Skip to content
Podcast

The GIST of Govt IT Podcast

 

Fed Christmas in July? The OMB M-26-14 Holiday Rush Begins!

July 13, 2026Level One by Christmas. Level Two by Valentine's Day. Level Three by Independence Day. That's the OMB M-26-14 logging mandate clock federal agencies are now racing against — and if you don't want to spend your holidays at the office, it's time to start planning now! In Episode 13 of The GIST of Govt IT, Brian and Sean dig into OMB M-26-14 on the eve of Sean's fireside chat with CISA Director Nick Andersen. Sean breaks down what actually changed: the shift from long-term log hoarding (30 months of cold retention) to an outcomes-driven model focused on defending the cyberspace effectively, and the dramatic expansion of scope to include IoT and operational technology — the unmanaged, line-of-business-owned, often third-party-managed devices that CISOs have never had eyes on. The conversation walks through the mechanics: the Logging Reference Architecture (LRA) dropping mid-August, the 90-day plan requirement, and the three maturity levels with their rising inventory-and-logging thresholds (70/50, 80/80, 90/90). Brian and Sean unpack why asset inventory is the real "creeper" that will blindside teams, why OT discovery requires drop-in kits and passive network detection rather than active scanning that can break physical systems, why centralized logging matters for coordinated FSEB-wide defense, and how to think about "three-for-one" investments that solve this mandate and other capability gaps at once.

The Founding Fathers' Guide to Federal IT

July 6, 2026Happy 250th birthday, America. In this special shortened Fourth of July episode of The GIST of Govt IT, Brian and Sean keep it snackable for the beach-and-boat crowd — kicking off with a debate over favorite founding fathers before turning to a rundown of the GIST 360 summer event lineup. Sean previews what's coming: a July 14 breakfast briefing at the National Press Club on securing the converged IT/OT/IoT enterprise; a mid-year federal IT priority-setting session featuring a fireside chat with CISA Director Nick Andersen, an ATARC roundtable on operationalizing continuous threat exposure management, as well as several webinars on deck. If you want to know where federal IT leaders are placing their bets for the last stretch of the fiscal year, this is your map to the conversations that matter. Plus a kite-surfing Ben Franklin!

The Five-Dollar Agentic AI Hacker

June 29, 2026With Marlin McFate, Federal CTO & CISO, CohesityFour days. A spare $500 mini PC from Microcenter. An open-source quantized model running on 512 MB of VRAM. And by Thursday morning, an autonomous AI agent named Jenkins was finding vulnerabilities, chaining exploits, gaining root, and maintaining persistence — entirely on its own, with no human in the loop. In Episode 11 of The GIST of Govt IT, Brian and Sean are joined by Marlin McFate, Federal CTO and CISO at Cohesity to dig into the experiment Marlin documented on his new Substack, Peripheral Tech. Marlin walks through the architectural choices that made Jenkins possible — the "discussion skill" approach to working with agents like colleagues, the orchestrator-subagent model, the safety capability files that proved more effective than external guardrails — and why the implications go far beyond "Mythos changed everything." The conversation digs into the real thesis: the barrier to nation-state-grade offensive cyber didn't just fall — it fell years ago, and most organizations are still spending 80% of their cybersecurity budget trying to prevent attacks rather than recover from them. Brian, Sean, and Marlin unpack the digital jump bag, the minimum viable agency concept, why finding the last clean backup is "a bad lie" the industry has been telling for years, and what Cohesity's RAG-enabled secondary data approach means for agencies trying to feed AI without standing up a fifth copy of their data. Plus, AI agents throw fits and take on personalities for their own.

An Apache Down. An ASV Up: Crossing the Rubicon for Autonomous Warfare

June 22, 2026With David Hutchins, Director of Defense Technology and Naval Systems, Forecast InternationalIn Episode 10 of The GIST of Govt IT, Brian and Sean are joined by David Hutchins, Director of Naval Systems and Defense Technology at Forecast International, fresh off SOF Week in Tampa to discuss the pervasiveness of autonomous systems and platforms that is changing calculus of warfare. David, a Marine Corps veteran who enlisted at 17, walks through the moment autonomous warfare crossed the Rubicon. The conversation digs into the cat-and-mouse evolution of counter-drone tech in Ukraine, why the LCS may finally have found its purpose in de-mining the Strait of Hormuz, the supply chain reality of mass-producing autonomous systems, the role of contested logistics and modular open architectures, and the upcoming World Cup. Plus the ever creative tactics of Marines in the field and how Sean once used pantyhose to keep sand out of IT systems when he was down range. ---------- RESOURCES MENTIONED IN THIS EPISODE Featured Guest - David Hutchins, Director of Defense Technology and Naval Systems, Forecast International - Forecast International - Defense & Security Monitor (Forecast's research blog)

