On this episode of The Defense Unicorns Podcast, host Rebecca Lively sits down with Brandt Keller, software engineer and CNCF ambassador, to explore what happens when a former Marine brings his frontline mindset to DevSecOps. Brandt’s story is one of relentless problem-solving, especially in disconnected, air-gapped environments where “cloud-native” has to mean something entirely different.

Brandt unpacks how open source can be both a lifeline and a liability in government systems, and why just consuming it isn’t enough—real security means showing up, contributing, and understanding what’s under the hood. He shares his perspective on trust, transparency, and why the U.S. government’s lack of contribution to critical tools like Kubernetes might be the real risk. The conversation also explores the cultural shift required to embrace open ecosystems in highly regulated spaces.

From debates over supply chain security and SBOMs to the practical challenges of deploying software in classified settings, this episode offers a grounded, behind-the-scenes look at what it takes to build tools that truly work at the tactical edge. 

Key Quote:

“ When you try to take something that is not airgap friendly and make it airgap friendly, you quickly find out that you made a lot of assumptions about how this thing would be used and where, and kind of the underlying infrastructure and when you try to work back for them that it's, it, it's difficult. It's not something you can't overcome. It's not insurmountable, but it is difficult. But you also find out that there's just a lot of areas for. Resiliency that you didn't also plan for, that applied to connected environments. And so this is where I've kind of been diving into this more and more lately to try and to describe, and build some knowledge to around why this is important for kind of building any application today. It may be a little niche to go to the extreme of air gap, but I believe like there's still some of these underlying cloud native fundamentals that is like, if you start with the ability for knowing how your architecture adapts to varying levels of connectivity, then you're probably building a stronger, more resilient system overall.”

• Brandt Keller

Time Stamps:

(03:19) The Defense Sector and Career Path

(06:15) Becoming a Cloud Native Computing Foundation Ambassador

(09:48) Open Source Contributions and the Challenges

(14:14) Government and the lack of Open Source

(32:53) Kubernetes and Foreign Contributions

(37:24) The Importance of Air Gap in Cloud Native Tools

(53:16) Lightning Round

Links:

Connect with Brandt Keller

Connect with Rebecca Lively

Learn More About Defense Unicorns

On this episode of The Defense Unicorns Podcast, host Rebecca Lively chats with Case Wylie, Software Engineering Lead, about building security-minded software that keeps up with developer velocity. From his early days at Red Hat to architecting open-source tools at Defense Unicorns, Case shares how Pepr—a TypeScript-based operator framework—is redefining how Kubernetes clusters are secured and managed in airgapped environments. It’s not just about enforcing policy; it’s about enabling developers to move faster, safer, and smarter.

Through real-world metaphors (ever been to a nightclub with strict bouncers?), Case breaks down the roles of admission controllers, operator frameworks, and how Pepr works seamlessly with GitOps without adding friction. He explains why Pepr isn’t just a tool, but part of a broader movement to standardize security postures, reduce configuration drift, and empower app teams to focus on delivering real value. With a human-first API and open-source DNA, Pepr is built to be accessible to all, not just Kubernetes power users.

If you’re curious about what it takes to scale secure software in complex, mission-critical environments—or just want a fresh, practical take on DevSecOps—this episode delivers. Case also shares his philosophy on open-source collaboration and what it means to build tools that truly stand the test of scale and scrutiny.

Key Quote:

“Pepr will always be open source and the reason why it's open source is because frankly, open source software, when your software is open source, you expose the application or the software or the platform, whatever it is to exponentially more eyes and more eyes over time and then more people start adopting it and using it and saying like, ‘Hey, you know what? I do have this simple thing I always have to do in my cluster. Maybe I try Pepr for that.’ Right? And then they do it with a simple task, and then they say, ‘Hey, you know what? It would be great if Pepr could do this thing. And they put in a feature request. Then we develop that feature request, or they develop it, and they submit a PR to Pepr. And now Pepr as a whole is better because now you're using it. I'm using it. They're using it. The more people that use it, the better.”

