From his time as a naval aviator to his work at the Pentagon and at the Department of Homeland Security, all the way to his current position in the upper echelon of an impactful technology company, John Zangardi has accrued expertise in a wide range of topics. Zangardi is passionate about cybersecurity best practices, the transformational power of artificial intelligence and implementing smart policies for technology usage in the federal government.
After completing a career as a naval flight officer flying P-3s, Zangardi joined the Navy’s senior executive ranks as the head programmer for the Navy staff’s Information Warfare organization. He later served as the deputy assistant secretary for C4I, information operations and space; Navy CIO; acting CIO and principal deputy DOD CIO; and Department of Homeland Security CIO before pivoting to the private sector. His current role is CEO of Redhorse Corporation. Redhorse is comprised of engineers, data scientists, solution architects and subject matter experts in a variety of domains including national security, energy, environmental and intelligence adept in tailoring mission-focused solutions.
In this Executive Spotlight conversation, Zangardi talked to GovCon Wire about the importance of bringing technology production back to the U.S., the government’s proficiency for incremental innovation and the potential national security impacts of AI, among other topics.
With artificial intelligence and machine learning impacting most industries and the U.S. military dramatically as we move forward, what has impressed you the most about the technology’s capabilities to improve decision making across the federal sector and all areas? In addition, how can AI be used to address some of the biggest challenges you see in your industry?
I’ve been around long enough to have been involved with the initial Sensor-to-Shooter efforts. Linking sensors to shooters moves reliance in the battle space from individual platform capabilities to integrated strengths of a connected network. Joint All Domain Command and Control is the evolution of STS bringing automation, artificial intelligence, predictive analytics and connectivity at the edge. You want to accelerate warfighter decision-making. Secure networks, cloud and artificial intelligence are the key capabilities to improve decision-making.
I’ve had a ringside seat witnessing the evolution of this approach to warfighting. After I retired from active duty, I joined the Navy staff as a senior executive working in N6, which eventually became N2/N6 or the Information Warfare Directorate. The establishment of N2/N6 was a powerful move where the resourcing of capabilities such as intelligence, cyber, command and control, electronic warfare, battle management, oceanography and meteorology came together.
My role in N2/N6 was the budget guy. We were programming significant resources to unmanned aerial vehicles. These UAVs were providing an enormous amount of full motion video to command centers. That resource was not fully utilized, mostly ending up on the cutting room floor. When you start thinking about AI as it could be applied to inverse synthetic-aperture radar, synthetic-aperture radar, or electro optical imagery, you could start looking for those key areas that are of interest to the decision makers. The proper application of AI better enables decision-makers to make decisions more quickly and more accurately.
Redhorse provides supports the Office of the Under Secretary of Defense for Intelligence through the ISR Data Enrichment and Aggregation project. We are aggregating and enriching numerous siloed ISR mission datasets, with the goal of operationalizing this real-world data for combatant command decision making. This will allow for data-driven decision-making better utilizing available data coming off high demand assets in support of warfighters across the globe. That’s huge.
Given my background and experience, you can begin to understand why I believe AI is a game-changer and why I joined Redhorse Corporation. Let me provide some perspective from real life experience. When I commanded a P-3 squadron, the average age of the aircraft approached 30 years. The P-3 airframe is a 1950s design. You could almost be guaranteed some maintenance issues during a preflight, and occasionally have to switch aircraft. That’s mission impact if the aircraft is late on station or doesn’t show up at all. Being able to predict a maintenance issue in an aircraft is a game-changer.
Redhorse recently won a full and open contract with the Air Force’s Rapid Sustainment Office to support the Condition-Based Maintenance Plus contract. I am excited to be a part of this important effort to increase aircraft availability, optimize fleet maintenance and minimize aircraft downtime. Our job is to sustain and improve existing predictive models of part failure, while evaluating and fielding new models to cover more platforms and parts. Along the way our team is going to help the Air Force to streamline data cleaning and model development processes, introduce new modeling and analytics approaches. Transforming valuable data to solve complex problems of national importance is what Redhorse is about. Being part of this is incredibly rewarding.
Redhorse is involved other areas where we are delivering custom software, analytics, ops resource and AI-based solutions. Here’s one last example: Redhorse provides resource efficiency management services for the U.S. Army Engineering and Support Center in Huntsville. Our team provides energy engineering and data analytics through improved readiness and energy security, resilient energy and water infrastructure and reduction of carbon emissions to support national security. This is done at a dramatic cost savings while supporting tighter mission operations. Again, another game-changer.
I think the future is bright. The power of analytics and AI is key to how the US will solve important national security challenges. Redhorse aims to be involved in that.
With federal agencies working to implement the latest trends in technology such as AI, cloud, and many others, what are your thoughts on the success and challenges that government agencies are dealing with to stay ahead of innovation to establish the U.S. as THE global leader?
Emerging technology like 6G is where international strategic competition between China and the U.S. is likely to occur. China has been very focused on influencing the setting of global standards and manipulating of markets. The U.S. is stepping up its game, prioritizing next generation telecom technology. I believe the U.S. government needs to do more to counter the influence of China. Stepping up its game should include collaborative partnerships with allied and partner nations to reestablish the US as the global leader in innovative or emerging technology.
There are other areas to focus on. We allow a lot of our technology and manufacturing capability to move offshore. We must start bringing this back. The CHIPS Act is a solid and important step in the right direction. More steps like that are needed around tax and environmental policy barriers. I think it can be done without harming the environment. Whether you’re talking about microchips or the electric battery industry or other emerging technologies, a U.S.-based manufacturing capability is vitally important to our national security.
