The Department of Veterans Affairs is moving toward a more operational approach to cybersecurity.

This means VA is applying a deeper focus on protecting the attack surfaces and closing off threat vectors that put veterans’ data at risk.

Eddie Pool, the acting principal assistant secretary for information and technology and acting principal deputy chief information officer at VA, said the agency is changing its cybersecurity posture to reflect a cyber dominance approach.

“That’s a move away from the traditional and an exclusively compliance based approach to cybersecurity, where we put a lot of our time resources investments in compliance based activities,” Pool said on Ask the CIO. “For example, did someone check the box on a form? Did someone file something in the right place? We’re really moving a lot of our focus over to the risk-based approach to security, pushing things like zero trust architecture, micro segmentation of our networks and really doing things that are more focused on the operational landscape. We are more focused on protecting those attack surfaces and closing off those threat vectors in the cyber space.”

A big part of this move to cyber dominance is applying the concepts that make up a zero trust architecture like micro segmentation and identity and access management.

Pool said as VA modernizes its underlying technology infrastructure, it will “bake in” these zero trust capabilities.

“Over the next several years, you’re going to see that naturally evolve in terms of where we are in the maturity model path. Our approach here is not necessarily to try to map to a model. It’s really to rationalize what are the highest value opportunities that those models bring, and then we prioritize on those activities first,” he said. “We’re not pursuing it in a linear fashion. We are taking parts and pieces and what makes the most sense for the biggest thing for our buck right now, that’s where we’re putting our energy and effort.”

One of those areas that VA is focused on is rationalizing the number of tools and technologies it’s using across the department. Pool said the goal is to get down to a specific set instead of having the “31 flavors” approach.

“We’re going to try to make it where you can have any flavor you want so long as it’s chocolate. We are trying to get that standardized across the department,” he said. “That gives us the opportunity from a sustainment perspective that we can focus the majority of our resources on those enterprise standardized capabilities. From a security perspective, it’s a far less threat landscape to have to worry about having 100 things versus having two or three things.”

The business process reengineering priority

Pool added that redundancy remains a key factor in the security and tool rationalization effort. He said VA will continue to have a diversity of products in its IT investment portfolios.

“Where we are at is we are looking at how do we build that future state architecture, as elegantly and simplistically as possible so that we can manage it more effectively, they can protect it more securely,” he said.

In addition to standardizing on technology and cyber tools and technologies, Pool said VA is bringing the same approach to business processes for enterprisewide services.

He said over the years, VA has built up a laundry list of legacy technology all with different versions and requirements to maintain.

“We’ve done a lot over the years in the Office of Information and Technology to really standardize on our technology platforms. Now it’s time to leverage that, to really bring standard processes to the business,” he said. “What that does is that really does help us continue to put the veteran at the center of everything that we do, and it gives a very predictable, very repeatable process and expectation for veterans across the country, so that you don’t have different experiences based on where you live or where you’re getting your health care and from what part of the organization.”

Part of the standardization effort is that VA will expand its use of automation, particularly in processing of veterans claims.

Pool said the goal is to take more advantage of the agency’s data and use artificial intelligence to accelerate claims processing.

“The richness of the data and the standardization of our data that we’re looking at and how we can eliminate as many steps in these processes as we can, where we have data to make decisions, or we can automate a lot of things that would completely eliminate what would be a paper process that is our focus,” Pool said. “We’re trying to streamline IT to the point that it’s as fast and as efficient, secure and accurate as possible from a VA processing perspective, and in turn, it’s going to bring a decision back to the veteran a lot faster, and a decision that’s ready to go on to the next step in the process.”

Many of these updates already are having an impact on VA’s business processes. The agency said that it set a new record for the number of disability and pension claims processed in a single year, more than 3 million. That beat its record set in 2024 by more than 500,000.

“We’re driving benefit outcomes. We’re driving technology outcomes. From my perspective, everything that we do here, every product, service capability that the department provides the veteran community, it’s all enabled through technology. So technology is the underpinning infrastructure, backbone to make all things happen, or where all things can fail,” Pool said. “First, on the internal side, it’s about making sure that those infrastructure components are modernized. Everything’s hardened. We have a reliable, highly available infrastructure to deliver those services. Then at the application level, at the actual point of delivery, IT is involved in every aspect of every challenge in the department, to again, bring the best technology experts to the table and look at how can we leverage the best technologies to simplify the business processes, whether that’s claims automation, getting veterans their mileage reimbursement earlier or by automating processes to increase the efficacy of the outcomes that we deliver, and just simplify how the veterans consume the services of VA. That’s the only reason why we exist here, is to be that enabling partner to the business to make these things happen.”

The post At VA, cyber dominance is in, cyber compliance is out first appeared on Federal News Network.

© Getty Images/ipopba

Join Hackaday Editors Elliot Williams and Tom Nardi as they go over their picks for the best stories and hacks from the previous week. Things start off with a warning about the long-term viability of SSD backups, after which the discussion moves onto the limits of 3D printed PLA, the return of the Pebble smart watch, some unconventional aircraft, and an online KiCad schematic repository that has plenty of potential. You’ll also hear about a remarkable conference badge made from e-waste electronic shelf labels, filling 3D prints with foam, and a tiny TV powered by the ESP32. The episode wraps up with our wish for hacker-friendly repair manuals, and an interesting tale of underwater engineering from D-Day.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

As always, this episode is available in DRM-free MP3.

