The GIST of Govt IT

Minutes, Not Months: Inside the New Cyber Velocity Facing Federal Agencies

Mon, 08 Jun 2026 08:00:00 -0400

48 hours. That's the time it took for a federal employee credentials to be stolen as a result of a phishing attack, to being listed on a dark web marketplace. In Episode 8 of The GIST of Govt IT, Brian and Sean sit down at Check Point's Engage Summit in DC with Yochai Corem, General Manager of Check Point's Exposure Management division, to unpack what happens when both sides of cyber warfare have agentic AI — and why the next three years will not be kind to defenders. Yochai shares why pen testing once a quarter is no longer relevant, how a single Chinese developer built an entire attack program in a week using an army of agents, and what Iranian threat actors targeting Israeli hospitals look like in real-time during active kinetic conflict. The conversation digs into agentic red teaming vs. automated red teaming (and why the difference matters), why "safe remediation" still keeps a human in the loop, how to use the firewalls, WAFs, and IPS you already own as compensating controls when patching takes weeks, and the under-discussed reality that government leaders must put their hands on the keyboard with AI. Plus: Yochai's family cookbook and other vibe-coding stories.

RESOURCES MENTIONED IN THIS EPISODE

Featured Guest

- Yochai Corem, GM, Exposure Management, Check Point
- Corem Travel — Yochai's travel planning app

Check Point
- Check Point

- Check Point Exposure Management
- Check Point Engage Summit - Washington, DC

Check Point's Exposure Management Acquisitions
- Cyberint (now part of Check Point's external risk management)
- Veriti (automated security control management)
- Cyclops (now Check Point's CAASM offering)

Exposure Management & CTEM Framework
- Gartner Continuous Threat Exposure Management (CTEM) overview
- CISA Known Exploited Vulnerabilities (KEV) Catalog

Agentic AI & Red Teaming
- OWASP Top 10 for LLM Applications
- OWASP AIVSS — AI Vulnerability Scoring System for Agentic AI
- MITRE ATLAS (Adversarial Threat Landscape for AI Systems)

Threat Actor Tracking

- Check Point Research (threat intelligence blog)

- Check Point ThreatCloud AI

Concepts & References

- Air-gapped network security guidance (NIST SP 800-82)

- IRGC (Iranian threat actor background — CISA advisory on CyberAv3ngers)

Related Episodes

- Episode 7: Iran Came for the Dams and We Got Lucky: Frontline Insights into the OT Fight
- Episode 6: Cupcakes & OODA Loops: Inside(r) Insights Into the New Federal AI Cyber Playbook
- Episode 5: Vibe Hacking and Nation State Cyber Threats

Upcoming Events

- GIST 360 Breakfast Briefing at the National Press Club, July 14, 2026 - When the Perimeter Disappears

The Hosts & Show
- Swish
- GIST 360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

Iran Came for US Dams and We Got Lucky: Frontline Insights from the OT Fight

Mon, 01 Jun 2026 16:00:00 -0400

When Iranian-linked cyber actors hit U.S. water, energy, and government facilities through internet-exposed Rockwell Allen-Bradley PLCs during the sixth week of the U.S.–Iran military campaign, they did it with attacks that were eightfold above baseline and got within 30 to 40 minutes of opening dam gates. In Episode 7 of The GIST of Govt IT, Brian and Sean sit down with Matthew Shalbetter, Director of Strategy for Civilian Agencies at Armis Federal and a 16-year HHS veteran, to unpack what's really happening at the convergence of IT and OT. Matthew breaks down why cyber has become the great equalizer for nation-state actors, the difference between Iranian "disrupt and distract" tactics, and Chinese prepositioning ahead of a potential Taiwan invasion. The conversation digs into the cultural chasm between IT and OT teams, what the Ukrainians taught a roomful of Western OT practitioners at RSA about why red teaming beats paperwork, and the basics that still aren't done. Trump's seven-page cyber strategy and what ServiceNow's $7.75B acquisition of Armis — closed April 20 — means for federal customers. Plus: Matthew's Hacker Name...DirtTrack

RESOURCES MENTIONED IN THIS EPISODE

Featured Guest

- Matthew Shallbetter, Director of Strategy for Civilian Agencies, Armis Federal
- Armis Federal

The Iranian PLC Attacks

- CISA Joint Advisory AA26-097A — Iranian-Affiliated Cyber Actors Exploit PLCs Across US Critical Infrastructure
- Rockwell Automation security advisories
- CyberAv3ngers / IRGC threat actor background

OT Discovery & Exposure Research
- Shodan — internet-exposed device search engine
- Censys — internet asset discovery
- Armis State of Cyberwarfare Report