• Case Wylie

Time Stamps:

(02:44) Introduction to UDS and Pepr

(05:59) The Importance of Air-Gapped Environments

(11:40) Understanding Kubernetes Admission Control

(16:05) Comparing Pepr with Other Tools

(22:00) Why Pepr Uses TypeScript

(34:03) The Benefits of Open Source for Pepr

(43:31) Lightning Round

Links:

Connect with Casey Wylie

Connect with Rebecca Lively

Learn More About Defense Unicorns

On this episode of The Defense Unicorns Podcast, we’re not just talking about writing code—we’re talking about what happens when you try to change the culture of software inside the Department of Defense. From flying to Qatar to debug mission-critical planning tools to reflashing smart lightbulbs with open-source firmware, Wayne Starr has done it all. Host Rebecca Lively sits down with Wayne, a Unicorn Engineer at Defense Unicorns,  to unpack what it takes to deliver secure, user-centered software in one of the world’s most complex environments.

Wayne shares how his early career at DIU “ruined” him—in the best possible way—by showing what was possible when bureaucratic blockers are set aside and software teams are trusted to deliver. He dives into real DevSecOps wins and war stories, including a mission-planning app that saved hours of planner time and real dollars in fuel. Along the way, he reflects on the absurdity of battles over office headsets, the power of printing MP3s on paper, and how open source gives individuals more control over their technology.

If you’ve ever tried to navigate the maze of government compliance, or if you’re just wondering what DevSecOps looks like when it’s done right, Wayne’s story offers a rare behind-the-scenes look. From tactical impact to philosophical reflections, this conversation covers what it means to ship software that matters—and why knowing the rules better than anyone else is sometimes the only way to change the game.

Key Quote Options:

“  I want to control technology. I don't want technology to control me. If it's closed-source software, it could suddenly require a subscription at some point, it could be connected to the cloud, and who knows what's happening with the data, who knows where that's going. And so I try to pull as much back as I can to things that I can control and that I can monitor and use.”

• Wayne Starr

Time Stamps:

(00:49) First Assignment at Defense Innovation Unit

(04:28) Skepticism and Acceptance from Users

(12:16) Open Source Software Journey

(29:55) Creating ZARF

(39:23) Other Notable Open Source Projects: Pepper and Lula

(43:31) Lightning Round

Links:

Connect with Wayne Starr

Connect with Rebecca Lively

Learn More About Defense Unicorns

On this episode of The Defense Unicorns Podcast, the question isn’t just how to deliver software—it’s how to do it faster, safer, and smarter. According to Bryan Finster Distinguished Engineer at Defense Unicorns, the answer isn’t in rigid frameworks or bloated processes but in embracing continuous delivery, shortening feedback loops, and eliminating the bureaucratic roadblocks that hold teams back. Host Rebecca Lively sits down with Bryan to debunk DevSecOps’ myths, tackle the frustrations of “Agile theater,” and explore why real software success comes from a culture of ownership, not just following a set of rules.

Bryan makes a compelling case that rigid processes, review boards, and bureaucratic bottlenecks don’t make software safer—they make it fragile. He argues that adaptability is the real key to security, and that organizations clinging to outdated waterfall-style contracts are setting themselves up for failure. Drawing on experiences from Walmart’s supply chain to government defense systems, he explains how fostering a culture of ownership, feedback, and accountability leads to better outcomes—not just for users, but for the engineers who build the systems.

If you’re tired of buzzwords and top-down mandates that miss the mark, this conversation will hit home. Bryan isn’t just here to talk about DevSecOps—he’s here to challenge the way you think about software, leadership, and even history. Whether you want to deliver better software or just hear an unfiltered take on why Agile often fails in practice, this episode is worth a listen.

Key Quote:

“ The goal we have is number one, I need to be able to respond to the realities of what's happening in production as quickly as possible safely. I don't want to be making up ways to. Make change, I don't want to be cowboying change in when something's going wrong in production, either with security breach or functional problems or whatever it is, then I don't want to be throwing gasoline on a fire  at three o'clock in the morning. I need to be able to recover from what's currently occurring as quickly and safely as possible. So operational responsiveness is key. The other part is, if I'm building something new, software development is not the same as building a car.  Unless you think of it as designing the car we're going to build. We're prototyping everything all the time. And the bigger the thing is that we deliver.  The more wrong is in that prototype. And so it's not about speed. It's about feedback.”

