N.W.O.W. with Jamie Holcombe, Chief Information Officer at USPTO

Carolyn:

Welcome to Tech Transforms, sponsored by Dynatrace. I'm Carolyn Ford. Each week, Mark Senell and I talk with top influencers to explore how the U.S. government is harnessing the power of technology to solve complex challenges and improve our lives.

Carolyn:

Hi, welcome to Tech Transforms. I'm Carolyn Ford here with my co-host Willie Hicks. And today we get to welcome a guest that honestly, every time I hear this guy speak, he makes me laugh out loud and that's saying something for a government speaker. I'm just going to say there. So today we have Jamie Holcombe, CIO of the United States Patent and Trademark Office, and he's going to give us some insights on the USPTOs groundbreaking journey to zero trust and the benefits agencies can receive through cross sector collaboration. Welcome to Tech Transforms, Jamie.

Jamie:

Carolyn, thank you so much for having me and it's an honor to be with Willie Hicks again, I always love speaking with him and I'm looking forward to the ensuing discussion because I'm sure it's going to be thought provoking.

Carolyn:

I totally agree. I always love when I get to have time with Willie Hicks, so it's like double treat from you today. So let's just start with zero trust. You often speak about the importance of zero trust for agencies and at operational warp speed. First of all, I love that, warp speed. Let's just set the stage here and tell us what zero trust is for you and why it matters.

Jamie:

Sure. The whole thing about zero trust is it's more of a philosophy to get us out of the old moat and castle defense in depth posture that we have all built up over the last 40 and 50 years. So whenever you're trying to change the culture or the mindset or the thoughts, the way you think about things, it's a very difficult proposition. You have to actually have concrete examples in order to make the philosophy at least understandable, if not executable, right? There's a whole strategy and then there's the tactics. Our strategy is to move from defense in depth into zero trust. Okay, what the heck does that mean? And so one of the things I want to make sure folks know, I speak for myself, my views are my own, and they do not necessarily represent the United States Patent and Trademark Office, but I am going to tell you a lot of things that we're doing and if you have any problems in discerning which is my philosophy and which is that of the United States government, I'll make sure, please ask me and I'll put that demarcation right in there.

Jamie:

Okay, so first off, what is zero trust? I love the way that it's been portrayed as the five pillars and the five pillars have the thumb as the beginning, and I call that the user, the user pillar, and that's one of the most mature pillars that we talk about. But let's go down the five first and then we'll go back. So we have users as your thumb. The pointer finger, I say, what do users have? They have applications. So the one is application the pointer finger. Then you have the middle finger. What do applications need? They need data and data is the middle-

Carolyn:

I'm sorry. Go back to the thumb. When you say the user, are we talking about the practitioner or are we talking about me, the end user?

Jamie:

Both.

Carolyn:

Okay, thank you.

Jamie:

Any user, anyone who uses a computer and including other computers. Ooh, that's an interesting concept. Well, we'll hit that in a little minute. So you got users, number one. Then the pointer finger, you've got applications and applications need data. That's your third pillar. Data needs to go over networks. That's your fourth pillar. And your fifth pillar networks are composed of devices and each of the five pillars in zero trust, there are different levels of maturity that your organization will be at in the journey towards zero trust. So often we just concern ourselves with the user and that's very, very important but it's not the only one. We have so many things about identification of the user, the authentication, the verification of the user. We have multi-factor authentication, we have so many other things but how about the fifth pillar and your devices?

Jamie:

How often do we think about the identification of those devices and whether or not they've been authenticated? One of the biggest hacks you could have is for someone to be an imposter and spoof that they're actually a server when they're not, so how are you protecting the identification and authentication of those servers? And there's a lot of new technologies that are coming out to create a good session between the user and the device. And you really need to think through all those pillars in order to get that session going and what trust you have. Because remember, it's not zero trust, it's the minimum trust required to get a transaction completed. There's a demand and there's a supply, there's a request and there's a response. So one of the things we have to do in our maturity is figure out where we are in each of those pillars and then mature out.

