Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

John Gilroy

The federal government spends $90 billion on technology every year. If you are a tech innovator and want to expand your share of the market, this is the podcast for you to find new opportunities for growth. Every week, Federal Tech Podcast sits down with successful innovators who have solved complex computer system problems for federal agencies. They cover topics like Artificial Intelligence, Zero Trust, and the Hybrid Cloud. You can listen to the technical issues that concern federal agencies to see if you company's capabilities can fit. The moderator, John Gilroy, is an award-winning lecturer at Georgetown University and has recorded over 1,000 interviews. His interviews are humorous and entertaining despite handing a serious topic. The podcast answers questions like . . . How can software companies work with the federal government? What are federal business opportunities? Who are the cloud providers who work with the federal government? Should I partner with a federal technology contractor? What is a federal reseller? Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

  1. 4D AGO

    How Ethical Hackers Help Federal Agencies Find Hidden Cyber Vulnerabilities

    Today, we sat down with Trey Ford from Bugcrowd to talk about ethical hacking. One of the most memorable phrases from ancient Rome is Quis custodiet custodes? (Who Watches the Watchman?). This ancient admonition has direct application to federal cybersecurity. We know federal agencies spend millions of dollars to protect data. How does one ensure the contracted companies are doing their jobs? Traditionally, an organization would use penetration testers, contractors, or basic scanning methods. However, today's attack surfaces are expanding, and malicious actors are innovating so rapidly that we are being forced to consider more creative options. In other words, an annual penetration test against an AI-inspired attack is too focused to be effective. The innovation Bugcrowd brings to the table is a community of researchers who can attack a system from many perspectives. During the discussion, you will learn about federal vulnerability disclosure programs, how to overcome talent shortages, and how Bugcrown vets its research community. Trey Ford also touches on the FedRAMP journey, AI integration, and the evolving cybersecurity landscape, stressing the need for human creativity and dynamic responses to threats. Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    22 min

  2. MAR 12

    Mission-Ready Data: The Front Line of Federal Cybersecurity

    The word "deplorable" signals something shockingly bad. Often used for the truly awful or dreadful, Todd Harbour, with decades of federal data experience, applies it specifically to data quality. That may be an overstatement, but the description certainly makes the point that today AI is based on fragmented, incomplete data sets. The bright, shiny thing called AI is so much in focus that federal leaders may not pause to ask what data is being used to train today's models. During the interview, Harbour acknowledges that nobody is seeking perfection here. He has coined the term "mission-ready" to describe the kind of data that should be used for decision-making in the federal government. This would indicate a serious attempt to include siloed and poorly structured data. In a fascinating digression, he refers to MIT's Project Iceberg. This initiative suggests that AI is only the "tip of the iceberg" of its economic impact. The majority are in the future and beneath the surface. If that is the case, the case for mission-ready data is even stronger. Harbour urges immediate initiative-taking measures to confront these challenges and proactively prepare for rapid AI-driven changes to cybersecurity and national defense. Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    24 min

  3. FEB 24

    Fed up with FedRAMP? How Knox Delivers Authorization in 90 Days

    Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When people look back on 2025 they will see many changes in the FedRAMP process.  It looks like a new administration examined the process, got feedback from companies, and launched new initiatives to speed up the process. During today's interview, Irina Denisenko (Knox CEO) details FedRAMP's challenges and something called "FedRAMP 20x." Knox runs the largest FedRAMP-managed cloud, enabling 90-day authorizations by hosting customers' production environments. Denisenko explains the story of the origin of Knox Systems:   she was running a training company and the Air Force wanted to use her product.  It would have taken so long to complete the FedRAMP requirements that she just bought a company that was FedRAMP compliant. It is hard to believe that the process is so frustrating that fewer than 500 apps are authorized at moderate/high FedRAMP The initiative from the GSA is called FedRAMP 20x  It shifts to continuous monitoring and continuous authorization, moving from annual audits (sampled every 3 years) and monthly CVE spreadsheets to real-time, machine-readable data. What Knox offers is a tried-and-true platform that has reduced time for compliance in order to better serve federal needs.

