ICYMI: Innovation from the Unconventional Artwork

The Buzz with ACT-IAC

Welcome to The Buzz with ACT-IAC – your source for the hot topics and top issues affecting the federal technology market. Join us each week to hear insights from government and industry leaders, stay informed on the topics facing government, gain access to thought leadership and valuable reports. Subscribe to follow us on your favorite podcast platform.

All Episodes

The Buzz with ACT-IAC

ICYMI: Innovation from the Unconventional

January 08, 2026 • ACT-IAC

This panel features a discussion on innovative approaches to cybersecurity within various federal agencies. Key contributions come from James Donlon, Vice President at Oracle Group, and panelists Beckie Koonge (CIO of the National Weather Service), Anthony Brannum (CISO at the Department of Agriculture), and Jonathan Kraden (former federal policy advisor). The panel emphasizes the importance of balancing innovation with safety, tackling cybersecurity challenges, and leveraging AI for efficiency. They also highlight the need for cultural shifts within agencies to foster innovation, the significance of public-private partnerships, and practical steps for integrating new technologies while maintaining secure operations. The speakers advocate for better communication, both within the government and between the government and private industry, to enhance cybersecurity measures effectively.

Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.

Learn more about membership at https://www.actiac.org/join.
Donate to ACT-IAC at https://actiac.org/donate.

Intro/Outro Music: See a Brighter Day/Gloria Tells
Courtesy of Epidemic Sound

(Episodes 1-159: Intro/Outro Music: Focal Point/Young Community
Courtesy of Epidemic Sound)

Pete Tseronis: [00:00:00] Okay. Um, well, a quick little, uh, public service announcement or recognition. Uh, shout out to Colleen, Carly, Christina. Yes. The three C's, Jordan and Jillian. You've seen them around. They're keeping me on cue. They're amazing. Of course. Carol Miller, Dave Rinn. I don't know if Dave's here, but, uh, shout out to act I a little, uh, applause for Act Diac pulling us together on a Friday.
Pete Tseronis: Absolutely. Okay. Um, I know I have a couple things. Okay, that one's off. Alright, next panel. Before lunch, I'm going to introduce Jim Donlin, who actually has the same master's degree as me from Johns Hopkins University. Love it. I like that little connection. Lemme say something about Jim here, Oracle Group Vice President.
Pete Tseronis: Badass to use. Uh, a little bit of Luke McCormick, iss ai machine learning, enterprise data management, business analytics, hybrid cloud strategy, and cyber. Of course, he also maintains a JD from the formerly known as Concord Law School. Fun fact. Now, the Purdue Global Law School, [00:01:00] I don't know if even you knew that.
Pete Tseronis: He did. All right. Well, uh, Jim, you're gonna introduce a great panel and, uh, really enjoy this, uh, upcoming topic
James Donlon: well before. Are we on? Now we are outstanding. Uh, thank you everyone. Well, I'm gonna invite our panelists to come on up and I'm gonna let them introduce themselves because they can say many more wonderful things about themselves before we get into it.
James Donlon: Uh, so Becky, Tony and John, welcome. Uh, we do a little switch right there. Pop up.
James Donlon: We go. Alright. With that technology, I don't, you go ahead and, uh, introduce yourself.
Beckie Koonge : Hi everybody. I am, my name is Becky Kunz. I'm the National Weather Service Chief Information Officer and like some of my other colleagues here with the federal government, multiple hats. I'm also the CIO and that actually was my job prior to becoming the CIO.
Beckie Koonge : Um, anyway, we'll talk a little bit more.
Anthony Brannum : Uh, good morning everyone. [00:02:00] I'm Tony Brandham. I'm the Department of Agriculture's, uh, chief Information Security Officer. And I only have one role, so one job or we'll give
Jonathan Kraden : you a few more. You're, you're unique in government right now.
Anthony Brannum : I am.
Jonathan Kraden : Good morning everybody.
Jonathan Kraden : That's one more job than I have right now. My name's John Creon. I am recently, uh, resigned, retired from the federal government, um, having worked for about 20 plus years in all manners of policy throughout the policy stack at GSA, um, and most recently at cisa. Um, helping to stand up a customer experience and communication shop at the program level of the organization within cybersecurity division.
Jonathan Kraden : So it's good to be here.
James Donlon: Great. Thank you all. So this is an interesting session and I like that it's right before lunch. So my only goal is to have you all say something a little bit controversial. So lunchtime discussion will be that much more intro. Interesting. So, uh, the title of course, innovation from the Unconventional, and we're talking about cybersecurity, but breakthrough [00:03:00] technologies in Cyber sec, uh, security.
James Donlon: So I wanna start with each of you with your approach to innovation. Uh, and, and how you do that in a world where you're talking about cybersecurity, uh, how do you balance those two things? The go fast, innovate versus be safe and mitigate risk? Uh, we'll go in reverse here. John. I'll start with you and then we'll come back to you, Becky.
Jonathan Kraden : Uh, yeah. So I focus, uh, I'm lucky to be up here with two amazing technologists. I've been around technology for. Decades, but I'm focused more on the people and the process side, right? So whenever I look at innovation, I wanna make sure that, um, we're remembering that technology is just a tool. Right. It's a means to an end.
Jonathan Kraden : Um, a lot of times it can seem like the end in and of itself, but you wanna make sure you've got governance. I know that was mentioned on the previous panel. You need to make sure you've got the processes in place, um, to do things in a responsible way. And I know I'm, I'm sounding wonkish and, and boring, [00:04:00] but it's, it's unbelievably critical.