That is just one side of the equation. It is relevant to ask: how exactly is the U.S. government doing on leveraging innovative technology? I spent a lot of time in government as a CIO and as an acquisition executive. I’ve watched big bang disruptive efforts fail miserably. Acquisition policy, contracting rules, culture and funding are barriers to disruptive innovation. Government is much better at incremental innovation or continuous improvement. Incremental innovation keeps moving the ball forward. It is the way to go.
Some great things are happening on the innovation front. Culture is changing slowly but it is changing. Contracting alternatives like Other Transaction Agreements provide increased flexibility to adopt and incorporate best commercial industry practices into award instruments. Organizations like the Defense Innovation Unit or our customers at the Chief Data and Analytics Office are key to keep the ball moving forward on innovation in government.
There is the burden of legacy IT—there’s a cost to get rid of it. Many smaller agencies just don’t have the budget to effectively deal with it. Legacy IT is a cybersecurity risk. While I wasn’t a fan of the Technology Modernization Fund at its inception, recent changes to it have made it more effective.
Consider some of the hot technology topics today. Take Cloud. We’ve been talking about cloud for at least 10 years. We are still not there, but progress is being made. 10 years ago, there was plenty of resistance. Efforts such as FedRAMP and contract vehicles such as C2S or JWCC have and will build implementation momentum incrementally.
There is a lot to do for the U.S. to regain its global leadership and for government to take advantage of new technology. I am hopeful what we are seeing today on those fronts will bear fruit in the years to come.
With zero-trust technology becoming a major focal point moving forward, what can you tell us about the difficulties of implementing zero-trust architectures and focusing on data security? (Can relate to the military, business or federal agency side of the federal sector depending on your preference)
The fact that the federal government is focused on zero trust is great. It’s long overdue. I started talking about ZT in 2016. Remember, ZT is not ‘new.’ It’s the right thing to do, and I’m glad it’s picking up steam right now. In fact, we have implemented ZT at Redhorse Corporation.
Leaders in government need to recognize that ZT is not a like a light switch. It’s not something you buy out of a box and plug into a server. It’s a mindset switch. It isn’t easy to implement. You have more data to secure. It is more complex. Devices and users must be managed. There are also some potential tradeoffs. There could be instances where productivity is hampered. My view is that the benefits far outweigh any downside.
I think ZT is more necessary now, given the events in Ukraine and the numerous bad actors in the wild. Today’s bad actors are more dynamic and nimbler. They have access to technology and talent and they are incredibly patient. These bad actors could take advantage of a widespread vulnerability very quickly, or they could lay in place and wait.
It’s clear the U.S. government at the highest levels understands how important cybersecurity and achieving ZT is. I’m thrilled to see the Biden administration Executive Order on Improving the Nation’s Cybersecurity and CISA’s Shields Up effort. I also want to congratulate DOD CIO on its ZT strategy.
There remains some education to be done across all levels of government and industry. There are those who haven’t thought through the cybersecurity problem, and they must be convinced. Chris DeRusha’s September 2022 memo on ‘Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience’ is timely. It’s important that the companies providing products such as software and hardware get to secure by design and default and understand the supply chain.
Data is becoming increasingly important. Data analytics, machine learning and artificial intelligence are presenting new opportunities for businesses and government. It also creates new risks if that data is exposed or lost. Citizens can have their personal data compromised. Corporate reputation can be harmed. National security risks could be realized. That’s all bad. Data integrity has become foundational for implementing effective data analytics, machine learning and artificial intelligence strategies. While these key areas present new opportunities for business and government, they also introduce new risks that must be mitigated.
Do critical industries and industries supporting government fully understand the cyber risk at the CEO and the board level? I am sure some do. However, some don’t, even though the current administration is getting the word out. I’m not convinced every company has taken the time to have their CIO and/or their CISO brief the board on risk identification, risk mitigation and risk acceptance. I’m not convinced that every government CIO or CISO whether federal, state, local, or tribal has the right access to leadership. That should part and parcel of government and corporate responsibility.
I think what is important for organizations is beginning the journey to ZT and data security.
What do you see as the most critical challenges facing those in the federal sector as cybersecurity continues to rise in importance and cyber hygiene becomes a necessity for all companies and even more critical at the national security level?
Cyber hygiene is a necessity. Poor cyber hygiene can lead to security incidents, data compromise and data loss. The consequences of a data breach may include financial loss, operational downtime, organizational upheaval, damage to the organization’s reputation and legal liability
It has always been a priority for me to maintain the health and security of users, devices, networks and data. Patching, asset management, multi-factor authentication – to name a few – make a huge difference in an organization’s cybersecurity preparedness. If your CIO and CISO aren’t focused on this, get them moving.
I think it’s important for industry to start paying more attention to software security. How do we know the code we’re getting is vetted and secure? This is becoming more important and it should become an integral part of cyber hygiene. Another consideration for cyber hygiene is to avoid homogeneity in the deployment of IT and cyber products in an organization. While it can reduce complexity and cost, it leaves an organization vulnerable if that one product is compromised. Diversity in the deployment of IT and cyber products is a plus to a cyber hygiene checklist. Avoid over-dependence.
Cyber hygiene must be continuous and ongoing. Cyber hygiene goes a long way in improving the overall security posture of an organization. How else can the risk of operational disruptions and data compromise or loss be mitigated?