.jpg)
HSDF THE PODCAST
The Homeland Security and Defense Forum proudly presents HSDF THE PODCAST, an engaging series of policy discussions with senior government and industry experts on technology and innovation in government. HSDF THE PODCAST looks at how emerging technology - such Artificial Intelligence, cloud computing, 5G, and cybersecurity - is being used to support government missions and secure U.S. national interests.
HSDF THE PODCAST
Operational Cybersecurity in Action Part 3 of 4
Welcome to “HSDF THE PODCAST,” a collection of policy discussions on government technology and homeland security brought to you by the Homeland Security and Defense Forum
The complex dance between government agencies and industry partners takes center stage in this revealing conversation with homeland security leaders. Rather than a transactional vendor-customer dynamic, these officials are seeking genuine partnerships built on trust, expertise, and mission understanding.
Featuring:
•Bob Costello, Chief Information Officer, CISA
•Todd Hemmen, Deputy Assistant Director, Cyber Division, Cyber Capabilities Branch, FBI
•Donald Coulter, Senior Science Advisor, Cybersecurity, S&T Directorate, Department of Homeland Security
Jason Hill, Senior Executive Director, Cyber Practice, MANTECH
•Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations
•Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator)
This discussion took place July 23rd, 2025, at HSDF’s Cybersecurity Symposium, Navigating Cybersecurity Strategies in a Volatile World
Follow HSDF THE PODCAST and never miss latest insider talk on government technology, innovation, and security. Visit the HSDF YouTube channel to view hours of insightful policy discussion. For more information about the Homeland Security & Defense Forum (HSDF), visit hsdf.org.
gears. Jason, I know you are currently supporting several DHS components. What are you seeing as some of the biggest challenges in supporting them and how are you working with government to overcome those challenges?
Jason Hill, Senior Executive Director, Cyber Practice, MANTECH :Yeah, thanks for that question, Barry.
Jason Hill, Senior Executive Director, Cyber Practice, MANTECH :I think I'm going to jump on to what Bob just said.
Jason Hill, Senior Executive Director, Cyber Practice, MANTECH :I think some of the challenges that we have there and Bob just said it like being able to have those frank discussions with our clients, being able to gain access I couldn't stand having vendors come in to sell me something I didn't ask for.
Jason Hill, Senior Executive Director, Cyber Practice, MANTECH :We all work against this cyber threat, right, so we should know what the problems already are. So I think with us, we try to identify those problems before we have those conversations with folks like Bob and then and then again becoming part of that, that trusted advisor role and and, and you know, listen, folks like Bob and and all these guys up here, they, they know when we come in and we know what we're talking about and when we don't. So I, so I enjoy having those frank discussions, right, and and it gets to the point of problem solving better. So I would say one of the challenges for us, um, or for industry, is making sure that we focus on the right topics to talk about, making sure that we have our finger on the real pulse of what's going on so that when we do get the opportunity to have those discussions, we're talking about the problems that we all know and so that the solutions we bring you either know they'll work or they won't. And I think that's where I'll end it.
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator):Sticking with you, jason. This administration, as I said earlier, is really focused on efficiencies and effectiveness. What changes and improvements have you witnessed from supporting the government clients specifically over the last six months? Anything that you can share, that you feel comfortable with?
Jason Hill, Senior Executive Director, Cyber Practice, MANTECH :No, actually We'll just get that one out of the way. No, I think we all started talking about AI and I think from everyone up here on the panel's perspective it's you know they have a very difficult role in bringing something in that some people on this panel have said is you know, it's a resource thing or it's a technology thing, like I don't have the time and effort to do things that I can't, either by law or timing or resourcing. I think that's where industry is really, where we can kind of force, multiply or meet those efficiencies right. Like I said before, a lot of us in the industry have different clients, different customer sets, and so what we see in one area of that client set, we can take and twist and mold and bring to bear for unique challenges that someone else in a different area might face. So, for instance, one of our customers we have a product called Code Assist.
Jason Hill, Senior Executive Director, Cyber Practice, MANTECH :Not that I'm trying to sell anything today, hint hint, but we're utilizing AI to help take old code and refactor it into new code. But before, if you were using Fortran or Cobalt or any of those old technologies, you would need an older technology guy like myself, right? So now we can take AI utilize that to help force multiply and get that done in a much more efficient and quicker manner than before. So, to sum that up, I think one of the challenges is making sure that we have that access to clients and folks, but that when we do get that access, that we're bringing the right messaging to bear. Perfect Thanks.
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator):Todd Michael how does federal law enforcement work with the private sector? First question and then, right along those same lines how can the private sector support law enforcement mission?
Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations:Yeah, that's great and Jason touched on some of that, especially in this field which is so fluid. As we all know in this room, federal law enforcement is inherently bureaucratic, hierarchical. We rely and need the nimbleness and the agility of the private sector. Now at HSI we pride ourselves on for a federal law enforcement agency anyways roughly 7,000 special agents being fairly nimble and agile. But we're still a government organization. The private sector has the ability to look and do long-term investment, research and development.
Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations:Fortunately we do have S&T at DHS, but from the majority of our agents in our workforce they're not looking at the emergent threats on the horizon because they're too busy dealing with the threats in front of them. In many cases, actual threats, right Criminal caseloads, investigations, tdys, details, things like that, supplementing other agencies, partnering on task forces, et cetera. There's a small cadre of us at headquarters, senior leaders, whose job it is to look a little bit more forward-facing, or forward-looking rather. But we're reliant on the private sector and the expertise, the expertise that's contained here in this room. To Jason's point yes, I get inundated, like many of my colleagues I'm sure Todd does as well with vendors trying to sell and we get that. There's a relationship there. We're not looking for a real and I'm speaking from the Cybercrime Center. We're not looking for a kind of vendor-customer relationship. We're looking for a partnership.
Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations:We're looking for a long-term commitment on things that we believe will ultimately leads the Cybercrime Center. So they conflate me with the CIO. I'm not the CIO. I'm not looking for enterprise solutions for IT things of that nature. I'm looking for operational tools, technologies that are going to help further advance active investigations or future investigations. So I think it's just, it's one of those symbiotic relationships that one can't be successful without the other. We absolutely need the expertise of the private sector.
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator):Thanks, michael. Todd. Same question for you and I know FBI has some really good. Todd. Same question for you, and I know FBI has some really good industry FBI programs out there. Yeah so I'd like to hear your thoughts.
Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations:So I agree everything that Mike said. We absolutely need industry and I'll approach this question from a little different perspective. The reality is that there is no solution where federal law enforcement FBI, hsi or others are able to indict or arrest our way out of computer intrusions. There's no way that we are going to arrest or indict our way towards a safe and secure cyber ecosystem. So we absolutely need the partnership of industry. We need to have a collaborative dynamic where we will respond to computer intrusions. We'll share threat intelligence, including intelligence that is from our own holdings, but we need industry's cooperation as well.
Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations:We run into this issue commonly as we're responding to computer intrusion cases where there is an openness to share. But there are industry concerns that we're going to provide information to regulators or we're going to put your information out in the media. So A we need to establish relations with industry just to kind of break down barriers and dissolve myths on what we will and won't do as part of our response. But in order to create an ecosystem, in order to help defend against the next victim, we need cooperation from industry. Fully understand that.
Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations:It's easy to say and it's a complicated dynamic. There are privacy concerns on industry side as well. We will absolutely work with industry partners to kind of walk through those things. Every FBI field office has a private sector coordinator whose sole job it is to engage industry partners in that community and help to overcome some of these misunderstandings, help to establish relationships. We have personnel, dedicated headquarters as well that serve that same function. So I think the big message that I would like to relay anytime we have the opportunity to talk about partnership with industry is we absolutely want, need your partnership. Help establish that relationship with the FBI and let's figure out how we can get through some of the hurdles that prevent us from sharing on both sides.
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator):Great Thanks, don. I know S&T is unique in certain ways from a procurement standpoint and I know they continuously welcome technological proposals to solve homeland security problems. Could you speak to that effort?
Donald Coulter, Senior Science Advisor, Cybersecurity, S&T Directorate, Department of Homeland Security :Could you speak to that effort? Absolutely, I think it's an exciting opportunity whenever we get inquiries and questions from our industry partners some of that foundational applied research, but also to help do some of the kind of rapid innovation and application to current operational challenges that we can help facilitate transitions into components for use in admissions currently. So we have a wide variety of ways of coming in through our innovation team and we look at different paths that we have depending on whether it's a small business, whether it's a large, traditional business. There's all types of different ways that we bring that in. A lot of the I spent a lot of time working with like academicians and scientists and lab folks, so one of the things that industry also helps us do is kind of bring that back to reality. Of all right, but how can we commercialize this? Or, if we got the fundamental algorithm and approach down, how do we then integrate that into commercial systems and productize them so that they can be used in some of these missions that these folks are using on a daily?
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator):basis, All right. And then to end up there, Donald, what would you say to the folks here in the audience? How can they work better with S&T? Any advice? Closing words for them.
Donald Coulter, Senior Science Advisor, Cybersecurity, S&T Directorate, Department of Homeland Security :Well, one, just bear with us, as we're all it's still a government agency and we have even fewer people to field all of the inquiries now.
Donald Coulter, Senior Science Advisor, Cybersecurity, S&T Directorate, Department of Homeland Security :So we're still certainly increasing our efficiency and ability to identify those opportunities.
Donald Coulter, Senior Science Advisor, Cybersecurity, S&T Directorate, Department of Homeland Security :I say continue to be patient and continue to make sure that when you talk to us, look at the problems that we're trying to solve, not only the current problems that you see with some of our operational partners, but think of we put out these long range BAAs and announcements that tell you where we think the technology is going, where the science challenges that we're trying to solve are. So when you do reach out to us, try to be a little bit cognizant of what we think those big challenges are, but also come to us. As soon as I talk to someone, a lot of times I have to remind them say, I'm not the CIO, I'm not buying enterprise IT stuff for you. But let me talk to your internal R&D team. What is your long-term roadmap? What are those challenges that you're seeing that it's kind of been nagging but you can't get a current customer to bite on but you really do think is important for the future? Come with those kind of fresh ideas for us, and we love to work with folks in that space.
