In case you missed it, Excella Principal Fellow, Doguhan Uluca, and Senior Engagement Manager, Keith Mealo, sat down with long-time govtech reporter John Gilroy on the Federal Tech Podcast where he meets weekly with industry leaders to discuss all things related to federal IT. In this discussion, Doguhan, Keith, and John covered a wide variety of topics from compliance to cybersecurity to AI.
Here’s are just some of the highlights from their in-depth discussion:
FISMA High Impact and FedRAMP
John, Doguhan, and Keith kicked off with a discussion about the Federal Information Security Modernization Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP), initiatives that help ensure a baseline level of security within the federal government. Security is a top priority for Excella, and Keith highlighted the company’s strict compliance with FISMA high-impact principles to ensure security across federal organizations:
“With our clients in the national security market, we’re doing a lot of custom code development. With FISMA high-impact systems, there are a lot of principles that we need to meet. I believe there is an excess of 700 different security controls. We need to build to those FISMA high-impact settings for anything that comes through the door – whether it’s an off-the-shelf implementation or if it’s a custom code delivery. And we’re also looking into building compliance to those security requirements in our AI and data analytics offerings as well, so if there are data processing systems that are happening within the government space, we are applying FISMA principles to them as well.”
AI Assist Tools
With the rise of AI assist tools like GitHub Co-Pilot and ChatGPT, John was curious how these advancements can impact software developers and the tech industry as a whole. Using AI to generate code may seem convenient, but it comes with a number of security risks. According to Keith and Doguhan, developers must remain vigilant and double down on security in this new age of technology.
Zero trust is becoming the preferred approach to security throughout government and the private sector. John asked Doguhan how organizations can approach the zero trust framework and whether it really works. Doguhan pointed out that some organizations have an easier time adopting zero trust than others.
“Moving to zero trust is an attitude that needs to be shared across the organization. And it is impossible without the right enterprise-level software available to everyone at the organization. It is easier to implement in newly-built greenfield systems,” says Doguhan.
Excella’s Drastic Growth and Delivering with Impact
Excella has experienced record growth in recent years, adding more than 130 employees in 2022 alone and expanding operations to New Orleans, Louisiana. Doguhan and Keith believe the company’s success is a result of its agility, its commitment to deliver real, impactful solutions for customers, and its one-of-a-kind teamwork and company culture.
“At Excella, we’ve been on the forefront of Agile since day one. It is always shocking to people who join Excella just how agile we are to the bone. Being able to iterate and push forward relentlessly is one of the keys to our success. One of the core tenants of the way we work is speed to value. We deliver value faster than others. And I’m not saying we deliver technology faster than others. We deliver value faster than others. It’s really important to distinguish between those two things,” says Doguhan.
The Next Five Years
To wrap up the show, John asked Doguhan and Keith what they anticipate the next five years in the software development space will bring. Keith spoke to the impact contract language has on ensuring government agencies meet security goals and mandates.
Keith: “There have been a lot of executive orders and presidential memos that have come up recently. This has prompted folks to take a look at contract language. And I’m getting a feel that there will be an across the board update to contract language, which will be mandating zero trust principles. […] I also see the government looking outside of top-down regulation. ”
Doguhan predicted that the next five years will bring more legislation, with the federal government putting a higher emphasis on implementing secure systems and cracking down on bad code.
Doguhan: “More legislation. From my perspective, software development is still having its wild west moment. It’s where civil engineering was in the early 1900s or late 1800s. And today, it’s unacceptable, if not criminal, to build a bridge that will collapse and kill people. And it is extremely scary, the systems that we rely on are built with very little checks and balances. There is no personal responsibility and we need to get to a place where we treat software engineering as seriously as civil engineering or architecture. And perhaps at the state level we need to start certifying folks and there needs to be consequences to delivering bad code.”