Jamie:

There doesn't seem to be a sense of urgency towards your talk about operation warp speed. We need to operate with a sense of urgency. And everybody thinks that, "Oh wait a second, we got our users down," but how about your devices? How about your data? That third pillar. Of course, you're going to encrypt a motion. Whenever you're sending things across the network. You have SSL, you have secure sockets, you have the ability to encrypt and decrypt those messages over long strides. But how about the data at rest? Are you encrypting it? And if you are encrypting data at rest, what are the performance hits that you're taking because you have to decrypt it before you use it. And also in that third layer of data, there's a new item out there called encryption in use and that's an interesting concept that we can talk about a little later. But I wanted to get back to the whole sophistication, the journey, the maturation and the sense of urgency.

Jamie:

You need to kick your staff, as far as IT goes, into operations to figure out where your maturity is along each of those pillars and then proceed to the next maturation point. You need to mature along all the accesses or you're going to be left behind.

Willie:

So I do have a question for you, Jamie. When you're speaking of the end user, because that user like you very aptly put forward there, it could be a real user, it could be a non-person entity, it could be any number of items. And we're kind of really focused on that. How do you see with zero trust in these new frameworks that the impact to the end user, whatever that might be, a device or whatever? I've heard from some, concern, which I don't think is a really a concern, but I'm curious from your perspective, if user usability will be impacted. Do I have to reauthenticate every time? Is it going to impact me from all of this check and recheck? Is it going to make my experience any worse or will it get better? If that makes sense.

Jamie:

Oh, it makes a lot of sense because you're talking about the customer experience at this point, whatever that customer or user is, are they continually having to put their multifactor authentication back in? Now, when you think about that, the way I sell it to my users is it depends upon the application, it depends upon the data. Why? Well, if you're leaving your financial information in your bank account out in the open for more than 30 minutes, your bank actually cuts that off and there's a reason. They don't want your money to be stolen. And in the same regard, you have to look at your data that you're using. If it's something you don't care, maybe it's a Facebook post or some type of social media or TikTok video, well, it doesn't matter. I don't want to reauthenticate. But if it's something like your crown jewels, all your stocks, and your portfolio, well you have to reauthenticate, especially if there's been no action.

Jamie:

Now, of course, one man's garbage is another man's treasure and so a lot of times people just like they over classify documents, a lot of times you over authenticate, you overs secure something that really doesn't need to be, and you should have a look at what you're calling secure versus what's not secure and put your user in that place.

Willie:

Perfect.

Carolyn:

I had a question as you were talking about the user in zero trust, and you may have already answered it for me, but you might have to just make it a little more simple for me. When you are working on your zero trust architecture, do you consider the user experience meaning me. Meaning me sitting at my house trying to find how to renew my passport, which I just had to do and it wasn't as easy as it should have been. Do you consider the user experience while you're building a zero trust architecture or does that not really have a place in the zero trust planning?

Jamie:

Oh, it definitely has a place. You have to consider the whole user experience because if you don't, you're going to put things in there that are just untenable. Nobody's going to accept it and then you're going to have resistance for use. And you've got to remember, whenever you're changing a person's way to go about business and asking them to do something else, the resistance will be large. So the more you can overcome the resistance, the more acceptable those applications will become when you change them. It's really a selfish reason why you're considering the customer experience. You're actually being selfish because you want your applications to be accepted by the user so you need to take their selfish, greedy, requirements into account and then we can all get together and make these things happen. But if you don't have a good perspective and negotiate a balanced understanding of where security comes and where it goes, then that's not good. Because if everything's got to be secure and got to be locked down like Fort Knox, you're not going to get ahead. It's just not going to work.

Willie:

So kind of feeding into that, and I don't want to go too far afield here. But since we're talking about how we create zero trust architecture and how you're implementing your frameworks, this seems like a pretty complex undertaking, right? There's a lot of thought, a lot of planning, a lot of strategy, and to your point, you know, you don't buy zero trust. It's not like a piece of software. This is a framework and architecture. And I remember speaking to you several months ago on a similar topic and you brought up this idea of, and I really kind of held onto this in my brain around an Agile approach to security and into building out your security architecture. Is this a similar approach? You're taking to zero trust instead of just trying to plan, and plan, and plan, and put all of these plans in place and not actually making anything actionable? Are you taking an iterative approach to your design?