Episode 348 Show Notes:

News:

• A Friendly Reminder That Your Unpowered SSDs Are Probably Losing Data

What’s that Sound?

• Congratulations to [for_want_of_a_better_handle] for guessing the data center ambiance!

Interesting Hacks of the Week:

• Designing PLA To Hold Over A Metric Ton
• The New Pebble: Now 100% Open Source
• Magnus Effect Drone Flies, Looks Impossible
  • Your Quadcopter Has Three Propellers Too Many
  • KFC Winged Aircraft Actually Flies
• An Online Repository For KiCad Schematics
• Shelf Life Extended: Hacking E-Waste Tags Into Conference Badges
• On The Benefits Of Filling 3D Prints With Spray Foam

Quick Hacks:

• Elliot’s Picks:
  • Get To The Games On Time With This Ancient-Style Waterclock
  • How To Design 3D Printed Pins That Won’t Break
  • Necroprinting Isn’t As Bad As It Sounds
  • Tiny Little TV Runs On ESP32
• Tom’s Picks:
  • Little Lie Detector Is Probably No Worse Than The Big Ones
  • Build Your Own Glasshole Detector
  • Portable Plasma Cutter Removes Rust, Packs A (Reasonable) Punch

Can’t-Miss Articles:

• Give Us One Manual For Normies, Another For Hackers
• How Cross-Channel Plumbing Fuelled The Allied March On Berlin

This week Jonathan chats with Konstantinos Margaritis about SIMD programming. Why do these wide data instructions matter? What’s the state of Hyperscan, the project from Intel to power regex with SIMD? And what is Konstantinos’ connection to ARM’s SIMD approach? Watch to find out!

• VectorCamp:https://vectorcamp.gr
• SIMD Info: https://simd.info
• SIMD AI: https://simd.ai
• VSCode plugin: https://code.simd.info

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or have the guest contact us! Take a look at the schedule here.

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

---

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

If your iPhone or Mac has started acting like it’s possessed – specifically, if the Apple Podcasts app keeps popping open on its own to play random shows you’ve never heard of – you aren’t crazy. Users have been reporting this for months. One minute their device is idle, and the next, the Podcasts app […]

The post Your Apple Podcasts app may be haunted as security experts warn about a strange bug appeared first on Digital Trends.

This week, Hackaday’s Elliot Williams and Kristina Panos met up over coffee to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous seven days or so.

On What’s That Sound, Kristina got sort of close, but of course failed spectacularly. Will you fare better and perhaps win a Hackaday Podcast t-shirt? Mayhap you will.

After that, it’s on to the hacks and such, beginning with an interesting tack to take with a flat-Earther that involves two gyroscopes.  And we take a look at the design requirements when it comes to building synths for three-year-olds.

Then we discuss several awesome hacks such as a vehicle retrofit to add physical heated seat controls, an assistive radio that speaks the frequencies, and an acoustic radiometer build. Finally, we look at the joys of hacking an old Kindle, and get a handle on disappearing door handles.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in DRM-free MP3 and savor at your leisure.

Episode 347 Show Notes:

News:

• No news is good news! So we talk about Thanksgiving and what we’ve learned recently.

What’s that Sound?

• Who can say? Maybe you!

Interesting Hacks of the Week:

• Measuring Earth’s Rotation With Two Gyroscopes
  • No More Compass: True North via Earth s Rotation
• Baby’s First Synth Was Daddy’s First Project
• Barcodes, “Lasers”, And Fourier Transforms
  • The Eloquence Of The Barcode
• Retrofits Done Right: Physical Controls For Heated Seats
• Expensive Batteries Hide Cheap Tricks
• Assistive Radio Tells You What You Can’t See
  • Elli Furedy Brings Cyberpunk Games To Life

Quick Hacks:

• Elliot’s Picks:
  • A PCB Can Be A Hydrofoil, If It Really Wants To
  • There’s Nothing Backwards About This Laser Cut Retrograde Clock
  • Building An Acoustic Radiometer
• Kristina’s Picks:
  • DIY TENS Machine Is A Pain-Relief PCB
  • DIY Polyphonic Synth Sings In 8-Part Harmony
  • Handling Human Waste In The Sky

Can’t-Miss Articles:

• The Unexpected Joys Of Hacking An Old Kindle
• Chinese Regulators May Kill Retractable Car Door Handles That Never Should Have Existed

This week Jonathan chats with Maurice Kalinowski about QT! That’s the framework that runs just about anywhere, making it easy to write cross-platform applications. What’s the connection with KDE? And how has this turned into a successful company? Watch to find out!

• https://www.qt.io/

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or have the guest contact us! Take a look at the schedule here.

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

---

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

Cyber attacks on water infrastructure are growing. Josh Corman of IAmTheCavalry joins us to discuss efforts to secure critical water systems.

The post Cyber Threats to Water Infrastructure: Insights from Josh Corman appeared first on The Security Ledger with Paul F. Roberts.

💾

Sam Ransbotham teaches a class in machine learning as a professor of business analytics at Boston College, and what he’s witnessing in the classroom both excites and terrifies him.

Some students are using AI tools to create and accomplish amazing things, learning and getting more out of the technology than he could have imagined. But in other situations, he sees a concerning trend: students “phoning things into the machine.”

