B (4:22)

I'm very excited to be here. Thank you.

A (4:23)

Well, I want to dive in first. We just got done with the conference. You had a keynote. It was dynamic. Golda gave you a lot of love. You had a sort of. She expected you to go up there and do some good stuff and you delivered. So it was a good time. But let's recap a little bit. What have you learned from the summit today? What do you want to kind of distill from your keynote, the key takeaways?

B (4:46)

Well, I think first of all, the summit had a phenomenal turnout. Lots of people showed up, which is always great to see both in the government itself, but also in our partners that support the government. It's always good to see the interesting excitement in the cybersecurity space. I think probably what will be surprising to most people is that public sector is extremely lean forward. I think sometimes you think that they might be slower to new things, but they are. I mean, you can even say this. We'll talk in a bit about the new National Cyber Policy. They're very lean forward into questions about how do I implement AI properly, what does it mean from the adversary standpoint, and just asking a lot of good questions about really being proactive in some of the highest risk profile based environments.

A (5:19)

So you mentioned the Cyber Strategy. It's been one that we've been waiting for for quite a bit and would love to start from a broad perspective. We can kind of break it down later in the conversation, but, you know, that came out a few weeks ago. It sort of outlines the administration's priorities for enhancing the nation's cyber posture. A lot of stuff asking agencies and other organizations to really kind of take on those adversarial threats. So what's your key takeaway when you look at it? A broad perspective. We've been waiting for it for a while. Does it deliver in a way that you were hoping it did?

B (5:51)

I think to me, what's the most encouraging piece is again, back to being lean forward. The policy itself is basically weaving throughout about utilizing the advanced technologies around things like AI to help improve the defenses. And why I think that's critical is because, you know, there's skepticism and there's excitement on both sides about this. But the reality is, if you look at it from a threat landscape perspective, the adversaries have jumped onto AI far faster and far stronger than we have across the. Not just in public sector, but across all industries in defense. And this policy does a good job of stating that we really do need to ensure that. It's no longer a question of if we should use it, it's a mandate that we have to use it. It's the only way to try to get back to parity with the adversaries that have already, you know, accelerated with it.

A (6:34)

Yeah. So a lot of talk today about AI, ML, how that's injecting into the security space and then diving deeper into that national cyber strategy. Some of the key policy pillars that it lists out are shaping adversary behavior, promoting common sense regulation, modernizing and securing federal government networks, securing critical infrastructure, sustaining superiority in critical and emerging technologies, and then finally building that cyber talent and capacity. Which of the. It's a lot there, but which are the key ones that you think, you know, government agencies should really be focusing on?

B (7:05)

I think the three out of those are definitely the adversary, which we'll talk on in a second. Understanding adversary behaviors and focus on adversary activity, being able to strengthen our talent. There's a massive, as you know, I mean, everybody talks about the skill shortage. We need to figure out how to be, you know, bring in a broader pool of more analytical thinkers into this. And then just the general idea of making policies to make sense, moving faster. Right. I think the. In an age where every week now the technology landscape is changing, and again, our adversaries don't have the challenge of policies. They are taking the newest best thing, implementing it instantly to make their attacks more affordable and more expansive. If we are bogged down by administrative controls and policy requirements that take months or years to implement, we're already way behind where the adversaries are.

A (7:51)

And you mentioned sort of that shaping of adversarial behavior. What's the key takeaway there that you wanted to dig into?

B (7:57)

I think what I like about that a lot across the course of our Elasticon series, which has been across many different countries as well as here in the public sector, we've been trying to describe the fact that I think some companies in different verticals have felt like they have to be less worried or less focused on the sophistication of these nation state level attacks. And what we've seen now, adversarial AI has basically made it so that those what were previously sort of nation state, very expensive, very long to develop attacks have become much less expensive. But also it's reduced the sophistication level of someone who needed to accomplish it. Right. The ability to sort of vibe code and exploit based on a known vulnerability or use AI tooling and agents to actually discover new vulnerabilities that haven't been discovered yet. We've already seen the impact, we've seen the rampant rise of CVEs, the rampant speed of which zero days are being discovered across the environment over the past year. And I think what this policy helps to enforce is, look, it isn't just this top level or certain people that need to worry about this. The idea of what was a nation state level attack really is more about the sophistication level and the recency or newness of it. That's now a problem for everyone. Whether it's Fedsiv, whether it's retail manufacturing. Everyone now needs to worry about the ability to bespokely develop an attack for your unique organization and deploy it very quickly.

A (9:16)

So Mike, we're going to wrap up, the event's over, but there's still so much to continue the conversation. Where do we go next? What are the things you're looking forward to as we project into the future? And you know, what are we going to talk about this time next year?

B (9:30)

Well, I can't predict a year from now and things are changing so quickly. But I will say what I'm excited about now. I think this, the new policy, the National Cyber Policy, really helps set up now a detailed conversation on the how. Right. So it's, it's good that we have an idea of what to do next. But now it's about how to implement the how. How can we actually take these practices and make it not something companies build in for for the next three years from now. But I hope that, you know, our government organizations, but also, you know, every organization is implementing these things tomorrow, like as in this calendar year. Because as I mentioned, even over the past year, we're already so behind that if we just keep waiting and keep trudging through these policy changes or approvals to get there, we're going to be compromised. I said on stage earlier, if you're not using AI in the defensive side, it's a guarantee that you will be breached. It's just the nature of the beast.

A (10:15)

Now. A lot of work ahead, a lot to watch. Mike, thanks so much for your time.

B (10:19)

Yeah, thanks. I appreciate it. Thank you.

A (10:21)

For more news at the intersection of the federal government and technology, make sure to visit fedscoop.com thanks so much for tuning in to another episode of the Daily Scoop Podcast, available on all podcast platforms. If you've already rated the podcast on your platform of choice, thanks so much. High ratings and good reviews of the show help more people to find it. The Daily Scoop Podcast is a production of the Scoop News Group in Washington, DC. Adam Butler and Carlin Fisher help put the show together and the entire Scoop the OF News Group team contributes. We'll be back tomorrow with more top headlines. Until then, I'm your host. As always, Billy Mitchell. Thanks so much for listening.