The GIST of Govt IT podcast artwork

PODCAST · government

The GIST of Govt IT

The weekly show that breaks down ideas, innovations and decisions that cut through complexity and offer real insights from the intersection of technology and the mission. 

Publisher-supplied feed metadata · PodParley refreshed Jun 8, 2026 · Source feed

  1. 8

    Fed Christmas in July? The OMB M-26-14 Holiday Rush Begins!

    Level One by Christmas. Level Two by Valentine's Day. Level Three by Independence Day. That's the OMB M-26-14 logging mandate clock federal agencies are now racing against — and if you don't want to spend your holidays at the office, it's time to start planning now! In Episode 13 of The GIST of Govt IT, Brian and Sean dig into OMB M-26-14 on the eve of Sean's fireside chat with CISA Director Nick Andersen. Sean breaks down what actually changed: the shift from long-term log hoarding (30 months of cold retention) to an outcomes-driven model focused on defending the cyberspace effectively, and the dramatic expansion of scope to include IoT and operational technology — the unmanaged, line-of-business-owned, often third-party-managed devices that CISOs have never had eyes on. The conversation walks through the mechanics: the Logging Reference Architecture (LRA) dropping mid-August, the 90-day plan requirement, and the three maturity levels with their rising inventory-and-logging thresholds (70/50, 80/80, 90/90). Brian and Sean unpack why asset inventory is the real "creeper" that will blindside teams, why OT discovery requires drop-in kits and passive network detection rather than active scanning that can break physical systems, why centralized logging matters for coordinated FSEB-wide defense, and how to think about "three-for-one" investments that solve this mandate and other capability gaps at once. ----------RESOURCES MENTIONED IN THIS EPISODEThe Core Policy- OMB M-26-14 (new logging mandate, issued May 22)- OMB M-21-31 (the rescinded SolarWinds-era predecessor)- OMB M-26-14 Signals a New Era for Cyber Visibility (BLOG)Background: The SolarWinds / Sunburst Hack- CISA on the SolarWinds supply chain compromise- GAO review of federal M-21-31 log management adoptionThe Maturity Milestones (per the memo)- Level 1 (Basic) — ~120 days after LRA: 70% of assets inventoried, 50% logged centrally- Level 2 (Intermediate) — ~Valentine's Day 2027: 80% inventoried, 80% logged- Level 3 (Advanced) — ~320 days / Independence Day 2027: 90% inventoried, 90% loggedOT/IoT Discovery & Network Detection Solutions Referenced- Zeek- Corelight (commercial Zeek / "Sericana" reference- Armis- Dragos- Nozomi Networks SIEM, SOAR & SOC Modernization- Continuous Threat Exposure Management (CTEM)- CISA SIEM-as-a-service with ElasticRelated Episodes- Episode 12: The Founding Father's Guide to Federal IT- Episode 7: Iran Came for the US Dams and We Got Lucky: Frontline Insight from the OT Fight- Episode 6: Cupcakes and OODA Loops: Inside(r)'s Insights Into the New Federal Cyber PlaybookUpcoming Events- July 14 Breakfast Briefing at the National Press Club — "When the Perimeter Disappears: Securing the Converged Federal Enterprise Across IT, IoT, and OT": - July 14 Mid-Year Federal IT Priority Setting Session with a fireside chat featuring CISA Director Nick AndersenThe Hosts & Show- Swish Data - GIST 360 ----------CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  2. 7