The result is a new kind of digital divide — but it’s not the one you’d expect.

Boston College provides premier tools to students at no cost, to ensure that socioeconomics aren’t the differentiator in the classroom. But Ransbotham, who hosts the “Me, Myself and AI” podcast from MIT Sloan Management Review, worries about “a divide in technology interest.”

“The deeper that someone is able to understand tools and technology, the more that they’re able to get out of those tools,” he explained. “A cursory usage of a tool will get a cursory result, and a deeper use will get a deeper result.”

The problem? “It’s a race to mediocre. If mediocre is what you’re shooting for, then it’s really quick to get to mediocre.”

He explained, “Boston College’s motto is ‘Ever to Excel.’ It’s not ‘Ever to Mediocre.’ And the ability of students to get to excellence can be hampered by their ease of getting to mediocre.”

That’s one of the topics on this special episode of the GeekWire Podcast, a collaboration with Me, Myself and AI. Sam and I compare notes from our podcasts and share our own observations on emerging trends and long-term implications of AI. This is a two-part series across our podcasts — you can find the rest of our conversation on the Me, Myself and AI feed.

Continue reading for takeaways from this episode.

AI has a measurement problem: Sam, who researched Wikipedia extensively more than a decade ago, sees parallels to the present day. Before Wikipedia, Encyclopedia Britannica was a company with employees that produced books, paid a printer, and created measurable economic value. Then Wikipedia came along, and Encyclopedia Britannica didn’t last.

Its economic value was lost. But as he puts it: “Would any rational person say that the world is a worse place because we now have Wikipedia versus Encyclopedia Britannica?”

In other words, traditional economic metrics don’t fully capture the net gain in value that Wikipedia created for society. He sees the same measurement problem with AI. 

“The data gives better insights about what you’re doing, about the documents you have, and you can make a slightly better decision,” he said. “How do you measure that?”

Content summarization vs. generation: Sam’s “gotta have it” AI feature isn’t about creating content — it’s about distilling information to fit more into his 24 hours.

“We talk a lot about generation and the generational capabilities, what these things can create,” he said. “I find myself using it far more for what it can summarize, what it can distill.”

Finding value in AI, even when it’s wrong: Despite his concerns about students using AI to achieve mediocrity, Sam remains optimistic about what people can accomplish with AI tools.

“Often I find that the tool is completely wrong and ridiculous and it says just absolute garbage,” he said. “But that garbage sparks me to think about something — the way that it’s wrong pushes me to think: why is that wrong? … and how can I push on that?”

Searching for the signal in the noise: Sam described the goal of the Me, Myself and AI podcast as cutting through the polarizing narratives about artificial intelligence.

“There’s a lot of hype about artificial intelligence,” he said. “There’s a lot of naysaying about artificial intelligence. And somewhere between those, there is some signal, and some truth.”

Listen to the full episode above, subscribe to GeekWire in Apple, Spotify, or wherever you listen, and find the rest of our conversation on the Me, Myself and AI podcast feed.

Pocket Casts now lets you create playlists for putting podcasts episodes in your desired listening order.

In this episode, we discuss the first reported AI-driven cyber espionage campaign, as disclosed by Anthropic. In September 2025, a state-sponsored Chinese actor manipulated the Claude Code tool to target 30 global organizations. We explain how the attack was executed, why it matters, and its implications for cybersecurity. Join the conversation as we examine the […]

The post AI Agent Does the Hacking: First Documented AI-Orchestrated Cyber Espionage appeared first on Shared Security Podcast.

The post AI Agent Does the Hacking: First Documented AI-Orchestrated Cyber Espionage appeared first on Security Boulevard.

💾

This week on the GeekWire Podcast: Jeff Bezos is back in startup mode (sort of) with Project Prometheus — a $6.2 billion AI-for-the-physical-world venture that instantly became one of the most talked-about new companies in tech. We dig into what this really means, why the company’s location is still a mystery, and how this echoes the era when Bezos was regularly launching big bets from Seattle.

Then we look at Amazon’s latest real-world experiment: package-return kiosks popping up inside Goodwill stores around the Seattle region. It’s a small pilot, but it brings back memories of the early days when Amazon’s oddball experiments seemed to appear out of nowhere.

And finally…Todd tries to justify his scheme to upgrade his beloved 2007 Toyota Camry with CarPlay, Android Auto, and a backup camera — while John questions the logic of sinking thousands of dollars into an old car.

All that, plus a mystery Microsoft shirt, a little Seattle nostalgia, and a look ahead to next week’s podcast collaboration with Me, Myself and AI from MIT Sloan Management Review.

With GeekWire co-founders John Cook and Todd Bishop.

Subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen.

Wait, what? Is it time for the podcast again? Seems like only yesterday that Dan joined Elliot for the weekly rundown of the choicest hacks for the last 1/52 of a year. but here we are. We had quite a bit of news to talk about, including the winners of the Component Abuse Challenge — warning, some components were actually abused for this challenge. They’re also a trillion pages deep over at the Internet Archive, a milestone that seems worth celebrating.

As for projects, both of us kicked things off with “Right to repair”-adjacent topics, first with a washing machine that gave up its secrets with IR and then with a car that refused to let its owner fix the brakes. We heated things up with a microwave foundry capable of melting cast iron — watch your toes! — and looked at a tiny ESP32 dev board with ludicrously small components. We saw surveyors go to war, watched a Lego sorting machine go through its paces, and learned about radar by spinning up a sonar set from first principles.