OT/ICS Frameworks & Government Guidance

- NIST SP 800-82 — Guide to Operational Technology Security
- CISA Cross-Sector Cybersecurity Performance Goals (CPGs)
- DoD Zero Trust Overlays (including OT guidance)
- NERC CIP Standards (electric sector OT)

Federal Cyber Policy

- White House National Cyber Strategy (the seven-page version)
- CDM Program (Continuous Diagnostics and Mitigation)
- CISA Industrial Control Systems resources

The ServiceNow + Armis Deal
- ServiceNow completes Armis acquisition (April 20, 2026)

Threat Actor Tracking Partners Referenced
- Armis Centrix Threat Intelligence
- Dragos

Related Episodes
- Episode 5: Vibe Hacking” and Nation State Cyber Threats
- Episode 6: Cupcakes & OODA Loops: Inside(r) Insights Into The New Federal AI Cyber Playbook

Upcoming Event
- GIST 360 Breakfast Briefing at the National Press Club, July 14 - When the Perimeter Disappears Securing the Converged Federal Enterprise Across IT, OT and IoT Environments

The Hosts & Show
- Swish
- GIST 360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

Cupcakes & OODA Loops: Inside(r) Insights Into the New Federal AI Cyber Playbook

Mon, 25 May 2026 23:00:00 -0400

Last episode, we left you hanging with a question: when it comes to cybersecurity, what is the federal government doing to both leverage AI and defend against AI threats and most importantly, are we moving fast enough? In the conclusion of this two-part series, Sean takes us inside a White House industry day convened at the request of the Federal CISO Council. He breaks down the two themes of the day that framed very different problems: using AI to optimize cybersecurity (running a SOC, governance, and compliance faster) and securing AI itself. Brian and Sean dig into the agentic SOC, the build-vs-buy question for federal agencies, why data fragmentation is the recurring obstacle in every AI conversation, the role of MCP and RAG in getting agents to the data, and live demos. Cupcakes and OODA loops make an appearance and Sean provides his verdict on whether the government is moving fast enough and his hacker name is finally revealed.

RESOURCES MENTIONED IN THIS EPISODE

The White House Industry Day

- About the Indian Treaty Room, Eisenhower Executive Office Building

Vendors & Demos Featured in the Episode

- Lasso Security (AI red teaming and purple teaming)

- SimSpace (full-stack cyber range simulation)

- Elastic AI workflows (bring-your-own-LLM, air-gap deployable)

AI Security Frameworks & Standards

- OWASP Top 10 for LLM Applications

- OWASP AIVSS — AI Vulnerability Scoring System (agentic AI)

- MITRE ATLAS (Adversarial Threat Landscape for AI Systems)

Key Technical Concepts
- Model Context Protocol (MCP) — bringing the agent to the data

- Retrieval-Augmented Generation (RAG) explained

- CDM Program (Continuous Diagnostics and Mitigation)

- OODA Loop

Industry & Government Collaboration Communities

- ATARC — Advanced Technology Academic Research Center

- ATARC Working Groups (Zero Trust, Agentic AI, Cyber AI Convergence)

- Northern Virginia Technology Council (NVTC)

- OWASP (Open Worldwide Application Security Project)

Other References
- Geoffrey Moore, Crossing the Chasm (technology adoption lifecycle)

- Jerry Garcia Ties

- Grateful Dead Merch

- Phish (The Band)

Related Episodes
- Episode 5: "Vibe Hacking" and Nation State Cyber Threats

- Episode 2: Fighting Fire with Fire: Federal AI Security - Securing Agentic AI with Elad Schulman, CEO of Lasso Security

The Hosts & Show
- Swish
- GIST360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

Vibe Hacking and Nation State Cyber Threats

Mon, 18 May 2026 08:00:00 -0400

Your router may not be your router. It could be a Russian surveillance device. In Episode 5 of The GIST of Govt IT, Brian and Sean unpack a stunning two weeks in cybersecurity: the FBI's court-authorized takedown of a Russian GRU operation that silently hijacked thousands of TP-Link routers across 23 American states, an Iranian-linked APT group actively disrupting U.S. water and energy systems through Allen-Bradley PLCs, and Anthropic's release of Claude Mythos — a frontier model so capable at finding zero-day vulnerabilities that the company chose not to release it publicly. They break down what Project Glasswing means for industry, how AI is becoming both the most dangerous offensive weapon and the most powerful defensive tool a CISO has ever had, why "vibe hacking" is democratizing cyber attacks (one low-skill actor compromised 600 FortiGate firewalls across 55 countries), and why the old playbook for SOC operations needs to be blown up entirely. What the unresolved tension between Anthropic and the DoD over supply chain risk designation means for federal agencies trying to defend critical infrastructure while CISA operates at 38% capacity. Plus Sean shares his hacker name (maybe) if he wasn't a CTO and instead worked in a windowless office in Pyongyang.