    The Founding Fathers' Guide to Federal IT

    Happy 250th birthday, America. In this special shortened Fourth of July episode of The GIST of Govt IT, Brian and Sean keep it snackable for the beach-and-boat crowd — kicking off with a debate over favorite founding fathers before turning to a rundown of the GIST 360 summer event lineup. Sean previews what's coming: a July 14 breakfast briefing at the National Press Club on securing the converged IT/OT/IoT enterprise; a mid-year federal IT priority-setting session featuring a fireside chat with CISA Director Nick Andersen, an ATARC roundtable on operationalizing continuous threat exposure management, as well as several webinars on deck. If you want to know where federal IT leaders are placing their bets for the last stretch of the fiscal year, this is your map to the conversations that matter. Plus a kite-surfing Ben Franklin!----------RESOURCES MENTIONED IN THIS EPISODEUpcoming GIST 360 Events- July 14 — Breakfast Briefing, National Press Club - "When the Perimeter Disappears: Securing the Converged Federal Enterprise Across IT, IoT, and OT"- July 14 — Mid-Year Federal IT Priority Setting & Listening Session, The Riggs Rooftop (9th & E, Washington DC, 5:30–7:30 PM)- August 13 — Webinar: "From the Edge to the Enterprise: The Future of Mission-Critical Infrastructure"- August 25 — Webinar: "Rethinking Command and Control Resiliency at the Tactical Edge"The Hosts & Show- Swish- GIST 360 ----------CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  3. 6

    The Five-Dollar Agentic AI Hacker

    Four days. A spare $500 mini PC from Microcenter. An open-source quantized model running on 512 MB of VRAM. And by Thursday morning, an autonomous AI agent named Jenkins was finding vulnerabilities, chaining exploits, gaining root, and maintaining persistence — entirely on its own, with no human in the loop. In Episode 11 of The GIST of Govt IT, Brian and Sean are joined by Marlin McFate, Federal CTO and CISO at Cohesity to dig into the experiment Marlin documented on his new Substack, Peripheral Tech. Marlin walks through the architectural choices that made Jenkins possible — the "discussion skill" approach to working with agents like colleagues, the orchestrator-subagent model, the safety capability files that proved more effective than external guardrails — and why the implications go far beyond "Mythos changed everything." The conversation digs into the real thesis: the barrier to nation-state-grade offensive cyber didn't just fall — it fell years ago, and most organizations are still spending 80% of their cybersecurity budget trying to prevent attacks rather than recover from them. Brian, Sean, and Marlin unpack the digital jump bag, the minimum viable agency concept, why finding the last clean backup is "a bad lie" the industry has been telling for years, and what Cohesity's RAG-enabled secondary data approach means for agencies trying to feed AI without standing up a fifth copy of their data. Plus, AI agents throw fits and take on personalities for their own. ----------RESOURCES MENTIONED IN THIS EPISODEFeatured Guest- Marlin McFate, Federal CTO & CISO, Cohesity- Peripheral Tech (Marlin's Substack)- Jenkins- Cohesity Federal- Cohesity Gaia (conversational AI search for backup data)The Experiment & The Stack- Kali Linux (penetration testing OS)- Ollama (local LLM runtime)- Qwen open-source models (Alibaba)- The Mythos vulnerability discovery report (Cloud Security Alliance)- Anthropic Project GlasswingAgentic AI & Security- Gambit Security research on multi-AI hacker (Anthropic + OpenAI split-context attack on Mexican government)Federal Cyber Policy & Frameworks- OMB M-26-14 (cybersecurity logging and monitoring for IT/IoT/OT)- CISA Industrial Control Systems resources- NIST AI Risk Management FrameworkConcepts Discussed- Westrum Organizational Culture Typology- Project Bravo (Stuart Wagner, formerly Air Force, now Navy)- Platform One (DoD DevSecOps platform)Open Source AI Frameworks- vLLM (high-throughput LLM inference)- Red Hat OpenShift AILearning Resources- O'Reilly Learning Platform- O'Reilly AI Sandboxes & Guided LabsRelated Episodes- Episode 7: Iran Came for the Dams and We Lucky- Episode 2: Fighting Fire with Fire to Secure Federal AgentsUpcoming Event- Marlin speaking at AWS Public Sector Summit DC — Tuesday, June 30, 2:00 PM, Convention Center side theaterThe Hosts & Show- Swish- GIST 360 program----------CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  4. 5

