despite the widespread perception of financial hurdles within government roles compared to private sectors, Dr. Hamilton articulates a potent alternative allure. The mission-driven nature of public service. This inherent value proposition attracts those who yearn to contribute to a greater cause beyond monetary gain, ensuring a continual influx of devotion and expertise within federal ranks.So I think there's a huge amount of value of what flexibility of recognizing industry experience in cybersecurity can be very, very useful. But I also think, like, how do we attract people in the federal government when we don't have that kind of financial ability to reward? And I think it's reward by mission. - Dr. Amy HamiltonFostering Diversity and Cyber InnovationCyber Outreach and Advocating DiversityDr. Hamilton touches on the vital role of cyber outreach and advocating for diversity in the field of cybersecurity. She brings up Kennedy Taylor, who is making strides as Miss Maryland by combining her cyber expertise with her platform in beauty pageantry. She engages and educates young people, especially girls, about the significance of cybersecurity. Amy highlights the potential of such outreach efforts to challenge and change the stereotypes associated with cybersecurity professionals. By leveraging the influence of figures like Miss Maryland, there's an opportunity to inspire a diverse new generation of cybersecurity experts who can bring fresh perspectives to tackling the industry's challenges.The Need for Cyber InnovationThroughout the discussion, Dr. Amy Hamilton stresses the increased frequency and severity of cybersecurity threats that have surfaced recently. Acknowledging that the traditional cybersecurity models are faltering under these new strains. She calls for innovative thinking and proactive measures to be adopted. Amy notes that measures used in the past, such as security through obscurity, no longer suffice due to the complex and interconnected nature of modern technology. This new reality requires the cybersecurity sector to evolve and embrace zero-trust principles among other modern strategies to safeguard against the continually evolving threat landscape.How do we correct, just swiftly get around to being able to apply those patches and things that we need to do? And we have to get better out of it because our adversaries are. Our adversaries were taking advantage of this every single day. - Dr. Amy HamiltonAddressing Risk Aversion in CybersecurityIn discussing the inherent risk-aversion in human nature, Dr. Hamilton points out that despite this tendency, convenience often trumps caution, leading to increased vulnerabilities. She suggests that the answer is not to shy away from innovation for fear of risks, but rather utilize it to enhance the safety and functionality of technological systems. Dr. Hamilton also highlights the crucial role that industry partnerships play in this context, suggesting that collaboration between government and private sectors is essential in developing effective and robust cybersecurity defenses. By working together, these entities can find the balance between convenience and security, ensuring a safer digital environment for all users.Challenges in Implementing Cyber InnovationImportance of User Experience in Cyber InnovationDr. Amy Hamilton brings attention to the crucial role that user experience plays when incorporating automation into the workforce. She contrasts the tedious and often frustrating nature of conventional cybersecurity practices, such as manually sifting through logs, with the potential ease automation can provide. Amy uses the example of e-commerce, where users intuitively navigate online shopping without the need for training to illustrate her point that intuitive design is key to user acceptance of automated systems. By adopting user-friendly automation, employees' tasks can be streamlined allowing them to focus on more complex and engaging aspects of their work.And so I think that we need to really realize that user experience is important. - Dr. Amy Hamilton AI and Automation in Everyday LifeReflecting on her experience with AI in website design, Amy describes the simplicity and efficiency brought by AI-assisted tools that automatically generate content based on keywords. Thus eliminating the need for extensive technical knowledge in web development. This underscores the tangible benefits of automation for individuals without a background in coding. Moreover, Amy emphasizes the societal shift toward greater reliance on automated systems by referencing Disney World as a model of successful automation integration. The theme park's seamless integration of automated booking systems, fast passes and reservations highlight how well-designed automation can augment the customer experience and efficiency in large-scale operations.Partnerships in Cyber InnovationThe dialogue shifts toward the collaborative effort required to tackle cybersecurity breaches. Dr. Hamilton mentioned the expansive SolarWinds incident as a key example where AI and automation have a role to play. Amy underscores the significance of industry partnerships and a unified national approach for enhancing cybersecurity. The incident illustrates that automated tools