Jamie:

Yes, I am. So much so we changed the entire way that the USPTO tackles work. We, in fact, eliminated the Project Management Office. Now, for a government agency to eliminate the PMO is like, that's sacrilege. "Oh my gosh, how are you going to actually manage?" Well, what we did was created a product management organization. "Oh, you're just changing the names. Come on." But that's not true. We went from managing every project with an IT leader to managing all of our products with a business owner and we had over 200 projects. Now, we have only 30 some odd products and those 30 products are spread across four product lines so you must belong to something, you can't just be everything. So we used to have the shared services which supplied everything to everybody. That doesn't work. You need to have a focus and a mission.

Jamie:

So every product team then is run by a business owner and an IT leader. They also have the ability for an integrated project team, such like finance, procurement, you have your law and your legal, so there's so many different elements within a product team. We call it DevSecOps as well. No longer does the development team just throw it across the wall to the ops team to figure out and run. If you make it and break it, you're going to fix it. And so we have a lot of operations and maintenance that are coming from those same developers. They have to support DevSecOps, development, security, and operations all on one team. So it's an integrated team and when you look at it like that and have a mission, those teams continue. They either are born and they die, because the natural level of a product, you don't need it anymore, or they stay in operations.

Jamie:

And when you consider our four product lines, patents, number one. Number two, trademarks. Number three, back office business. And number four, you have the underlying IT infrastructure, IT shared services. Those are four areas in which you have about seven or eight products in each of the product lines. And in that way you have a hierarchy, but everything is pushed down and accountable. So now you have the IT folks coming in and giving guidelines and guardrails, not set architectural standards. And all of the products need to work together in order to have a patent awarded. For example, you have to have search, you have to have examination, and you have to have office actions and you have to have review, so there's all these different products within that product line that need to work together, but not necessarily on the same platform. They can actually have different platforms but if you show people then why it's advantageous to use shared services, for example, the portal, you shouldn't ask your user to come in and do a different portal every time, and yet that's what a lot of government agencies do.

Jamie:

So we're trying to make these things integrated such that we use the customer experience to our advantage and make it more secure as we're building it out. Did that answer your question?

Willie:

And then some, because I find it fascinating. It's almost like you're running a software development business as much as you're running agency. It's fascinating.

Carolyn:

Well, I would really like, and this might be too tall of an order, but I would like if you could talk about where you are in your zero trust journey. Where you began, where you are, and then really tall order, do you share any of this framework for other agencies to leverage what you guys have built?

Jamie:

Sure. I love that because that's telling a story, right? So where were we? We were very much like a lot of other government agencies when I first got here, now four years ago. We were very immature from a zero trust perspective, but very mature on a defense in depth philosophy. And if you think about-

Carolyn:

You mentioned this before and I'm derailing my first question, but I want some clarification when you said move out of defense in depth to zero trust. So we don't use that term anymore, defense in depth? I guess my question is what is the difference? Why do you say we've moved away from defense in depth to zero trust?

Jamie:

When you look at the way we are operating, many times what happens is when you set up your architecture for users and examiners, now remember I've got two ends of the spectrum. I've got applicants who are users and I've got examiners who are users and they're all coming into the one headquarters or the one server farm. And that architecture is very hub and spoke. So in essence, it was a defense in depth. If you could get in over the moat and over the walls and you got into the inside, you were assumed to be good to go and you could go around and do what you needed to do. That's the old way to look at things. When you look at Edward Snowden and how he was able to laterally move across all of the areas because he was inside the castle and he had access to all these things he shouldn't have had access to.

Jamie:

So now what we're doing is we throw that model away and we say each and every transaction that you occur, you need to have your own security and your own trust for that session. You need to be authorized and authenticated for doing that. For sitting at Sir Lancelot's table, you need to make sure you had that ticket to that dinner and if you don't have that ticket, you don't get in. I'll make it clear we're using Okta, which is across the internet for securing our sessions instead of having to come back home all the time. You don't have to phone home to get your work done. You can do it out on the larger internet and create those sessions of trust. So that's what I mean when I'm saying that.

Carolyn:

Very helpful. I'm going to stop saying defense in depth. All right, so back to your story where you guys started four years ago.

