Tech Transforms - Global technology is changing the way we live. Critical government decisions affect the intersection of technology advancement and human needs. This podcast talks to some of the most prominent influencers shaping the landscape to understand how they are leveraging technology to solve complex challenges while also meeting the needs of today's modern world.
From Special Ops to Cybersecurity: A Veteran's Journey in National Security
Sebastian Taphanel has spent his life on the cutting edge of technology and innovation. This week on Tech Transforms, Sebastian is sharing tales and lessons learned from his 20 years in DoD Special Ops and intelligence and 20 years implementing sound security engineering practices focused on implementing zero trust and highly resilient environments. Join Sebastian as he recounts his time in Special Forces taking his units out of the dark ages from secure fax communications to setting up an intranet, and how he continued with that innovative spirit through his 40-year career. He also shares his new passion, encouraging the industry to utilize disabled veterans to help fill both the cybersecurity and AI workforce gaps. They, after all, already have a call for the mission.
Key Topics03:38 ODNI CIO responded quickly with Microsoft Azure.07:03 Protecting data via application container, expanding capabilities.11:01 Zero Trust redrawn cybersecurity model, data-centric approach.13:57 Developing zero trust plan for downstream organizations.18:50 Ensuring security while sharing information and protecting IP.21:35 APIs, containers enable fluid, flexible data access.24:20 Data protection systems allow secure sharing and storage.27:02 Addressing cybersecurity workforce gap and AI need.29:39 In 1998, new commander requests secure WAN.33:49 Applied for certified protection professional, highest security certification.36:28 Passionate about supporting disabled vets in cybersecurity.39:55 Mentoring government employees for cybersecurity and AI/ML.45:32 Using advanced generative AI solutions for copywriting.47:19 Update cybersecurity tools and systems for new threats.49:50 Respect for those dedicated to automation.
Enhancing Secure Communication and Cloud Environments in Special OpsSpecial Ops Agility: Adapting to Remote Collaboration with Secure Cloud-Based WorkspacesSebastian Taphanel’s experience spans twenty years in DOD Special Ops and Intelligence, followed by consulting in security engineering. The focal point of this episode is his role in advancing cybersecurity practices at the ODNI. Particularly emphasizing resilient cloud-based environments.
Sebastian describes the quick adaptation during the pandemic which led to the rollout of an ad hoc cloud-based workspace to ensure the ODNI's mission could endure despite the workforce being remote. GCC High, or Government Commercial Cloud High as conceived by Microsoft, is revealed as the successor to the initial setup. Providing a more secure platform managed strictly by U.S. persons. The approach highlighted the agility of cloud technology for remote collaboration within federal agencies.
Cybersecurity in Intelligence Sharing: "Essentially, reciprocity is a process and also a culture of accepting each other's risks. And that's really the bottom line on all that." — Sebastian TaphanelUnfolding the GCC High EnvironmentThe intricacies of implementing Microsoft Azure and M365 (Office 365) are detailed as Sebastian underlines their pivotal use in creating an intranet with controlled document sharing and editing. These implementations include robust Mobile Device Management. Then a BYOD Mobile Application Management system that protects sensitive data in government and personal devices. Thereby, ensuring operational security and flexibility.
Special Ops Communication EvolutionSebastian advanced from using secure faxes for interstate communication within military units to establishing a multi-state secure WAN. This resulted in a significant leap in communication efficacy for special operations. Sebastian shared the...
Harnessing AI for Cyber Innovation: Insights from Dr. Amy Hamilton at National Defense University
The real question is, what doesn’t Dr. Amy Hamilton do? She’s currently the visiting Faculty Chair for the Department of Energy (DOE) at National Defense University and the DOE Senior Advisor for National Cybersecurity Policy and Programs, and has had previous stops in the U.S. Army Reserves, NORAD and U.S. European Command, just to name a few.