and AI are not only about convenience, they are instrumental in swiftly identifying and rectifying vulnerabilities in complex digital systems. By automating these processes, agencies can respond more effectively to cybersecurity threats, underscoring the need for automation that complements and enhances human efforts in maintaining security.Educational TechnologiesAmy advocates for the use of educational tools like Khan Academy, which can benefit children by offering a controlled environment for learning. She stresses the importance of early cybersecurity awareness, suggesting that exposure to best practices should align with the first use of digital devices. This early introduction to cybersecurity principles, aided by educational technologies, is vital in preparing the next generation to navigate the expanding digital frontier securely. Automation in education, therefore, serves a dual purpose, streamlining the learning process while simultaneously fostering a culture of digital safety awareness from a young age.Executive Orders and Collaboration for Cyber InnovationThe Administration's Challenges in Artificial Intelligence RegulationDr. Amy Hamilton discusses the executive order on artificial intelligence. She acknowledged the inherent challenges of being a government pioneer in regulating groundbreaking technology. She compares the order to earlier attempts at cybersecurity regulation and the long-standing effects those have on policy today. Dr. Hamilton predicts that in hindsight, we may perceive today's orders as early steps in an evolving landscape. Given her past experience at the OMB executive office of the president, she understands the complexity of crafting policy that will need to adapt as technology progresses.Collaborative Efforts for Cybersecurity Workforce DevelopmentDr. Amy Hamilton underlines the need for collaborative synergy between government and industry to foster a robust cybersecurity workforce. With growing intellectual property theft, especially from China, she stresses that safeguarding proprietary information is not just an industry burden but also a national and allied concern. Dr. Hamilton points out that partnerships with non-profit organizations play a vital role in shaping a national response to cybersecurity challenges. Such alliances are vital for maintaining cybersecurity and counteracting espionage activities that impact not only the US but also its international partners.Public Awareness and Cybersecurity BreachesCarolyn and Dr. Amy Hamilton echo a mutual frustration over the general public's lack of awareness regarding cybersecurity threats. They underscore the gravity of cybersecurity breaches and the espionage activities that target nations' security and economic well-being. Dr. Hamilton uses historical incidents to illustrate the ongoing battle against cyber threats and the need for heightened public consciousness. The discussion implies that bolstering public awareness and concern is pivotal in the collective effort to enhance national cybersecurity.About Our GuestAmy S. Hamilton, Ph.D. is the Department of Energy Senior Advisor for National Cybersecurity Policy and Programs. Additionally, she is the Visiting Faculty Chair for the Department of Energy at National Defense University. She served two years as a senior cyber security policy analyst at the Office of Management and Budget, Executive Office of the President. She served in the Michigan Army National Guard as a communications specialist and was commissioned into the U.S. Army Officer Signal Corp, serving on Active Duty and later the U.S. Army Reserves. She has worked at both the U.S. European Command and the U.S. Northern Command & North American Aerospace Defense Command (NORAD) on multiple communications and IT projects. She became a certified Project Management Professional through the Project Management Institute in 2007 and earned her Certified Information Security Manager certification in 2011. And she presented “The Secret to Life from a PMP” at TEDxStuttgart in September 2016. She taught Project Management Tools at Colorado Technical University and was a facilitator for the Master’s Degree Program in Project Management for Boston University. She is an award-winning public speaker and has presented in over twenty countries on overcoming adversity, reaching your dreams, cybersecurity, and project management. Dr. Hamilton holds a Bachelor of Science (BS) in Geography from Eastern Michigan University, a Master of Science (MS) in Urban Studies from Georgia State University, Master in Computer Science (MSc) from the University of Liverpool, Master Certificate in Project Management (PM) and Chief Information Officer (CIO) from the National Defense University, and completed the U.S. Air University, Air War College. She completed her Doctor of Philosophy (PhD) at Regent University in its Organizational Leadership Program with a dissertation on “Unexpected Virtual Leadership: The Lived Experience of U.S. Government IT and Cybersecurity Leaders transitioning from physical to virtual space for COVID-19.” Amy’s motto is: “A woman who is passionate about project management, public speaking, and shoes.”Episode LinksWhite House Executive Order on AIThe Cuckoo’s EggM-23-22 Executive Order