Jamie:

So like many other government agencies, 30-year-old technology, we have to break the cycle because if you continue on this path, you will get hacked. There's no doubt about it just because its old technology. And so because of that, we had to modernize our resources to bring them up to speed, and in doing so, overcome our vulnerabilities that are known. It's well known, all these different items with all these different old operating systems, old servers, old way to do business. And so what we characterize things is the new ways of working and we call it N-W-O-W, NWOW I'm going to trademark it someday. Anyway, with the NWOW, with the new ways of working, it gives everybody the ability now to say, just because we did it in the past, we don't need to keep doing it in the future. Hey, if it works, do it, But if it's inefficient, if it's slow, if it's costly and it takes too many people to do it, stop it.

Jamie:

Question the status quo, challenge it, make it better. Take that 10 point checklist and make it seven points. Because remember, SOP, standard operating procedures and checklists are only those for people that don't know what they're doing. If you know what you're doing, you know what shortcuts you can take, you know how to make it more efficient. You don't have to follow that checklist all the time. That's just for those people who don't know what they're doing and how to do it best. And it's funny because when you have that attitude then, what you can do with security is actually get to the base problem of how can this guy fool us after we've authenticated him, after we've done all these things, how can they still get in?

Jamie:

Why is this happening? And you can get to the base layer and make a tactical decision on, we've got to plug that hole. We know we have a lot of vulnerabilities. Look at Log4j. One of the things about Log4j is it's an apparent open window, right? I mean everybody's using it, but who's going to come into the attic window that it's open? Well they can and a lot of them are doing it so now we have to close our attic windows and make sure it's clear. We had no view into that before putting the accountability down with each of the product teams. It's all about knowing what you've got before you can fix it. So that's another thing. Accountability has to push down and you can't expect one person to know 20 systems. Heck, we had, I think it was one to 20 was the worst incident that I remember because it's like you're responsible for 20 systems. How do you even know where the data inputs and outputs are?

Jamie:

You have to get people who are responsible at that tactical level to understand the ins and outs and then understand the vulnerabilities that they have. Without that accountability, you really can't fix anything.

Willie:

the administration published: 14028

Willie:

This has been something that's been on the agenda for some time so if you could maybe just speak to that too. Nothing against the administration. I know it's an important EO, but it's not that zero trust just appeared out of nowhere.

Jamie:

Of course, it didn't. Right? We all know of these new cyber incidents and as a response to the enormity of the problem, and I think the realization now by different social media aspects that things are not as secure as we think they are and, therefore, you really do need to have an extra emphasis on cyber hygiene. You need to personally be aware of and take care of things. And so I think that was what prompted the executive order. But way before the executive order, we were always thinking about moving to that next level because we were coming out of our shells. We were now going into the internet, just like the commercial realm is doing and has done over a decade. They've already made all this progress and yet the federal government, because it's trying to save money and do things with what it got, not what it needs to have.

Jamie:

It's very difficult to modernize when you're modernizing on the least amount of money you have. And so because of that, I think a lot of systems have gone stale. They're vulnerable, and so you need to modernize that. We've been doing this for five, 10 years now and the fact that the cybersecurity order came out, executive order, is fantastic. It just gives us more leverage and more authority to make the changes that need to be changed and have the attention of the C-suite to the point where look, you know, you don't want to be breached, and if we don't do these items, then we will be breached eventually. The thing is, everybody hears it, but nobody believes it and it's only when it happens that you really get sensitive and all it takes is one to get it done. So you really have to say that not everything is the sky is falling, but you need to put things in categories.

Jamie:

I always do red, yellow, and green and you have to really make sure that your executives understand what those red assets are, what the real jewels, the crown jewels, what you need to protect like Fort Knox. Then you need to describe also what's the middle layer, the yellow items that you need to protect or also get out of hand. Your private information, your business information, things that would reveal your privacy and so forth. And then the green information is what can go out in the public. Now you don't want it to be defaced. You put up a website that looks really great and then somebody puts all this terrible graffiti on your website. Well, that's not good either, but it's green information. You're not going to make sure that it's put on Fort Knox because it's open to the public, but you have to be able to clean it up and so forth.