    An Apache Down. An ASV Up: Crossing the Rubicon for Autonomous Warfare

    In Episode 10 of The GIST of Govt IT, Brian and Sean are joined by David Hutchins, Director of Naval Systems and Defense Technology at Forecast International, fresh off SOF Week in Tampa to discuss the pervasiveness of autonomous systems and platforms that is changing calculus of warfare. David, a Marine Corps veteran who enlisted at 17, walks through the moment autonomous warfare crossed the Rubicon. The conversation digs into the cat-and-mouse evolution of counter-drone tech in Ukraine, why the LCS may finally have found its purpose in de-mining the Strait of Hormuz, the supply chain reality of mass-producing autonomous systems, the role of contested logistics and modular open architectures, and the upcoming World Cup. Plus the ever creative tactics of Marines in the field and how Sean once used pantyhose to keep sand out of IT systems when he was down range. ----------RESOURCES MENTIONED IN THIS EPISODEFeatured Guest- David Hutchins, Director of Defense Technology and Naval Systems, Forecast International- Forecast International- Defense & Security Monitor (Forecast's research blog) Forecast International Related Resources                                 - Strait of Hormuz Under Threat of Mines, Are Literal Combat Ships the Solution- A New DAWG in the Fight: The Pentagon's $54B Bet on Autonomous Warfare- Safeguarding the World Cup: The Critical Role of Counter Drone SystemsDefense Autonomous Warfare Group (DAWG) Coverage- DefenseScoop on the FY27 DAWG budget- Task & Purpose on the $54B DAWG ask - The Hill analysis on the autonomous warfare pivot- SOUTHCOM Autonomous Warfare Command (SAWC)Key Events Referenced- SOF Week 2026- Maneuver Warfighter Conference (Fort Benning, GA)The Strait of Hormuz Helicopter Rescue- AH-64 Pilots Rescued by Uncrewed Surface Drone (BBC)- Saronic Corsair USV platform overviewUnmanned Naval Systems Discused- SailDrone (Coast Guard partner, Great Lakes & North Atlantic)- US Coast Guard Coastal Sentinel programDrone & Counter-Drone Programs Referenced- Project Maven (DoD AI-enabled targeting)- DoD Drone Dominance program World Cup 2026 Counter-UAS Funding- DHS Counter-UAS resources: https://www.cisa.gov/topics/physical-security/unmanned-aircraft-systems-uas- Counter-UAS for World CupCounter-Drone Technology & Standards- FAA Drone Regulations & Pilot Licensing- FAA Beyond Visual Line of Sight (BVLOS) rulesThe Hosts & Show- Swish- GIST 360----------CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  5. 4

    Quad Charts be Damned: Data Meets the Mission

    For years now, the question for federal agencies has been the same: is your data ready for AI? In Episode 9 of The GIST of Govt IT, Brian and Sean sit down with Andrew Churchill, who leads Qlik's Public Sector Business across the US and Canada, to dig into whether the answer is finally shifting from "not yet" to "we're getting there" — and what's actually driving it. Andrew shares how policy moves are pushing the idea that data belongs to the mission, not the system owner; how AI is automating the mundane data prep work; and why the trust score on the data behind an AI recommendation is becoming the single most important factor for senior leaders making decisions. Brian, Sean, and Andrew unpack the agentic identity challenge nobody's talking about, the IBM Think team that burned 20% of its annual Mythos token budget in a single weekend, why a federal employee who knows the mission plus AI beats a forward-deployed engineer every time. Why federal data progress is a war of inches and why leaders need to turn the people delivering small wins into heroes — quad charts be damned. Plus, live music recommendations for the DC region. ----------RESOURCES MENTIONED IN THIS EPISODEFeatured Guest- Andrew Churchill, VP Public Sector, Qlik- Qlik Public Sector- Qlik Data Literacy Program (free resources)- Qlik FedRAMP authorization statusHegseth's Advana Memorandum- Advana restructuring memo and program overhaul (Jan 2026) - Hegseth's "Transforming the Warfighting Acquisition System" memo (Nov 7, 2025)DoD AI/Data Programs Referenced- Advana (DoD enterprise data and analytics platform)- Project Maven (DoD computer vision/AI)- Project Bravo (Air Force innovation initiative)Federal Data Policy- DoD Data Strategy- Federal Data Strategy (strategy.data.gov)- Data.govLive Music Featured- Tedeschi Trucks Band - Bound for Glory  - Tedeschi Trucks Band Live from Red Rocks - Full Concert- Point Break Music Festival- Warped Tour DCReferences & Concepts- Gartner BI/Analytics Magic Quadrant- Stuart Wagner (Navy, former Air Force CTO)- Lori Mangold (Booz Allen, former Army Chief G3/5/7) Previous Events- Transforming Data Into a Strategic National Asset w/ NASA CDO- Qlik Public Sector SummitLife's a Game of Inches- "Al Pacino" Epic Monologue from Any Given Sunday The Hosts & Show- Swish  - GIST 360Come find Brian, Andrew, and Sean at a show this summer. Quad charts not required!CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  6. 3

