Frontline Innovators: Transforming Defense Technology with AFWERX and Second Front Systems | The Pair Program Ep43
In this enlightening episode, we explore the groundbreaking work of Second Front Systems and AFWERX – both organizations that are driving technological advancements for our nation’s warfighters. Join our guests, Donald ‘Chee’ Gansberg and Enrique Oti, as they share their remarkable journeys and insights at the intersection of software innovation and national security.
Chee, a former special operations forward air controller turned software evangelist at AFWERX, and Enrique, Chief Strategy Officer at Second Front Systems and retired Air Force Colonel, provide unparalleled perspectives on government tech modernization and the challenges of navigating the federal acquisition process. They delve into the mission of AFWERX to foster internal innovation within the Air Force and Second Front
Systems’ quest to bridge the gap between cutting-edge technology and government utilization.
From overcoming bureaucratic barriers to building trust with the government, this episode offers invaluable insights for
anyone passionate about defense tech innovation and the transformative power of collaboration between startups and government agencies. Tune in to discover how these visionary leaders are reshaping the future of defense technology.
About Donald ‘Chee’ Gansberger:
Chee Gansberger was a computer programmer in the IndyCar series and the Silicon Valley who decided one day in September, 2001, that he’d rather jump out of airplanes and blow things up. After years as a special operations forward air controller including numerous deployments as a front-line operator, he ended up first in traditional acquisitions and then in the innovation scene. After helping usher in modern software reform while part of DIUx he then moved to AFWERX, as a software evangelist trying to bring innovative use of software to the warfighter.
About Enrique Oti:
Enrique Oti is the Chief Strategy Officer of Second Front Systems (2F), where he fast-tracks government access to disruptive, commercially-proven software-as-a-service (SaaS) applications for national security missions. Prior to joining 2F, Enrique had a 23-year career in the United States Air Force, during which he served in multiple assignments as a cyber warfare officer and China Foreign Area Officer. Enrique commanded an intelligence support squadron in Korea, and was a co-founder of the Defense Innovation Unit in Silicon Valley. He co-founded the Kessel Run software development program, and in his final assignment served as the Kessel Run commander, retiring as a Colonel. Enrique earned a BS in History from the U.S. Air Force Academy, an MS in Strategic Intelligence from the Joint Military Intelligence College, and an MA in International Relations from Zhejiang University in China, where he studied as an Olmsted Scholar.
Sign-Up for the Weekly hatchpad Newsletter: https://www.myhatchpad.com/newsletter/
Transcript
Welcome to The Pair Program from hatchpad, the podcast that gives you a front row seat to candid conversations with tech leaders from the startup world. I'm your host, Tim Winkler, the creator of hatchpad. And I'm your other host, Mike Gruen. Join us each episode as we bring together two guests to dissect topics at the intersection of technology, startups, and career growth. So we are back, uh, to The Pair Program. Uh, Tim Winkler here with Mike Gruen. Mike? Mike? We are celebrating two years, my friend, uh, of running the pod. Pretty, pretty long drill. I didn't think we would make it past month one or two, but here we are. So I wanted to ask you, you know, what's been like your, your, your most satisfying part of, of being a part of the podcast or what, what's been your favorite part?
Mike Gruen:I mean, my favorite part is just meeting people. Uh, I like networking. I like hearing what's going on in the world. Um, especially in the world of tech and stuff like that. So just the connections I've made. Um, it's been a great. Opportunity for that and a great opportunity just to hear other people's perspectives. I've learned a lot. Um, and what's funny is I find that I, uh, I tend to just listen for a lot of the podcasts. People probably notice, like, I don't try not to talk too much, uh, and let our guests talk. So yeah, it's been great. It's been a great opportunity. I appreciate you including me.