• Bryan Finster

Time Stamps:

(01:39) Balancing Speed and Safety in DevOps

(03:53) The Role of Feedback in Software Development

(12:35) The Power of Feedback and Continuous Improvement

(18:35) Understanding Conway's Law

(23:55) Building a Strong Engineering Community

(28:26) DevOps and Quality Assurance

(33:48) Being Agile in High-Risk Environments

(40:13) Lightning Round

Links:

Connect with Bryan Finster

Connect with Rebecca Lively

Learn More About Defense Unicorns

DevOps, culture, and the battlefield converge in this compelling episode of Defense Unicorns as host Rebecca Lively speaks with Dr. Noe Lorona, a platform engineer at the Army Software Factory. Together, they explore the nuances of DevSecOps, unraveling its critical role in the defense sector, where software isn’t just a tool but a lifeline. Dr. Lorona delves into how the Department of Defense has elevated security to the forefront, embedding it into every phase of the development process to ensure reliable and secure systems that protect both lives and missions.

Beyond the technical jargon, this episode shines a light on the human side of DevSecOps. Dr. Lorona emphasizes trust, transparency, and a blameless culture as the foundation of agile teams that thrive under pressure. From the necessity of shifting security left to fostering psychological safety in hierarchical environments, his insights offer a roadmap for cultivating innovation in even the most complex and high-stakes organizations.

If you’re passionate about the intersection of technology, leadership, and national defense, this episode is a must-listen. Dr. Lorona and Rebecca Lively bring the mission of Defense Unicorns to life: showcasing thought leaders and experts driving transformational change in DevSecOps. Whether you're in the DoD or simply curious about the future of secure and agile software development, this conversation will leave you inspired and informed.

Key Quote: 

“ DevOps is not about the tools. DevOps is, it's the way that we work together, the way that we accomplish things.  And. A funny thing, I actually say DevOps as a way of life. When they say, well, what is DevOps? I say, it's a thing you live by. It's the thing you show up to do. It's not a thing. It's not an object. It's a culture. It's the thing you live to do. It's a reason why we wake up so we can go do the DevOps.”

• Dr. Noe Lorona

Time Stamps:

(00:26) DevOps vs DevSecOps: What's the Difference?

(03:53) Implementing DevOps in the Department of Defense

(06:05) Building a Blameless Culture in the Military

(14:21) Education in DevOps

(24:47) Bringing Open Source Software in the DoD

(30:07) Future of DevOps: Exciting Trends

(30:42) Community and Collaboration in DevOps

(42:07) Career Advice for Aspiring Developers

(43:43) Sci-Fi Tech and Futurism

Links:

Connect with Dr. Noe Lorona

Learn more about Army Software Factory

Connect with Rebecca Lively

Learn more About Defense Unicorns

In this episode, Defense Unicorns welcomes Col. Sean Kern, the Director of Cyberspace Operations Strategy at SAIC, who brings experience in military and cybersecurity strategy. Kern shares his journey from military service to civilian leadership, sharing the unique challenges and adjustments required in the transition. He discusses how his military background shaped his understanding of systems and software engineering and how essential it is to cultivate a resilient and adaptable culture in any DevSecOps team. Kern emphasizes that trust, humility, and continuous learning are cornerstones for building high-performing cybersecurity operations, both in the military and private sectors.

The conversation dives deep into automation and the role of human judgment in high-stakes cybersecurity decisions. Kern puts a focus on a balanced approach, where automation speeds up processes without sacrificing the critical oversight humans provide. His thoughts on combating biases within AI and ensuring ethical applications of automation highlight the importance of strategic human involvement. His perspective illustrates how both tech innovation and human expertise are essential to adapting cybersecurity practices for dynamic challenges.

Kern also addresses the structural complexities of coordinating cybersecurity operations across military branches. He explores the need for a more unified organizational framework that could enhance operational readiness and efficiency in cyber operations. Drawing from his experience, Kern advocates for a strategic, flexible, and consistent approach to cybersecurity management, emphasizing that speed and adaptability are key to staying ahead of potential threats in today's world.

Key Quote:

“Culture is going to happen whether you do it or not. Like that's the scary part. It's going to exist. You know, if it's left to its own devices, then if you get anything good out of it, that's pure chance. That's pure luck and we don't need to fight China on pure chance or pure luck. So we need to be deliberate about the culture we put in place.”

