Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

John Gilroy

The federal government spends $90 billion on technology every year. If you are a tech innovator and want to expand your share of the market, this is the podcast for you to find new opportunities for growth. Every week, Federal Tech Podcast sits down with successful innovators who have solved complex computer system problems for federal agencies. They cover topics like Artificial Intelligence, Zero Trust, and the Hybrid Cloud. You can listen to the technical issues that concern federal agencies to see if you company's capabilities can fit. The moderator, John Gilroy, is an award-winning lecturer at Georgetown University and has recorded over 1,000 interviews. His interviews are humorous and entertaining despite handing a serious topic. The podcast answers questions like . . . How can software companies work with the federal government? What are federal business opportunities? Who are the cloud providers who work with the federal government? Should I partner with a federal technology contractor? What is a federal reseller? Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

  1. 4D AGO

    Fixing FedRAMP: How Automation Cuts ATO Time by 36 Weeks

    Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Way back in 2011, one of the goals of FedRAMP was to eliminate software redundancy. The federal government had evolved to the point where one agency would spend millions of dollars on the same application program that the agency in the same zip code had just invested heavily in. The theory proposed by luminaries like Vivek Kundra was to move to the cloud to share services. Reducing cost and improving resilience. FedRAMP was the initiative that established a safe environment for federal cloud use. Companies can comply with regulations outlined in an Authorization to Operate (ATO). Well, fifteen years later, and we are seeing the same duplication not in the application programs, but in the process to get the ATO itself. For example, FedRAMP, RMF, and agency internal policies may require specific artifacts to satisfy one or the other. During the interview, Travis Howerton paints the legacy model—static documentation, annual/3-year audits, spreadsheets. His solution is to have AI assist with documentation, which will drastically reduce compliance time; he cites an example of reducing a process from 52 weeks to 356 weeks. RegScale uses OSCAL (XML/YAML/JSON) to auto-generate RMF artifacts and integrate with SIEMs (Splunk, Elastic), Axonius, ServiceNow, and APIs. Howerton understands the limitations of many automated systems and suggests that a human is a key component after the machine language has assembled the data to make the decision.

    23 min
  2. Ep 302 API attacks, discovery, and resilience for federal agencies

    4D AGO

    Ep 302 API attacks, discovery, and resilience for federal agencies

    Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Cybersecurity is a rapidly evolving field, where every effective defense technique is quickly noticed and adapted to by malicious actors. The real question is how fast each side of this ongoing cat-and-mouse game can respond. Let us take an example of web applications. In the decade-long slog of the cloud, federal users migrated to web-based applications protected by Web Application Firewalls (WAFs). firewalls. As that method matured, malicious observers noted that the Application Programming Interface (API) allowed these software programs to communicate and exchange data. Voila, another attack vector was born. During today's interview, Joe Henry from Akamai Technologies notes that 80% of their customers report API attacks. Henry details a curious term called "Broken-Object Level Authorization." In this attack, an application fails to check if a user is authorized to access specific data objects. The ID is manipulated, and the malicious actor gets access. Akamai's API Security performs behavioral analysis beyond WAFs, flags PII exposure, and supports a zero-trust posture. Software developers talk about a "shift left"; we apply that to the Akamai approach. They have a worldwide network of Points of Presence (POPs) and data centers where they can observe attacks as they develop. It is so strong that it provides fail-open resilience with a 100% SLA. Akamai provides a State of the Internet Report (quarterly). If you would like to stay connected with the next manifestation of attack, consider subscribing or visiting their website to stay informed about the latest trend

    26 min
  3. Ep. 301 Edge Computing for Government: Rancher's Role in Secure Hybrid Federal Environments

    FEB 10

    Ep. 301 Edge Computing for Government: Rancher's Role in Secure Hybrid Federal Environments

