Your router may not be your router. It could be a Russian surveillance device. In Episode 5 of The GIST of Govt IT, Brian and Sean unpack a stunning two weeks in cybersecurity: the FBI's court-authorized takedown of a Russian GRU operation that silently hijacked thousands of TP-Link routers across 23 American states, an Iranian-linked APT group actively disrupting U.S. water and energy systems through Allen-Bradley PLCs, and Anthropic's release of Claude Mythos — a frontier model so capable at finding zero-day vulnerabilities that the company chose not to release it publicly. They break down what Project Glasswing means for industry, how AI is becoming both the most dangerous offensive weapon and the most powerful defensive tool a CISO has ever had, why "vibe hacking" is democratizing cyber attacks (one low-skill actor compromised 600 FortiGate firewalls across 55 countries), and why the old playbook for SOC operations needs to be blown up entirely. What the unresolved tension between Anthropic and the DoD over supply chain risk designation means for federal agencies trying to defend critical infrastructure while CISA operates at 38% capacity. Plus Sean shares his hacker name (maybe) if he wasn't a CTO and instead worked in a windowless office in Pyongyang.

----------
RESOURCES MENTIONED IN THIS EPISODE

The Russian GRU Router Operation

- DOJ announcement: Operation Masquerade — court-authorized disruption of DNS hijacking network
- FBI Public Service Announcement on GRU exploitation of TP-Link routers

- NSA statement on Russian GRU router threats
- CVE-2023-50224 (the TP-Link vulnerability exploited)

Iranian-Linked Attacks on U.S. Critical Infrastructure

- CISA Joint Advisory AA26-097A — Iranian-Affiliated Cyber Actors Exploit PLCs Across US Critical Infrastructure
- Rockwell Automation security guidance

Anthropic, Claude Mythos & Project Glasswing

- Anthropic on Project Glasswing
- Anthropic's statement on the DoD supply chain risk designation
- Cloud Security Alliance whitepaper on Mythos vulnerability discovery

Recommended Consumer Protections
- Cloudflare's free 1.1.1.1 DNS resolver
- Cloudflare DNS family options (malware and adult content filtering)

Cybersecurity Frameworks & Government Resources
- CISA Edge Device Security
- CISA Cross-Sector Cybersecurity Performance Goals (CPGs 2.0)
- MITRE ATT&CK Framework
- CISA Industrial Control Systems advisories

Related Episodes
- Episode 2: Fighting Fire with Fire: Federal AI Security - Securing Agentic AI with Elad Schulman, CEO of Lasso Security
- Episode 3: Chaos, Change, and Opportunity in Federal IT - $50B in Q4 federal IT contracting, Golden Dome, and the Anthropic supply chain risk designation

The Hosts & Show

- Swish
- GIST360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

From a startup consulting shop to a $1.4B IBM acquisition, Octo Consulting Group's story is one of the great growth journeys in government IT. Brian and Sean sit down with Jay Shah, Octo's former COO, who helped guide the company through every inflection point — the pivot to DevSecOps and agile, the move from sub to prime, the strategic (and intentional non-) use of the 8(a) program, the 2019 Arlington Capital investment, four acquisitions, the launch of OLabs, and the IBM exit in December 2022. Jay shares the unvarnished playbook for scaling in the federal market: why diversification matters more than the 8(a) badge, when to be bold with primes (and when to bluff), how to turn billable services into IP, why OLabs only worked because they had base hits first, and what most founders get wrong about working capital. Plus, Brian and Jay geek out on funk master flautist Karl Denson.
----------

RESOURCES MENTIONED IN THIS EPISODE

Featured Guest
- Jay Shah
- Octo
- OLabs

Capital, Mentorship & Workforce Development
- Mason Enterprise — APEX Accelerator
- Veterans Institute for Procurement (VIP)
- Andreessen Horowitz American Dynamism
- Pax Ventures

Books & Frameworks Referenced
- The Trusted Advisor by David Maister, Charles Green, and Robert Galford
- The Scaled Agile Framework (SAFe)
- Westrum Organizational Culture Typology
- Gene Kim & The Phoenix Project
- DORA (DevOps Research and Assessment)

Live Music Worth Checking Out
- Karl Denson's Tiny Universe
- The Greyboy Allstars
- Kenny Rogers

Insane Knuckleballs

Jay's Nonprofit Work
- The Children's Inn at NIH
- Wolf Trap Foundation for the Performing Arts
- Loudoun Hunger Relief

The Hosts & Show
- Swish
- GIST360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.

"Chaos." "Change." "Opportunity." Three words that surfaced in a room full of federal contractors when asked to describe today's government IT environment. Sean and Brian unpack what's really driving the disruption, from RIFs and FAR overhauls to FedRAMP changes, the Anthropic supply chain risk designation, and the brain drain hitting agencies like NIST. They dig into the structural changes reshaping how government buys and builds technology — OTAs gaining momentum, Golden Dome's six-month IDIQ award turnaround, and CDOs finally getting real budget authority to break down data silos. Then they pivot to where the real opportunity lives: $50B in federal IT contracting in Q4 FY25, $13B for autonomy and AI at the Department of War, mission Genesis investments at DOE, and the massive energy build-out required to keep pace with China. Brian gets smart on Markdown files.

----------

RESOURCES MENTIONED IN THIS EPISODE

Federal AI Policy & Executive Orders
- OMB M-25-21 — Accelerating Federal Use of AI through Innovation, Governance, and Public Trust
- OMB M-25-22 — Driving Efficient Acquisition of Artificial Intelligence in Government
- Executive Order 14179 — Removing Barriers to American Leadership in AI
- America's AI Action Plan
- AI.gov

NIST AI Standards & Frameworks
- NIST AI Agent Standards Initiative (launched Feb 17, 2026)
- NIST AI Risk Management Framework
- NIST AI 600-1 (Generative AI Profile)

Acquisition Reform & Contract Vehicles
- FAR Overhaul (Revolutionary FAR Overhaul)
- GSA SEWP V extension and SEWP VI updates
- Missile Defense Agency Golden Dome IDIQ
- Other Transaction Authorities (OTAs) — DAU guide

Department of War / Defense AI
- DoD Chief Digital and AI Office (CDAO)
- Defense Innovation Unit

Department of Energy
- Mission Genesis

Workforce & Learning Resources
- freeCodeCamp
- Anthropic's Claude documentation (markdown skills & agent files)
- Model Context Protocol (MCP)

The Hosts & Show
- Swish
- GIST360

CONNECT WITH US

Got an idea for a future episode? Want to be a guest? Let us know.

Brian Lake - blake@swishdata.com

Sean Applegate - sapplegate@swishdata.com

Subscribe wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.