A fresh perspective on federal IT

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

This week on Federal Tech Talk, host John Gilroy interviews Chase Cunningham, principal analyst serving security and risk professionals at Forrester Research. Cunningham has four patents, has written three books, and has a PhD. His military background allows him to use his achievements to apply common sense to federal information technology activities.

Head shot of Chase Cunningham
Chase Cunningham, Forrest Research

During the interview, Cunningham provides his opinion on a wide range of topics — including the many aspects of CMMC as well as the new controversy about deep fakes.

Cunningham indicates that when it comes to complying with something like CMMC, each organization considers its current cybersecurity posture as a starting point to begin the approval process. The more mature your cyber posture, the easier the transition will be.

He also provides an excellent breakdown to understanding NIST 800-207. Cunningham has examined the document in detail and gives an assessment for federal tech folks on components, unauthorized access, and perimeter. NIST has not given much consideration to legacy systems and news compliance requirements.

Cunningham puts the whole idea of compliance into perspective when he details his opinions on continuous risk management as well as continuous training. He is currently undertaking an evaluation of several tools that federal professionals may be considering. His report, The Wave, will be out at the end of 2020 and provide insight on compliance in large enterprises.