    Minutes, Not Months: Inside the New Cyber Velocity Facing Federal Agencies

    48 hours. That's the time it took for a federal employee credentials to be stolen as a result of a phishing attack, to being listed on a dark web marketplace. In Episode 8 of The GIST of Govt IT, Brian and Sean sit down at Check Point's Engage Summit in DC with Yochai Corem, General Manager of Check Point's Exposure Management division, to unpack what happens when both sides of cyber warfare have agentic AI — and why the next three years will not be kind to defenders. Yochai shares why pen testing once a quarter is no longer relevant, how a single Chinese developer built an entire attack program in a week using an army of agents, and what Iranian threat actors targeting Israeli hospitals look like in real-time during active kinetic conflict. The conversation digs into agentic red teaming vs. automated red teaming (and why the difference matters), why "safe remediation" still keeps a human in the loop, how to use the firewalls, WAFs, and IPS you already own as compensating controls when patching takes weeks, and the under-discussed reality that government leaders must put their hands on the keyboard with AI. Plus: Yochai's family cookbook and other vibe-coding stories.RESOURCES MENTIONED IN THIS EPISODEFeatured Guest- Yochai Corem, GM, Exposure Management, Check Point- Corem Travel — Yochai's travel planning app Check Point- Check Point- Check Point Exposure Management- Check Point Engage Summit - Washington, DC Check Point's Exposure Management Acquisitions- Cyberint (now part of Check Point's external risk management)- Veriti (automated security control management)- Cyclops (now Check Point's CAASM offering)Exposure Management & CTEM Framework- Gartner Continuous Threat Exposure Management (CTEM) overview- CISA Known Exploited Vulnerabilities (KEV) Catalog Agentic AI & Red Teaming- OWASP Top 10 for LLM Applications- OWASP AIVSS — AI Vulnerability Scoring System for Agentic AI- MITRE ATLAS (Adversarial Threat Landscape for AI Systems)Threat Actor Tracking- Check Point Research (threat intelligence blog)- Check Point ThreatCloud AIConcepts & References- Air-gapped network security guidance (NIST SP 800-82)- IRGC (Iranian threat actor background — CISA advisory on CyberAv3ngers)Related Episodes- Episode 7: Iran Came for the Dams and We Got Lucky: Frontline Insights into the OT Fight- Episode 6: Cupcakes & OODA Loops: Inside(r) Insights Into the New Federal AI Cyber Playbook- Episode 5: Vibe Hacking and Nation State Cyber ThreatsUpcoming Events- GIST 360 Breakfast Briefing at the National Press Club, July 14, 2026 - When the Perimeter Disappears The Hosts & Show- Swish - GIST 360 CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  7. 2