  50. 76

    Episode 79: Earned Trust: Reimagining Data Security in the Zero Trust Era with JR Williamson

    Have you heard? Data is the new oil. JR Williamson, Senior Vice President and Chief Information Security Officer at Leidos, is here to explain where data’s value comes from, the data lifecycle and why it is essential for organizations to understand both of those things in order to protect this valuable resource. Join us as JR breaks it all down and also explores the concept he dubbed “risktasity,” which he uses to describe the elasticity of rigor based on risk. As he says, “when risk is high, rigor should be high, but when risk is low, rigor should be low.”Key Topics00:00 Migration to the cloud has increased vulnerability.04:50 People want decentralized work, including mobile access.08:14 Shift from application to democratizing access to data.10:53 Identify, protect, and manage sensitive corporate information.13:49 Data life cycle: creation, management, access, evolution.20:10 Computers augmenting humans, making good decisions, insights.23:19 The importance of data in gaining advantage.27:04 Adapting to AI to anticipate and prevent breaches.28:51 Adoption of large language models in technology.33:03 Identity and access management extends beyond authentication.36:33 Leveraging strengths, improving weaknesses in tennis strategy.Tracing the Cybersecurity Evolution and Data's AscendancyEvolution of CybersecurityJR provided a snapshot into the past, comparing cybersecurity practices from the 1990s to what we see today. With 37 years of experience, he recalled a time when IT systems were centralized and the attack surfaces were significantly smaller. Contrasting this with the present scenario, he spoke about the current state where the migration to cloud services has expanded the attack surface. JR noted an increase in the complexity of cyber threats due to the widespread distribution of networks. Plus, the need for anytime-anywhere access to data. He stressed the transition from a focus on network security to a data-centric approach, where protecting data wherever it resides has become a paramount concern.Data Life Cycle: "So part of understanding, the data itself is the data's life cycle. How does it get created? And how does it get managed? How does it evolve? What is its life cycle cradle to grave? Who needs access to it? And when they need access to it, where do they need access to it? It's part of its evolution. Does it get transformed? And sometimes back to the risktasity model, the data may enter the content life cycle here at some level. But then over its evolution may raise, up higher." — JR WilliamsonThe New Oil: DataIn the world JR navigates, data is akin to oil. A resource that when refined, can power decisions and create strategic advantages. He passionately elucidated on the essence of data, not just as standalone bits and bytes, but as a precursor to insights that drive informed decisions. Addressing the comparison between data and oil, JR stressed that the real value emerges from what the data is transformed into; actionable insights for decision-making. Whether it's about responding with agility in competitive marketplaces or in the context of national defense, delivering insights at an unmatched speed is where significant triumphs are secured.Importance of Data SecurityJR Williamson on Data and "Risktasity"JR Williamson stresses the heightened necessity of enforcing security measures that accompany data wherever it resides. As the IT landscape has evolved, the focus has broadened from a traditional, perimeter-based security approach towards more data-centric strategies. He articulates the complexity that comes with managing and safeguarding data in a dispersed environment. Where data no longer resides within the confines of a controlled network but spans across a myriad of locations, endpoints and even devices. This shift has rendered traditional security models somewhat obsolete, necessitating a more nuanced approach that can adapt to the dynamic nature of data.The Value of Data in Decision-Making: "The data in and of itself is really not that valuable. Just like oil in and of itself is not that valuable. But what that oil can be transformed into is what's really important, and that's really the concept." — JR WilliamsonData Security ExperiencesBoth Mark and Carolyn resonate with JR's insights, drawing parallels to their own experiences in cybersecurity. Mark appreciates the straightforwardness of JR’s "risktasity" model which advocates for proportional security measures based on the evaluated risk. This principle challenges the one-size-fits-all approach to cybersecurity, fostering a more tailored and efficient allocation of resources. Carolyn, in turn, connects to the conversation with her history of grappling with the intricacies of data classification and control. She acknowledges the tactical significance of understanding which data warrants more stringent protection. Plus, the operational adjustments required to uphold security while enabling access and utility.Data Governance and Security StrategiesUnderstanding Data Security and LifecycleJR emphasizes the importance of understanding the data's lifecycle. Acknowledging that comprehensive knowledge about how data is created, managed and ultimately disposed of is a cornerstone of effective cybersecurity. This involves not only recognizing the data's trajectory but also identifying who needs access to it, under what conditions, and how it may evolve or be transformed throughout its lifecycle. By establishing such a deep understanding, JR suggests that it becomes possible to design governance systems that are not only effective in theory, but also practical and integrated into the daily operations of an organization.Strategy and Organizational SupportTransitioning from a theoretical framework to practical execution, JR discusses the necessity of an effective data protection model that can operationalize the overarching strategy. To accomplish this, an organization must develop a structure that aligns with and supports the strategic objectives. JR identifies that existing structures often serve as the most significant