Finally, we wrapped things up with another Al Williams signature “Can’t Miss Articles” section, with his deep dive into the fun hackers can have with the now-deprecated US penny, and his nostalgic look at pneumatic tube systems.

Download this 100% GMO-free MP3.

Episode 346 Show Notes:

News:

• Congratulations To The 2025 Component Abuse Challenge Winners
• Meet The Shape That Cannot Pass Through Itself
• Internet Archive Hits One Trillion Web Pages

What’s that Sound?

• [Andy Geppert] knew that was the annoying sound of the elevator at the Courtyard by Marriot hotel in Pasadena.

Interesting Hacks of the Week:

• Reverse Engineering The Miele Diagnostic Interface
• Hyundai Paywalls Brake Pad Changes
• The Simplest Ultrasound Sensor Module, Minus The Module
  • Good Vibrations: Giving The HC-SR04 A Brain Transplant
  • Bend It Like (Sonar) Beacon With A Phased Array
  • Fundamentals Of FMCW Radar Help You Understand Your Car’s Point Of View
• Casting Metal Tools With Kitchen Appliances
  • • Microwave Forge Casts The Sinking-est Benchy Ever
    • More Microwave Metal Casting
• Possibly-Smallest ESP32 Board Uses Smallest-Footprint Parts
  • Hacking A Pill Camera
• WWII Secret Agents For Science

Quick Hacks:

• Elliot’s Picks
  • Damn Fine (Solar Powered) Coffee
  • Humane Mousetrap Lets You Know It’s Caught Something
  • In Praise Of Plasma TVs
  • Exploring The Performance Gains Of Four-Pin MOSFETs
• Dan’s Picks:
  • Making A Machine To Sort One Million Pounds Of LEGO
  • The King Of Rocket Photography
  • Cheap VHF Antenna? Can Do!

Can’t-Miss Articles:

• Hackers Can’t Spend A Penny
  • Penny Miser Copper Coin Sorter
  • I Made a Super Simple Penny Sorter!
• Tech In Plain Sight: Pneumatic Tubes
  • The Safe House Milwaukee

This week Jonathan chats with Kevin, Colin, and Curtis about Cataclysm: Dark Days Ahead! It’s a rogue-like post-apocalyptic survival game that you can play in the terminal, over SSH if you really want to! Part of the story is a Kickstarter that resulted in a graphics tile-set. And then there’s the mods!

• https://cataclysmdda.org/
• https://github.com/CleverRaven/Cataclysm-DDA

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or have the guest contact us! Take a look at the schedule here.

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

---

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

[Editor’s Note: Agents of Transformation is an independent GeekWire series and 2026 event, underwritten by Accenture, exploring the people, companies, and ideas behind the rise of AI agents.]

What separates the dot-com bubble from today’s AI boom? For serial entrepreneur David Shim, it’s two things the early internet never had at scale: real business models and customers willing to pay.

People used the early internet because it was free and subsidized by incentives like gift certificates and free shipping. Today, he said, companies and consumers are paying real money and finding actual value in AI tools that are scaling to tens of millions in revenue within months.

But the Read AI co-founder and CEO, who has built and led companies through multiple tech cycles over the past 25 years, doesn’t dismiss the notion of an AI bubble entirely. Shim pointed to the speculative “edges” of the industry, where some companies are securing massive valuations despite having no product and no revenue — a phenomenon he described as “100% bubbly.”

He also cited AMD’s deal with OpenAI — in which the chipmaker offered stock incentives tied to a large chip purchase — as another example of froth at the margins. The arrangement had “a little bit” of a 2000-era feel of trading, bartering and unusual financial engineering that briefly boosted AMD’s stock.

But even that, in his view, is more of an outlier than a systemic warning sign.

“I think it’s a bubble, but I don’t think it’s going to burst anytime soon,” Shim said. “And so I think it’s going to be more of a slow release at the end of the day.”

Shim, who was named CEO of the Year at this year’s GeekWire Awards, previously led Foursquare and sold the startup Placed to Snap. He now leads Read AI, which has raised more than $80 million and landed major enterprise customers for its cross-platform AI meeting assistant and productivity tools.

He made the comments during a wide-ranging interview with GeekWire co-founder John Cook. They spoke about AI, productivity, and the future of work at a recent dinner event hosted in partnership with Accenture, in conjunction with GeekWire’s new “Agents of Transformation” editorial series.

We’re featuring the discussion on this episode of the GeekWire Podcast. Listen above, and subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen. Continue reading for more takeaways.

Successful AI agents solve specific problems: The most effective AI implementations will be invisible infrastructure focused on particular tasks, not broad all-purpose assistants. The term “agents” itself will fade into the background as the technology matures and becomes more integrated.

Human psychology is shaping AI deployment: Internally, ReadAI is testing an AI assistant named “Ada” that schedules meetings by learning users’ communication patterns and priorities. It works so quickly, he said, that Read AI is building delays into its responses, after finding that quick replies “freak people out,” making them think their messages didn’t get a careful read.

Global adoption is happening without traditional localization: Read AI captured 1% of Colombia’s population without local staff or employees, demonstrating AI’s ability to scale internationally in ways previous technologies couldn’t.