Quad Charts be Damned: Data Meets the Mission

June 15, 2026With Andrew Churchill, VP Public Sector, QlikFor years now, the question for federal agencies has been the same: is your data ready for AI? In Episode 9 of The GIST of Govt IT, Brian and Sean sit down with Andrew Churchill, who leads Qlik's Public Sector Business across the US and Canada, to dig into whether the answer is finally shifting from "not yet" to "we're getting there" — and what's actually driving it. Andrew shares how policy moves are pushing the idea that data belongs to the mission, not the system owner; how AI is automating the mundane data prep work; and why the trust score on the data behind an AI recommendation is becoming the single most important factor for senior leaders making decisions. Brian, Sean, and Andrew unpack the agentic identity challenge nobody's talking about, the IBM Think team that burned 20% of its annual Mythos token budget in a single weekend, why a federal employee who knows the mission plus AI beats a forward-deployed engineer every time. Why federal data progress is a war of inches and why leaders need to turn the people delivering small wins into heroes — quad charts be damned. Plus, live music recommendations for the DC region.

Minutes, Not Months: Inside the New Cyber Velocity Facing Federal Agencies

June 8, 2026With Yochai Corem, GM, Exposure Management, Check Point & Corem Travel - Yochai's travel planning app48 hours. That's the time it took for a federal employee credentials to be stolen as a result of a phishing attack, to being listed on a dark web marketplace. In Episode 8 of The GIST of Govt IT, Brian and Sean sit down at Check Point's Engage Summit in DC with Yochai Corem, General Manager of Check Point's Exposure Management division, to unpack what happens when both sides of cyber warfare have agentic AI — and why the next three years will not be kind to defenders. Yochai shares why pen testing once a quarter is no longer relevant, how a single Chinese developer built an entire attack program in a week using an army of agents, and what Iranian threat actors targeting Israeli hospitals look like in real-time during active kinetic conflict. The conversation digs into agentic red teaming vs. automated red teaming (and why the difference matters), why "safe remediation" still keeps a human in the loop, how to use the firewalls, WAFs, and IPS you already own as compensating controls when patching takes weeks, and the under-discussed reality that government leaders must put their hands on the keyboard with AI. Plus: Yochai's family cookbook and other vibe-coding stories.

Iran Came for the Dams and We Got Lucky: Frontline Insights into the OT Fight

June 1, 2026With Matthew Shallbetter, Director of Strategy for Civilian Agencies, Armis FederalWhen Iranian-linked cyber actors hit U.S. water, energy, and government facilities through internet-exposed Rockwell Allen-Bradley PLCs during the sixth week of the U.S.–Iran military campaign, they did it with attacks that were eightfold above baseline and got within 30 to 40 minutes of opening dam gates. In Episode 7 of The GIST of Govt IT, Brian and Sean sit down with Matthew Shalbetter, Director of Strategy for Civilian Agencies at Armis Federal and a 16-year HHS veteran, to unpack what's really happening at the convergence of IT and OT. Matthew breaks down why cyber has become the great equalizer for nation-state actors, the difference between Iranian "disrupt and distract" tactics, and Chinese prepositioning ahead of a potential Taiwan invasion. The conversation digs into the cultural chasm between IT and OT teams, what the Ukrainians taught a roomful of Western OT practitioners at RSA about why red teaming beats paperwork, and the basics that still aren't done. Trump's seven-page cyber strategy and what ServiceNow's $7.75B acquisition of Armis — closed April 20 — means for federal customers.

Cupcakes & OODA Loops: Inside(r) Insights Into the New Federal AI Cyber Playbook

May 25, 2026Last episode, we left you hanging with a question: when it comes to cybersecurity, what is the federal government doing to both leverage AI and defend against AI threats and most importantly, are we moving fast enough? In the conclusion of this two-part series, Sean takes us inside a White House industry day convened at the request of the Federal CISO Council. He breaks down the two themes of the day that framed very different problems: using AI to optimize cybersecurity (running a SOC, governance, and compliance faster) and securing AI itself. Brian and Sean dig into the agentic SOC, the build-vs-buy question for federal agencies, why data fragmentation is the recurring obstacle in every AI conversation, the role of MCP and RAG in getting agents to the data, and live demos. Cupcakes and OODA loops make an appearance and Sean provides his verdict on whether the government is moving fast enough and his hacker name is finally revealed.