• Col. Sean Kern

Time Stamps:

(00:32) Sean Kern's Military Background

(06:42) Transitioning from the Military to the Private Sector

(11:47) Building Effective Teams and Organizations

(19:59) The Importance of Culture

(28:24) Automation vs. Human Accuracy

(34:50) Organizational Design for Cyber Operations

(49:14) Lightning Round

Links:

Connect with Col. Sean Kern

Learn More About SAIC

Connect with Rebecca Lively

Learn More About Defense Unicorns

In this episode of The Defense Unicorns Podcast, we’re joined by Collen Roller, Founder of Dark Saber, as he shares his journey of innovation within the U.S. Air Force. From his work in Natural Language Processing (NLP) to mentoring airmen on developing applications using outdated systems, Collen’s story highlights perseverance and creativity. Discover how Dark Saber has empowered airmen to build production-ready software, transforming their operational efficiency.

We explore the transformative potential of generative AI in defense, including its ability to automate tasks like paperwork and coding, enhancing productivity. Collen also introduces Nipper GPT, an AI tool tailored for DoD networks that bridges information gaps through conversational interfaces, pushing the boundaries of data access within military environments.

Looking to the future, Collen discusses exciting advancements like Retrieval Augmented Generation (RAG) and multi-agent AI architectures, poised to revolutionize military data interactions. As he reflects on the importance of passion and community in driving change, this episode showcases Collen’s commitment to modernizing defense technology through innovation.

Key Quote: 

“I think that people need to realize that these tools are for their benefits and they need to get involved in using them today to enhance their performance and workflow because if you're not using them, you're being slow.”

-Collen Roller, Founder of Dark Saber

Time Stamps:

(00:00) DoD Software and Conversational Systems

(11:28) Future of AI in Military Operations

(17:05) Future Developments in Artificial Intelligence

(34:38) Revolutionizing Software Development in DoD

(44:21) Driving Change in DoD Through Passion

Links:

Learn more about Dark Saber

Connect with Collen

Connect with Luke

This week on, Defense Unicorns Podcast we welcome Eddie Zaneski, the tech lead for open source here at Defense Unicorns, who takes us through his fascinating career journey from aspiring math teacher to a key player in the tech industry. Eddie shares his experiences transitioning into computer science, his passion for developer relations, and his significant contributions to the Kubernetes project. We dive into the evolution of software deployment, from bare metal servers to virtual machines and containers, and how Kubernetes has become essential in managing large-scale containerized applications. Eddie also reflects on his time at DigitalOcean, Amazon, and ChainGuard, highlighting his work on software supply chain security projects like Protobomb and Sigstore.

Our conversation then turns to the security of open-source communities, challenging the misconception that open-source software is less secure than its closed-source counterparts. Eddie discusses the advantages of transparency in open source, using the XZ library's recent security breach as a case study to emphasize the importance of trust and identity verification. We also explore the potential for similar vulnerabilities in closed-source projects and the growing importance of supply chain security measures, including building integrity and software bills of materials (SBOM). The episode concludes with a thought-provoking discussion on the benefits of transparency in open source and whether proprietary software incidents would be as openly shared or understood.

Eddie shares his enthusiasm for leveraging government funding to support open-source projects. He expresses his excitement about engaging with soldiers, airmen, and guardians to understand their challenges and explore open-source solutions. We also touch on innovative tools for air-gapped environments, like Zarf, and their applications across various industries. Listen in as Eddie recounts his experiences at Bravo hackathons, the unique challenges faced by developers in constrained environments, and offers valuable career advice for those passionate about open source and software development.

Key Quote

“There's lots of misconceptions and I'm sure you and I can talk about all of them. One of the big ones is, just. It's less secure, right? that's a massive myth. Open source security is less secure because all the code is in the open and everyone can go find the holes and generally quite the opposite actually, because the code is in the open, everyone can do their own audits and everyone can see what's happening under the covers of the magic box that you usually can't peer into with proprietary software. We have entire teams of like security. So the Kubernetes project is divided up into special interest groups or SIGs. So we have SIGs for security, we have a product security council and committee that is the incident response people for when there is a new CVE or a bug found, and all sorts of different types of things that are just tailored around security.”