barriers when agencies work on implementing new cybersecurity strategies. Organizations must be prepared to confront and renovate legacy systems and management frameworks. This is a challenge that became increasingly evident as organizations rapidly shifted to cloud services to accommodate remote work during the pandemic.Insights from Data Security and AI ImpactTransformation of Data into Actionable InsightsLike oil, data's true value isn't in its raw form. It is in the conversion process, which transforms it into insights for decision-making. He reflects on the progression of data turning into information, which then evolves into knowledge, culminating in actionable insights. Just as the versatility of oil lies in its ability to be refined into various fuels and materials, the potential of data is unlocked when it is analyzed and distilled into insights that inform crucial decisions. JR emphasizes that the effectiveness of insights hinges not just on accuracy. It is also on understanding the context in which these insights are applied. He suggests that these refined insights are close to competitive advantages. They enable quicker and more informed decision making in mission critical environments.The Importance of Data Insight in Business: "Getting the insight in and of itself is important. But combining that insight with understanding of the problem we're trying to solve is really where the competitive advantage comes into play." — JR WilliamsonAI's Speed Impact on Cybersecurity and DefenseJR expresses apprehension regarding artificial intelligence's acceleration and its implications for cybersecurity and defense. This unease stems from AI's capability to operate at a pace vastly superior to human capacity. Such rapid capabilities could lead to a perpetual struggle for cybersecurity professionals, who are tasked with defending against AI-driven attacks that continually outpace their responses. For organizations to not only protect themselves but also remain competitive, JR advocates for the adoption of similar AI technologies. By leveraging advanced tools, organizations can preemptively identify vulnerabilities and secure them before they are exploited by adversaries. He alludes to an emerging arms race in cybersecurity, driven by AI advancements that necessitate a proactive rather than reactive approach to digital threats.Shifting Mindset in Data Security and Zero Trust ArchitectureBroader Perspective on Defensive Data SecurityCarolyn and Mark, touching on the complexities of cybersecurity, speculate about a potential paradigm shift. Rather than focusing solely on prevention, they wonder if the strategy might pivot towards containment and control once threats are within the system. JR agrees that in today's vast and interconnected digital environment, absolute prevention is increasingly challenging. Though cybersecurity has traditionally been likened to reinforcing a castle's walls, JR argues that due to the dispersed nature of modern networks and cloud computing, this approach is becoming outdated. Instead, organizations need to be agile and resilient, with security measures embedded within the data and applications themselves, ensuring they can quickly detect, mitigate and recover from breaches.Dissecting the Concept of Zero Trust ArchitectureJR expresses discontent with the term "zero trust" due to its implications of offering no trust whatsoever, which would stifle any exchange of information. He advocates for the terms "earned trust" or "managed trust" to more aptly describe the nuanced relationship between users and the systems they interact with. Security architecture, JR illustrates, should not solely rely on verifying users' identities. It has to account for the integrity and security posture of the devices and locations being used to access the data. By meticulously understanding which data are most sensitive and their lifecycles, organizations can ensure that access controls are rigorously applied where necessary. This is based on the type of data, the user's context and the access environment. This nuanced approach is fundamental in constructing a robust and adaptive zero trust architecture that evolves along with the organizational ecosystem.About Our GuestsJR Williamson is accountable for information security strategy, business enablement, governance, risk, cybersecurity operations and classified IT at Leidos. JR is a CISSP and Six Sigma Black Belt. He serves on the Microsoft CSO Council, the Security 50, the Gartner Advisory Board, the Executive Security Action Forum Program Committee, and the DIB Sector Coordinating Council. He is also part of the WashingtonExec CISOs, the Evanta CISO Council, the National Security Agency Enduring Security Framework team, and is the Chairman of the Board of the Internet Security Alliance.Episode LinksJR Williamson’s LinkedInThe Billington Cybersecurity SummitThe Expanse Dune: Part 2

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

Global technology is changing the way we live. Critical government decisions affect the intersection of technology advancement and human needs. This podcast talks to some of the most prominent influencers shaping the landscape to understand how they are leveraging technology to solve complex challenges while also meeting the needs of today's modern world.

HOSTED BY

Carolyn Ford

CATEGORIES

Frequently Asked Questions

How many episodes does Tech Transforms have?

Tech Transforms currently has 50 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is Tech Transforms about?

Global technology is changing the way we live. Critical government decisions affect the intersection of technology advancement and human needs. This podcast talks to some of the most prominent influencers shaping the landscape to understand how they are leveraging technology to solve complex...

How often does Tech Transforms release new episodes?

Tech Transforms has 50 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to Tech Transforms?

You can listen to Tech Transforms on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts Tech Transforms?

Tech Transforms is created and hosted by Carolyn Ford.
URL copied to clipboard!