Tim Winkler:Oh, yeah. No worries. We'll send you a, the invoice here shortly. Um, I, I'd say like a, that's definitely part of it, but I, um, I also enjoy just like from the pairings perspective, you get like good recommendations or like ideas of like, Oh, I never thought about mixing, you know, a mezcal Manhattan together or something like that. It's like a, it's a, it's a lot of alcohol wrecks come through guys, just a heads up on their parents, usually good alcohol, good food wrecks. But, uh, I've enjoyed that. And then obviously I get into getting to know some interesting people. Um, but, uh, yeah, we'll, we'll, we'll kick things off here, uh, uh, for, uh, today's episode. So we're going to be continuing this theme of tech modernization within the government space. And specifically for this episode, like we're software innovation intersects with defense, um, and, and taking full advantage of, of our pair program format, where we have two guests in every episode, we're going to dissect this, uh, a specific use case where. You know, a, uh, a software company, second front systems is collaborating with aff works, um, you know, an innovation arm of the United States air force. Uh, so our first guest is, uh, Enrique, um, OT, uh, CTO, second front systems. So Enrique brings a rich background of dual use tech, uh, development, uh, 23 year U S air force career. Um, Founding, uh, Kessel run program and co founding a defense innovation unit to pioneering accelerated access to emerging technologies and cyber and beyond for a lot of national security missions, um, uh, a heck of a resume. Thanks for, for joining with us, Enrique.
Enrique Oti:No, and thanks for the invite. Really love getting on here, talking to you guys. And anytime I get a chance to talk to Chi again, it's always fun. So
Tim Winkler:for sure, for sure. And, and so on that, yeah, we, uh, alongside Enrique, we're, we're joined by Donald Chi, uh, Gansberger, uh, known as Chi. Uh, so he's the software director at AFWERX, uh, master sergeant with over two decades in the Air Force. Uh, Chi is dedicated to elevating airmen's innovative ideas into actual solutions, uh, for the Air Force. And a few other fun facts I dug up on you, Chi, that you're passionate about open wheel racing, brewing, and cooking. So you're, you're, you're my kind of, my kind of guest on here. Uh, we'll definitely have some interesting add on questions here to, to, to close with the five second scramble segment, but appreciate you joining us as well. That's cool. All right. Well, now, uh, before we, we, uh, dive into the heart of the discussion, we always kick things off with our pair me up segment. Mike, why don't you lead us off, my
Mike Gruen:man? Yeah, definitely. Uh, not a food one or, or alcohol, sadly. Um, but in any event, uh, earlier this week I had the opportunity through a community that I'm part of called techy to lead a discussion around trust. And my pairing is related to that, which is there's these like two concepts or two aspects of trust. Um, Confidence like that, the people around you can do their job. They're going to play their position. They're going to get stuff done. They're reliable. And so on and so forth. And then this other aspect of, uh, trust, which is really around safety that you feel comfortable making mistakes that you feel like you're supported by your team and, and how those two things go together and balance each other out and can create a lot of trust and how you get a really great team out of that. Um, so it was really interesting to have a whole discussion around that and how you can, you can sort of have one of those and not the other, like. A baseball team might not have that sort of psychological, emotional trust, but they all know that they're all playing the right positions and so on and so forth. But when you can get both of those things, just how, how awesome that can be and how powerful it is, um, especially like an engineering team. So, yeah, so that's my parent. Yeah,
Tim Winkler:well said, um, you've been getting deep lately. Um, I, I, I, I, I'll, uh, I'll, I'll lighten, uh, lighten it up a little bit, uh, with, with my pairing. Um, so I'm going to, you know, the weather's kind of changing and springs upon us, it's heating up. Um, you know, a lot of folks are out there kind of cleaning up the golf clubs, gearing up for the season. So I'm going to, um, I'm going to go with a sports pairing, um, a golfer and their caddy. So I think it's an interesting combination. It's a duo where. You kind of have, you know, strategy, meat, meat, skill. Um, so, you know, the golfer swings, the others kind of like strategizing, but together they come up with like this, this really unique game plan too. Attack the course. Um, and I think it's, it's a really interesting partnership in sports. So I'm going with a sports pairing with a golfer and, uh, and the caddy. So pretty cool. Yeah. Um, let's pass it over to, uh, to the guest. Uh, let's, let's start with you, uh, Enrique, a quick, quick intro in your pairing.