Jamie:

So those are the three categories and classes that I try to make sure everybody understands and you need to have the appropriate behaviors or actions for each of those classes in order to protect and I think a lot of people forget that not everything needs to be protected.

Carolyn:

As you started your zero trust journey, did you tackle all five pillars in parallel or are you ticking them down?

Jamie:

Well, there's no way you can tick them down because you have a unified front, right? And if you don't address one of the layers, you're going to get hit. So you have to take an inventory of where you are in each of the five pillars, then determine your biggest weakness. I think a lot of people spend too much time on the user pillar and they say, "Multifactor authentication is the way we're going to solve our issues. We've implemented multifactor. Woo hoo, we're good to go." Well wait a second. How about all the hackers who are getting in with Log4j or other types of areas where it has nothing to do with users or authentication. You have to have a good maturity on all five pillars. The thing is, the industry is not very mature in certain areas. Application security used to be a big buzzword and now people are coming away from that because they understand if everybody has a different way to secure an application, then none of the applications will work together.

Jamie:

Now that's the buzzword. When you have applications working together, that's called an API or an application programming interface. I believe, personally, Jamie Holcombe, that one of the largest areas of vulnerability is releasing your applications into the cloud and assuming that the APIs are tightened down, they can't be exploited. API integration is a Wild West out there with all the different cloud service providers. Buyer beware. Make sure whenever you're using that service for cloud, that those APIs are locked down and that they can't be breached. So that's another area but you have to have maturity in all five pillars. Notice where you are most weak and then hit that one because you need to come up on your maturity in all areas, not just one or two.

Willie:

If I could follow up on that, just from an industry standpoint, because I think we've talked about this in the past too, about public private partnership and how industry can work better with the public sector. So you mentioned that APIs, you see APIs as a place maybe where we can see some improvement. Where else do you think industry could improve to help agencies from a security standpoint, zero trust, whatever it might be? How can we help the federal government?

Jamie:

I do believe that the networking pillar is probably the most mature pillar there is with security. Everybody knows that you have to encrypt https, right? Secure socket layers, woo hoo. We're good to go on the network there. User, I think everybody is very sensitive to the user authentication and how to do it. ID.me, there's one out there. There's so many others. We're using login.gov so that's all the user areas. Now when you look at the application and APIs, as you said, I do think that's the third area that you could look at to improve and actually on the API space to ensure that there's security around that API. When you look at the third layer with data, you've got the whole data at rest, data in motion, and then data in use. I believe the data in use needs to mature more because the offerings I don't believe are there. They're just not proven yet.

Jamie:

Now encryption use can occur at two layers, I believe. You can have the OS layer and you can have the database layer. And in those encryption and use technologies, instead of encrypting all of your data fields, what they're doing is they're encrypting the indices. In order to get to the data, you have to decrypt the indices in order to get access to that one point. No decryption, no access. That cuts down on the performance, which I think is great because if you encrypted all the data you have to take that performance hit in bringing the data back and using it in your application. The other way to do it is at the file layer and you actually encrypt and decrypt the file references or the links to the actual file stores in your disc drives and so forth. That's another OS way to do the same thing about encryption and use. Without the decryption for those links, you'll never get to the actual file to bring in. So those are the areas I think that we can improve upon and create a more mature zero trust environment.

Willie:

Excellent, thank you.

Carolyn:

I think you already answered this question. You actually just recently announced that you were doing the encryption in use status, right? Like November.

Jamie:

We're doing encryption in use pilots.

Carolyn:

Okay.

Jamie:

Just like I was saying before, if we have Fort Knox, we're not going to bet the farm on some new technology that's not proven. So what we'll do is we'll put it into a proof of concept and there's really three stages for that proof of concept. There's the prove it out that it works, that it actually gives you the benefits that you're thinking and whatever the cost may be. And the second part is then scaling it up because just because it works in the small does not mean it'll work in the large, especially across the enterprise. And once you have that, then you deploy into operations, not until you prove it can scale will you really deploy it across the board. And so you have those three areas. You have start it out pilot, second is scale it, and then third is operations deployment into ops.

Carolyn:

You're in the pilot phase right now.

Jamie:

We're pretty much in the pilot phase. That's right.