    Iran Came for US Dams and We Got Lucky: Frontline Insights from the OT Fight

    When Iranian-linked cyber actors hit U.S. water, energy, and government facilities through internet-exposed Rockwell Allen-Bradley PLCs during the sixth week of the U.S.–Iran military campaign, they did it with attacks that were eightfold above baseline  and got within 30 to 40 minutes of opening dam gates. In Episode 7 of The GIST of Govt IT, Brian and Sean sit down with Matthew Shalbetter, Director of Strategy for Civilian Agencies at Armis Federal and a 16-year HHS veteran, to unpack what's really happening at the convergence of IT and OT. Matthew breaks down why cyber has become the great equalizer for nation-state actors, the difference between Iranian "disrupt and distract" tactics, and Chinese prepositioning ahead of a potential Taiwan invasion.  The conversation digs into the cultural chasm between IT and OT teams, what the Ukrainians taught a roomful of Western OT practitioners at RSA about why red teaming beats paperwork, and the basics that still aren't done. Trump's seven-page cyber strategy and what ServiceNow's $7.75B acquisition of Armis — closed April 20 — means for federal customers. Plus: Matthew's Hacker Name...DirtTrackRESOURCES MENTIONED IN THIS EPISODEFeatured Guest- Matthew Shallbetter, Director of Strategy for Civilian Agencies, Armis Federal- Armis FederalThe Iranian PLC Attacks- CISA Joint Advisory AA26-097A — Iranian-Affiliated Cyber Actors Exploit PLCs Across US Critical Infrastructure- Rockwell Automation security advisories- CyberAv3ngers / IRGC threat actor backgroundOT Discovery & Exposure Research- Shodan — internet-exposed device search engine- Censys — internet asset discovery- Armis State of Cyberwarfare ReportOT/ICS Frameworks & Government Guidance- NIST SP 800-82 — Guide to Operational Technology Security- CISA Cross-Sector Cybersecurity Performance Goals (CPGs)- DoD Zero Trust Overlays (including OT guidance)- NERC CIP Standards (electric sector OT)Federal Cyber Policy- White House National Cyber Strategy (the seven-page version)- CDM Program (Continuous Diagnostics and Mitigation)- CISA Industrial Control Systems resourcesThe ServiceNow + Armis Deal- ServiceNow completes Armis acquisition (April 20, 2026)Threat Actor Tracking Partners Referenced- Armis Centrix Threat Intelligence- DragosRelated Episodes- Episode 5: Vibe Hacking” and Nation State Cyber Threats - Episode 6: Cupcakes & OODA Loops: Inside(r) Insights Into The New Federal AI Cyber PlaybookUpcoming Event- GIST 360 Breakfast Briefing at the National Press Club, July 14 - When the Perimeter Disappears Securing the Converged Federal Enterprise Across IT, OT and IoT Environments The Hosts & Show- Swish- GIST 360CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  8. 1

    Cupcakes & OODA Loops: Inside(r) Insights Into the New Federal AI Cyber Playbook

    Last episode, we left you hanging with a question: when it comes to cybersecurity, what is the federal government doing to both leverage AI and defend against AI threats and most importantly, are we moving fast enough? In the conclusion of this two-part series, Sean takes us inside a White House industry day convened at the request of the Federal CISO Council. He breaks down the two themes of the day that framed very different problems: using AI to optimize cybersecurity (running a SOC, governance, and compliance faster) and securing AI itself. Brian and Sean dig into the agentic SOC, the build-vs-buy question for federal agencies, why data fragmentation is the recurring obstacle in every AI conversation, the role of MCP and RAG in getting agents to the data, and live demos. Cupcakes and OODA loops make an appearance and Sean provides his verdict on whether the government is moving fast enough and his hacker name is finally revealed.RESOURCES MENTIONED IN THIS EPISODEThe White House Industry Day- About the Indian Treaty Room, Eisenhower Executive Office Building Vendors & Demos Featured in the Episode- Lasso Security (AI red teaming and purple teaming)- SimSpace (full-stack cyber range simulation)- Elastic AI workflows (bring-your-own-LLM, air-gap deployable)AI Security Frameworks & Standards- OWASP Top 10 for LLM Applications- OWASP AIVSS — AI Vulnerability Scoring System (agentic AI)- MITRE ATLAS (Adversarial Threat Landscape for AI Systems)Key Technical Concepts- Model Context Protocol (MCP) — bringing the agent to the data- Retrieval-Augmented Generation (RAG) explained- CDM Program (Continuous Diagnostics and Mitigation)- OODA Loop Industry & Government Collaboration Communities- ATARC — Advanced Technology Academic Research Center- ATARC Working Groups (Zero Trust, Agentic AI, Cyber AI Convergence)- Northern Virginia Technology Council (NVTC)- OWASP (Open Worldwide Application Security Project)Other References- Geoffrey Moore, Crossing the Chasm (technology adoption lifecycle)- Jerry Garcia Ties - Grateful Dead Merch- Phish (The Band)Related Episodes- Episode 5: "Vibe Hacking" and Nation State Cyber Threats- Episode 2: Fighting Fire with Fire: Federal AI Security - Securing Agentic AI with Elad Schulman, CEO of Lasso SecurityThe Hosts & Show- Swish- GIST360CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  9. 0