    27 min

  4. FEB 17

    Fixing FedRAMP: How Automation Cuts ATO Time by 36 Weeks

    Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Way back in 2011, one of the goals of FedRAMP was to eliminate software redundancy. The federal government had evolved to the point where one agency would spend millions of dollars on the same application program that the agency in the same zip code had just invested heavily in. The theory proposed by luminaries like Vivek Kundra was to move to the cloud to share services. Reducing cost and improving resilience. FedRAMP was the initiative that established a safe environment for federal cloud use. Companies can comply with regulations outlined in an Authorization to Operate (ATO). Well, fifteen years later, and we are seeing the same duplication not in the application programs, but in the process to get the ATO itself. For example, FedRAMP, RMF, and agency internal policies may require specific artifacts to satisfy one or the other. During the interview, Travis Howerton paints the legacy model—static documentation, annual/3-year audits, spreadsheets. His solution is to have AI assist with documentation, which will drastically reduce compliance time; he cites an example of reducing a process from 52 weeks to 356 weeks. RegScale uses OSCAL (XML/YAML/JSON) to auto-generate RMF artifacts and integrate with SIEMs (Splunk, Elastic), Axonius, ServiceNow, and APIs. Howerton understands the limitations of many automated systems and suggests that a human is a key component after the machine language has assembled the data to make the decision.

    23 min
  5. Ep 302 API attacks, discovery, and resilience for federal agencies

    FEB 16

    Ep 302 API attacks, discovery, and resilience for federal agencies

    Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Cybersecurity is a rapidly evolving field, where every effective defense technique is quickly noticed and adapted to by malicious actors. The real question is how fast each side of this ongoing cat-and-mouse game can respond. Let us take an example of web applications. In the decade-long slog of the cloud, federal users migrated to web-based applications protected by Web Application Firewalls (WAFs). firewalls. As that method matured, malicious observers noted that the Application Programming Interface (API) allowed these software programs to communicate and exchange data. Voila, another attack vector was born. During today's interview, Joe Henry from Akamai Technologies notes that 80% of their customers report API attacks. Henry details a curious term called "Broken-Object Level Authorization." In this attack, an application fails to check if a user is authorized to access specific data objects. The ID is manipulated, and the malicious actor gets access. Akamai's API Security performs behavioral analysis beyond WAFs, flags PII exposure, and supports a zero-trust posture. Software developers talk about a "shift left"; we apply that to the Akamai approach. They have a worldwide network of Points of Presence (POPs) and data centers where they can observe attacks as they develop. It is so strong that it provides fail-open resilience with a 100% SLA. Akamai provides a State of the Internet Report (quarterly). If you would like to stay connected with the next manifestation of attack, consider subscribing or visiting their website to stay informed about the latest trend

    26 min
  6. Ep. 301 Edge Computing for Government: Rancher's Role in Secure Hybrid Federal Environments

    FEB 10

    Ep. 301 Edge Computing for Government: Rancher's Role in Secure Hybrid Federal Environments

    Twenty years ago, the concept of Bring Your Own Device (BYOD) entered the federal IT landscape with the advent of network-connected devices like Blackberries—sometimes even within secure federal networks. This slow start has exploded into a federal information technology system with sensors on satellites, submarines, and everywhere in between. That "in between" can include on-prem networks, multiple clouds, and hybrid clouds. Today, we sit down with Ryan Leiws, the CEO of Rancher Government Solutions, to look at some of the challenges in managing this dispersed environment and how to manage it. Lewis describes how Rancher connects hybrid environments using containers and Kubernetes for secure orchestration. Lewis emphasizes continuous compliance and DevSecOps via Rancher's Carbide stack, SBOM-level visibility, and rapid recovery in contested, denied/disconnected/intermittent/limited (DDIL) environments. Lewis notes that Rancher's declarative stack reduces maintenance and allows simple app redeployment. They also emphasize portability, cost efficiency, and alignment with zero-trust principles, with upcoming hardened features.  = Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    20 min
  7. Ep. 300 From Reactive to Initiative-taking: How Maximus Improves Federal Citizen Services with AI