Carolyn:

Okay. So all of this methodology that you've shared, do you make this framework available to other agencies or do other agencies come and ask you for it, I guess?

Jamie:

Yes. All true.

Carolyn:

Would you share it with them?

Jamie:

So if you didn't know, the copyright office is actually part of the legislative branch over in the Library of Congress, and we have a very tight relationship because we're part of the intellectual property layers. We have patents, trademarks, copyright, and trade law. So we, of course, are the Patent and Trademark Office. The Copyright Office is over the Library of Congress. And finally, Trade Law is conducted by the FBI. Like if somebody steals your secrets, you get the FBI involved and you sue them, you go to court. So those are the four pillars of intellectual property. And in essence, we have a very tight relationship with the Copyright Office. We, in fact, have a lot of people that come and go back and forth between the two agencies. So Shira Perlmutter actually used to work here at the Patent Office when I was here, and she is now the Registrar of Copyrights.

Jamie:

We have provided base code for her to use the same portal that we've created called MyUSPTO. She can use MyCopyright. And that's the things that need to happen more often across the government because why pay all these contractors to do the same thing? We don't need to do that. So yes, I have an open door and yes, I promote, and yes, people ask. So I will give it all out because that's what we need to do. We need to help the taxpayer and the fee payer get better in America.

Carolyn:

Fantastic. I love that answer. So time's beating us Willie. I'm going to give Jamie the last word, but do you have any other last questions for Jamie before we go to our Tech Talk questions?

Willie:

Well, I don't have any other questions. I just wanted to say, this has been a fantastic conversation. I always love talking to you, Jamie, and you've given me some food for thought from an industry standpoint. I think I've said this before, I do take these conversations back to our leadership and our development because I think these are places that we need to work and partner more with the federal government so I really appreciate it.

Jamie:

Thanks a lot, Willie. You too. I appreciate it.

Carolyn:

So I thought of one more before we go to our Tech Talk questions. What's been one of your big challenges as you're working on zero trust architecture or lessons learned that you would want to share with our other agencies right now?

Jamie:

The biggest headache that I have at the USPTO is the belief that procurement needs to be a long and protracted procedure or method. And I'm not saying that everything needs to be done tomorrow or yesterday, but the fact is that we don't have enough leeway and a sense of urgency, and there's no incentive for the contracting officers to actually go out and do more risk or accept more risk and get more reward. All we're doing is we're putting the brakes on progress because everybody throws up these bureaucratic hurdles in procurement, and we don't need to do that. What we need to do is say, "Look, we can have a certain measure of acceptable risk, and that measure might be more for USPTO and the copyright office and maybe less for the Department of Defense." I'm not trying to run procurement at DHS, or the FDA, or USDA.

Jamie:

What I'm trying to say is that at we as the Patent and Trademark Office, need to come up and take these bureaucratic barriers down to the point where we don't have these long, elongated bureaucratic ways that we have to do with all of our procurements. Again, you don't need a sledgehammer on little tack. You don't need a tank when you can throw a grenade.

Carolyn:

I feel like I've heard you share this message in one form or another in the past, basically get it done.

Jamie:

That's correct. The fact is, I feel bad for the procurement staff because they assume that that's what everybody wants them to do. The procurement staff takes it on their shoulders to protect the U.S. government and make sure that there's no fraud and there's no nepotism and we're trying to make a zero protest type of environment, and there's just no way you can do that. It's an unfair burden that we're placing. Everybody's protesting nowadays. Why? Because you can elongate your revenue stream if you do it. It just makes sense to do it. So we need some procurement reevaluation to the point where we actually change some of these laws that we don't provide the incentive to protest.

Willie:

Well, and you're spot on with that because to your point, I mean I've seen this time and time again coming and we're in this industry, I've seen it before where you'll see, and I won't bring up any particular companies, but they will protest to, it has nothing to do with unfair practices from the government standpoint. It's more of a tactic to is there at some point it's going to elongate it, it's going slow down their competitor, or it might, because I've seen this before, it might drive the government to say, "You know what, I'm just going to start this over again. Nobody's going to get it. We're going to start the whole process over again. And now the competitor has a chance to bid for it again." So it does nothing for the citizen. It does nothing for the constituents. It's all about companies jockeying for a better position. And I'm in the industry, so I know that's how it's played, but it's frustrating because I'm also a taxpayer and so, yeah.