    Vibe Hacking and Nation State Cyber Threats

    Your router may not be your router. It could be a Russian surveillance device. In Episode 5 of The GIST of Govt IT, Brian and Sean unpack a stunning two weeks in cybersecurity: the FBI's court-authorized takedown of a Russian GRU operation that silently hijacked thousands of TP-Link routers across 23 American states, an Iranian-linked APT group actively disrupting U.S. water and energy systems through Allen-Bradley PLCs, and Anthropic's release of Claude Mythos — a frontier model so capable at finding zero-day vulnerabilities that the company chose not to release it publicly. They break down what Project Glasswing means for industry, how AI is becoming both the most dangerous offensive weapon and the most powerful defensive tool a CISO has ever had, why "vibe hacking" is democratizing cyber attacks (one low-skill actor compromised 600 FortiGate firewalls across 55 countries), and why the old playbook for SOC operations needs to be blown up entirely. What the unresolved tension between Anthropic and the DoD over supply chain risk designation means for federal agencies trying to defend critical infrastructure while CISA operates at 38% capacity. Plus Sean shares his hacker name (maybe) if he wasn't a CTO and instead worked in a windowless office in Pyongyang. ----------RESOURCES MENTIONED IN THIS EPISODEThe Russian GRU Router Operation- DOJ announcement: Operation Masquerade — court-authorized disruption of DNS hijacking network - FBI Public Service Announcement on GRU exploitation of TP-Link routers - NSA statement on Russian GRU router threats - CVE-2023-50224 (the TP-Link vulnerability exploited) Iranian-Linked Attacks on U.S. Critical Infrastructure- CISA Joint Advisory AA26-097A — Iranian-Affiliated Cyber Actors Exploit PLCs Across US Critical Infrastructure- Rockwell Automation security guidanceAnthropic, Claude Mythos & Project Glasswing- Anthropic on Project Glasswing- Anthropic's statement on the DoD supply chain risk designation- Cloud Security Alliance whitepaper on Mythos vulnerability discoveryRecommended Consumer Protections- Cloudflare's free 1.1.1.1 DNS resolver- Cloudflare DNS family options (malware and adult content filtering)Cybersecurity Frameworks & Government Resources- CISA Edge Device Security- CISA Cross-Sector Cybersecurity Performance Goals (CPGs 2.0)- MITRE ATT&CK Framework- CISA Industrial Control Systems advisoriesRelated Episodes- Episode 2: Fighting Fire with Fire: Federal AI Security - Securing Agentic AI with Elad Schulman, CEO of Lasso Security- Episode 3: Chaos, Change, and Opportunity in Federal IT - $50B in Q4 federal IT contracting, Golden Dome, and the Anthropic supply chain risk designationThe Hosts & Show- Swish - GIST360CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  10. -1

