At the center of the conversation is Operation Stormbreaker, the Marine Corps’ only RAISE-certified software factory, designed to eliminate the inefficiencies that plague government technology deployment. Dave explains how agencies fall into a “maintenance trap,” where nearly 80% of IT budgets are consumed by legacy systems, leaving little room for modernization. The root issue, he argues, isn’t just technology, it’s architecture. By shifting from rebuilding infrastructure for every application to a shared platform-as-a-service model, Stormbreaker allows mission owners to inherit infrastructure, security, and authorization dramatically reducing both cost and complexity.

The impact is significant. What once took 12–18 months to deploy can now be achieved in minutes through automated pipelines, containerized workloads, and continuous authorization. Rey breaks down how this model transforms the notoriously slow Authority to Operate (ATO) process, enabling faster innovation without sacrificing security. The discussion also highlights how this approach lowers barriers for vendors, accelerates adoption of emerging technologies like AI, and creates a more agile, production-focused culture within government.

Beyond the technical architecture, the episode explores the cultural resistance to change across federal systems and the need to simplify complex cybersecurity processes for mission owners. Rey emphasizes that true modernization isn’t about new tools, it’s about rethinking how systems are built, secured, and delivered at scale.

Show Notes:
Dave Raley LinkedIn: https://www.linkedin.com/in/daveraley/
Marine Corps Community Service: https://www.usmc-mccs.org/
White Paper: Clarifying Cloud Foundations: Understanding PaaS vs. IaaS
Operation StormBreaker: https://operationstormbreaker.usmc-mccs.org/

The conversation breaks down the core principle behind Zero Trust: minimizing the “blast radius” of a breach. Instead of assuming everything inside a network is safe, Zero Trust requires constant authentication, strict access controls, and segmentation so that even if an attacker gains entry, they cannot move freely across systems.

We explore common misconceptions, especially the idea that Zero Trust is a product that can simply be purchased and installed. In reality, it’s a whole-of-organization approach involving people, processes, infrastructure modernization, and ongoing monitoring. Legacy systems, skill shortages, and the sheer complexity of modern networks make implementation a long-term journey rather than a quick fix.

The discussion highlights why segmentation, boundary management, and cross-domain inspection remain critical even in a Zero Trust architecture—particularly in environments with legacy infrastructure, international partnerships, and tactical edge deployments. As AI systems and autonomous technologies increasingly interact with sensitive networks, the need to treat AI as another “actor” with controlled privileges becomes essential.

The episode concludes with practical guidance for leaders beginning their Zero Trust journey—from inventorying everything on their network and planning segmentation, to implementing role-based access controls, budgeting for modernization, and ensuring organizations have the skilled personnel required to sustain the architecture.
Ultimately, the takeaway is clear: Zero Trust isn’t a tool—it’s a strategy for operating in a world where persistent threats are the norm.

Show notes:
GME - www.gme.net.au
Owl Cyber Defense - www.owlcyberdefense.com
Modern Defense Architecture (Australia) - https://www.cyber.gov.au/business-government/secure-design/secure-by-design/modern-defensible-architecture
Chris Rule - https://www.linkedin.com/in/christopher-rule-fieaust-cpeng-gaicd-05600b30/
Michael Blake - https://www.linkedin.com/in/michael-blake-734b0a21/

They explore how artificial intelligence is supercharging phishing and social-engineering campaigns, making malicious messages nearly indistinguishable from legitimate ones. Morley explains the evolution of steganography—the art of concealing code inside digital images and why emerging threats like QR-code hijacking (“quishing”) have become one of the easiest ways to breach both corporate and personal devices.

But this isn’t a doom-and-gloom story. Morley shows how zero-trust file filtering and Content Disarm & Reconstruction (CDR) can neutralize hidden payloads without disrupting everyday workflows. He also reveals how these proactive defenses reduce “SOC noise,” giving security teams back valuable focus time and keeping threats from ever reaching end users.

From AI-powered deception to invisible payloads hidden in plain sight, this conversation uncovers the unseen layer of cyber defense and reminds leaders that innovation, not fear, is the best shield against tomorrow’s threats.

Show Notes:
• Whitepapers:
Polyglot Files: Unmasking Images & PDFs
Steganography: Smudging the Invisible Ink
QR Codes: Neutralizing Threats with CDR
• Webinar: File Analysis & CDR: Forging A Formidable Defense
• Website: https://www.glasswall.com/
• Connor Morley - https://www.linkedin.com/in/connormorley/

Together, they break down what SBOMs are (think nutrition labels for software), how mandates like Executive Order 14028 and frameworks like NIST’s Secure Software Development Framework (SSDF) and DoD’s SWFT are changing the compliance landscape, and why automation is essential to get from static ATOs to continuous authorization.

Antoine also explains how Sonatype uses AI and software composition analysis tools to close critical gaps in open source and AI-heavy environments, helping agencies shift left, reduce vulnerabilities, and accelerate secure delivery of mission-critical systems. Along the way, the conversation covers everything from JFK delays caused by vulnerabilities, to the risks of “ludicrous speed” AI adoption, to the surprising history of Project Pigeon in WWII.

For federal leaders ready to take action, Antoine offers one concrete step: start with a single mission-critical application, mandate an SBOM, and see what hidden risks you uncover.

Show Notes:
Connect with Antoine https://www.linkedin.com/in/antoine-harden-mba-035a441/
Executive Order 14028NIST Secure Software Development Framework (SSDF)
CISA Zero Trust Maturity Model
DoD’s SWFT (Software Fast Track Initiative)
Sonatype Resource Center