Jonathan Kraden : Um, because if, uh. I've seen too many times where the technology is the thing itself. Um, and it often results in a gap between kind of the promise of the technology and implementation and execution. So, uh, that's kind of where I come at it from is from the people side of things, making sure that we're thinking about the experiences of the people that are implementing it, the people that are gonna be using it, and how do we maximize.
Jonathan Kraden : The value that we're actually getting from this technology. 'cause we don't need more bells and whistles and cool things. We need actual like implementation and progress in so many areas. So
Anthony Brannum : that's a great question. I think, um, for me it's really a balance and it's a. Partnership with your customers within the department and their constituents directly serving, because there's so much technology out there.
Anthony Brannum : If you're the assist, so you're worried about all of it, you're gonna shut it all off because risk compliance, you know, that is really [00:05:00] very mundane in terms of how do we adhere to fsma, how do we adhere to the N framework? So it wasn't really built to be agile in the way we need to do today. So it's really how do you partner with them?
Anthony Brannum : How do you enable 'em? How do you provide the guidelines to allow them to do this without just saying no. A lot of times what we've found is we started doing like innovation hubs. How did we do innovation hubs? How do we do open calls where they come in and they may build, you know, chat bots, for example, or they may do RPA or machine learning, or we may work with like our scientific piece.
Anthony Brannum : All right, you guys are on a separate part of the network. We'll give you more freedom than other parts. And so really that balance, not everything can be at the high moderate level. Sometimes you, you work with them or can we do it at a low level? How do we restrict our data? How do we give them access to our technologies?
Anthony Brannum : And so it's that partnership that we have and so across government, especially one of the things we're looking at, how do we be more nimble in some of our compliance and risk management? Then also then how do we let them innovate and guide them and secure it as it's going along with what that makes the [00:06:00] most sense.
Beckie Koonge : Yeah, I think that's a great question. So give you something shocking or whatever for lunch right now, like it gave me a challenge there. But, um, I would say like, as I, especially as I, you know, advanced up the ranks into the senior executive side of the government is that my leadership style has been primarily, um, sort of along with the Wizard of Oz theme, Dorothy, rather than the technologist kind of behind the curtain, which is typically like how folks in it tend to operate, right?
Beckie Koonge : Like, we don't always like to just sort of go out and walk the yellow brick road and find out what our mission areas, what those challenges are. Um, so, you know. Also, one of the ways we really try to innovate, innovate in with a weather service was to create a council called the Innovation Council, which I'm one of the co-chairs of.
Beckie Koonge : But of course in government, when you create a council, that sort of kind of flies in the face of like really how you truly like enable innovation across an agency. So, you know, I think we've gotta be willing to break a few glasses and, [00:07:00] you know, mirrors even, you know, to, um. Innovate, but establish in a culture where taking risk is okay to do, and with the lives and property mission that we have.
Beckie Koonge : That's hard because we tend to, even on the development side, research side, also apply some of those same principles. Um, so I think that's probably like one of the key things. Overall. I'm sort of also focusing on the people side. 'cause I think that is really where a lot of our risk actually lies. Even though the technology's out there.
Beckie Koonge : Will we use it? Do we use it well? Are we willing to try some new things and enable that?
James Donlon: Yeah, I'd like to pull the thread on trying new things. 'cause I think that's one of the things when you come from the commercial side and then you come into government, you know, uh, right or wrong, there's this perception that, you know, in, uh.
James Donlon: Industry, it's go fast and, and innovate and not be afraid to break things. And of course we've gotta balance that. But, uh, my question specifically on cyber is what kind of innovative things have you been doing? Uh, how have you changed [00:08:00] the thinking? And then maybe talk about a few examples and then add to that, what do you think has to change overall for government to be better about using that very specifically for cybersecurity in, in terms of taking on this new technology?
James Donlon: Uh, Tony, I'm gonna start with you on that.
Anthony Brannum : So I, I, I think the basis of, uh, especially across government is like, um. We don't share. I was listening to some other panelists, but we don't share information. And so, so one of the things we're really looking at is if DHS does something or agriculture does something, or energy does something, they've already started to look at it, share this information, so don't we start over that way it allows us to be more agile and to move faster.
Anthony Brannum : 'cause a lot of times we all have different priorities and if we're doing something and we can say, oh yes, my colleague over in DHS or, you know, HHS is doing something, let's look at their package. How can we adopt it and we can move faster. And so that's one of the things we're really looking at is how do we become more agile?
Anthony Brannum : And so as we're looking at break, you know, how do we commercialize things or use things like, you know, we're doing like [00:09:00] commodities, how do we do like meat inspection? How can we grade it using artificial intelligence, machine learning, how do we do this? And forest service, you're looking at how do they use different things for like geographic things and predictions.
Anthony Brannum : And so then we're also look for our acts, USDA, you know, we've already started to innovate. How do we take all this in and start to. You know, take some of this, uh. Information in to be able to respond to the public quicker. So we're really innovating. We're pushing forward. You know, we're a partner with GSA, we're gonna be the first ones to go live with their chat bot to cross, you know, USDA.
Anthony Brannum : We have an internal chat bot that we rolled out later this year that's for the help desk. And so we're really driving towards the innovation. We're doing this purposely in terms of what can, what can we expose our data to and how do we do this safely, but how at the same time, how do we move quickly?
Anthony Brannum : Because this is what our customers need and this is what the public needs.