-Eddie Zaneski

Time Stamps:

(00:02) Kubernetes and Open Source Evolution

(08:17) Security in Open Source Communities

(20:43) Software Bill of Materials for Cybersecurity

(24:04) Exploring Defense Unicorns and Open Source

(31:43) Navigating Careers in Open Source

(42:25) Breaking Barriers in Defense Innovation

(46:42) Collaborating for Defense Open Source

Links

Connect with Eddie

In this episode of the Defense Unicorns Podcast, Rebecca sits down with Mark McGrath, a Marine Corps veteran turned asset manager and consultant, to explore how modern DevSecOps practices intersect with John Boyd's theories. Mark’s deep understanding of Boyd's OODA loop—observe, orient, decide, act—shapes how he helps clients in industries like manufacturing, energy, and public relations respond to complexity and streamline decision-making, much like DevSecOps optimizes software development and deployment.

Diving into the legacy of John Boyd and going beyond the OODA loop, Mark discusses Boyd’s influence on business strategy, finance, and software development. Mark brings a fresh angle to Boyd’s concept of rapid iteration, emphasizing how speed, adaptability, and customer feedback are key tenets not just in the military or on Wall Street but also in DevSecOps. We also delve into Boyd's "Destruction and Creation," connecting it to principles of continuous integration and delivery, and explore how his philosophy of action and adaptation aligns with the core practices of DevSecOps.

Throughout the episode, Mark highlights the critical role of psychological safety and cross-functional collaboration, both key to effective leadership and DevSecOps culture. Whether you're deploying code or managing high-stakes operations, this conversation illuminates the relevance of Boyd's theories for anyone aiming to navigate complexity, enhance agility, and drive innovation in their organization.

Key Quote

“You realize I have to continuously shatter and smash my understanding of the world or my perception of the world because if I don't I'm going to become Blockbuster video. And if I don't, I'm going to be Blackberry. Or if I don't, I'm going to stagnate and I'm going to become extremely vulnerable to my competitors or the rate of change or whatever it is, it's going to get me and I'm not going to be able to survive on my own terms and it's impossible for me to ever thrive.”

-Mark McGrath

Time Stamps:

00:58 Mark McGrath's Background and Career Journey

01:38 Discovering John Boyd's Theories

04:13 Joining AGLX and Applying Boyd's Theories

06:35 Understanding John Boyd's Broader Impact

17:47 Boyd's Conceptual Spiral and Continuous Reorientation

28:39 Challenging the Status Quo

33:33 The Importance of Humility

35:06 Comfort vs. Volatility

40:13 The Power of Feedback

48:07 Boyd's Universal Applicability

Links:

Connect with Mark

Learn more about AGLX

Check out the “No Way Out” Podcast

The Whirl of Reorintation Substack

Read Destruction and Creation

Read John Boyd, The Fighter Pilot Who Changed The Art of War 

Read The Psychology of Military Incompetence 

Read the Timeless Way of Building

Join us on this episode of Defense Unicorns Podcast as we are joined by Kurt Sanger, retired Marine and former Deputy Staff Judge Advocate at US Cyber Command. Kurt shares his journey from growing up in New York City to studying at Holy Cross and Cardozo Law School, where his interest in the Marine Corps began. He reflects on his early roles in military justice and his transition into cyber operations law, providing candid insights into the challenges and motivations that shaped his path.

In this episode, Kurt discusses the evolution of cyber partnerships and the critical role of trust and collaboration within the Five Eyes community. He sheds light on the complexities of legal counsel in military operations, emphasizing the importance of clear communication and the broad responsibilities of military attorneys. Through key events like the ISIS conflict and the Sony breach, Kurt illustrates the rapid shift from theory to practice in cyber operations.

We also delve into the challenges of great power competition, the debate over the US Cyber Command’s role, and the essential collaboration between technologists and lawyers in shaping cyber policy. Kurt offers a thought-provoking perspective on how emerging technologies and international relations could shape the future of conflict.

--

Key Quote: 

“All these organizations have missions and those missions take up all the bandwidth that they have, all the people and all the assets that they have to carry out as it is. And competing in cyberspace is most likely never going to be the priority of an organization that has a kinetic mission.”

-Kurt Sanger

--

Time Stamps:

(00:46) Kurt Sanger's Background and Career Path

(04:58) Transition to Cyber Law and Operations

(07:08) Challenges and Evolution in Cyber Operations

(09:23) Legal and Ethical Considerations in Cyber Operations

(26:47) Discussion on Cyber Force and Organizational Structure

(46:33) The Future of Cyber Conflict and Hope

--

Links:

Connect with Kurt

Connect with Rebecca

Law of the Horse, What Cyber Law Might Teach

Code is Law

The Nightingale's Song

Beats So Lonely