Enrique Oti:Uh, Hey, yeah. Uh, Enrique Oti. Uh, so on a pairing, you want me to actually be deep and philosophical and come up with a paired concept right now?
Tim Winkler:Yeah, it doesn't have to be deep or philosophical. You could legit go with, yeah, butter and bananas.
Enrique Oti:Basically, I have a private little urge here that is really embarrassing. Whenever I travel, I actually like listening to things like the voice and X factor. Which is ridiculous, but it's like the most mind numbing things you like to watch those, but something that actually came out of that as I listen, it's like, there's a massive overlap with concepts of risk and inspiration. So you look at these people, these like radical amateurs that just like jump up on stage and, and seeing like, you may never hear these people again. But they did one thing at one moment in time. And for three minutes, they did something. You're like, Oh my God, that's fricking amazing. And these things have like 10, 20, 30 million views of this, like three men in one person's life that is probably going to live on forever. And you look at it going like, you know, if you really want to be inspirational, you have to take risks and like, it's incredible. It can come out of that. I realize that's stupid, but for some reason it's been in my mind now for like weeks as I travel, I'm like, like. Who's this crazy, like 15 year old kid who just like sing their heart out for three minutes. I'm like, that's pretty damn cool. So it's kind of inspiring. So there you go.
Tim Winkler:I dig that. I, uh, I'll give you a chair turn for that, for that, uh, pairing. That was good. That was good. Um, are you, so you're watching this season? I, I. I dabble every once in a while, but again, it's good. That's like mindless. Kind of like have it in the background. I have
Enrique Oti:no idea what the seasons even are. I just click the voice on YouTube and see what kind of goes down that rabbit hole. So I'm like, we're Bulgarian or something rather.
Tim Winkler:Well played. Good stuff. Uh, Chi, uh, quick intro and, and, uh, and your pairing.
Chee Gansberg:Uh, Chi Berger. Uh, I'm a, uh, uh, eclectic, um, I've definitely had a, an interesting career that's probably to this point. Uh, don't, don't need to go into detail on that, but, um, my pairs probably, I, I, I keep noticing at every different, whether it's office I'm in or, or program I'm working on, it seems like there's, uh, there's false dichotomies all over the place where everybody is getting. Uh, pulled into like one extreme or another, uh, and even inter organizational. And, uh, it's funny cause Mike's, uh, pairing, I think kind of plays well into it in that there's a, uh, a disconnect between, uh, how people think of, of, uh, their focus or their goals, um, relative to what everybody else around them is doing. And I'm watching it now where, whether it's politics, uh, and I don't mean like Like national politics, it should be like office politics or whether it be like when I was an operator between the strategic side, the tactical side or acquisitions. And you get into the, you know, um, the money side versus the requirement side. And it's these people, they've got their own tribe and their own mentality. And, and. Getting that mentality to kind of shift views has been really, really difficult. Um, if anything, like when I met Enrique and we were at DIU, I was at my wits end in terms of career in the military. I'd gone from being an educator to doing fun stuff. Uh, suddenly I was in acquisitions and I absolutely did it. And then I went out to DIU and it was like, Oh, there's, There's a chance to actually change things. And it turns out that's really hard. Really, really hard, but it's kind of worth doing. Um, but it, it's just opened that back up to me now. I work with, like, people that are so insanely brilliant, and I, I love them. But I'm watching them run up to the same false dichotomies, whether it be political or something else. So, I think that's probably right there.
Tim Winkler:That's fascinating. Yeah, I feel like, um, those are, those are themes that kind of pop up throughout, um, a lot of our discussions with guests on this, on, on, on this podcast is, you know, kind of dives into a little bit more of like specifics of like the culture to at every organization. And then you can get more granular with that of like, the different tech culture and everything else. But, um. Yeah, I think that's a, it's a fascinating point. And, you know, I'd love to hear a little bit more about, um, you know, kind of like the, you know, the, the theme over at off works too, which is what we'll, we'll, we'll jump into and learn a little bit more on this discussion. So, uh, let's, let's go ahead and make that transition point, uh, into, into the heart of, of what we want to talk about. So, um, the way I kind of envisioned this discussion flowing would be, you know, having both of you kind of paint a quick picture on what, you know, what your organizations do, uh, and then we can lead into. You know, what specifically second front systems is delivering to AFWERX. Um, and then, uh, you know, can dissect a little bit more on like the different aspects on the software delivery and the implementation process. Um, but, uh, Chi, why don't you begin first by maybe explaining, you know, what, for a lot of our listeners that aren't queued into, into the defense space, you know, what AFWERX stands for, you know, the mission, and then we can pass to you Enrique and dive deeper into work that Second Front's delivering.