James Donlon: What do you think, Becky?
Beckie Koonge : So a couple things. I think that's really important for us in the Weather Service and even all agencies, is to really take a look at our existing processes, [00:10:00] because the pace of change and the pace of just delivering services and innovating quicker, is it ever increasing.
Beckie Koonge : But our processes haven't been adjusted yet. Like to go along with that. So, you know, on the cybersecurity side, we tended to kind of see the risk management framework as like a waterfall. You start at this step, you move, you know, I used to argue with Dr. Ross about we need a step zero, which is build a really solid foundational security program that has resiliency bit built into it.
Beckie Koonge : So we don't become that roadblock to, you know, the next application or IT system going live. I think we have to redo our FSMA boundaries to really align better with actually our outcomes we're trying to achieve. Um, as well as of course on the policy side also, I mean, policies tend to be harder and longer to change and, and these days there's a lot more sort of senior level oversight of changes like that.
Beckie Koonge : Like everybody, you know, before you can do an all hands, you know, we need to kind of run that up the flagpole about what we're gonna talk about. So it's just like being able to kind of like quickly [00:11:00] adjust to those changes. And then modifying the policies that support that. Um, as well as just overall in our IT systems themselves.
Beckie Koonge : Like we still have a lot of on-prem sort of legacy architectures and changing those quickly can be painful 'cause they're like belong to certain folks or kind of like their babies. So, you know, getting folks to kinda lean into the hat. You know, being will, being willing to like, be part of the solution.
Beckie Koonge : But I also find like if you like assign that to the folks who've care and fed those IT systems for years, you've gotta inject like some folks who are leaning into change to be leading those efforts. 'cause it's really hard to ask the same teams that have been running the systems to now change them immensely or, you know, even maybe eliminate them.
Beckie Koonge : So, um, so yeah.
James Donlon: Yeah, I think, and it speaks to the people part of it. Uh, so there's a lot of technology that folks want to take advantage of. I I always use the example of things you do every day. Uh, so John, from your perspective on people and [00:12:00] process, what, what could you do? What's some practical advice to get people to change?
James Donlon: Uh, we hear about server hugging. We're her, uh, hugging big data centers now in some cases.
Jonathan Kraden : Uh, I wanna piggyback off something that Becky said, which I think is a critical component and probably one of the most difficult things to tackle, and that's culture. Um, creating a culture of innovation. Uh, you need to create safe spaces for people to lean forward.
Jonathan Kraden : And, um, as you mentioned, in the private sector, it's, it's more okay to fail. Um, and in the public sector there's a number of reasons why. Um. That's not as. Okay. Um, and I'll add one, and maybe this is controversial or not to give us some stuff to talk about over lunch. Um, but we need to recognize that people are beaten down.
Jonathan Kraden : Right. The last 10 months have been. Unbelievably challenging for the federal workforce and for the [00:13:00] contractor workforce. I see a lot of people out here that just, it, it's been tough. Um, and I think it's created a lot of disincentives to lean forward and to innovate. Right? And it. As a former Fed, I constantly heard we need to do more with less.
Jonathan Kraden : I'm sorry, but that's crap. There are some times you just need to be honest with yourself and say, we're gonna do less with less, but let's figure out what that is. Right? Let's actually prioritize what it is we're going to do and do that well. Because as a fed of 20 plus years, I saw countless times where we were doing things where I would just look and be like.
Jonathan Kraden : Why are we doing that thing and why are we doing it so badly? Why are there 10 people in this meeting when we shouldn't even be having this meeting? So, I, I want to end in a positive note here because I think, I don't know if anybody's ever read anything by Ryan Holiday. The obstacle is the way, [00:14:00] um, discipline is destiny.
Jonathan Kraden : The obstacles is the way, as a book, I always come back to, because there's kind of this kernel in there. At the end of the day, it's all about, in every obstacle there's an opportunity for growth. Right? And that's where I think we are right now. There is tremendous opportunities. I'm not saying this is gonna be easy.
Jonathan Kraden : I feel for my fed, my former Fed colleagues on the panel here because it's challenging, especially with the workforce that we have now that's demoralized and beaten down. Right? And it's going to take leadership. Um, and I'm happy that. You all are still there in the federal government leading this charge because we need more people like you and we need more people that are creating the space and the grace for other feds and other contractors to do their best work.
Jonathan Kraden : But that's, uh, I mean it's, the culture is, is the biggest challenge.
James Donlon: Yeah, I think you'd probably not get much of an argument in this [00:15:00] room right now. Uh, one of the things in a technical setting and also in cybersecurity, uh, I've run teams of engineers before and they like nothing more than the play with new technology.
James Donlon: Yeah. Um, so kind of piggybacking on culture and kind of incenting people, uh, especially in a technical discipline. Uh, Becky I'll start with you this time. Uh, have you thought about how you incent your, your technical workforce, your overall workforce? For sure, but in this. Ciso, CIO role, uh, what kinds you've d uh, things you've done maybe to say, Hey, this is how we're going to take an opportunity to learn new technology.
James Donlon: Uh, even for those folks that have been working on the same systems for, you know, 20 or maybe 30 years,
Beckie Koonge : I can think of like a lot of actual examples, right? So maybe telling a story might like answer that question best, but, uh, recently I worked with a Noaa CIO to authorize for use the G like we're a Google shop at, no, for those of you who don't know that, but um, to.