At National Defense University, Amy draws on all of this expertise to educate the workforce on AI and finding the right balance between automation and workforce training. Amy also explores how she teaches her students that cybersecurity has to be more than a 9-5 job, the balance of security vs. convenience, and how it will take the entire country getting on board to make the implementation of cybersecurity best practices truly possible. In this episode, we also dive into the realm of operational technology and the need to look to zero trust as we allow more smart devices into our lives and government ecosystems.
Key Topics00:00 Importance of training, education and AI integration.06:52 Cybersecurity, AI and building codes challenges.09:47 Nuclear facilities need caution, open labs innovative.11:58 Helping students understand federal government and cybertech.15:37 Cyber college compared to traditional university programs.17:18 National Defense University offers master's degree programs.22:06 Addressing the urgent need to combat intellectual property theft.24:32 Passionate plea for cybersecurity vigilance and dedication.26:40 Using automation to streamline cybersecurity operations and training.32:06 Policy person struggles to tie guidance together.33:02 Collaboration is needed for addressing industry issues.38:25 Rethink security for devices in smart tech.41:16 Choosing sustainability as a guiding principle.43:22 Overcome writing and presenting challenges for success.
Leveraging AI and Automation for Cyber InnovationEmphasizing Efficiency in the Generation of AbstractsDr. Amy Hamilton underlines the capabilities of artificial intelligence to streamline time-consuming processes, specifically the creation of abstracts. This innovation allows for a transition from mundane, repetitive tasks to pursuits that require a deeper cognitive investment. Therefore, elevating the nature of the workforce's endeavors. Dr. Hamilton's discussion focuses on the practical applications of this technology, and she cites an instance from the National Defense University's annual Cyber Beacon Conference. Here, participants were challenged to distinguish between AI-generated and human-generated abstracts, often finding it challenging to tell them apart. This exercise not only highlighted AI's proficiency but also introduced the workforce to the safe and practical application of this emergent technology.
How do we use AI in a way that goes from low-value to high-value work? If I'm not doing abstract, what other things could I be doing and spending my brain calories towards? - Dr. Amy HamiltonPreparing the Workforce for Cyber InnovationDr. Hamilton stresses the necessity for workforce education in the context of AI and automation. Aiming for a future where employees are neither intimidated by nor unfamiliar with the advancing technological landscape. She illustrates the Department of Energy's proactive role in integrating AI into its training programs. Thus, ensuring that employees are well-acquainted with both the operational and potential ethical dimensions of AI deployment. Acknowledging the diverse range of operations within the DOE, including nuclear and environmental management, Dr. Hamilton notes that the appropriateness of AI application varies by context. Signifying the...
Earned Trust: Reimagining Data Security in the Zero Trust Era with JR Williamson
Have you heard? Data is the new oil. JR Williamson, Senior Vice President and Chief Information Security Officer at Leidos, is here to explain where data’s value comes from, the data lifecycle and why it is essential for organizations to understand both of those things in order to protect this valuable resource. Join us as JR breaks it all down and also explores the concept he dubbed “risktasity,” which he uses to describe the elasticity of rigor based on risk. As he says, “when risk is high, rigor should be high, but when risk is low, rigor should be low.”
Key Topics00:00 Migration to the cloud has increased vulnerability.04:50 People want decentralized work, including mobile access.08:14 Shift from application to democratizing access to data.10:53 Identify, protect, and manage sensitive corporate information.13:49 Data life cycle: creation, management, access, evolution.20:10 Computers augmenting humans, making good decisions, insights.23:19 The importance of data in gaining advantage.27:04 Adapting to AI to anticipate and prevent breaches.28:51 Adoption of large language models in technology.33:03 Identity and access management extends beyond authentication.36:33 Leveraging strengths, improving weaknesses in tennis strategy.
Tracing the Cybersecurity Evolution and Data's AscendancyEvolution of CybersecurityJR provided a snapshot into the past, comparing cybersecurity practices from the 1990s to what we see today. With 37 years of experience, he recalled a time when IT systems were centralized and the attack surfaces were significantly smaller. Contrasting this with the present scenario, he spoke about the current state where the migration to cloud services has expanded the attack surface. JR noted an increase in the complexity of cyber threats due to the widespread distribution of networks. Plus, the need for anytime-anywhere access to data. He stressed the transition from a focus on network security to a data-centric approach, where protecting data wherever it resides has become a paramount concern.
Data Life Cycle: "So part of understanding, the data itself is the data's life cycle. How does it get created? And how does it get managed? How does it evolve? What is its life cycle cradle to grave? Who needs access to it? And when they need access to it, where do they need access to it? It's part of its evolution. Does it get transformed? And sometimes back to the risktasity model, the data may enter the content life cycle here at some level. But then over its evolution may raise, up higher." — JR WilliamsonThe New Oil: DataIn the world JR navigates, data is akin to oil. A resource that when refined, can power decisions and create strategic advantages. He passionately elucidated on the essence of data, not just as standalone bits and bytes, but as a precursor to insights that drive informed decisions. Addressing the comparison between data and oil, JR stressed that the real value emerges from what the data is transformed into; actionable insights for decision-making. Whether it's about responding with agility in competitive marketplaces or in the context of national defense, delivering insights at an unmatched speed is where significant triumphs are secured.
Importance of Data SecurityJR Williamson on Data and "Risktasity"JR Williamson stresses the heightened necessity of enforcing security measures that accompany data wherever it resides. As the IT landscape has evolved, the focus has broadened from a traditional, perimeter-based security approach towards more data-centric strategies. He articulates the complexity that comes with managing and safeguarding data in a dispersed environment. Where data no longer resides within the confines of a controlled network but spans across a...
Public Sector Tech Outlook: 2024 Predictions for AI, Cybersecurity and FedRAMP Evolution
What will 2024 have in store for technology development and regulation? Our hosts, Carolyn Ford and Mark Senell, sat down with Roger Cressey, Partner at Mountain Wave Ventures, Ross Nodurft, Executive Director of the Alliance for Digital Innovation and Willie Hicks, Public Sector Chief Technologist for Dynatrace, to discuss their 2024 predictions. Discover what the experts think will occur next year in terms of FedRAMP, AI regulation, Zero Trust and user experience.
Key Topics00:00 Revamping FedRAMP in 2024 leads to changes.06:40 Industry requests FedRAMP High; concerns about changes.08:20 Anticipating challenges but aiming for improvement.11:13 Pushing for reciprocity in government technology solutions.15:15 Ensuring human control in AI military use.19:06 Questioning AI use in defense and civilian sector.25:25 Increased investment in security and product regulation.27:21 Expect more AI news, less legislative involvement.30:30 Observability key for zero trust framework implementation.36:22 Prediction: Citizens will interface with AI technology.37:16 Focus on user experience in government systems.41:03 Election year brings unexpected black swan events.
2024 Predictions for the Public SectorRevamping of the FedRAMP ProgramRoss predicts that in 2024, FedRAMP will be completely reauthorized based on a pending OMB memo that is expected to be finalized in late 2023. This revamp is intended to streamline and improve the FedRAMP authorization process to facilitate faster adoption of cloud-based solutions in government.
However, Roger believes the changes could temporarily slow things down as agencies take time to understand the implications of the new FedRAMP structure on their systems and assess risks. This could require investments from industry as well to meet new requirements that emerge.
FedRAMP 2024: "I think it's going to have a lot of agencies take a hard look at their risk and decide where they want to elevate certain high-valued assets, high-valued systems, high-valued programs, and the authorizations themselves are gonna raise in their level." — Ross NodurftShift From Moderate Baseline to Higher Baseline of ControlsAs part of the FedRAMP reauthorization, Ross expects many agencies will shift their systems from a moderate baseline to a higher baseline of security controls. With more interconnected systems and datasets, agencies will want heightened protections in place.