----------
RESOURCES MENTIONED IN THIS EPISODE

The Russian GRU Router Operation

- DOJ announcement: Operation Masquerade — court-authorized disruption of DNS hijacking network
- FBI Public Service Announcement on GRU exploitation of TP-Link routers

- NSA statement on Russian GRU router threats
- CVE-2023-50224 (the TP-Link vulnerability exploited)

Iranian-Linked Attacks on U.S. Critical Infrastructure

- CISA Joint Advisory AA26-097A — Iranian-Affiliated Cyber Actors Exploit PLCs Across US Critical Infrastructure
- Rockwell Automation security guidance

Anthropic, Claude Mythos & Project Glasswing

- Anthropic on Project Glasswing
- Anthropic's statement on the DoD supply chain risk designation
- Cloud Security Alliance whitepaper on Mythos vulnerability discovery

Cybersecurity Frameworks & Government Resources
- CISA Edge Device Security
- CISA Cross-Sector Cybersecurity Performance Goals (CPGs 2.0)
- MITRE ATT&CK Framework
- CISA Industrial Control Systems advisories

Related Episodes
- Episode 2: Fighting Fire with Fire: Federal AI Security - Securing Agentic AI with Elad Schulman, CEO of Lasso Security
- Episode 3: Chaos, Change, and Opportunity in Federal IT - $50B in Q4 federal IT contracting, Golden Dome, and the Anthropic supply chain risk designation

The Hosts & Show

- Swish
- GIST360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

A New Playbook for Small Businesses and Startups in Federal IT

Mon, 11 May 2026 23:00:00 -0400

From a startup consulting shop to a $1.4B IBM acquisition, Octo Consulting Group's story is one of the great growth journeys in government IT. Brian and Sean sit down with Jay Shah, Octo's former COO, who helped guide the company through every inflection point — the pivot to DevSecOps and agile, the move from sub to prime, the strategic (and intentional non-) use of the 8(a) program, the 2019 Arlington Capital investment, four acquisitions, the launch of OLabs, and the IBM exit in December 2022. Jay shares the unvarnished playbook for scaling in the federal market: why diversification matters more than the 8(a) badge, when to be bold with primes (and when to bluff), how to turn billable services into IP, why OLabs only worked because they had base hits first, and what most founders get wrong about working capital. Plus, Brian and Jay geek out on funk master flautist Karl Denson.
----------

RESOURCES MENTIONED IN THIS EPISODE

Featured Guest
- Jay Shah
- Octo
- OLabs

Capital, Mentorship & Workforce Development
- Mason Enterprise — APEX Accelerator
- Veterans Institute for Procurement (VIP)
- Andreessen Horowitz American Dynamism
- Pax Ventures

Books & Frameworks Referenced
- The Trusted Advisor by David Maister, Charles Green, and Robert Galford
- The Scaled Agile Framework (SAFe)
- Westrum Organizational Culture Typology
- Gene Kim & The Phoenix Project
- DORA (DevOps Research and Assessment)

Live Music Worth Checking Out
- Karl Denson's Tiny Universe
- The Greyboy Allstars
- Kenny Rogers

Insane Knuckleballs

Jay's Nonprofit Work
- The Children's Inn at NIH
- Wolf Trap Foundation for the Performing Arts
- Loudoun Hunger Relief

The Hosts & Show
- Swish
- GIST360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

Chaos, Change, and Opportunity in Federal IT

Mon, 04 May 2026 09:00:00 -0400

"Chaos." "Change." "Opportunity." Three words that surfaced in a room full of federal contractors when asked to describe today's government IT environment. Sean and Brian unpack what's really driving the disruption, from RIFs and FAR overhauls to FedRAMP changes, the Anthropic supply chain risk designation, and the brain drain hitting agencies like NIST. They dig into the structural changes reshaping how government buys and builds technology — OTAs gaining momentum, Golden Dome's six-month IDIQ award turnaround, and CDOs finally getting real budget authority to break down data silos. Then they pivot to where the real opportunity lives: $50B in federal IT contracting in Q4 FY25, $13B for autonomy and AI at the Department of War, mission Genesis investments at DOE, and the massive energy build-out required to keep pace with China. Brian gets smart on Markdown files.