“Multiplayer AI” will unlock more value: Shim says an AI’s value is limited when it only knows one person’s data. He believes one key is connecting AI across entire teams, to answer questions by pulling information from a colleague’s work, including meetings you didn’t attend and files you’ve never seen.

“Digital Twins” are the next, controversial frontier: Shim predicts a future in which a departed employee can be “resurrected” from their work data, allowing companies to query that person’s institutional knowledge. The idea sounds controversial and “a little bit scary,” he said, but it could be invaluable for answering questions that only the former employee would have known.

Subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen.

Over the last 11 months, the General Services Administration has signed 11 enterprisewide software agreements under its OneGov strategy.

The agreements bring both standard terms and conditions as well as significant discounts for a limited period of time to agencies.

Ryan Triplette, the executive director of the Coalition for Fair Software Licensing, said the Trump administration seems to be taking cues from what has been working, or not working, in the private sector around managing software licenses.

“They seem to be saying, ‘let’s see if we can import that in to the federal agencies,’ and ‘let’s see if we can address that to mitigate some of the issues that have been occurring in some of the systemic problems that have been occurring here,’” said Triplette on Ask the CIO. “Now it’s significant, and it’s a challenge, but it’s something that we think is important that you understand any precedent that is set in one place, in this instance, in the public agencies, will have a ripple of impact over into the commercial sector.”

The coalition, which cloud service providers created in 2022 to advocate for less-restrictive rules for buying software, outlined nine principles that it would like to see applied to all software licenses, including terms should be clear and intelligible, customers should be free to run their on-premise software on the cloud of their choice and licenses should cover reasonably expected software uses.

Triplette said while there still is a lot to understand about these new OneGov agreements, GSA seems to recognize there is an opportunity to address some long standing challenges with how the government buys and manages its software.

“You had the Department of Government Efficiency (DOGE) efforts and you had the federal chief information officer calling for an assessment of the top five software vendors from all the federal agencies. And you also have the executive order that established OneGov and having them seeking to establish these enterprisewide licensees, I think they recognize that there’s an opportunity here to effect change and to borrow practices from what they have seen has worked in the commercial sector,” she said. “Now there’s so many moving parts of issues that need to be addressed within the federal government’s IT and systems, generally. But just tackling issues that we have seen within software and just tackling the recommendations that have been made by the Government Accountability Office over the past several years is important.”

Building on the success of the MEGABYTE Act

GAO has highlighted concerns about vendors applying restrictive licensing practices. In November 2024, GAO found vendor processes that limit, impede or prevent agencies’ efforts to use software in cloud computing. Meanwhile of the six agencies auditors analyzed, none had “fully established guidance that specifically addressed the two key industry activities for effectively managing the risk of impacts of restrictive practices.”

Triplette said the data call by the federal CIO in April and the OneGov efforts are solid initial steps to change how agencies buy and manage software.

The Office of Management and Budget and GSA have tried several times over the past two decades to improve the management of software. Congress also joined the effort passing the Making Electronic Government (MEGABYTE) Act in 2016.

Triplette said despite these efforts the lack of data has been a constant problem.

“The federal government has found that even when there’s a modicum of understanding of what their software asset management uses, they seem to find a cost performance improvement within the departments. So that’s been one issue. You have the differing needs of the various agencies and departments. This has led them in previous efforts to either opt out of enterprisewide licenses or to modify them with their own terms. So even when there’s been these efforts, you find, like, a year or two or three years later, it’s all a wash,” she said. “Quite frankly, you have a lack of a central mandate and appropriations line. That’s probably the most fundamental thing and why it also differs so fundamentally from other governments that have some of these more centralized services. For instance, the UK government has a central mandate, it works quite well.”

Triplette said what has changed is what she called a “sheer force of will” by OMB and GSA.

“They are recognizing the significant amount of waste that’s been occurring and that there has been lock-in with some software vendors and other issues that need to be tackled,” she said. “I think you’ve seen where the administration has really leaned into that. Now, what is going to be interesting is because it has been so centralized, like the OneGov effort, it’s still also an opt-in process. So that’s why I keep on saying, it’ll to be determined how effective it will be.”

SAMOSA gaining momentum

In addition to the administration’s efforts, Triplette said she’s hopeful Congress finally passes the Strengthening Agency Management and Oversight of Software Assets (SAMOSA) Act. The Senate ran out of time to act on SAMOSA last session, after the House passed it in December.

The latest version of SAMOSA mirrors the Senate bill the committee passed in May 2023. It also is similar to the House version introduced in March by Reps. Nancy Mace (R-S.C.), the late Gerry Connolly (D-Va.), and several other lawmakers.

The coalition is a strong supporter of SAMOSA.

Triplette said one of the most important provisions in the bill would require agencies to have a dedicated executive overseeing software license asset management.

“There is an importance and a need to have greater expertise within the federal workforce, around software licensing, and especially arguably, vendor-specific software licensing terms,” she said. “I think this is one area that the administration could take a cue from the commercial sector. When they’re engaged in commercial licensing, they tend to work with consultants that are experts in the vendor licensing rules, they understand the policy and they understand the ins and outs. They often have somebody in house that … may not be solely specific to one vendor, but they may do only two or three and so you really have that depth of expertise, that you can understand some great cost savings.”