Chee Gansberg:So yeah, AFWERX is a fairly large organization. Uh, at this point, we've got Uh, for kind of core, uh, core pieces of the team and, uh, the public facing portion of Afworks, the, the folks out there in the civilian sector, they probably think of ventures when they think of Afworks, which is the simmer arm and they go out and actually execute, you know, the largest simmer portfolio in the federal government. Uh, and which is. Quite a bit of money and a lot of contracts. The, um, the other portions of AFWERX, uh, are Spark, which is actually where I started in AFWERX. And it looks at, uh, fostering innovation internally in the air force to get that innovation mindset all the way down to the airmen and help airmen actually mature good ideas. These are, these are the, the, the small R requirements that are actually important in And, and they solve those problems better than anybody else, but there's no infrastructure for helping them mature those, those solutions up to the, the broader, more political levels through the PEOs. So that's spark and then prime, which is where I live now. Uh, it exists as a, um, it started as a tech transition organization. Didn't really do a lot of that. Uh, and then the last couple of years, we actually looked back at, at say, small UAS, which were invented in California. And, and then we promptly let the federal government screw up the legislation around small UAS, especially the FAA. And we Promptly, uh, exported that entire market to China. And we realized like, we're not going to make that mistake again with, uh, buying cars. So stood up a, an organization inside prime called agility prime, which has spent hundreds of millions of dollars over the last few years, maturing that technology and getting. The technology for flying cars, ready to go. Uh, now we're to the point where FAA has become the problem again. And, uh, the cynic in me is like, Oh, well, this probably isn't going to work out as well as we thought, but we did our part. We, we got the tech to where it needs to be. It's at the policy level where we're running into problems. The fourth one is new and is, uh, like our. It's an internal organization, but it's intelligence. And this actually gets into our relationship with second front. When, uh, Simber looked at not being, uh, renewed two years ago, uh, in Congress and had us all panicking and freaking out that we were all going to have to get new assignments and all the civilians were going to get let up, let go. And contractors would be gone because what is Afworks without Simber? And the, uh, the do outs for it were two things. One was go do better. Um, Better assessments of these companies, making sure we're not incidentally funding Chinese venture capital and enabling tech transfer. And Enrique and I know Dr. Brown well, who wrote a great paper on it when we were back at DIU, making sure that doesn't become a recurring theme and that we're not funding it through AFWERX. The other thing that we did though, is we looked at how hard it was to support those airmen, uh, with anything, uh, Congress selected us and said, your transition numbers are horrible. You've spent over a billion dollars a year on Simmers. How many of them actually make it to a phase three, make it to transition to, you know, to the government or to the commercial sector? And the numbers are pretty small. So go fix that. Turns out that's really hard to fix for hardware. All the intent for software was ATOs. And, uh, Second Front had a program with, uh, DIU that we could just leverage and pull it into AFWERX and say, Hey, look, this is a great way to actually enable, whether it be small businesses through the Silver Portfolio or airmen who are developing things to rapidly go get an ATO and fix that. That huge problem for us. And then of course, Enrique and I let the good idea fairies flow, but we decided to extend tech ops out to the edge. Now this has turned into a totally insane thing, but, um, I'm loving it. Uh, that, that, that part's way more fun. I think what I
Mike Gruen:learned the most is that, uh, we really had a missed opportunity for a pairing of government and acronyms. Uh, so just We'll have to put some show notes together for all those acronyms.