Beckie Koonge : To use Gemini, you know, to bring some AI to into play, which now that I have it, it's like my best intern [00:16:00] ever because, you know, I can say on the cybersecurity side. You know, I felt like it took us 10 years to, for me to like inject change and then improve our cybersecurity. Not only, you know, technically, but culturally as well.
Beckie Koonge : Now it's like part of a lot of our IT systems as well as our mission folks. They think about security when they're working on a project, which is pretty massive for me to see that. But, you know, to, to really like encourage my staff to play with that tool. And to use it against all of those massive amounts of information we have on the cyber side.
Beckie Koonge : I mean, how many of you guys are doing like security control assessments and you got all this data about how controls are being met? We can unlock so much from that. Figuring out how to do things like collectively across that organization to solve a specific control that in the past, my system owners would be like, well, why is this region over here in forecast office X, Y, Z, doing it different than, you know, up in Alaska, you know, all the way up at [00:17:00] Fairbanks.
Beckie Koonge : So it, it's really been massive. Although sometimes you've gotta, you know, the human factor is still critical because you gotta double check that information. It might, you know, even it even argued with one of my cybersecurity folks about, yeah, this is the answer. And he is like, yeah, but it's not, are you just making this up?
Beckie Koonge : And Gemini was like, well, yeah, I kind of am. So, it was pretty funny, but. You know, like, and my cyber folks are probably the funniest people on the planet. I'm just saying, you guys probably have noticed that too, if you sit in on their chats or their, their spaces that they have. Um, I also think like right now too, like we've got to do something to improve communications.
Beckie Koonge : And I don't mean just like technical side 'cause we need that too. You need resiliency in your networks. We need to use low orbit, you know, low earth orbit satellite communications, you know, SD WAN on, you know, get chip such in your laptops so you can tap into cellular comms. 'cause I think that's probably the future where we end up, at least according to my Verizon POCs that might be in this room today.
Beckie Koonge : Um, [00:18:00] but. You know, comms are hard with the pace and, and really the change, I think that you just spoke to, you know, communications are very much top down in some regards, but yet the, the boots on the ground, they still need to know like what we're doing, how are we doing it, what, you know, how to get, you know, a travel authorization all the way through.
Beckie Koonge : And that's having an impact, I think ultimately on the risk posture. Yeah.
James Donlon: And Tony, I wanna kind of to piggyback on that a little bit, similar question, and I also wanna dove-tail into, Becky mentioned, you know, satellite communications. Mm-hmm. So I wanna talk about one, the first question, how you're motivating folks who are really heads down in a very defensive posture a lot of the time.
James Donlon: Uh, how do you give them something to look forward to? And then the second part of that is, um. Then how do you talk them off the ledge when you tell 'em you're gonna take all their data and put it out at the edge on satellite D devices that you have no control over?
Anthony Brannum : So cyber, I think cyber training's, uh, been a difficult thing over the last couple of years, especially with the pace of change.[00:19:00]
Anthony Brannum : Uh, you know, we have a lot large gap and I think in the community even for like, how do you assess ai, for example? I know that's one of the things I worry about. How do I train my team to be able to assess this and help us, this risk management as it continues to change? And so we're still looking at ways to, you know, to, uh.
Anthony Brannum : Empower them to learn. You know, we give 'em access to the tool sets, let them start to look at it. But then one of our big things we're looking at over the last couple of years is like sock modernization. How do we can continue to modernize our sock operations? So every year we do an assessment of all of our tools.
Anthony Brannum : What should we be doing from, from a technical perspective? I think that, uh, invigorate them, gives them input into the tools that we're gonna use in the future. What's the best tool set should we be using? What should we consolidate? What should we get? Move away from. So this is a way for them to really have buy-in.
Anthony Brannum : From my perspective, the more buy-in they have, they're more excited. They'll get about it and they, they'll start to self-learn. I think the technical people are the, when they're excited about something, this is, when they're go out and learn it, they'll do it on their own. And so we adhere to that. We do train their [00:20:00] trainer.
Anthony Brannum : We try to send 'em to class as much as possible. You know, we take free, you know, we take advantage of some of the SIS offerings when they were having that past couple of years. And so I think that's been very beneficial to us just from a strict training perspective. And then in terms of like how do we continue to innovate and secure things?
Anthony Brannum : Well, USDA is very broad. I mean, we have inspectors all across the United States, outside the United States, so it's always been a challenge on how do we secure drones or how do we secure the data communications. If you're have like, uh, doing crop reports for part of the plant protection or you're doing inspection across the, the board for cattle or horse.
Anthony Brannum : And so that's always been a challenge for USDA. How do we do this? So we're very purposeful of it. I mean, we're very much zero trust from like five years ago. Zero Trust has been our main push across the department. How do we get there? Because we couldn't do. Security out in the field without zero trust, even for the satellite communications.
Anthony Brannum : So from every endpoint device all the way back in the end, you know, we've really been very purposeful in how do [00:21:00] we partner with industry to get the right tool sets to allow us to secure the environment. So,
James Donlon: and John, from your perspective, um, how do you do zero trust but trust the people because you're actually delivering that capability out.
James Donlon: Both of your cases, uh, to folks that are in the field. Uh, I picture the classic government worker with a holster with their work phone and their personal phone. Uh, so, you know, just thoughts on, on how we navigate that, uh, as we go forward where the, the phone itself is ubiquitous, not to mention drones and, and really, uh, bolster communication networks.
James Donlon: We can literally be anywhere doing anything.