Vibe Hacking and Nation State Cyber Threats

May 19, 2026Your router may not be your router. It could be a Russian surveillance device. In Episode 5 of The GIST of Govt IT, Brian and Sean unpack a stunning two weeks in cybersecurity: the FBI's court-authorized takedown of a Russian GRU operation that silently hijacked thousands of TP-Link routers across 23 American states, an Iranian-linked APT group actively disrupting U.S. water and energy systems through Allen-Bradley PLCs, and Anthropic's release of Claude Mythos — a frontier model so capable at finding zero-day vulnerabilities that the company chose not to release it publicly. They break down what Project Glasswing means for industry, how AI is becoming both the most dangerous offensive weapon and the most powerful defensive tool a CISO has ever had, why "vibe hacking" is democratizing cyber attacks (one low-skill actor compromised 600 FortiGate firewalls across 55 countries), and why the old playbook for SOC operations needs to be blown up entirely. What the unresolved tension between Anthropic and the DoD over supply chain risk designation means for federal agencies trying to defend critical infrastructure while CISA operates at 38% capacity. Plus Sean shares his hacker name (maybe) if he wasn't a CTO and instead worked in a windowless office in Pyongyang.

A New Playbook for Small Businesses and Startups in Federal IT

May 11, 2026With Jay Shah, Former COO of OctoFrom a startup consulting shop to a $1.4B IBM acquisition, Octo Consulting Group's story is one of the great growth journeys in government IT. Brian and Sean sit down with Jay Shah, Octo's former COO, who helped guide the company through every inflection point — the pivot to DevSecOps and agile, the move from sub to prime, the strategic (and intentional non-) use of the 8(a) program, the 2019 Arlington Capital investment, four acquisitions, the launch of OLabs, and the IBM exit in December 2022. Jay shares the unvarnished playbook for scaling in the federal market: why diversification matters more than the 8(a) badge, when to be bold with primes (and when to bluff), how to turn billable services into IP, why OLabs only worked because they had base hits first, and what most founders get wrong about working capital. Plus, Brian and Jay geek out on funk master flautist Karl Denson.

Chaos, Change, and Opportunity in Federal IT

May 4, 2026"Chaos." "Change." "Opportunity." Three words that surfaced in a room full of federal contractors when asked to describe today's government IT environment. Sean and Brian unpack what's really driving the disruption, from RIFs and FAR overhauls to FedRAMP changes, the Anthropic supply chain risk designation, and the brain drain hitting agencies like NIST. They dig into the structural changes reshaping how government buys and builds technology — OTAs gaining momentum, Golden Dome's six-month IDIQ award turnaround, and CDOs finally getting real budget authority to break down data silos. Then they pivot to where the real opportunity lives: $50B in federal IT contracting in Q4 FY25, $13B for autonomy and AI at the Department of War, mission Genesis investments at DOE, and the massive energy build-out required to keep pace with China. Brian gets smart on Markdown files.

Fighting Fire with Fire to Secure Federal AI Agents

April 27, 2026With Elad Schulman, CEO and Co-Founder of Lasso SecurityThere's a workforce inside your agency that nobody hired, no one trained, and nobody is watching. We're talking about AI agents. In Episode 2 of The GIST of Govt IT, Brian and Sean sit down with Elad Schulman, CEO and co-founder of Lasso Security, to unpack what it actually takes to secure an agentic federal enterprise that seemed to arrive on the scene overnight. They dig into AI sprawl, the new attack surface created by autonomous agents, and why traditional security playbooks don't work when the system you're defending is non-deterministic. Elad shares why "intent security" is the new frontier, how agentic red teaming finds vulnerabilities a hundred humans never would, and what happens when an agent goes rogue (hint: it doesn't have to be malicious to cause real damage). Also, what it takes for innovative non-traditional vendors to actually move at the speed the federal government now demands. Finally, if you task an AI agent to keep your house clean, you better make sure to instruct it not to kill your family.