Keith Nakasone, a federal strategist with VMWare, recently participated in the latest Executive Spotlight interview for ExecutiveBiz covering the former GSA official’s move to VMware, the importance of cyber hygiene, CMMC’s certification guidelines as well as the impact of artificial intelligence and machine learning on recent cybersecurity challenges.
“These are the things that we have to address and examine our current processes as well as look at our cyber infrastructure and the processes that have been developed over time. We have to definitely look at improving our cybersecurity framework and supply chain from an enterprise-wide level.”
You can read the full Executive Spotlight with Keith Nakasone below:
VMware IT Solutions
ExecutiveBiz: Following your tenure with GSA, what excited you most to work with VMware as a federal strategist? What can you tell us about the company’s work to advance IT solutions and cloud adoption in government, education and healthcare in the federal sector?
“From a technology perspective, one of my passions is the delivery of cloud solutions. IT modernization has become a major movement within the federal government and one of the key areas of focus has been the cloud strategy and having the opportunity to work for VMware to further the adoption of cloud solutions within the public sector.
The company has a great platform that enables the innovation journey together from multi-cloud to hybrid cloud environments in order to modernize and develop a holistic security framework and have the ‘freedom of choice within a true multi-cloud solution.’
One of the key takeaways that we learned from the pandemic was that the government’s acquisition process should be more flexible, agile and resilient in acquiring information technology.
As I looked to join VMware, it was clear that the company’s strategy fits perfectly with the goals and work within government IT acquisitions. The ability to continue with my goals and incorporate innovative cloud solutions was a perfect balance for me to climb aboard.
Another thing that VMware does so well is DevSecOps. The company has the solutions that we work to establish from a partnership and collaborative environment. From adapting and adopting the best practices as well as delivering cloud innovative capabilities in a more efficient and effective way.
In this sector, a lot of business challenges can be solved with IT cloud solutions through the DevSecOps process. By assessing the entire enterprise and portfolio and identifying business challenges, organization’s cloud strategy, data governance, and taking a deeper look at interoperability capabilities to build those solutions in an agile way for the company’s acquisition solutions to align with the technology. There are instances where gaps exist between procurement solutions and technology.
One of the things that I hope to bring to the table is building that bridge so that technology fits with VMware’s delivery models, in a way that allows agility, flexibility through innovative procurement solutions. This will allow us to provide more flexibility in delivering the cloud solutions incrementally and over a period of time.”
Cyber Hygiene & Compliance
ExecutiveBiz: As cyber hygiene and compliance become necessities for federal agencies and organizations, what can you tell us about the importance of cyber hygiene and security as it promotes greater accountability and accuracy of our processes and data?
“One of the things that we all recognize is that there has been an uptick in the number of recent cyber incidents. From a government perspective, we need to ensure that we can protect the data as much as possible. It’s not just about protecting data at rest, but we also need to focus on data in transit to the edge devices.
As we push that capability further and as we begin to incorporate business processes with edge solutions, the private and public sectors should come together to help address the shortfalls that we’re seeing within our nation’s cybersecurity framework.
When we start talking about the Internet of Things (IoT) and we look at these devices from a security perspective, we know that billions upon billions of devices are going to be on the Internet at any given time. At the same time, we’re also talking about sensors. As the sensors supply data and information, we should be assessing at what can be done to secure our data.
These are the things that we have to address and examine our current processes as well as look at our cyberinfrastructure and the processes that have been developed over time. We have to definitely look at improving our cybersecurity framework and supply chain from an enterprise-wide level.”
Visit ExecutiveBiz.com’s Executive Spotlight Page to learn more about the most significant leaders of consequence to the government contracting (GovCon) and federal sectors and their experiences driving growth, new business and capabilities in the fiercely competitive federal landscape.
Supply Chain Risk Management
ExecutiveBiz: What can you tell us about CMMC’s certification guidelines, how it will benefit companies of all sizes and improve our advancement in areas like supply chain management and cybersecurity?
“Prior to the establishment of CMMC, not all procurements for IT required a ‘supply chain risk management plan.’ A holistic continuous process model to verify, validate, comply then certify for cybersecurity and supply chain risk management (C-SCRM) should be adopted as a part of the overall ecosystem.
From a CMMC perspective, we begin to talk about the value and benefits. We have to educate the workforce as well as assess the current processes. It’s not just about educating the public or private sectors and continuing the active engagements, we need to build the security aspect into our business decision-making processes.
Moving forward as we have roundtable discussions about IT solutions or anything on the business development side, we have to improve the overall security framework as well.
We discussed the security framework and being a part of the overall build earlier. VMware is taking a holistic approach to security as we continue to build multi and hybrid-cloud solutions.
CMMC is going to be an adjustment and a journey for within the federal landscape. It isn’t going to be a one-and-done certification framework. . It will be evolving over time, especially as the Department of Defense (DoD) continues to assess the landscape and determines what is the ‘art of the possible’ and how the program will work to be managed and sustained in the future. Industry engagements and meaningful discussions will yield better outcomes in the near term.
I hope to see if there is still a certification process because we all know that the legacy processes that have been built in the past are not sufficient within the government. This will help improve the whole framework to address cybersecurity along with addressing supply chain risks.”
Artificial Intelligence and Machine Learning Benefit
ExecutiveBiz: From a perspective of cybersecurity and other emerging technologies, how will artificial intelligence and machine learning benefit and drive improvement in the public sector for federal organizations in the future?
“From an artificial intelligence and machine learning (AI/ML) point of view, there’s so much room for adoption and great opportunity ahead. For something like a natural disaster event, you want employees handling more complex tasks and actions rather than the repeatable processes that can be performed with AI/ML. As events become more complex, the use of AI/ML should enable the employees to access and process information more efficiently and effectively.
We’re still learning how to leverage data and the analytics process within the organizations to make better strategic and informed business decisions that artificial intelligence can perform in the future. The adoption of AI/ML should be a phased approach while addressing the workforce’s upskilling/reskilling requirements, potential process changes and the technology tools to deliver desired business outcomes.
I think that there is more work to be done. We need more proof of concepts, pilots and the ability to ensure that we can address AI ethics and principles accordingly. Minimizing biases within artificial intelligence and making sure that we have some kind of accountability processes and controls, as well as proper oversight to implement these capabilities.”