    Twenty years ago, the concept of Bring Your Own Device (BYOD) entered the federal IT landscape with the advent of network-connected devices like Blackberries—sometimes even within secure federal networks. This slow start has exploded into a federal information technology system with sensors on satellites, submarines, and everywhere in between. That "in between" can include on-prem networks, multiple clouds, and hybrid clouds. Today, we sit down with Ryan Leiws, the CEO of Rancher Government Solutions, to look at some of the challenges in managing this dispersed environment and how to manage it. Lewis describes how Rancher connects hybrid environments using containers and Kubernetes for secure orchestration. Lewis emphasizes continuous compliance and DevSecOps via Rancher's Carbide stack, SBOM-level visibility, and rapid recovery in contested, denied/disconnected/intermittent/limited (DDIL) environments. Lewis notes that Rancher's declarative stack reduces maintenance and allows simple app redeployment. They also emphasize portability, cost efficiency, and alignment with zero-trust principles, with upcoming hardened features.  = Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    20 min
  4. Ep. 300 From Reactive to Initiative-taking: How Maximus Improves Federal Citizen Services with AI

    FEB 5

    Ep. 300 From Reactive to Initiative-taking: How Maximus Improves Federal Citizen Services with AI

    We began the interview with a startling fact. Maximus' federal systems interface with one in three Americans each year—about 110 million people. Building on Maximus's broad reach, Pledger says the company's core is designing world‑class digital experiences by starting with the end goal (e.g., veterans' benefits) and using automation, AI, analytics, and omni‑channel outreach. We have all heard about improvements in systems; today, Pledger offers specifics on how health care can improve. He cites his own 2008 Iraq injury and notes veteran case durations historically ran three hundred to four hundred days; Maximus has reduced that to two hundred to 270 days, but still deems it too long. Maximus' success is due to its unique ability to leverage AI to drive this transformation. One approach is to partner with companies with vertical-market expertise. For instance, Maximus partners with Salesforce (CRM) and Genesis (telephony) to respond to complex medical cases. Example: outbound campaigns (text, email, AI‑generated calls) cut lapses; proactive engagement improves experience and reduces call‑center burden. Maximus is a story about a complex environment being tamed through understanding processes, applying technology, and making the right partnerships.   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    24 min
  5. Ep. 299 Wipers, Rogue AI, and Resilience: How Federal Agencies Can Respond and Recover from Attacks in 2026

    FEB 3

    Ep. 299 Wipers, Rogue AI, and Resilience: How Federal Agencies Can Respond and Recover from Attacks in 2026

    Everyone reading this has had minor delays at the airport. It is remarkable that more problems have not developed. Look at Chicago O'Hare International Airport—it has 857,392 takeoffs and landings in a year. Each one has passengers, and most have luggage. The opportunities for problems are overwhelming. Now add an increasing number of sensors and interlaced networks, and you have an attack surface of biblical proportions. All an adversary needs is one single point of vulnerability to attack a system. Think what could happen if an airport network were disabled by a ransomware attack. During today's interview, Lou Karu makes suggestions for defense that include a multi-layered strategy emphasizing zero trust and network segmentation. However, Karu reminds us that a cybersecurity strategy is not complete without a robust recovery plan. For example, if a basic recovery plan was deployed, it is possible that a system can have compromised code locked into a backup. An airport suffers an attack, pays the ransom, and the recovered data has more attacks built in. Best practice here is to have a backup system that is rapid and accurate, and that restores the code without it being hot-infected with additional malicious code. Systems like this from Rubrik call these backups "immutable." The next time you go to the airport, try to imagine  the numerous attack points that an airport must contend with. Even the most robust cyber defense must include plans for safe, secure recovery.   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    26 min
  6. Ep. 298 Resilience by Design: Federal Cyber Predictions, AI-Driven Threats, and Immutable Backups with Rubrik

    JAN 29

    Ep. 298 Resilience by Design: Federal Cyber Predictions, AI-Driven Threats, and Immutable Backups with Rubrik