----------

RESOURCES MENTIONED IN THIS EPISODE

Federal AI Policy & Executive Orders
- OMB M-25-21 — Accelerating Federal Use of AI through Innovation, Governance, and Public Trust
- OMB M-25-22 — Driving Efficient Acquisition of Artificial Intelligence in Government
- Executive Order 14179 — Removing Barriers to American Leadership in AI
- America's AI Action Plan
- AI.gov

NIST AI Standards & Frameworks
- NIST AI Agent Standards Initiative (launched Feb 17, 2026)
- NIST AI Risk Management Framework
- NIST AI 600-1 (Generative AI Profile)

Acquisition Reform & Contract Vehicles
- FAR Overhaul (Revolutionary FAR Overhaul)
- GSA SEWP V extension and SEWP VI updates
- Missile Defense Agency Golden Dome IDIQ
- Other Transaction Authorities (OTAs) — DAU guide

Department of War / Defense AI
- DoD Chief Digital and AI Office (CDAO)
- Defense Innovation Unit

Department of Energy
- Mission Genesis

Workforce & Learning Resources
- freeCodeCamp
- Anthropic's Claude documentation (markdown skills & agent files)
- Model Context Protocol (MCP)

The Hosts & Show
- Swish
- GIST360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

Fighting Fire with Fire to Secure Federal AI Agents

Mon, 27 Apr 2026 09:00:00 -0400

There's a workforce inside your agency that nobody hired, no one trained, and nobody is watching. We're talking about AI agents. In Episode 2 of The GIST of Govt IT, Brian and Sean sit down with Elad Schulman, CEO and co-founder of Lasso Security, to unpack what it actually takes to secure an agentic federal enterprise that seemed to arrive on the scene overnight. They dig into AI sprawl, the new attack surface created by autonomous agents, and why traditional security playbooks don't work when the system you're defending is non-deterministic. Elad shares why "intent security" is the new frontier, how agentic red teaming finds vulnerabilities a hundred humans never would, and what happens when an agent goes rogue (hint: it doesn't have to be malicious to cause real damage). Also, what it takes for innovative non-traditional vendors to actually move at the speed the federal government now demands. Finally, if you task an AI agent to keep your house clean, you better make sure to instruct it not to kill your family.

----------

RESOURCES MENTIONED IN THIS EPISODE

Featured Guest
- Elad Schulman, CEO & Co-Founder, Lasso Security
- Lasso Security
- Lasso Intent Security for AI Agents

OMB Memos & Executive Orders on Federal AI
- OMB M-25-21 — Accelerating Federal Use of AI through Innovation, Governance, and Public Trust
- OMB M-25-22 — Driving Efficient Acquisition of Artificial Intelligence in Government
- Executive Order 14179 — Removing Barriers to American Leadership in AI
- America's AI Action Plan

Federal AI Use Case Inventories
- 2025 Federal Agency AI Use Case Inventory (GitHub)
- Federal AI Use Case Repository (Searchable)

AI Security Frameworks & Standards
- NIST AI Risk Management Framework (AI RMF)
- OWASP Top 10 for Agentic AI
- ISO/IEC 42001 — AI Management System Standard

GIST360 Webinar

- Securing AI at Scale: Adopting Intelligent and Autonomous Zero Trust Approaches

Hosts

- Swish
- GIST360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

Moving Ideas to Mission Outcomes

Mon, 20 Apr 2026 15:00:00 -0400

Sean and Brian kick off the inaugural episode of The GIST of Govt IT, and they're diving into why speed and real results are suddenly the only things that matter in federal IT, what's actually exciting in first response tech, and which consumer tech trends are about to hit the public sector harder than anyone expects. Then they turn to their big bets of 2026, where app modernization, AI, and data strategy are colliding into one massive shift, all riding on the infrastructure overhaul that's been put off for way too long. Finally, they discuss what the government is deprioritizing and deemphasizing when it comes to IT investments. Sean gets roasted about what car his wife will let him buy next.
----------

RESOURCES MENTIONED IN THIS EPISODE

Conferences & Events
- Government Business Executive Forum (GBEF)
- EDGE@ces — GBEF's annual summit at CES

Government Design & Modernization
- America by Design initiative
- National Design Studio
- Joe Gebbia — first U.S. Chief Design Officer
- Executive Order: "Improving Our Nation Through Better Design"

Industry Acquisitions Discussed
- ServiceNow to acquire Armis ($7.75B)
- IBM completes acquisition of Confluent ($11B)

Industry Partners & Communities
- ATARC — Advanced Technology Academic Research Center
- ATARC Working Groups (Zero Trust, Agentic AI, Cyber AI Convergence)
- Armis
- Dragos — OT cybersecurity

OT, Cybersecurity & Frameworks
- Purdue Model for ICS Security
- NIST SP 800-82 — Guide to Operational Technology Security
- NIST SP 800-53 — Security and Privacy Controls
- CISA — Industrial Control Systems resources
- CISA Zero Trust Maturity Model

Government Data & Open Policy
- Federal Data Strategy
- Data.gov

The Hosts
- Swish Data
- GIST 360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.