    A New Playbook for Small Businesses and Startups in Federal IT

    From a startup consulting shop to a $1.4B IBM acquisition, Octo Consulting Group's story is one of the great growth journeys in government IT. Brian and Sean sit down with Jay Shah, Octo's former COO, who helped guide the company through every inflection point — the pivot to DevSecOps and agile, the move from sub to prime, the strategic (and intentional non-) use of the 8(a) program, the 2019 Arlington Capital investment, four acquisitions, the launch of OLabs, and the IBM exit in December 2022. Jay shares the unvarnished playbook for scaling in the federal market: why diversification matters more than the 8(a) badge, when to be bold with primes (and when to bluff), how to turn billable services into IP, why OLabs only worked because they had base hits first, and what most founders get wrong about working capital. Plus, Brian and Jay geek out on funk master flautist Karl Denson.----------RESOURCES MENTIONED IN THIS EPISODEFeatured Guest- Jay Shah- Octo- OLabsCapital, Mentorship & Workforce Development- Mason Enterprise — APEX Accelerator - Veterans Institute for Procurement (VIP)- Andreessen Horowitz American Dynamism- Pax VenturesBooks & Frameworks Referenced- The Trusted Advisor by David Maister, Charles Green, and Robert Galford- The Scaled Agile Framework (SAFe)- Westrum Organizational Culture Typology- Gene Kim & The Phoenix Project- DORA (DevOps Research and Assessment)Live Music Worth Checking Out- Karl Denson's Tiny Universe- The Greyboy Allstars- Kenny Rogers Insane KnuckleballsJay's Nonprofit Work- The Children's Inn at NIH- Wolf Trap Foundation for the Performing Arts- Loudoun Hunger ReliefThe Hosts & Show- Swish- GIST360CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  11. -2

    Chaos, Change, and Opportunity in Federal IT

    "Chaos." "Change." "Opportunity." Three words that surfaced in a room full of federal contractors when asked to describe today's government IT environment. Sean and Brian unpack what's really driving the disruption, from RIFs and FAR overhauls to FedRAMP changes, the Anthropic supply chain risk designation, and the brain drain hitting agencies like NIST. They dig into the structural changes reshaping how government buys and builds technology — OTAs gaining momentum, Golden Dome's six-month IDIQ award turnaround, and CDOs finally getting real budget authority to break down data silos. Then they pivot to where the real opportunity lives: $50B in federal IT contracting in Q4 FY25, $13B for autonomy and AI at the Department of War, mission Genesis investments at DOE, and the massive energy build-out required to keep pace with China. Brian gets smart on Markdown files. ----------RESOURCES MENTIONED IN THIS EPISODEFederal AI Policy & Executive Orders- OMB M-25-21 — Accelerating Federal Use of AI through Innovation, Governance, and Public Trust - OMB M-25-22 — Driving Efficient Acquisition of Artificial Intelligence in Government - Executive Order 14179 — Removing Barriers to American Leadership in AI- America's AI Action Plan- AI.govNIST AI Standards & Frameworks- NIST AI Agent Standards Initiative (launched Feb 17, 2026)- NIST AI Risk Management Framework- NIST AI 600-1 (Generative AI Profile)Acquisition Reform & Contract Vehicles- FAR Overhaul (Revolutionary FAR Overhaul)- GSA SEWP V extension and SEWP VI updates- Missile Defense Agency Golden Dome IDIQ- Other Transaction Authorities (OTAs) — DAU guideDepartment of War / Defense AI- DoD Chief Digital and AI Office (CDAO)- Defense Innovation UnitDepartment of Energy- Mission GenesisWorkforce & Learning Resources- freeCodeCamp- Anthropic's Claude documentation (markdown skills & agent files)- Model Context Protocol (MCP)The Hosts & Show- Swish  - GIST360CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  12. -3