Triplette added that while finding these types of experts isn’t easy, the return on the investment of either hiring or training someone is well worth it.

She said some estimate that the government could save $50 million a year by improving how it manages its software licenses.  This is on top of what the MEGABYTE Act already produced. In 2020, the Senate Homeland Security and Governmental Affairs Committee found that 13 agencies saved or avoided spending more than $450 million between fiscal 2017 and 2019 because of the MEGABYTE Act.

“The MEGABYTE Act was an excellent first step, but this, like everything, [is] part of an iterative process. I think it’s something that needs to have the requirement that it has to be done and mandated,” Triplette said. “This is something that has become new as you’ve had the full federal movement to the cloud, and the discussion of licensing terms between on-premise and the cloud, and the intersection between all of this transformation. That is something that wasn’t around during the MEGABYTE Act. I think that’s where it’s a little bit of a different situation.”

The post How the administration is bringing much needed change to software license management first appeared on Federal News Network.

© Federal News Network

It’s a wet November evening across Western Europe, the steel-grey clouds have obscured a rare low-latitude aurora this week, and Elliot Williams is joined by Jenny List for this week’s podcast. And we’ve got a fine selection for your listening pleasure!

The 2025 Component Abuse Challenge has come to an end, so this week you’ll be hearing about a few of the entries. We’ve received an impressive number, and as always we’re bowled over by the ingenuity of Hackaday readers in pushing parts beyond their limits.

In the news is the potential discovery of a lost UNIX version in a dusty store room at the University of Utah, Version 4 of the OS, which appeared in 1973. Check out your own stores, for hidden nuggets of gold. In the hacks, we have two cameras at the opposite end of the resolution spectrum, but sharing some impressive reverse engineering. Mouse cameras and scanner cameras were both a thing a couple of decades ago, and it’s great to see people still pushing the boundaries. Then we look at the challenge of encoding Chinese text as Morse code, an online-upgraded multimeter, the art of making lenses for an LED lighting effect, and what must be the best recreation of a Star Wars light sabre we have ever seen. In quick hacks we have a bevvy of Component Abuse Challenge projects, a Minecraft server on a smart light bulb, and a long term test of smartphone battery charging techniques.

We round off with a couple of our long-form pieces, first the uncertainties about iRobot’s future and what it might mean for their ecosystem — think: cheap hackable robotics platform! — and then a look at FreeBSD as an alternative upgrade path for Windows users. It’s a path not without challenges, but the venerable OS still has plenty to give.

As always, you can listen using the links below, and we’ve laidout links to all the articles under discussion at the bottom of the page.

Download our finest MP3 right here.

Episode 345 Show Notes:

News:

• Component Abuse Challenge
• Have They Found A Complete UNIX V4?

What’s that Sound?

• Think you know what the sound is?  Put your metaphorical two cents in here.

Interesting Hacks of the Week:

• Camera Capabilities Unlocked From A Mouse
  • Optical Mouse Based Scanner
  • DIY Optical Sensor Breakout Board Makes DIY Optical Mouse
• Medium Format, 3 GigaPixel Camera Puts It All On The Line (Sensor)
• Morse Code For China
  • UTF-8 Is Beautiful
  • UTF-8 – “The Most Elegant Hack”
  • Reproduced And Recovered: The First Chinese Keyboard-based MingKwai Typewriter
• Screen-Accurate Lightsaber As A Practical Effect
• Cheap Multimeter Gets Webified
• An LED Projector As A Lighting Effect

Quick Hacks:

• Elliot’s Picks:
  • RP2040 From Scratch: Roll Your Own Dev Board Magic
  • Running A Minecraft Server On A WiFi Light Bulb
  • Nest Thermostat: Now 100% Less Evil
  • Testing Whether Fast Charging Kills Smartphone Batteries, And Other Myths
• Jenny’s Picks:
  • 2025 Component Abuse Challenge: Dawg Gone LED Tester
  • 2025 Component Abuse Challenge: Glowing Neon From A 9 V Relay
  • 2025 Component Abuse Challenge: The Slip Ring In Your Parts Bin
  • Have A Slice Of Bumble Berry Pi

Can’t Miss Articles:

• If IRobot Falls, Hackers Are Ready To Wrangle Roombas
• Moving From Windows To FreeBSD As The Linux Chaos Alternative

What’s it like to pitch your dream on Shark Tank, get rejected on national TV in front of 8 million people — and then turn that failure into a company Amazon later buys for more than $1 billion? Ring founder Jamie Siminoff did just that.

A serial inventor and entrepreneur, Siminoff joins us on this episode of the GeekWire Podcast to talk about his new book, Ding Dong: How Ring Went from Shark Tank Reject to Everyone’s Front Door (out Nov. 10), sharing the messy, high-stakes, and ultimately inspiring story behind the company.

Now back at Amazon as a vice president leading Ring and the company’s home-security businesses, Siminoff reflects on failure, reinvention, and what comes next in the age of AI.

Listen below, subscribe on Apple or Spotify, and keep reading for highlights.

What he learned writing the book: The book was almost therapeutic — just going back and looking at this stuff. … My best traits, my most powerful traits, the things that make me successful, are also the worst ones.

The importance of having a bigger mission: At Ring, if we had failed, I could still sit here today and say “We tried to make neighborhoods safer.” At least we were successful at trying something. And so that’s where I think mission is just so powerful.

