Matt Thompson from Socure brings a wealth of experience to the topic of federal identity management. After a successful career in the military, he noticed that there was a lot of friction for veterans to get benefits from the federal government. He has been working with that issue of identification for his entire career. The company, Socure, has a similar origin story. The founder had a tough time establishing credit as a young man and noticed that there must be a better way to validate one’s credentials. Johnny Ayers launched Socure in 2012 intending to make it easier to establish identity. His goal was to verify 100% good IDs and eliminate fraud across the Internet.

Socure has been a ridiculously successful company. This was a challenge that banks faced, too fast and they may not have valid identification, too slow and they may lose a customer. If an identification system holds up the process, it can be described as “friction.”

Today we sit down with John Cofrancesco from Fortress Information Security to get insights on the issues with the supply chain and the federal government. When it comes to federal technology, it is well known that bringing in chunks of software can introduce vulnerabilities. The real issue is not recognizing the code flaws, the issue is finding time in a hectic schedule to be able to remediate these problems.

For example, CISA has something called the Vulnerability Exploitability Exchange that lists known software vulnerabilities. Companies like Sonatype offer surveys where they identify thousands of lines of code with structural flaws.

One of the vulnerabilities (the Log4J) is well known. Rezilion announced it had scanned 90,000 servers that still had this problem.

So, having a list of vulnerabilities is not the issue. The concern is cleaning up the federal code in an effective manner.

Years ago, McDonald’s had a sign in front of each restaurant that said, “Millions and millions sold.” It would be fair to appropriate this tagline to the world of your digital identity. That is because in 2017 147 million Americans in Equifax has personal data stolen. Oh, let us not forget the twenty-two million for the Office of Program Management and the fifty million from recent T-Mobile breaches. Because of this, it is important to understand some of the identification options for federal technology leaders. That is why we have Wes Turbeville from ID.me in the studio today.

Traditionally, identification started with a username and password. It has gotten to the point that so much personally identifiable information is floating on the Internet that major companies have initiated programs to eliminate this old-school way of authentication.

For years people in federal information technology have been talking about “silos” of information. One of the benefits of moving to the cloud was the possibility of removing some of this isolation. There may be other silos that may not be comprised of hard drives.  For example, when you limit your technical staff to a specific profile. That just encourages sameness of thought.

The Proceedings of the National Academy of Science reported that a more diverse group is more likely to outperform a more homogenous team.   https://www.packard.org/insights/perspectives/why-diversity-in-stem-matters/

We are in a world of attacks coming from every quarter. Limiting yourself to one predetermined category of technical expert will set you up for failure. Think of it this way . . . if a football team has forty quarterbacks, they will lose every game; the same is true if they have all kickers.

Today we sit down with Jason Goetz, Senior Director, Public Sector, Snyk to talk about securing software for the federal government. When most people think of a supply chain, they think of a physical item. For example, a manufacturer in China makes a router and ships it to the United States. The impact of the supply chain has been thoroughly apparent due to COVID disruptions.

However, most software developers today do not start from a blank slate, they start by grabbing code from a code repository and assembling it like Legos. In many situations, they follow agile development precepts and iterate and get feedback, but what happens is that the code is completed without any consideration for a security scan. Inevitably, issues will be found, and the development team must go back to work.

During the interview, Jason Goetz suggests there is a better approach, he calls it, “Shift Left.” 

Jay MacMillian, Executive Vice President at Booz Allen shares his ideas on digital transformation for the federal government. The interview covers the role of the cloud, citizen experience, and the steps to take for the federal government to move forward.

When it comes to moving to the cloud, Jay Macmillan observes that many agencies get transfixed by point solutions. He suggests that a better approach is to take a comprehensive view to the issue of cloud architecture. When that is done, the concerns of ending up in a point solution silo can be avoided.

Further, when an agency adopts the wider view, it gives them the ability to structure systematically. The idea here is to expect a change in future enterprise architecture renditions. That way, costs will be reduced when applications move in or out of a hybrid cloud.

The word that is normally used to describe “quantum computing” is game changer.  During this interview, Duncan Jones, the Head of Cybersecurity at Quantinuum gives you a better understanding of what quantum computing is and how it can help a federal agency reach its goals.

The discussion began with an attempt to define quantum computing.  Rather than a binary output, a quantum method gives a variety of solutions.  Many now talk about today’s CPU-based computing as “classical” computing.

In the studio today, we welcome Julie Smith, the Executive Director of the Identity Defined Security Alliance and Yash Prakash, Chief Strategy Officer from Saviynt.

One of the key challenges for the federal government to move to the hybrid cloud is establishing valid identity. The cloud can reduce cost and improve flexibility for federal information systems. However, it may come with security concerns.

On March 21, 2022, the White House released a statement warning of the threat of cyberattacks. Industry and federal leaders have responded to other warnings in a variety of ways. One of the overarching concepts that has been well received is Zero Trust. The lynchpin for Zero Trust is establishing the identity of the person being trusted with data.

Blue Ridge Networks has been in business for over twenty years. CEO John Higginbotham shares how network security began with untrusted networks and has become focused on Zero Trust Architecture.

Today’s federal systems reflect commercial systems – there is a mess with data, there are application issues, and some systems have poor security. COVID has caused federal information technology professionals to reassess this status and revise many aspects of security.

COVID has certainly caused a drastic increase in connections taking place Along with that, there is also a need for more protection. During the interview, John Higginbotham suggests that a great starting point is multi-factor authentication. He agrees that frameworks from groups like DoD, NIST, and CISA can help in structuring a plan.

In the studio is Mark Forman, Executive Vice President at Dynamic Integrated Services. He has a distinguished career in and out of the federal government. His ability was recognized when he was named the first Federal Chief Information Officer for the Federal Government. Mark is on the podcast to provide observations about accomplishing digital transformation in today’s fast-changing climate. For example, here we are in March of 2020 and the federal technology is starting to recover from COVID and, now, cyber-attacks are occurring at a feverish pitch all over the world. How can the federal government hold its own in the superheated environment?