    Fighting Fire with Fire to Secure Federal AI Agents

    There's a workforce inside your agency that nobody hired, no one trained, and nobody is watching. We're talking about AI agents. In Episode 2 of The GIST of Govt IT, Brian and Sean sit down with Elad Schulman, CEO and co-founder of Lasso Security, to unpack what it actually takes to secure an agentic federal enterprise that seemed to arrive on the scene overnight. They dig into AI sprawl, the new attack surface created by autonomous agents, and why traditional security playbooks don't work when the system you're defending is non-deterministic. Elad shares why "intent security" is the new frontier, how agentic red teaming finds vulnerabilities a hundred humans never would, and what happens when an agent goes rogue (hint: it doesn't have to be malicious to cause real damage). Also, what it takes for innovative non-traditional vendors to actually move at the speed the federal government now demands. Finally, if you task an AI agent to keep your house clean, you better make sure to instruct it not to kill your family. ----------RESOURCES MENTIONED IN THIS EPISODEFeatured Guest- Elad Schulman, CEO & Co-Founder, Lasso Security - Lasso Security - Lasso Intent Security for AI AgentsOMB Memos & Executive Orders on Federal AI- OMB M-25-21 — Accelerating Federal Use of AI through Innovation, Governance, and Public Trust - OMB M-25-22 — Driving Efficient Acquisition of Artificial Intelligence in Government - Executive Order 14179 — Removing Barriers to American Leadership in AI - America's AI Action Plan Federal AI Use Case Inventories- 2025 Federal Agency AI Use Case Inventory (GitHub) - Federal AI Use Case Repository (Searchable) AI Security Frameworks & Standards- NIST AI Risk Management Framework (AI RMF) - OWASP Top 10 for Agentic AI - ISO/IEC 42001 — AI Management System Standard GIST360 Webinar- Securing AI at Scale: Adopting Intelligent and Autonomous Zero Trust Approaches Hosts- Swish- GIST360CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

  13. -4

    Moving Ideas to Mission Outcomes

    Sean and Brian kick off the inaugural episode of The GIST of Govt IT, and they're diving into why speed and real results are suddenly the only things that matter in federal IT, what's actually exciting in first response tech, and which consumer tech trends are about to hit the public sector harder than anyone expects. Then they turn to their big bets of 2026, where app modernization, AI, and data strategy are colliding into one massive shift, all riding on the infrastructure overhaul that's been put off for way too long. Finally, they discuss what the government is deprioritizing and deemphasizing when it comes to IT investments. Sean gets roasted about what car his wife will let him buy next. ----------RESOURCES MENTIONED IN THIS EPISODEConferences & Events- Government Business Executive Forum (GBEF)- EDGE@ces — GBEF's annual summit at CESGovernment Design & Modernization- America by Design initiative  - National Design Studio - Joe Gebbia — first U.S. Chief Design Officer - Executive Order: "Improving Our Nation Through Better Design"Industry Acquisitions Discussed- ServiceNow to acquire Armis ($7.75B) - IBM completes acquisition of Confluent ($11B)Industry Partners & Communities- ATARC — Advanced Technology Academic Research Center- ATARC Working Groups (Zero Trust, Agentic AI, Cyber AI Convergence)- Armis- Dragos — OT cybersecurityOT, Cybersecurity & Frameworks- Purdue Model for ICS Security- NIST SP 800-82 — Guide to Operational Technology Security- NIST SP 800-53 — Security and Privacy Controls- CISA — Industrial Control Systems resources- CISA Zero Trust Maturity ModelGovernment Data & Open Policy- Federal Data Strategy- Data.govThe Hosts- Swish Data - GIST 360CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

The weekly show that breaks down ideas, innovations and decisions that cut through complexity and offer real insights from the intersection of technology and the mission.

HOSTED BY

Swish

Frequently Asked Questions

How many episodes does The GIST of Govt IT have?

The GIST of Govt IT currently has 13 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is The GIST of Govt IT about?

The weekly show that breaks down ideas, innovations and decisions that cut through complexity and offer real insights from the intersection of technology and the mission. 

How often does The GIST of Govt IT release new episodes?

The GIST of Govt IT has 13 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to The GIST of Govt IT?

You can listen to The GIST of Govt IT on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts The GIST of Govt IT?

The GIST of Govt IT is created and hosted by Swish.
URL copied to clipboard!