Jonathan Kraden : And this is what. Gets me excited for the opportunities that technology presents. Right. And when you talk about zero trust, I mean it starts for me with just a, a recognition that this is a fundamentally different way of thinking about cybersecurity. Um, and there's a massive change management piece to that.
Jonathan Kraden : And I wanna piggyback once again [00:22:00] off something. Becky said about communication. We should never underestimate the need to communicate with people about what it is we're doing and why we're doing these things. Um, because you've got a lot of great people once again on both the Fed and the contractor side that want to do the right thing.
Jonathan Kraden : Um, and we wanna avoid. Placing them in just purely compliance roles. Right. And that's where like we need people to think differently about our security, about the technology we're bringing into our, uh, kind of networks and our enterprises. And in order to do that, you need to. Create, and I, I sound like a broken record here.
Jonathan Kraden : You need to create that safe space for people to do their best work. Um, I dunno if that totally answered your question, but it's just I want to, once again, I, I don't want to be negative about the challenges we face. We face challenges, we've always faced challenges, but there are tremendous opportunities.
Jonathan Kraden : And to piggyback, uh, off something you said, I'm [00:23:00] doing a lot of piggybacking here, but it's that, that idea of AI and I, I don't remember who mentioned it on the, the last panel, but it was that it. AI as an empowerment tool. It's AI as a way in which we can help our people, not just a Yeah. It helps with kind of the, the random, like it helps my kids with their essays, right.
Jonathan Kraden : Which is another problem. But, um, it's, it's AI to help us prioritize what's truly important. I mean, if we can start to use these tools to, to get rid of some of that lesser work that we have people doing and instead. Truly focus on that, that more important work that we want them doing. I think that's a key to kind of melding the technology and the people to get two plus two equals five.
James Donlon: Yeah, you're you're teeing me up perfectly. You go ahead though, 'cause you have a thought there, Becky. I had a
Beckie Koonge : thought and so I'm gonna like interrupt you before you do the next question because when the first you were asking like, what are we doing to [00:24:00] incentivize, like taking risk and innovating and I'm thinking, oh, I don't know if I quite answered that one, but.
Beckie Koonge : One of the ways is that as leaders, and I'm sure all of us in this room are leaders, no matter what position we hold, you've got to give them top cover to do that. And with my team, even though like there was like, especially in Noah, there was just all this angst around like what might happen, you know?
Beckie Koonge : And you know, say something a little controversial over here, but I told my team, I was like, as long as I'm still in the chair, you guys can, you know, like I can't guarantee miracles, but I got your back. And you know, I can see our role expanding ever further. You know, as being part of this. You know, I'm a CIO and I've got this core group of, you know, small group of feds and then quite a few contractors.
Beckie Koonge : I consider them the contractors part of our team. Right there is that line, right? Like I have to still have to be careful, but we're all in this, you know, ship together. Let's focus on outcomes. Let's lean into providing services and [00:25:00] consolidating services where we can. But if you consolidate services, do it well.
Beckie Koonge : It doesn't have to be perfect, but manage expectations with your communities that, you know, we're gonna start consolidating contracts. Now, there's a big focus on that. Like, I don't need 35 different cellular contracts across weather service. Maybe we have a couple. Um, so we're looking at stuff like that.
Beckie Koonge : But, and you know, like an example, I wanna redo all of our FSMA boundaries. But we're on this cloud migration, technology, migration, ai, like how are we gonna lean into that? And then how are we gonna redraw those boundaries to actually be more. Efficient and effective and focusing on security outcomes and doing that in an agile way.
Beckie Koonge : Embedding your staffs with the folks as they're building the projects. Not at, you know, like the old way, tail end. Oh I need to do that. Security control, sorry, not doing it. Let's risk accept it. So, you know, I think that's like key is communicating often, like you said, and I don't think I've said, but also.[00:26:00]
Beckie Koonge : To incentivize risk taking. We gotta give them the ability to do that. And some of that is, a lot of feds still feel like they're on quicksand is, you know, trying to like at least get that more solid so that they can start feeling like, okay, all right, we're, you know, some of that's past us now let's focus on what we're gonna do to rebuild or.
Beckie Koonge : You know, dust off, you know, take off the dust and get back to the business of our mission.
James Donlon: Yeah, and I think you know, it, it sets up the next question really I was gonna ask, because it's really, when we talk about artificial intelligence, what are you doing now? And Tony, I'm gonna start with you. Think of maybe an example if you have it, not only what you're doing, but why did you pick that one?
James Donlon: And why don't you pick it first and maybe what you're thinking about next, because we talk about maybe the first generation, it was the Oh wow. Moment. People actually saw it first, even though I, I think it might have been the last panel they talked about the fact that we've been doing this in other contexts.
James Donlon: Uh, for example, in financial services for 20, 30 years in terms of transparency. But I'd love to know now. It's been a couple years in government, a lot of focus. [00:27:00] What are you guys doing? What do you have next? And again, I think the important part maybe for the audience at least I'm curious about is why'd you pick those, Tony?
Anthony Brannum : So, great question. I think there's two components. One is what are we doing just from a cyber defense, right? Cyber threat? And then what are, what's our, the people that we serve doing? So there's two different things. And so I think overall, I think, at least from my perspective, from a cyber perspective, we've been slow.
Anthony Brannum : In terms of adoption, 'cause how do we actually use it? How do we do threat hunt, how do we do detection? How do we use it for vulnerability management? So those tools have kinda lagged and the way we rolled it out purposely, I think some of that's just 'cause of FSMA boundaries and so that's some of the compliance issues that we've had.