Jamie:

edi and how it was [inaudible: 00:39:35

Jamie:

Nobody stays at the same place forever because there's no more pensions. If you do stay in the federal government, you can get a pension. Okay, that's great. There are certain places you do want that, but how about encouraging the people who are motivated by a challenge of wanting to do the best for the country to have a three to five year stint? And why would they do that? Because what if we give them the federal medical and health benefits that you would get as a retiree? You give them to them with a five year stint that's completed and they have to wait till they're 62 to get it. That's an awesome thing. That's worth a lot of money and that's worth the safety, the security. There's so many things we could do. It's amazing. We just have to get out of the mentality. "Oh, that's the way it is. Oh, you can't change Wall Street, you can't change the White House. You can't change it." Yeah, you can. You've got to do it from the ground up.

Carolyn:

Yeah. I mean, I completely support that. So we're going to shift gears just a little bit and go into some fun questions, and I'm going to kick us off here. And I'm going to ask you, if you could wave your magic wand, you could create any technology you wanted, what would it be?

Jamie:

I would create the ability to program, much like the ChatGPT, the ability to program things at your fingertips, from your desk, so that you can actually reach out and do those things through artificial intelligence and machine learning. The interfaces aren't there yet, but it's almost there. What we need to do is have some type of interactive capability that can pull into different areas and then actually produce or direct the production of those machines that we create. The world economy would explode.

Carolyn:

That's a new one. We haven't heard that one.

Willie:

That's a good one.

Carolyn:

That's a good one. All right, Willie, you get to choose the next one.

Willie:

Technology or what?

Carolyn:

In our Tech Talk questions.

Willie:

Oh, okay. Sorry. So I always ask about books.

Carolyn:

I know. We have to ask that.

Willie:

Yeah. I like to know what you're reading now or if you've got any book recommendations right now?

Carolyn:

And it can be anything. It doesn't have to be boring business.

Willie:

Yeah. I'm Sci-Fi. I love Sci-Fi myself.

Carolyn:

Same.

Jamie:

No worries. So I'm a military history guy, so I love the military history aspects and how you can apply them in the future. So that's okay, but what I've come upon, and especially with the streaming media and so forth. On Apple TV, there's this thing called For All Mankind.

Carolyn:

Yes.

Jamie:

And the premise, of course, what happens if the Russians actually got to the moon first and gave us a real run for the money as far as the space race goes?

Carolyn:

Yes.

Jamie:

I think that's a fascinating look into things and to realize too, competition really does breed the best. It makes things come out. So I do think that we need to expand that thoughtfulness and challenge our assumptions. As far as I'm concerned, we're sitting behind the screens too much. We need to get out and participate in the world, not sit behind the screen.

Carolyn:

Totally agree. But I am going to maybe reconsider. I had to stop watching For All Mankind because it was just too trippy for me. It was just irritating me. I'm like, that's not the way it was. Which I get it. That's the point. But maybe I'll go back to it.

Willie:

Now that one, I have to say-

Carolyn:

I should go back to it?

Willie:

Yeah. I have probably, right now All Mankind and Foundation is also on Apple TV. I've already read the book, so this is very interesting to go back and see it actually on the big screen. So good choices.

Jamie:

Foundation show is awesome.

Carolyn:

Okay. Two, I'm going to go back to, and I could keep talking about these things for another hour, Jamie, but I'm going to let you go and just tell you thank you so much for spending this time with us. It's been so fun and interesting and just, thank you.

Jamie:

Oh, you're more than welcome. I will recognize Adrienne Cox, my colleague, and ask her if we covered everything or if she had anything else to add.

Adrienne:

I can, yeah, anybody, if you have any lingering questions, just reach back. Yeah. All these great points about Agile and customer experience. Agile and the product management approach would've never been, as Jamie said, the Log4j scenario would've been radically different. Talk about what ifs, right?

Carolyn:

Thanks for joining. Tech Transforms sponsored by Dynatrace. For more Tech Transforms, follow us on LinkedIn, Twitter, and Instagram.