Establishing a company culture with a strong point of view: A real culture is something that not everyone feels matches them … Two things can coexist at the same time: You can have a ton of empathy and care about people and also be a hard-charger.

The inventor’s mindset: Invention is not just product. Invention’s everything. It’s the process. And I think you can invent everywhere. … If you boil down what an inventor is, anything I see that’s broken, I’m fixing it. I can’t help myself.

Returning to Amazon: The thing that you get from leaving and coming back is the clarity of everything. I got to really see clearly everything we did, what we did wrong, what we did right. And so coming back, I feel like I have a newfound clarity for the business.

The impact of AI: What’s crazy now is with AI, all those timelines are collapsing on themselves. In the next 12 months, I can’t even imagine what we’re going to be able to accomplish. … AI understands more like a human, [which] allows you to do things that are just completely different and more efficient.

Related links and stories

• Pre-order the book on Amazon.
• GeekWire: Ring founder Jamie Siminoff rejoins Amazon in new VP role
• Business Insider: Amazon VP says his division is hiring and promoting based on employees’ AI usage
• Inc.: The tech founder who wants to fix small-town America

Subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen.

The Cybersecurity and Infrastructure Security Agency developed a zero trust architecture that features five pillars.

The Defense Department’s zero trust architecture includes seven pillars.

The one the Department of Homeland Security is implementing takes the best of both architectures and adds a little more to the mix.

Don Yeske, who recently left federal service after serving for the last two-plus years as the director of national security in the cyber division at DHS, said the agency had to take a slightly different approach for several reasons.

“If you look at OMB [memo] M-22-09 it prescribes tasks. Those tasks are important, but that itself is not a zero trust strategy. Even if you do everything that M-22-09 told us to do — and by the way, those tasks were due at the beginning of this year — even if you did it all, that doesn’t mean, goal achieved. We’re done with zero trust. Move on to the next thing,” Yeske said during an “exit” interview on Ask the CIO. “What it means is you’re much better positioned now to do the hard things that you had to do and that we hadn’t even contemplated telling you to do yet. DHS, at the time that I left, was just publishing this really groundbreaking architecture that lays out what the hard parts actually are and begins to attack them. And frankly, it’s all about the data pillar.”

The data pillar of zero trust is among the toughest ones. Agencies have spent much of the past two years focused on other parts of the architecture, like improving their cybersecurity capabilities in the identity and network pillars.

Yeske, who now is a senior solutions architect federal at Virtru, said the data pillar challenge for DHS is even bigger because of the breadth and depth of its mission. He said between the Coast Guard, FEMA, Customs and Border Protection and CISA alone, there are multiple data sources, requirements and security rules.

“What’s different about it is we viewed the problem of zero trust as coming in broad phases. Phase one, where you’re just beginning to think about zero trust, and you’re just beginning to adjust your approach, is where you start to take on the idea that my network boundary can’t be my primary, let alone sole line of defense. I’ve got to start shrinking those boundaries around the things that I’m trying to protect,” he said. “I’ve got to start defending within my network architecture, not just from the outside, but start viewing the things that are happening within my network with suspicion. Those are all building on the core tenants of zero trust.”

Capabilities instead of product focused

He said initial zero trust strategy stopped there, segmenting networks and protecting data at rest.

But to get to this point, he said agencies too often are focused on implementing specific products around identity or authentication and authorization processes.

“It’s a fact that zero trust is something you do. It’s not something you buy. In spite of that, federal architecture has this pervasive focus on product. So at DHS, the way we chose to describe zero trust capability was as a series of capabilities. We chose, without malice or forethought, to measure those capabilities at the organization, not at the system, not at the component, not as a function of design,” Yeske said. “Organizations have capabilities, and those capabilities are comprised of three big parts: People. Who’s responsible for the thing you’re describing within your organization? Process. How have you chosen to do the thing that you’re describing at your organization and products? What helps you do that?”

Yeske said the third part is technology, which, too often, is intertwined with the product part.

He said the DHS architecture moved away from focusing on product or technology, and instead tried to answer the simple, yet complex, questions: What’s more important right now? What are the things that I should spend my limited pool of dollars on?

“We built a prioritization mechanism, and we built it on the idea that each of those capabilities, once we understand their inherent relationships to one another, form a sort of Maslow’s hierarchy of zero trust. There are things that are more basic, that if you don’t do this, you really can’t do anything else, and there are things that are really advanced, that once you can do basically everything else you can contemplate doing this. And there are a lot of things in between,” he said. “We took those 46 capabilities based on their inherent logical relationships, and we came up with a prioritization scheme so that you could, if you’re an organization implementing zero trust, prioritize the products, process and technologies.”

Understanding cyber tool dependencies

DHS defined those 46 capabilities based on the organization’s ability to perform that function to protect its data, systems or network.

Yeske said, for example, with phishing-resistant, multi-factor authentication, DHS didn’t specify the technology or product needed, but just the end result of the ability to authenticate users using multiple factors that are resistant to phishing.

“We’re describing something your organization needs to be able to do because if you can’t do that, there are other things you need to do that you won’t be able to do. We just landed on 46, but that’s not actually all that weird. If you look at the Defense Department’s zero trust roadmap, it contains a similar number of things they describe as capability, which are somewhat different,” said Yeske, who spent more than 15 years working for the Navy and Marine Corps before coming to DHS. “We calculated a 92% overlap between the capabilities we described in our architecture and the ones DoD described. And the 8% difference is mainly because the DHS one is brand new. So just understanding that the definition of each of these capabilities also includes two types of relationships, a dependency, which is where you can’t have this capability unless you first had a different one.”