Anthony Brannum : How do we actually do it? We've been been much more successful in rolling it out to the broader department for actual use within the department, whether it's a chat, a couple chat bots, we have. Um, uh, where this one for our call center, where I mentioned earlier for our S-U-S-D-A, we have some generative a on, on that to process the intake of [00:28:00] those questions and emails and be able to respond back or provide guidance to the people that are actually doing the response back to the customers.
Anthony Brannum : Uh, we're using it for some, uh, grading of commodities, for example. How do you grade meat or cotton? A lot of this can be done by pictures and stuff, and the same things that inspectors do. So we're starting to use some of that intelligence within our agricultural marketing service to be able to do that.
Anthony Brannum : And four services I mentioned earlier, we're, we're looking at how can we use this for some of the fire detection? And so as we're looking at that, these are things we're really piloting. Um, and so we have some other areas that we're also looking at for like loans for example, is different part of the department.
Anthony Brannum : How can you use this part of the, the loan processing? So we have many different things in the hopper now to kind of roll out. Some of 'em we expect to be rolling out soon. Some were about, uh, very imminent and so we have very many different things. Um, I'm really focused this year on the cyber piece because the threat hunt to me, the, you know, I think in defense is the most valuable thing that we have.
Anthony Brannum : Reading the logs, you know, we have some, [00:29:00] someone talk about gigs and gigs of logs we get every, every day. It's too hard for our analysts to do this and sift through it. And so there's a couple of things we're doing at a federal level. One is what is the right logs that we're collecting so then I can use AI to start to.
Anthony Brannum : Go parse it and say, all right, flag this. These are the things that we really need to concentrate on.
James Donlon: Yeah. And Becky, I'm gonna go to you first and then John on the same question. Just again, any examples and, and then maybe some of the why, if you are able to share that.
Beckie Koonge : Okay. So I think I already mentioned kind of like we're using Gemini.
Beckie Koonge : So my team now has a new, uh, verb. We're Gemini things all the time, which. One of the ways I think to, to start to lean into AI is to let people play with it and start to use it and using it on small things with sort of larger unlocks. You know, the whole a NA process with all the documents you sign and all the components that go into it.
Beckie Koonge : Like we can really use, even if you're, you still are using spreadsheets or, you know, uh, Smartsheets or whatever to sort of document a lot of that, start to [00:30:00] use AI to, to really, you know, clean up the efficiency side of things. And then people say, oh, that's pretty cool. Let's do more of that, which is already starting to happen.
Beckie Koonge : Also within the weather service though, like we have massive amounts of data. We have high performance computing, both, um, research and development. Stuff that's, you know, starting to be in the cloud as well as our, like, dedicated on-prem data, big data centers, the wa, the weather models. I mean, you guys have all heard about all the various like, you know, weather models that are out there.
Beckie Koonge : Which one's best? How do we harness that? And then we've got our vendor communities, you know, Google, Microsoft, et cetera, using AI and weather modeling right now, right? Like, so we are looking at that. How do we incorporate those? Those processes and technology into our very physics space. Massive amounts of, you know, modeling that we're doing, whether it's a hurricane or you know, those severe storms.
Beckie Koonge : And by the way, it's gonna be stormy for your Thanksgiving travel, just so you know. But DC Thanksgiving day is gonna be sunny, so let's see if I'm [00:31:00] right. But, um. And then we're continuing that theme of like leveraging just the existing AI tools into things like fitara, like we all have, you know, capital planning of fitara requirements in the government.
Beckie Koonge : So we're looking at ways like, how can we like do you know, more umbrella strategic type investment authorities that the CIO is like, wow, okay. You guys are really innovating in those ways as well. So mostly it's, you know. And I think you mentioned something I say a lot is let's not do more with less.
Beckie Koonge : It's do less with less. And that's what AI is going to definitely allow us to do is and then prioritizing where the biggest unlocks are. And you can ask the AI tools to help you do that too. Like what would be the biggest impact? You know, might seem like a small change, but could be massive. And that's kind of been my career.
Beckie Koonge : I've always considered myself a little bit of a disruptor. You know, for those of you who do Myers-Briggs, I'm an ENFP, not an ISTJ. So there's [00:32:00] inherent conflict every time I am, like trying to do something innovative with the rest of my, uh, you know, collaborators and crime, I guess you will, you know, at the leadership level.
Beckie Koonge : But, um. It's fun. Like, you know, like once we got past some of the, the painful stuff of, you know, redefining government, I'm finding like I'm having so much fun in my job. That's one of the reasons I'm still in my chair, you know, is it's a lot of fun to, to really start thinking about, wow, all the stuff I've wanted to change over the last 10 years I might be able to do in a matter of weeks.
James Donlon: So, so John, you get the fun question 'cause you get to say it from the outside. What should they do,
Jonathan Kraden : uh, and why? Uh, before a. Answer that I wanna add, Becky. So I'm traveling up to New York on Wednesday morning. How does my forecast look or should I wait? Give,
Beckie Koonge : can you gimme a minute on that one? Okay. I know some people
Jonathan Kraden : ask Rock just to double check.
Jonathan Kraden : Um, so at. Right. The obstacle is the way there's so much opportunity here. [00:33:00] Um, I want to, I'll come back to your question, but I want to talk about, once again, for me, when I think of ai, um, given my background and policy and experience, I think more about that policy space. And Jordan, I'll, I'll give you a shout out.