Roger concurs that the increased scrutiny on risks coming out of the FedRAMP changes will lead organizations, especially those managing high-value assets, to pursue FedRAMP High authorizations more frequently.
Increased Demand for a FedRAMP High EnvironmentGiven the predictions around agencies elevating their security thresholds, Willie asks Ross whether the pipeline of solutions currently pursuing FedRAMP High authorizations could face disruptions from new program requirements.
Ross believes there will be some temporary slowdowns as changes are absorbed. However, he notes that the goals of the reauthorization are to increase flexibility and accessibility of authorizations. So over time, the new structure aims to accelerate FedRAMP High adoption.
2024 Predictions: Navigating FedRAMP Changes While Maintaining Industry MomentumAs Ross highlighted, the intent of the FedRAMP reauthorization is to help industry get solutions to market faster. But in the short-term, there could be some complications as vendors have to realign to new standards and processes.
Willie notes that companies like Dynatrace have already begun working towards FedRAMP High in anticipation of rising customer demand. But sudden shifts in requirements could impact those efforts, so he hopes there will be...
So What? It’s 5:05! Edition: Beyond the Headlines of AI, Election Disinformation and SpyGPT
On this special So What? episode we go deeper in to some of the top stories being covered on the It’s 5:05! podcast with It’s 5:05! contributing journalist, Tracy Bannon. How are cybersecurity stress tests battling misinformation and aiding in election security? Is AI contributing to election disinformation? How is the CIA using SpyGPT? Come along as Carolyn and Tracy go beyond the headlines to address all these questions and more.
Key Topics04:20 Proactive approach needed for software voting security.09:12 Deepfake technology can replicate voices and videos.12:38 Politics focuses on presidential level, ignores others.15:53 Generative AI creates new content from data.17:19 New tool aids intelligence agencies process data.20:13 Bill Gates discusses future AI agents on LinkedIn.25:24 Navigating biases in AI towards democratic values.29:13 CISA promotes continuous learning and holistic approach.30:51 Demystifying and making security approachable for all.33:33 Open source, cybersecurity, diverse professional perspectives discussed.
Importance of Cybersecurity and Responsible AI UseEmbracing Cybersecurity Measures and Privacy ProtectionsIn their conversation, Carolyn and Tracy discuss the imperative nature of both individuals and organizations in embracing robust cybersecurity measures. As we live in an era where data breaches and cyber attacks are on the rise, the implementation of effective security protocols is not just a matter of regulatory compliance, but also about safeguarding the privacy and personal information of users. Tracy emphasizes the continuous need for cybersecurity vigilance and education, highlighting that it is a shared responsibility. By making use of resources like the CISA cybersecurity workbook, Carolyn suggests that individuals and businesses can receive guidance on developing a more secure online presence, which is crucial in a digital ecosystem where even the smallest vulnerability can be exploited.
Addressing Biases in AI to Align With Public Interest and Democratic ValuesTracy expresses concerns over the biases that can be present in AI systems, which can stem from those who design them or the data they are trained on. Such biases have the potential to impact a vast array of decisions and analyses AI makes, leading to outcomes that may not align with the broad spectrum of public interest and democratic values. An important aspect of responsible AI use is ensuring that these technological systems are created and used in a way that is fair and equitable. This means actively working to identify and correct biases and ensuring transparency in AI operations. Plus, constantly checking that AI applications serve the public good without infringing upon civil liberties or creating divisions within society.
Demystifying Cybersecurity: "We need that public understanding, building this culture of security for everybody, by everybody. It becomes a shared thing, which should be something that we're teaching our children as soon as they are old enough to touch a device." — Tracy BannonThe Proliferation of Personal AI Use in Everyday TasksThe conversation shifts towards the notion of AI agents handling tasks on behalf of humans, a concept both cutting-edge and rife with potential pitfalls. Carolyn and Tracy discuss both the ease and potential risks of entrusting personal tasks to AI. On one hand, these AI agents can simplify life by managing mundane tasks. Optimizing time and resources, and even curating experiences based on an in-depth understanding of personal preferences. Yet, Tracy questions what the trade-off is, considering the amount of personal data that must be shared for AI to become truly "helpful." This gives rise to larger questions related to the surrender of personal agency...