    Technology is changing so fast that it is impossible to predict the next twelve days. Despite that, we have asked Travis Rosiek, Public Sector CTO at Rubrik, to gaze into his crystal ball and make some predictions for the next twelve months. The good news is that Rosiek sees a shift from intellectual property theft to disruptive attacks on critical infrastructure. The bad news is that Rosiek thinks attacks are increasing to the point that an event will light a fire under the current cybersecurity plans. During the interview, the concept of Zero Trust was unpacked. The idea is that federal systems have already been breached. As a result, the focus must be on microsegmentation, with permission as the limiting factor. Roseik's opinion is that malicious actors have planted code into systems that are acting as "sleepers." At one time in the indeterminate future, this code can be invoked, and severe damage can take place. If this nightmare situation occurs, the best defense is to have recovery built in. Today, leaders must have a system in place to restore data from backups. Unfortunately, malicious actors know this plan as well and have been known to insert code into backups that renders them useless. In a complex game of attack and counterattack, Roseik believes that a recovery strategy that includes immutable backups and an audit mechanism is the best approach in the 21st-century world of threats and countermeasures. He also stressed the necessity of reducing complexity to enhance cybersecurity and the need for initiative-taking measures, including regular stress testing and resilience training. = = Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    30 min
  7. Ep. 297 Seeing the Invisible: Using AI to Detect Threats in Encrypted Federal Networks

    JAN 27

    Ep. 297 Seeing the Invisible: Using AI to Detect Threats in Encrypted Federal Networks

    It is always tricky to compare commercial networking challenges with those faced by federal leaders. For example, the military and intelligence agencies require traffic encryption. How can an organization detect threats while observing this traffic? Today, we discuss Vectra AI's network threat detection capabilities with Wes Nagel, DoD sales manager, and Gage Cowger, a security engineer. With technology from Vectra AI, network traffic can be analyzed for timing, size, direction, and protocol use. These can give behavioral patterns for network visibility without worrying about encryption. Cowger will argue that behavioral patterns are more effective than signatures, especially in mitigating alert fatigue. Signatures can overwhelm monitors with false positives; Vectra's AI and ML capabilities provide trustworthy alerts. This ability positions Vectra AI to adapt to new networking initiatives, such as software-defined and OT/IoT networks, which will be prevalent in the future. The discussion also touches on the future of network detection, emphasizing the need for real-time, behavior-based detection to counteract advanced threats and adapt to evolving networks. Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    23 min
  8. Ep. 296 Securing the Federal Software Supply Chain: Why SBOMs aren't enough

    JAN 22

    Ep. 296 Securing the Federal Software Supply Chain: Why SBOMs aren't enough

    One of the biggest trends in software development over the past 10 years is the shift from writing code to "assembling" code from off-the-shelf components. During today's interview with Javed Hasan from Lineaje, we learned that 70% of that pre-assembled code is open source. In other words, an anonymous person in some countries modified software instructions. This casual approach may be fine for small businesses, but an organization like the federal government must be highly cautious. Hasan describes how his company was one of the first to work with the federal government to set standards for this existing code. These initial efforts began ten years ago and resulted in Executive Order #14028, which requires a Software Bill of Materials for any organization selling to the federal government. This initiative expanded in 2021-2022 when NIST published related guidelines. These efforts are a good start. However, federal leaders must evaluate SBOM technology from many perspectives. For example, how to incorporate this mandate into air-gapped networks, legacy COTS, or even in a classified environment. System administrators also need to know if they are exposed. Further, every organization has a varying definition of what "deep software transparency" is. Hassan also discusses Lineage's innovative approach to creating "Gold open source" software, ensuring it is free of malware and vulnerabilities. If you are interested in seeing a demonstration of how Lineaje can help with software forensics, there is an event at the Carahsoft office in Reston, Virginia, on January 30 = = Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    20 min
See All (300)

Trailer

5
out of 5
7 Ratings

About

The federal government spends $90 billion on technology every year. If you are a tech innovator and want to expand your share of the market, this is the podcast for you to find new opportunities for growth. Every week, Federal Tech Podcast sits down with successful innovators who have solved complex computer system problems for federal agencies. They cover topics like Artificial Intelligence, Zero Trust, and the Hybrid Cloud. You can listen to the technical issues that concern federal agencies to see if you company's capabilities can fit. The moderator, John Gilroy, is an award-winning lecturer at Georgetown University and has recorded over 1,000 interviews. His interviews are humorous and entertaining despite handing a serious topic. The podcast answers questions like . . . How can software companies work with the federal government? What are federal business opportunities? Who are the cloud providers who work with the federal government? Should I partner with a federal technology contractor? What is a federal reseller? Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Information