Jonathan Kraden : Um, I'm gonna look up that Fed Reserve, uh, policy because it's fascinating to me, um, where we go here because about. 12 to 18 months ago, I was staffing my executive and we were having a conversation with other CISOs about what they need to do in the AI space, and it was clear that the, the horse was out of the barn, right?
Jonathan Kraden : I mean, there was just, people were already out there, they were doing it. Whether or not we were thinking about it didn't matter. People are using it. They're using it in their personal lives. There's obviously some rollover into their professional lives. So how are we. Thinking about this from a policy perspective, and one of the things, one of my bugaboos with policy is that it's typically very, very, and this is just the [00:34:00] way it works.
Jonathan Kraden : This is how Congress works, this is how OMB works and how things travel through the policy pipeline. We need to find a way, especially. In technology to be more receptive and responsive to the needs of agencies when it comes to these types of policies around AI and things like that. And I'd love to see if, if om b's listening, I'd love to kind of talk to you about creating these types of feedback loops, um, when it comes to policy, um, around ai.
Jonathan Kraden : Because it's one thing to put out a policy, but then it's another thing to. Three months, six months, a year later, reexamine that policy. It's not something that the government is good at doing. It's usually a set it and forget it and we'll come back to it in a couple years. So, um, yeah, I don't know if anybody from OMB is here, but I've got some ideas on that.
James Donlon: If they were, they just ran to the back of avoid You, it's like, I gotta avoid that guy.
Jonathan Kraden : Um, so what was
James Donlon: the other
Jonathan Kraden : question?
Beckie Koonge : How about FedRAMP too? Can we talk about that? Oh,
Jonathan Kraden : yeah.
James Donlon: We're gonna touch all the third rails today. Now, it just, uh, [00:35:00] the last part of that was, uh, what would you do in, in terms of projects you would start with, and, and why would you start with those right now?
James Donlon: Maybe just kinda a quick summary.
Jonathan Kraden : I, I'd go back to what's been said before. I would look at ways in which we could use this. Type of tool to help us prioritize our priorities. Um, somebody on the last panel talked about like all the shiny new toys that were, or that were created that we've just left out there, and they have open doors that we know about and open doors we don't know about.
Jonathan Kraden : A friend of mine used to talk about how in in government we, there's so many half finished toys. Out there. Like we just, we need to kind of figure out, like look across all the debris that's sitting out there and be like, okay, let's shut that down. Like, let's make the the conscious, affirmative decision to stop doing things.
Jonathan Kraden : And that's hard. And I've heard of some friends, um, that are in different departments that are trying to do that in this moment, this opportunity that they have. What do we [00:36:00] reduce? What do we completely, um, replace and what do we. Retain and invest in. Right. And I think that would be my recommendation to any executive, any leader, um, across the federal government is use the time to take some, uh, like really careful and thoughtful looks is at what it is you're doing and what you really could do less of.
Jonathan Kraden : Right? And, and that's the idea of doing less is so that you can do more of the important stuff. Right. That's where we are right now. And that, that's an opportunity. Um, but it's gonna take leadership. Um, and that's, it's hard sometimes.
James Donlon: Agreed. Um, I'm gonna end us on kind of the final question, pivoting a little bit to private public partnerships.
James Donlon: Um, there's been some unconventional partnerships. Speaking from Oracle's perspective, uh, I am now a partner with Microsoft, which I never thought 15 years ago I would ever say that. Uh, we run Gemini's, LLM in Oracle Cloud. Uh, we run Oracle's [00:37:00] database and Amazon's cloud. So there's all these crazy partnerships that you would never have thought.
James Donlon: Which I think benefits everyone. Uh, my question, and Becky, I'm gonna start with you, then we'll go to Tony and finish with you, John, on this is, um, what are some of the public-private partnerships you think should happen and how could government do better to think more like commercial companies are, which is really being unconventional toward that end result?
Beckie Koonge : Yeah. Well, so I mentioned FedRAMP earlier. I think that's probably like, like a massive one because one of the questions I always get as we're looking at, say, a, you know, software as a service tool or you know, what is the FedRAMP? Is it, you know, low, moderate, or high? And challenges on, you know, how you might mitigate risk if you want to use.
Beckie Koonge : Something that's currently FedRAMP moderate when you've got like a FISMA high system with lots of either confidentiality, which we don't have so much at The weather service is more like the integrity and of course the availability component, you know, resiliency and being highly available, super important.
Beckie Koonge : Um, I'll give you an example of like [00:38:00] a, a public, um, private partnership that I recently did, and it was kind of like pre, you know, it was a couple years in the making, but I had this idea that, you know, I've got this, you know, highly. Technical and expert security assessment team with pen testing involved and that there was always like a contractual component to that.
Beckie Koonge : But you know, we tend to redo our contracts the same way. Each year is really hard to say, wait, I really wanna do something totally different. I wanted. To make it more scalable that I could take on more work. I pitched to the NOAA CIO, that I become the assessment provider for NOAA Poten. You know, and it wasn't mandatory.
Beckie Koonge : They, they should want to come and use our services and we started leaning into that, working with our acquisitions and grants office to do a different contract strategy that was more innovative, scalable. You know, as we onboard these, you know, systems into the program that we're anticipating, that we're already staffing up to be able to support that.
Beckie Koonge : And it [00:39:00] was hard, right? Like it took a couple years and then there, you know, are a series of things you go through in contracting that you've gotta kind of go all the way through to the end. But now that it's already in place and it was in place, right as. The new administration took over and there's an enhanced focus on efficiency and combining contracts.
