This week on Feds At the Edge, we dive into the evolution of the Cybersecurity and Infrastructure Agency's Continuous Diagnostics and Mitigation (CDM) program in addressing the growing cyber-attack surface.  

Hemant Baidwan, CISO for DHS, OCIO, noted that Continuous Diagnostics and Mitigation is a comprehensive suite of tools and policies, with a key focus on understanding the attack surface and ensuring high data quality during deployment. 

John Schneider, Senior Systems Engineer, Axonius Federal, discussed the challenges inherent in managing IoT and OT devices for federal agencies, stressing interoperability and automation as best practices.  

Tune in on your favorite podcasting platform as we discuss the critical role of partnerships and inter-agency collaboration to enhance cybersecurity postures.   

 = = =

The U.S. healthcare system, which includes roughly 200 federal hospitals, are constantly at risk for or under cyber-attack.  

This week on Feds-At-The Edge we explore ways to improve security through basic controls like software updates and patching, with the conversation quickly turning to the importance of practical strategy.  

>> Developing a good data inventory: Full of IoT devices? Learn what to include for your expanded attack surface  

>> Human Interaction: Learn the critical role humans play amid the new promises of AI  

>> Contingency Plans: If your agency was attacked today with ransomware, would you be able to identify your critical data? 

Managing vast amounts of data, reducing alert fatigue, and improving threat detection can all be accomplished with automation. 

This week on Feds At the Edge, we have three experts in automating cybersecurity response to provide guidance on best practices to deploy automation. They highlighted the need to establish a valid baseline for expected network behavior to identify deviations effectively, reducing false positives.  

Bob Costello, CIO at CISA, stressed keeping humans involved in the process, citing a recent incident where AI breached an organization, bypassed security features by defeating automation.  

Richard LaTulip, Field Chief Information Security Officer, Recorded Future, addressed resistance to AI in cybersecurity, warning that the overwhelming volume of attacks makes proper automation essential for staying competitive. 

Tune in on your favorite podcasting platform as we discuss how automation is essential but must be applied with caution and human oversight to ensure robust defense mechanisms.

SaaS (Software as a Service) applications, due to their ease of launch and proliferation, have created a “perfect storm” for attackers, and a significant challenge for cybersecurity professionals. Organizations with over 1,000 employees typically use 150+ SaaS applications, often unmanaged, which expands the attack surface and poses a unique threat to entities like the federal government.  

 This week on Feds At the Edge, we discuss where the threats may lie and give practical information on attempting to control this new threat vector.    

 Mark Canter, CISO at US GAO, highlights the widespread lack of understanding about where data is used, emphasizing the importance of good data management practices. AI can play a pivotal role in systematically addressing this issue.  

 Tune in on your favorite podcasting platform as we explore why organizations should maintain accurate inventories of SaaS applications, identifying and managing shadow SaaS apps, and implementing robust governance practices to secure and optimize their SaaS ecosystems. 

Malicious actors are always looking for the “Easy Button” when it comes to breaching your system. 

This week on Feds At the Edge, we are revisiting our conversation on looking at the protection of Operational Technology (OT), critical hardware on premises. Traditionally separated from IT systems by air gaps, OT is now increasingly managed by IT departments due to the convergence of IT and OT.  

Few realize that OT has federal compliance regulations, just like IT. The real issue, should an OT systems administrator have to do repetitive work to comply with IT mandates? Marty Edwards, Deputy CTO, OT/IoT from

Tenable, noted that he has seen up to 80% similarity between IT and OT compliance standards, prompting efforts to reduce redundancy. 

This week on Feds-At-The Edge we explore AI used as a strategic tool, focused on risk mitigation, applications, and continuous user feedback. 

>> Risk Mitigation: Risks vary by application. Luke Keller, Chief Innovation Officer at US Census bureau, highlighted using NIST guidelines, including bias reduction frameworks, to ensure ethical and accurate AI deployment. High-quality, diverse datasets are essential.  

>> Use Cases: Start small with proofs of concept to test limitations and risks. Ryan Simpson, Engineering Chief Technologist for the Public Sector for NVIDIA, recommended tools like Retrieval-Augmented Generation to develop use cases which work with limited data and are easy to evaluate. Early wins can allay some fears and can build confidence.  

>> User Feedback: Gathering user input during small test cases is crucial for refining and finding practical applications of AI in federal settings.  

Tune in on your favorite podcasting platform as we explore strategic, iterative approaches that foster safe and effective AI implementation. 

ns.

AI is just another tool in the technology market, only becoming a powerful resource when agencies learn how to best utilize it to reach mission goals.  

This week on Feds-At-The Edge we explore several insights on deploying AI effectively for the federal government landscape.  

Caroline Carusone, Deputy CIO for NRC, discusses AI’s potential in identifying security risks and solving complex engineering challenges, like improving atomic reactor designs.  

Luke Keller, Chief Innovation Officer at the US Census Bureau, explains AI's role in handling massive datasets, enhancing earth observation for accurate population counting, automating data ingestion, and metadata classification.  

And Kurt Steege, CTO for ThunderCat Technology, introduces the concept of "multimodal AI," which processes data in multiple formats, broadening its utility. 

Tune in on your favorite podcasting platform as the panelists stress the importance of reliable data, experimentation to explore AI's capabilities and limits, and defining specific use cases to use AI responsibly. They emphasized a strategic, ethical, and well-managed approach to AI deployment in federal agencies.  

Software as a Service (SaaS) is incredibly enticing with its ease and affordability, however despite the heavy lifting being done for you, the responsibility of protecting your data and network remains in your hands.  

This week on Feds-At-The Edge we sit down with Eoghan Casey, VP of Cybersecurity Strategy & Product Development for Own Company, who highlights essential security practices for agencies using Software as a Service (SaaS).  

>> Understanding data visibility- What's sensitive and what’s not 

>> The importance of continuous monitoring and backing up your systems on a regular basis  

>> Scheduling regular tests to ensure you know how long it will take you to identify, mitigate, and recover from attack.  

Tune in on your favorite podcasting platform today to get the inside scoop from Eoghan, including his thoughts on where AI and machine learning have a role in your SaaS environment.  

If you’ve tuned before then you’ve heard the three magic words; People, process, technology. While technology often takes the spotlight, there’s a reason why “people” come first.  

This week on Feds-At-The Edge we explore the cultural shifts agencies are prioritizing to achieve zero trust.  

Jothi Dugar, CISO at NIH’s Center for Information Technology emphasizes the age-old advice, communication is key. Federal leaders should speak a language all stakeholders understand, and responsibility should be placed in the hands of the many and not the hands of the select few. 

We’ll also explore the benefits of collaborative group environments where everyone contributes to change. 

Matthew Posid, a Principal & CSO with KPMG shares how real-world zero trust examples can help technical leaders buy-in.  

Tune in on your favorite podcasting platform to hear more about the importance of continuous learning, experimentation, and collaboration to navigate these complexities. 

In today’s data-driven world, network systems are under immense pressure to handle increasing loads of data while staying compliant in a rapidly evolving landscape. How can agencies effectively secure their systems when every little nook and cranny requires oversight?  

This week on Feds-At-The Edge we explore how microsegmentation is emerging as a vital strategy for agencies working toward a robust zero-trust architecture.   

Rob Thorne, CISO of U.S. Immigration and Customs Enforcement, highlights how complex systems often have hidden connections unknown to administrators, which micro-segmentation can reveal. 

We will also dive into how machine learning and AI can be utilized to identify exactly what is on your network so you can ensure end-to-end security.