Welcome to "This Is Fine," the podcast by Hunter Strategy where we tackle key issues in technology and security within Department of Defense (DoD) networks. This week, we're focusing on Continuous Monitoring and Risk Assessment in DoD Networks. 

Our guests are Dan Beller, Director of Platform Engineering at Hunter Strategy, and Chris Sowards, a GRC (Governance, Risk, and Compliance) expert with the company. Dan has significant experience in supporting continuous monitoring for DoD networks, making him a key voice on this topic. Chris brings his expertise in risk assessment and governance, offering insights into the strategic side of network security. 

Together, Dan and Chris will provide a practical look at how continuous monitoring and risk assessment are carried out in DoD networks, highlighting their importance in maintaining national security. This episode is essential for anyone interested in the technical and strategic aspects of cybersecurity within the DoD. 

Whether you're a cybersecurity professional, a student of the field, or simply interested in the security measures that protect our country's digital frontiers, this episode promises to be both enlightening and engaging. So, tune in, and let's explore the depths of Continuous Monitoring and Risk Assessment in DoD Networks with Dan Beller and Chris Sowards. 

Chapters

00:00 Introduction to Continuous Monitoring and Risk Assessment 

03:11 Continuous Monitoring and the ATO Process 

06:11 Continuous Monitoring and System Modifications 

09:39 Evolution of Continuous Monitoring 

12:10 Assessment and Compliance in Continuous Monitoring 

18:06 Tooling and Automation in Continuous Monitoring 

21:36 Future Trends in Continuous Monitoring 

24:36 Building Trust and Relationships 

25:15 Challenges in Generating Artifacts 

26:01 Automating ATO Process 

28:20 GRC as a Gateway into Cybersecurity 

29:32 The Value of GRC Professionals 

30:01 The Importance of GRC in Software Development 

31:23 The Need for Improved Tooling 

32:40 The Role of OSCAL in Trusting Tooling 

34:03 Tools for Managing Disparate Scanning Results 

35:24 The Challenge of Limited Authorizations 

36:23 Collaboration and Human Readability in OSCAL 

39:39 The Need for Connected Governance 

42:35 Measuring the Success of Continuous Monitoring 

Today’s episode dives deep into the world of federal RFPs, specifically the pros and cons of technical challenges compared to traditional proposals. Join our guests from Hunter Strategy, including Kevin Belanga, Chief Strategy Officer, and Jeff Segal, Chief Technology Officer, along with Kevin Long, Vice President of National Security Solutions group, Highlight. Together, they untangle the different forms these challenges take, and the work of crafting tailored solutions to meet mission requirements 

But it's not all about the challenge itself. We also explore the delicate balance between evaluating technical capabilities and overall fit, the impact on small and medium businesses, and the need for a shift in skillsets when reviewing proposals. We'll uncover the effectiveness of different strategies in government contracting, especially when it comes to technology development and maintenance. Finally, we wrap up by tackling the age-old question: can you truly get the best quality at the best price in government contracting? 

Tune in for an insightful discussion that will leave you better equipped to navigate the ever-evolving landscape of federal procurement! 

Chapters

00:00 Technical Challenges in Federal RFPs 

01:26 Different Ways of Manifesting Technical Challenges 

03:25 Defining Challenges that Align with Mission Requirements 

04:57 Balancing Technical Competence and Evaluation 

06:33 The Role of External Support in Source Selection 

08:18 Ensuring Technical Competence in Vendor Selection 

09:22 The Challenge of Staffing and Execution 

11:19 Balancing Procurement Burden and Technical Competence 

12:30 The Burden on Small and Medium-sized Businesses 

13:06 The Need for Different Skill Sets in Proposal Evaluation 

14:18 Theatrics in In-person Code Challenges 

16:08 The Value and Challenges of Orals 

19:03 Alternative Approaches to Procurement 

21:20 The Value of Advisory Down Selects 

25:46 The Use of Videos and Performance Art in Procurement 

27:16 Effectiveness of Different Procurement Approaches 

37:16 Different Procurement Approaches 

39:55 RFPs and Alternative Procurement 

42:00 Orals for Better Results 

44:48 Commoditized Services and Help Desk 

45:16 Paying for Quality 

Join us for the latest episode of "This Is Fine", where Matt D'vertola, Senior DevOps Engineer, and Michael Christopherson, Senior DevSecOps Engineer, dive into the complexities of modernizing outdated computer systems within the Department of Defense (DoD). Discover the hurdles hindering the adoption of modern DevSecOps practices, as Matt and Michael share their insights on navigating bureaucratic challenges and barriers, with a focus on leveraging technologies like Kubernetes. Matt and Michael advocate for better resources and training to ease the transition from the private to the public sector. They challenge conventional thought by suggesting a reevaluation of legacy systems, proposing a truly cloud native refactoring approach. Tune in to gain actionable strategies and insights that transcend traditional cybersecurity discussions and learn how to navigate the unique challenges of implementing DevSecOps practices in highly regulated environments. 

Chapters

00:00 Introduction 

13:14 The Impact of Outdated Computer Systems 

19:03 Challenges of Migrating to Cloud 

22:26 Bureaucratic Hurdles and Cultural Resistance 

31:07 The Use of Kubernetes in DoD 

37:49 The Role of DoD Hosting Providers 

42:26 Recommendations for Improvement 

42:43 Improving Acquisition and Workforce Training 

47:20 Explaining Cloud Concepts and Compliance 

51:13 Sharing Knowledge and Best Practices 

52:41 Rethinking Legacy Systems 

55:01 Closing Remarks 

In this episode, we explore the dark corners of agile practices, uncovering common pitfalls, misconceptions, and counterproductive behaviors that can hinder team progress and undermine the principles of agile.

Welcome to "This Is Fine" with Hunter Strategy, because who doesn't need another podcast, right? But hold on, this isn't your typical corporate spiel. "This Is Fine" dives deep into Cloud security and agile methods, but with a twist of humor, sarcasm, and a sprinkle of dad jokes. Instead of boring PDFs, we bring lively discussions to life, offering a peek behind the curtain at our quirky team. Join us for a roller coaster ride through tech talk and more. Trust us, it's going to be fine... probably!