Beckie Koonge : We had a vehicle and a staff ready to go to do that, but it was hard on my team, right? Like it was hard for them. 'cause now we've got all this additional workload so that we were trying to balance out. But it's been already very successful. So, you know, and we partnered with, uh, you know, an eight, a company actually.
Beckie Koonge : With a single BPA, but, so some of the challenges just been scaling fast enough, but you know, when you've got a good process and, and ability there to, to do that, it's, it's massive I think. And you know, we're like, people are knocking on our door all the time. Um, and you've got to innovate in your processes as well to be able to do so.
Beckie Koonge : So, you know, AI is unlocking so much for [00:40:00] us.
James Donlon: Tony, same question. What public, private, what do you, what do you do different? What do you think has to happen? Government side, private side, either way.
Anthony Brannum : So one of the things we do that's unique is, um, so in partnership with my CDO and CTO and security, we do a lot of, uh, engagement with universities, like challenges like hackathons.
Anthony Brannum : Um, some of the hackathons we actually do with industry and. And, uh, universities, some AI challenges. And so this has really allowed us to do things that, uh, we couldn't do in the federal space. Only. It allows us to do it within a university and setting or commercial setting so that we can have exposure to it.
Anthony Brannum : It's almost like a crowdsourcing into some of the technology stuff that we do. And cyber, I think that's a great, um, avenue. We've been able to do recently in the last couple of years. Um, so we have some partnership with some universities in Texas and some Colorado so that are active today that they actually have challenges.
Anthony Brannum : And so, um, so those are some of the things that we're doing, you know, even like just a plug in for act, I Act, I think this is a great venue for government commercial. [00:41:00] Uh, like one of the things I'm helping co-sponsor like a paper now. And so these are sort of the things I think we have to continue to do.
Anthony Brannum : You know, what are those partnerships, what actually provide some most value back to both sectors? And I think that's, uh, that's a win-win. Um, you know, some of the things that we even do in the department, we have industry days a lot. And so the in industry will come out like once a quarter something, and we'll stop by and start to how do we innovate?
Anthony Brannum : Where, where can we create partnerships? So we have to continue to thrive to do this. Uh, so those are just a few examples of what we're doing today,
James Donlon: John.
Jonathan Kraden : Uh, so I'll come back to the idea of, um, improving how industry and government communicates with each other. And I think both sides have some work to do there.
Jonathan Kraden : Um, right. I think that in the government, um. A lot of times things have just, a decision was made at some point and it, it just snowballs. And something that shouldn't be as hard, um, shouldn't be that hard, has become very hard because of [00:42:00] some decision that somebody made sometime way back when and they.
Jonathan Kraden : Think it's law, they think it's policy, they don't know, but it's just a thing we do now. Um, so I, I go back to the opportunity to reexamine the way in which we're communicating. Government communicates with industry. Um, and I'd also recommend the industry to think about how you're communicating, um, with the government.
Jonathan Kraden : A lot of times in my experience, there's been a. Okay. And especially when we're talking about kinda licenses and softwares and thing software and things like that, there's just such a focus on the license. There's a focus on getting the sale done and there's not a, there's a big messy middle between kind of a, a sale and the operation and maintenance.
Jonathan Kraden : That's, we need to spend more time on that implementation and explaining to. Helping the government understand how to maximize the value of your services, of your software, of whatever tools it is that you're providing. Um, I, I love to see industry do better in that space.
James Donlon: Yeah, I think, [00:43:00] uh, a key takeaway for me today in coming to these kinds of sessions is that communication, uh, and certainly a forum like today, uh, with ACT iact is, is a wonderful opportunity to do that where, uh, we can have these conversations, uh, especially over lunch in one minute and two seconds.
James Donlon: So, with that, John, Tony. Becky, thank you so much for spending time with us today. Uh, I appreciate your time.
Anthony Brannum : Thank you.
James Donlon: Thank you.
Pete Tseronis: Great job, Jake. Thanks. Okay. Um, can you all hear me? Yeah. Yay. Okay. It's lunchtime. So food for thought, pun intended. Uh, today is about cyber, but really I think I heard on this last panel when Tony was talking about, uh, agriculture.
Pete Tseronis: Um, if you think of the term critical infrastructure, whether you're in industry or in government, I appreciated John's comment. I think it's two ways. I'm former fed. I used to love when industry would come and tell me about how great their product was, but I'd say, do you know my mission? There's 400 plus [00:44:00] agencies in the federal government.
Pete Tseronis: Check the federal register. No way can one product for AI or cyber or threat intelligence or zero trust meet that requirement at one agency in the same way in another. So I'm gonna read to you that there are 16 critical infrastructure sectors whose asset systems and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would've a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
Pete Tseronis: There are three agencies that oversee these, this, this effort or this, this, um, ecosystem. ONCD, national Cyber Director, cybersecurity and Infrastructure Security Agency, cisa well represented today in the Federal Bureau of Investigation. My point is, when you think about the application of technology, those of you in industry and even on the government side, has to do a better job of conveying what we need.
Pete Tseronis: I feel it's, it's not about ai. Do I need a agentic, physical or generative? It's, it's more [00:45:00] like, what? What's the end game? Am I gonna cure cancer? Am I gonna have better food? Security. Am I gonna have better precision medicine, A safer power grid to turn the lights on? That to me is just an a suggestion while you talk with your government customers and in government.
Pete Tseronis: If you're talking industry, focus on the mission. The mission is what matters. We'll see you all at 1230. Have a great lunch.