Fed Gov Today’s Post

Transcript

Rob, it's great to talk to you. Thanks for joining me today. One of the focuses that the governments talking about, about just about everything is collaboration across agency within an organization and all of that. What does that look like in a dev SAC OPS environment, especially a really secure dev SEC OPS environment where somebody's developing something that's potentially for a sensitive user or super, super mission critical use? Yeah, No, I think, I think this is part of the challenge we find ourselves in today, which is. We want to empower our users, We want to empower our employees, especially if they're in a more creative role like a developer or they need to create code, they need to write an application that's mission critical or, or core to some of the things that we're trying to execute. So we know we want to empower, but dot dot dot, the challenge is to your point, how do we do so without compromising security? And I think the, the biggest challenge we've seen, to be honest with you is this rush towards. SAS based tools. And although the tool itself may be secure, the biggest challenge is often a lot of my data then sits in that cloud or not to get overly technical, but even just metadata data about my user that could be used to construct what application they're building, what document they're writing, what mission they're working on. And so I've seen a real backlash over the last year or two away from just trying to do SAS, which is quick, it's easy. To get people set up to collaborate quickly away from that towards note, we need to own and operate the software. Now we're in essence going to become the as operator ourselves, as an agency and we will treat our users as our quote UN quote customers. And so that's the benefit to that is I own the data, I provision everything, so I don't have to worry about the metadata leaking. And so what's really happened over the last few years is with even just virtual machines, but containers with everything. The burden of operating software is so much lower that I don't have to worry about trusting my data to someone else. Now I can run it in an air gapped environment, I can run it across different levels of secrecy because I'm in complete control of who gets access to the data and I'm not having to worry about third party tools. So I think my biggest piece of advice to those listening in would be if you have prevented your users in the past from using certain types of. Software or collaborating certain types of environments because you were worried about security and compliance. Revisit some of the things you can probably own and operate. And in fact, a lot of it's probably free, it's probably open source. And so you don't even have to worry about are there any back doors in the software. You can see right there in the code how it's operating, what it's doing with your data. And I think that's what's been a little bit more empowering over the last probably even just two to three years. Is that potentially daunting though for a federal agency who at least have been telling me over the years? I don't want to own that stuff anymore. I don't want to manage that stuff anymore. I don't even want to own the data centers. I want to put things in clouds. Is that potentially 1 disadvantage to the scenario that you just described? It is to great question because I think what you have to worry about is skill set. So do I have the skill set to operate the software myself? I would attend that. That skill set is not as daunting as it was 5-10 years ago where people didn't have cloud experience or didn't have familiarity with some of the automation. Schools that actually make things easier. The counter trend to it is a lot of agencies that I've talked to, especially in the intelligence community, have a little been a little bit shocked about the cost of, of running in the cloud. They, they sort of get the quote UN quote, hate to pick on them, but a WS bill, right? And so it's, it's something where the cost is high enough that I'll go find talent, even if I have to find them at certain secrecy levels to get them. And, and train them up and, and have them operate the software. And the last thing I'll just say real quick is it is the automation. It's less about the human capital of operating the software. It's more can I use automation tools? So I don't need an army of 500 admins. I just need five people to operate it at scale. So the automation tools strike me as maybe the biggest difference between today and let's say three, five years ago. What do you see over the horizon in the next two to five years that will change potentially again? The way that people think about dev SEC OPS and the way that deliver software solutions. Yeah. So I think there's a couple different things and I'm going to have to invoke the much overused term of generative AI or Gen. AI. But I do think what we're seeing is that a lot of these tools can be trained to automate a lot of the mundane tasks and in fact do so at a higher level of competency. And I mean that with no disrespect. It's just they don't get bored. They don't get bored of running the same task over and over again, whereas humans do. And so human error ends up becoming the enemy, misconfiguration becomes the enemy. And so I do think a combination of. Automation tools which have become much more prevalent and then. I'll call it Gen. AI called bots, just call it AI, something that can can automate the mundane out actually freeze U folks to focus on more important things like is the data safe? Are my security policies. That's not the stuff that I think we can or should rely on a quote UN quote bot for. That's where I'd want a human in the middle. But certainly getting some of those routine tasks out of the way frees up to focus more on security. What are organizations like federal agencies doing well? And what could they use some more improvement at regarding flexibility and adaptability and I guess agility, although not agile necessarily from the technical term as agile development. But as far as because that's that seems to me from what you have said and others have told me about this is a really important component of success here. I'll narrow my focus a little bit for a second because most of my interaction is with folks that have large developer teams. So if you're an agency that has hundreds or maybe even thousands of developers, I think the biggest challenge right now is this balance between how do I give them some autonomy and some flexibility that allows them to to work faster, make changes to mission parameters and software faster, but at the same time. Do it where I own the data, I manage it. So there is no worry of data exfiltration or leakage or even just human error. So that's what we've seen is probably the biggest unlock. I mean it is not unsurprising that in at least in the intelligence community, you could have more than 10,000 developers. That is a very significant portion of of your population that to date has been just very locked down. And now we're trying to do is get them to some degree. Of autonomy. And I think the biggest thing is not just because we want to keep up with the latest and greatest, it's because if I empower these people to make changes, we can be more effective in the field or in the intelligence community or even with just citizens. Everything is kind of coming down to time being more the critical enemy even over cost. And so anything we can do to help developers move a bit faster. Rob, it's great to talk to you. Thanks for your insight. I appreciate it. Yeah, thank you.