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator):Excellent Thanks, don Bob. I'll close with you on that same question.
Bob Costello, Chief Information Officer, CISA:Well, I think one of the most important thing is know your customer. You can't sell or work with every customer the same, and I think that's really important, like for me, anyone that walks in with a meeting with me and says, bob, tell me your priorities, just Google me.
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator):Or what keeps you up at night.
Bob Costello, Chief Information Officer, CISA:Or what keeps you up at night Caffeine. So I think that you know one of the most important things is know the drivers of the organization and the mission, one of the things that in my prior roles at the department that always concerned me. I would have a new company come in and want to work with us and I'm like you don't understand the mission. I cannot put officer or agent safety first on something that's in a beta program or isn't out there yet. I need defined solutions that work and are stable. I have a lot more freedom right now to test different things and I would say for, like already established relationships, help us make sure that we're fully enabled or to the highest level possible in the products we buy. There's nothing worse than you know, and I did it too when I got to be an engineer and do fun things. I got to have this thing and then you're using 20% of it or it sits there. Help us get to a high enablement level and help us stay current. You know one of the most exciting things right now as we consume more and more. You know solutions where you're pushing product updates quite frequently. Don't let us fall behind. There's nothing worse than I was at another government agency the other week. I'm like, boy, your collaboration suite looks like really like eight revisions behind. They're like, oh yeah, bob, we're at like N minus 32. And I'm like, wow, that's awful. Um, you know, help us kind of work together.
Bob Costello, Chief Information Officer, CISA:And I would just really say too, like it is always like at Homeland Security, our mission is to defend the homeland. Like I was not there at the start of DHS I was wearing a different uniform at the time. You know, keep that first and foremost when you're working with us. We are trying to do amazing things to make sure everyone's safe travel. Processing commerce Like it's a very broad mission set and it's super exciting. And often when you're talking to one of us in the CIOs, you're talking to all of us. We have a very tight community. The new DHS CIO is unifying that in a really wonderful way and I think that you know if we can help each other, we will. And that's one thing that I really love when vendors see us as one, but also individuals within that group with different mission sets.
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator):Awesome, great feedback. We have about 12 minutes for questions, so I think we have a mic, two mics actually. So if you could just raise your hand, say your name and the company that you're with, you've got to have questions for this esteemed group. We've got one right over here, second row.
Audience:Hi, dead battery. I'll do the arm action. One of the things that we're very interested in is how CISA and the other agencies are looking at operational technology. We do a lot of work in the Volt Typhoon, silk Typhoon anything with the word typhoon in it. Apparently, it's coming after our major infrastructure, and so it would be interesting how you all look at innovative solutions for operational technology cybersecurity.
Bob Costello, Chief Information Officer, CISA:It's a wonderful question and we certainly thank you and many other manufacturers of OT for the partnership. You're all working with us very closely. I think one of the first areas on that is even before you look at the technology is the education of where these products are utilized. And one of the areas that I think we all recognize is and I didn't well, maybe we don't, because I didn't before I got to CISA, I didn't know that most of the critical infrastructure in this country is privately owned. We don't have a national water system, electrical system. We don't even have standards that enforce that. We do in some areas, but not in totality. So I think a big part of our job and we are in all 50 states is working with those either companies or municipal organizations, to understand the risk and help them secure them. Sometimes more modern OT devices do have some security capabilities, but we also know that these have very, very long life cycles.
Bob Costello, Chief Information Officer, CISA:I worked a lot in land mobile radio, both at ICE and CBP. You buy a radio system. You're not replacing it in a year. It has a very, very long life cycle. We all had bricks on our belts at one time. Ot can be very similar and it also serves a very critical function. You change a valve, you could contaminate a water supply, you could kill people, and I think that that's getting that education out there. I think the other area that we're concentrating on is increasing our partnerships through JCD and others JCDC and other formats that we have to get more OT companies in there, whether it's also on the defense side too. How do you defend OT, how do you detect issues and then how do you secure it?
Donald Coulter, Senior Science Advisor, Cybersecurity, S&T Directorate, Department of Homeland Security :that is again helping us get a better sense of how you're building these systems. How can we get better assurance that we're building them with security in mind? How can we ascertain when something comes up? How quickly can we figure out what types of firmware is in there? What type of open source software is in there across this infrastructure, so that we can quickly identify where some of those risk points are and start to ameliorate and address them? Also, looking at how can, again, these things often have to have, like you know, 100% uptime and you can't really just take them down and install updates on them. So, thinking about how can we test out on using digital twins and other methods to really understand what's inside of these things, what potential updates and changes will happen and how can we quickly restore them if something goes down. How do we make those systems more resilient? So that's one of the areas that we're very interested in as well.
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator):Any other thoughts from the panel on that? Okay,