Tim Winkler:Yeah, we're not used to common practice at this point, but, um, I don't think I realized how, you know, how robust, how many programs were, were kind of happening across. Across app works and um, with the kind of collaboration with second front, it sounds like it was just right, right time, right place. Obviously a good, a good connection there. Past performance in terms of, you know, knowing one another and having that trust. Uh, Enrique, maybe, maybe just kind of build a little bit more on on second front and then we can start to dig a little bit more into how this implementation took place.
Enrique Oti:Yeah. So, uh, second front, uh, has actually been around since about 2014. Uh, and in its early days, it was founded by two former Marines. It was basically like, why are we going into combat with technology? That's not much better than our adversaries, but our tech at home is awesome. And so they're like, how do you transition the best of Silicon Valley? Again, when I say Silicon Valley, it's the broad like tech ecosystem. Like, how do you, how do you transition the best of Silicon Valley and the government? And second front at the time, tried consulting. They tried building some applications that help with the acquisitions process. But at the end of the day, through this, a couple of years of exploration, the company really figured out, you know, you have two roadblocks. To getting really good tech in the government. One is the contracts and the others, the security accreditation. Well, you're not going to solve the contracts. Like there have been commission after commission on how to do acquisition reform, tons of new methodologies for contracting. And at the end of the day, people like DIU and app works and others are trying to solve that. So the company really in, in like 2020, 2021, which I joined in 2020, we decided to pivot, we're like, you know, we're not going to help the government buy stuff better. Like we can't. Uh, but we can help them secure it better. We can actually let them go faster on the cybersecurity piece so they can actually make use of these products that they buy, because, you know, there, we have a lot of use case or examples of the government putting somebody under contract with a siever. We paid them a million dollars, a million and a half. They've been under contract for two years and they never get accredited. But what that means is they were never used. So in other words, the government just spent over a million dollars on nothing. And sure. One time. Okay. That's bad. But when you start doing this thousands of times, you look at a nearly billion dollar super budget that most of it's going to stuff that it never gets transitioned, actually not in transition, most of it never gets used. And that's even worse. And so we're like, well, how do we solve this? How do we make it better? How do we reduce that friction? Because in reality, there's, there's friction on both sides for those small innovators, this may be their only time ever working with the government. They've never filled out accreditation paperwork. They don't know who to talk to. They don't know what the acronyms and acronyms mean either. They're looking those up on Google saying, what does this mean that the government asked me for this? And so for them, it is an extremely painful process. And these are small companies having to hire outside consultants to help them just fill out paperwork. But on the other side, the government, it's just as bad. The security officials on the government, poor dudes and women, they are overworked, underpaid. And what happens is like their users, like their operational end users, like annoying people like Chi who, who he's, he's an operator, but he's also a technologist. So they come going, Oh my God, I need these 15 apps. Those accreditors don't want to deal with that. Um, they don't want their users come to him saying, I want these 100 different commercial apps because they're like, I don't have time. So they end up just saying no, and it's not because they want to say no, they say no, because they just don't have time to look at 100 different commercial companies. So we, in many ways, provide that kind of that, that matching mechanism inside, which is commercial companies come to us, we, we help them through the process. We provide them tooling to do it. So it's not just filling out paperwork. We do the tools for it, but then the government, they've already accredited us one time they can look at us go, Oh yeah, we trust that 90 percent of the tech stack. Now we only have to look at that top little layer. That's the application itself. So it actually makes the process easier for the creditors as well. So really at the end of the day, everybody's happier, but more importantly, the tools get to the end user, which is actually what we all care about.