The Future of Government Technology: FedRAMP, AI and Compliance in Focus with Ross Nodurft
As technology rapidly innovates, it is essential we talk about technology policy. What better way to get in the know than to have an expert break it down for us? Meet Ross Nodurft, the Executive Director of the Alliance for Digital Innovation. Ross dives in, explaining the evolution of FedRAMP controls and the recent, giant, AI Executive Order (EO) from the White House. Listen in to find out what this EO means for the government, the industry and the workforce as the U.S. attempts to implement policy ahead of AI innovation.
Key Topics04:25 Increasing security controls for cloud migration07:51 Discussion about customer feedback and cloud migration.12:17 Encouraging commercial solutions into federal government securely.15:39 Artificial intelligence shaping policy for future technology.16:54 AI EO covers critical infrastructure, AI, data, immigration.22:34 Guidance on AI impact assessment and testing.27:02 AI tools adoption must not be delayed.30:03 Ensure AI technologies have fail-safe mechanisms.32:08 Concern over rapid pace of technological advances.34:29 AI and technology advancing, policy aims control.39:37 Fascinating book on technology and chip history.
The Future of Government Technology: Shifting to FedRAMP High and Accelerating Cloud AdoptionShift from FedRAMP Moderate to High for Sensitive WorkloadsWhen FedRAMP was established over a decade ago, the focus was on managing the accreditation of emerging cloud infrastructure providers to support the initial migration of workloads. The baseline standard was FedRAMP Moderate, which addressed a "good amount" of security controls for less risky systems. However, Ross explains that increasing volumes of more sensitive workloads have moved to the cloud over time - including mission-critical systems and personal data. Consequently, agencies want to step up from moderate to the more stringent requirements of FedRAMP High to protect higher-risk systems. This includes only allowing High-cloud services to interact with other High-cloud applications.
The Evolution of Cloud Computing: "So right now, we're at the point where people are existing in thin clients that have access to targeted applications, but the back end compute power is kept somewhere else. It's just a completely different world that we're in architecturally." — Ross NodurftThe Future of Government Technology: Streamlining FedRAMP for the SaaS-Powered EnterpriseAccording to Ross, the COVID-19 pandemic massively accelerated enterprise cloud adoption and consumption of SaaS applications. With the abrupt shift to remote work, organizations rapidly deployed commercial solutions to meet new demands. In the federal government, this hastened the transition from earlier focus on cloud platforms to widespread use of SaaS. Ross argues that FedRAMP has not evolved at pace to address the volume and type of SaaS solutions now prevalent across agencies. There is a need to streamline authorization pathways attuned to this expanding ecosystem of applications relying on standardized baseline security controls.
High-level Security Controls for Sensitive Data in the CloudAddressing Data Related to Students and ConstituentsRoss states that as agencies move more sensitive workloads to the cloud, they are stepping up security controls from FedRAMP Moderate to FedRAMP High. Sensitive data includes things like personal HR data or data that could impact markets, as with some of the work USDA does. Willie gives the example of the Department of Education or Federal Student Aid, which may have sensitive data on students that could warrant higher security controls when moved to the cloud.
Ross confirms that is absolutely the case - the trend is for agencies to increase security as they shift more...
Wow! I love this. Listened to episode 40 this morning on my walk along the beach. I even walked longer because it rolled right into episode 39. I laughed, I cried, 5 stars!!
It’s so nice to listen to a technical podcast in English and Carolyn’s interjections helped keep my attention. No brain fatigue for me so I will be following this track.
Very insightful podcast
I enjoy listening to this podcast. The topics and content are very relevant and cover the areas most important to government and industry.
Transforming my ideas on gov’t tech!
Excellent show, great topics and guests, love hosts; keep up the great work!