Yeske said before he left DHS in July, the zero trust architecture and framework had been approved for use and most of the components had a significant number of cyber capabilities in place.

He said the next step was assessing the maturity of those capabilities and figuring out how to move them forward.

If other agencies are interested in this approach, Yeske said the DHS architecture should be available for them to get a copy of.

The post Yeske helped change what complying with zero trust means first appeared on Federal News Network.

© Getty Images/design master

This week on the GeekWire Podcast: Why is Amazon laying off 14,000 people in the middle of an AI boom — and is it really a boom at all? We dig into the contradiction at the heart of Seattle’s tech scene, discussing Amazon CEO Andy Jassy’s “world’s largest startup” rationale and what it says about the company’s culture and strategy. And we debate whether AI progress represents true transformation or the familiar signs of a tech bubble in the making.

Then we examine the vision of Cascadia high-speed rail — the ambitious plan to connect Portland, Seattle, and Vancouver, B.C., by bullet train. Is it the regional infrastructure needed to power the Pacific Northwest’s next chapter, or an expensive dream looking for a purpose?

With GeekWire co-founders John Cook and Todd Bishop

Related headlines from the week

Amazon layoffs

• Amazon confirms 14,000 job cuts, says push for ‘efficiency gains’ will continue into 2026
• A tale of two Seattles in the age of AI: Harsh realities and new hope for the tech community
• Filing: Amazon cuts more than 2,300 jobs in Washington state as part of broader layoffs
• Amazon layoffs hit software engineers hardest in Washington
• Amazon layoffs reaction: ‘Thought I was a top performer but guess I’m expendable’
• Amazon CEO says massive corporate layoffs were about agility — not AI or cost-cutting

Amazon earnings

• Amazon stock soars 11% after topping Q3 estimates with $180B in revenue, $21B in profits
• Amazon’s Anthropic investment boosts its quarterly profits by $9.5B
• ‘Big Beautiful’ tax benefit: Amazon and other tech giants reap the rewards of new law, for now

Microsoft Azure, earnings and OpenAI

• Microsoft’s Azure reports cloud outage, disrupting global customers including Alaska Airlines
• Microsoft beats expectations, reports nearly $35B in Q1 capital spending amid Azure outage
• Microsoft gets 27% stake in OpenAI, and a $250B Azure commitment

Seattle-Portland-Vancouver

• Slowly but surely, high-speed rail backers believe Cascadia mega-project will become a reality
• Cascadia’s AI paradox: A world-leading opportunity threatened by rising costs and a talent crunch
• The ‘enormous barrier’ that threatens economic growth in the Pacific Northwest
• Beta’s unique electric airplane flies into Seattle to wow state officials and aviation experts

Subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen.

From empty offices in 2020 to AI colleagues in 2025, the way we work has been completely rewired over the past five years. Our guest on this week’s GeekWire Podcast studies these changes closely along with her colleagues at Microsoft.

Colette Stallbaumer is the co-founder of Microsoft WorkLab, general manager of Microsoft 365 Copilot, and the author of the new book, WorkLab: Five years that shook the business world and sparked an AI-first future, from Microsoft’s 8080 Books.

As Stallbaumer explains in the book, the five-year period starting with the pandemic and continuing to the current era of AI represents one continuous transformation in the way we work, and it’s not over yet.

“Change is the only constant—shifting norms that once took decades to unfold now materialize in months or weeks,” she writes. “As we look to the next five years, it’s nearly impossible to imagine how much more work will change.”

Listen below for our conversation, recorded on Microsoft’s Redmond campus. Subscribe on Apple or Spotify, and continue reading for key insights from the conversation.

The ‘Hollywood model’ of teams: “What we’re seeing is this movement in teams, where we’ll stand up a small squad of people who bring their own domain expertise, but also have AI added into the mix. They come together just like you would to produce a film. A group of people comes together to produce a blockbuster, and then you disperse and go back to your day job.”

The concept of the ‘frontier firm’: “They’re not adding AI as an ingredient. AI is the business model. It’s the core. And these frontier firms can have a small number of people using AI in this way, generating a pretty high run rate. So it’s a whole new way to think about shipping, creating, and innovating.”

The fallacy of ‘AI strategy’: “The idea that you just need to have an ‘AI strategy’ is a bit of a fallacy. Really, you kind of want to start with the business problem and then apply AI. … Where are you spending the most and where do you have the biggest challenges? Those are great areas to actually think about putting AI to work for you.”

Adapting to AI: “You have to build the habit and build the muscle to work in this new way and have that moment of, ‘Oh, wait, I don’t actually need to do this.’ “

The biggest risk related to AI: “The biggest risk is not AI in and of itself. It’s that people won’t evolve fast enough with AI. It’s the human risk and ability to actually start to really use these new tools and build the habit.”

Human creativity and AI: “It still takes that spark and that seed of creativity. And then when you combine it with these new tools, that’s where I have a lot of hope and optimism for what people are going to be able to do and invent in the future.”

Audio editing by Curt Milton.

Subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen.