Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

We began the interview with a startling fact. Maximus' federal systems interface with one in three Americans each year—about 110 million people. Building on Maximus's broad reach, Pledger says the company's core is designing world‑class digital experiences by starting with the end goal (e.g., veterans' benefits) and using automation, AI, analytics, and omni‑channel outreach. We have all heard about improvements in systems; today, Pledger offers specifics on how health care can improve. He cites his own 2008 Iraq injury and notes veteran case durations historically ran three hundred to four hundred days; Maximus has reduced that to two hundred to 270 days, but still deems it too long. Maximus' success is due to its unique ability to leverage AI to drive this transformation. One approach is to partner with companies with vertical-market expertise. For instance, Maximus partners with Salesforce (CRM) and Genesis (telephony) to respond to complex medical cases. Example: outbound campaigns (text, email, AI‑generated calls) cut lapses; proactive engagement improves experience and reduces call‑center burden. Maximus is a story about a complex environment being tamed through understanding processes, applying technology, and making the right partnerships. Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Everyone reading this has had minor delays at the airport. It is remarkable that more problems have not developed. Look at Chicago O'Hare International Airport—it has 857,392 takeoffs and landings in a year. Each one has passengers, and most have luggage. The opportunities for problems are overwhelming. Now add an increasing number of sensors and interlaced networks, and you have an attack surface of biblical proportions. All an adversary needs is one single point of vulnerability to attack a system. Think what could happen if an airport network were disabled by a ransomware attack. During today's interview, Lou Karu makes suggestions for defense that include a multi-layered strategy emphasizing zero trust and network segmentation. However, Karu reminds us that a cybersecurity strategy is not complete without a robust recovery plan. For example, if a basic recovery plan was deployed, it is possible that a system can have compromised code locked into a backup. An airport suffers an attack, pays the ransom, and the recovered data has more attacks built in. Best practice here is to have a backup system that is rapid and accurate, and that restores the code without it being hot-infected with additional malicious code. Systems like this from Rubrik call these backups "immutable." The next time you go to the airport, try to imagine the numerous attack points that an airport must contend with. Even the most robust cyber defense must include plans for safe, secure recovery. Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Technology is changing so fast that it is impossible to predict the next twelve days. Despite that, we have asked Travis Rosiek, Public Sector CTO at Rubrik, to gaze into his crystal ball and make some predictions for the next twelve months. The good news is that Rosiek sees a shift from intellectual property theft to disruptive attacks on critical infrastructure. The bad news is that Rosiek thinks attacks are increasing to the point that an event will light a fire under the current cybersecurity plans. During the interview, the concept of Zero Trust was unpacked. The idea is that federal systems have already been breached. As a result, the focus must be on microsegmentation, with permission as the limiting factor. Roseik's opinion is that malicious actors have planted code into systems that are acting as "sleepers." At one time in the indeterminate future, this code can be invoked, and severe damage can take place. If this nightmare situation occurs, the best defense is to have recovery built in. Today, leaders must have a system in place to restore data from backups. Unfortunately, malicious actors know this plan as well and have been known to insert code into backups that renders them useless. In a complex game of attack and counterattack, Roseik believes that a recovery strategy that includes immutable backups and an audit mechanism is the best approach in the 21st-century world of threats and countermeasures. He also stressed the necessity of reducing complexity to enhance cybersecurity and the need for initiative-taking measures, including regular stress testing and resilience training. = = Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

It is always tricky to compare commercial networking challenges with those faced by federal leaders. For example, the military and intelligence agencies require traffic encryption. How can an organization detect threats while observing this traffic? Today, we discuss Vectra AI's network threat detection capabilities with Wes Nagel, DoD sales manager, and Gage Cowger, a security engineer. With technology from Vectra AI, network traffic can be analyzed for timing, size, direction, and protocol use. These can give behavioral patterns for network visibility without worrying about encryption. Cowger will argue that behavioral patterns are more effective than signatures, especially in mitigating alert fatigue. Signatures can overwhelm monitors with false positives; Vectra's AI and ML capabilities provide trustworthy alerts. This ability positions Vectra AI to adapt to new networking initiatives, such as software-defined and OT/IoT networks, which will be prevalent in the future. The discussion also touches on the future of network detection, emphasizing the need for real-time, behavior-based detection to counteract advanced threats and adapt to evolving networks. Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

One of the biggest trends in software development over the past 10 years is the shift from writing code to "assembling" code from off-the-shelf components. During today's interview with Javed Hasan from Lineaje, we learned that 70% of that pre-assembled code is open source. In other words, an anonymous person in some countries modified software instructions. This casual approach may be fine for small businesses, but an organization like the federal government must be highly cautious. Hasan describes how his company was one of the first to work with the federal government to set standards for this existing code. These initial efforts began ten years ago and resulted in Executive Order #14028, which requires a Software Bill of Materials for any organization selling to the federal government. This initiative expanded in 2021-2022 when NIST published related guidelines. These efforts are a good start. However, federal leaders must evaluate SBOM technology from many perspectives. For example, how to incorporate this mandate into air-gapped networks, legacy COTS, or even in a classified environment. System administrators also need to know if they are exposed. Further, every organization has a varying definition of what "deep software transparency" is. Hassan also discusses Lineage's innovative approach to creating "Gold open source" software, ensuring it is free of malware and vulnerabilities. If you are interested in seeing a demonstration of how Lineaje can help with software forensics, there is an event at the Carahsoft office in Reston, Virginia, on January 30 = = Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

In the past 10 years, Amazon Web Services has gone from a niche player in the federal government to being responsible for billions in sales. One key aspect of this is how Amazon integrates leadership with innovation to address complex federal requirements. Today, we sit down with Andrew Christian to get an overview of concepts like customer obsession, working backwards, and the sixteen leadership principles that AWS implements to accomplish that drastic growth. ONE Customer-focus In the commercial marketplace, the concept of being "customer-focused" is certainly not breaking news. However, as Christian explains, AWS tries to understand (almost obsessively) what the requirements are for federal systems. No, technically, they are not "customers," but they are the end users for any technology project. This focus has given AWS remarkable success in the commercial world, and when they apply it to federal technology, they can succeed where others have failed. TWO Working Backwards Christian explains that "working backwards" is a concept where a team is forced to write a mock press release and FAQ for a future project. This is before they build anything. This helps to clarify the customers' needs by identifying gaps early. THREE encouraging innovations Many describe innovation as failing fast, then recovering. That may hold up in a commercial application where lives are not at stake. During the interview, Andrew Christian differentiates between the importance of making quick, reversible decisions (two-way doors) versus long-term, impactful ones (one-way doors). He encourages federal agencies to adopt these principles to enhance their innovation and adapt to a world co constantly changing technology. Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

One famous cartoon featured two vultures sitting on a fence; one turned to the other and said, "I am sick of waiting, let's kill something." When it comes to preventing cyberattacks, the federal government is well known for a defensive approach. They have security systems, air gap systems, and even a zero-trust approach. This defensive approach is essential but may not give the federal government a complete view of how to protect data. Today, we sat down with Chris Jones, Nightwing's Chief Technical Officer. He outlines some of the characteristics of a concept called "offense informs defense." This is a method that Nightwing has developed through over 40 years of working with federal technology leaders. For example, they developed their Counter Trace service, which uses offensive cyber strategies to defend critical infrastructure. The service involves proactively hunting for vulnerabilities, identifying access points, and analyzing digital evidence to expose cyberattacks. During the interview, Jones mentions that the GSA has received this approach well. In fact, Nightwing recently won all six GSA Highly Adaptive Security Services categories. These handle security aspects like Penetration Testing, Incident Response, Risk Assessments, Cyber Hunt, and High Value Asses Assessments. Jones emphasizes the importance of initiative-taking, cybersecurity, AI integration, and collaboration across agencies to adapt to protect federal data.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we have an experienced tech veteran, Bob Stevens from GitLab, offering insights on how he sees the federal government overcoming three main technology challenges in 2026. Challenge ONE: Software improvement on scale. Stevens observed that everyone has seen AI's ability to review code. It has passed the basic phase, and now, in 2026, it cannot only review code but also identify security vulnerabilities, ensure compliance, and even generate documentation. This means that older, expensive-to-maintain systems can be transitioned to more flexible, economical cloud models. Challenge TWO: Going away from reacting. The word "continuous" has been the goal for cyber defenders for the past several years. Fortunately, AI is allowing that noble goal to be put into practice. When applied appropriately, newer technology can achieve lower breach rates and faster threat response times. Challenge THREE: emergence of a "universal" developer. Traditionally, requirements would be gathered by an intermediary and then translated into instructions for software developers. Stevens shows how newer AI-based approaches can eliminate that intermediary step. In other words, a pilot can precisely describe what they want in an avionics system, and the developers can work from that description. That means solving domain-specific problems with traditional development skills. Ideally, subject matter experts directly translate their knowledge into functional software systems. Some call this the "universal" developer approach. Stevens emphasized the importance of AI, security, and flexibility for future developers. GitLab's DevSecOps platform integrates AI across the entire software development process.

(We recorded this interview at Monk's BBQ in lovely downtown Purcellville, VA) Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Defrauding the federal government is like the weather; everyone wants to complain, but nobody can do anything about it. For example, a joint DOL-SBA report from December 2024 revealed $2.3 billion in potentially fraudulent payments. Today, we sat down with Jeff Gallimore from Excella, where he will diagnose the problem of federal waste, fraud, and abuse. From there, he presents a solution that has already saved millions of dollars. The problem: too many silos From a data management perspective, most enterprise computational capabilities evolved through a federated approach. From a historical perspective, it makes sense that each agency would have its own computers and storage. It makes sense that individual data stores in this environment would be separated, or perhaps the word "siloed", into distinct areas. Now, if you have one silo, you can protect it; if you have a thousand, then there is a problem. During the interview, Gallimore mentioned an agency that manages 9,000 grants. That is a lot of data to coordinate when it is stored in its "silos." The solution: gap analysis Silos can be secure, but the architecture can allow for gaps in security coverage. These gaps, or seams, can allow fraudsters to exploit this structure. For example, an agency may have a division that has identified a person as a fraudster. If that information is not shared, this person can use the same exploit on another area of the agency. Further, interlinks between federated systems can allow adversaries to gain access. Excella has a profile of how they have managed to fill in the gaps in siloed data architecture.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When cloud computing was introduced, it was quite a simple concept: leverage other people's hardware to scale easily. Not too much to manage. However, today's cloud world has metastasized. Today, federal leaders live in a world of on-prem, multiple clouds, private clouds, hybrid clouds, and even sovereign clouds. Complications arise when they are burdened with compliance requirements and staff reductions. Today, we sat down with Ryan McArthur from Zscaler to discuss how to effectively manage a cloud environment when challenged with deploying Zero Trust. He begins by sharing his experience helping federal leaders understand the inherent risks of the VPN system. Few realize that VPN technology was first introduced by Microsoft back in 1996, and then popularized with Windows 4.0, which included built-in support. Thirty-year-old technology can present severe limitations. Unfortunately, the popularity of VPN technology increased with the demands of remote computing during COVID. We are now in a situation where many enterprises have built their architecture on this dated technology. Ryan mentions that one key to juggling clouds is to focus on the applications themselves. He emphasized Zscaler's ability to securely connect users. If you want more information about Zscaler, you should attend the Zscaler Public Sector Summit in March, where you can discuss and collaborate further.