    FEB 5

    Ep. 300 From Reactive to Initiative-taking: How Maximus Improves Federal Citizen Services with AI

    We began the interview with a startling fact. Maximus' federal systems interface with one in three Americans each year—about 110 million people. Building on Maximus's broad reach, Pledger says the company's core is designing world‑class digital experiences by starting with the end goal (e.g., veterans' benefits) and using automation, AI, analytics, and omni‑channel outreach. We have all heard about improvements in systems; today, Pledger offers specifics on how health care can improve. He cites his own 2008 Iraq injury and notes veteran case durations historically ran three hundred to four hundred days; Maximus has reduced that to two hundred to 270 days, but still deems it too long. Maximus' success is due to its unique ability to leverage AI to drive this transformation. One approach is to partner with companies with vertical-market expertise. For instance, Maximus partners with Salesforce (CRM) and Genesis (telephony) to respond to complex medical cases. Example: outbound campaigns (text, email, AI‑generated calls) cut lapses; proactive engagement improves experience and reduces call‑center burden. Maximus is a story about a complex environment being tamed through understanding processes, applying technology, and making the right partnerships.   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    24 min
  8. Ep. 299 Wipers, Rogue AI, and Resilience: How Federal Agencies Can Respond and Recover from Attacks in 2026

    FEB 3

    Ep. 299 Wipers, Rogue AI, and Resilience: How Federal Agencies Can Respond and Recover from Attacks in 2026

    Everyone reading this has had minor delays at the airport. It is remarkable that more problems have not developed. Look at Chicago O'Hare International Airport—it has 857,392 takeoffs and landings in a year. Each one has passengers, and most have luggage. The opportunities for problems are overwhelming. Now add an increasing number of sensors and interlaced networks, and you have an attack surface of biblical proportions. All an adversary needs is one single point of vulnerability to attack a system. Think what could happen if an airport network were disabled by a ransomware attack. During today's interview, Lou Karu makes suggestions for defense that include a multi-layered strategy emphasizing zero trust and network segmentation. However, Karu reminds us that a cybersecurity strategy is not complete without a robust recovery plan. For example, if a basic recovery plan was deployed, it is possible that a system can have compromised code locked into a backup. An airport suffers an attack, pays the ransom, and the recovered data has more attacks built in. Best practice here is to have a backup system that is rapid and accurate, and that restores the code without it being hot-infected with additional malicious code. Systems like this from Rubrik call these backups "immutable." The next time you go to the airport, try to imagine  the numerous attack points that an airport must contend with. Even the most robust cyber defense must include plans for safe, secure recovery.   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

    26 min
See All (300)

Trailer

5
out of 5
7 Ratings

About

The federal government spends $90 billion on technology every year. If you are a tech innovator and want to expand your share of the market, this is the podcast for you to find new opportunities for growth. Every week, Federal Tech Podcast sits down with successful innovators who have solved complex computer system problems for federal agencies. They cover topics like Artificial Intelligence, Zero Trust, and the Hybrid Cloud. You can listen to the technical issues that concern federal agencies to see if you company's capabilities can fit. The moderator, John Gilroy, is an award-winning lecturer at Georgetown University and has recorded over 1,000 interviews. His interviews are humorous and entertaining despite handing a serious topic. The podcast answers questions like . . . How can software companies work with the federal government? What are federal business opportunities? Who are the cloud providers who work with the federal government? Should I partner with a federal technology contractor? What is a federal reseller? Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Information