Mike Gruen:Enrique, I'm curious because, so back in, uh, 2014 ish, I went through that process as a company. We're trying to get our stuff through that accreditation. And we did the same thing. We had our own internal people. We hired a couple of consultants. We had this, we had that. One of the biggest friction points for us was that the security requirements as written were less like we're less secure than what we were actually doing. We were above what was in the documentation, but the people we were dealing with. You know, I'm not going to take anything away from them, but like, they're like, well, no, you're not blah, blah, blah, compliant because you're not using one of these encryption algorithms. Like, yeah, we're using a newer one. That's better. And it hasn't been accredited. You know, it's like, and so it was very, uh, I'm curious, like, are you seeing that? Is that changed on the last 10 years? Is that
Enrique Oti:that, Oh, man. I'm kind of optimistic here. Trying to look at the bright side of this. Okay, so let's explain the problem you want us to. So, we'll look at the framework. So, NIST 800 53 is a standard NIST framework for how do you do software security. We just switched to version 5, right? NIST 800 53 REV 5. Well, REV 4 was released in 2013. What that means is, Rev four was written based off technology. So on 2013, and actually it was started in draft around 2010, 2011. So you're really looking at 2010 technology that gets written into policy. And only in about 2023, 2024, do you start having a revision of that? So you're right. There are really exciting portions of ref for that. You're looking at going, if I comply with this, I'll be incredibly insecure because the world of technology has changed. So this is one of the huge issues is. When you have a compliance built framework for accreditation, then your compliance, the compliance policy can never keep pace with emergence of technology. I'll just talk to Google. Google had a whole different way of how they shard data and they don't stick all the data in one data center and one locked facility. And so in many ways, Google's cloud didn't meet the standard expected by the government. It took them years to finally convince DISA and the government that yes, even though it's different. It is, it meets the intent of being secure. Again, that's different as opposed to like Microsoft and AWS that stuck their data centers on facilities that they could say, yep, all your data is in one spot and it's surrounded by a guy with a gun. Um, and so, yeah, that's a huge issue of keeping up with those standards. So that's why for us. We try to do that on their behalf and then still try to offer up modern tooling and modern processes that still comply within that framework. But from a commercial vendor standpoint, when they look at what we're offering, they're like, Oh yeah, I've used those tools before. Those are current modern software development tools. I feel comfortable with.
Mike Gruen:Are you seeing that on the compliance side, sorry, on the compliance side, that there'd be like these standards that are being written, are they being written more abstractly more on the spirit of like what, what the intent of these things are rather than being so explicit about you need to be using one of these handful of things that we know two years from now is going to be no longer relevant.
Enrique Oti:I'll give a short answer and then she'll let you. The. I think they're getting better. And there's a couple of ways you look at this. So DOD CIO's office, uh, has actually been putting out new guidance for continuous ATOs. That's a relatively new model where security is less about based off of, uh, filling out spreadsheets of, uh, control maps against risk management frameworks. It's actually more about continuous monitoring, continuous assessments, which is exactly where we should be going. And then the biggest one, the army CIO last week. For early this week, put out great guidance on how to secure things in the cloud. It is one of the best memos I've seen. It's like 28 pages. I don't know. Said no one ever. Well, if you're in a sort of thing, it's kind of cool. Uh, yeah, actually. So, so I think you're seeing a real change and the Air Force, I think really took the lead on this. That's awesome. USATOS, but. You know, there's a really, there's a movement now, and I think it's going in the right direction.
Chee Gansberg:I, I, I like how Enrique talked around the fact that he was kind of on the ground floor helping make all these things happen, the continuous ATO. Uh, I, when, uh, he was still at DIU transitioning to Castle Run, This was a story told to me by one of the auditors, uh, who's now at app works, but there was a huge pushback against the continuous ATO process because the static RMF, the static ATO, the way ATOs were done beforehand that we knew, like us as tech people knew we were exposing ourselves to massive amounts of, uh, security vulnerabilities just because you got an ATO. That means this, this SES said you were, you were secure. On that date and time, and you probably were for what was known at that date and time, but then all these zero days are discovered and turns out that that thing's got more holes than Swiss cheese. I can't go fix them because the moment we fix them, we break the policy that allows me to use it. So I just have to risk and we do that. We do that all the time. With the, uh, when they, when they stood up Kessel Run, they, uh, I don't know if anybody was paying attention to how many of the commits that they were committing to back to the core were actually remediating CVEs. We didn't care because the, the whole idea of switching to an agile framework was giving the user what they wanted, sticking to like, Agile principles. So we're willing to say when, when the auditors came in and said, you're exposing yourself to so much more risk by this continuous ATO process. Um, you know, you guys are going to fail miserably. And, uh, they were like, well, it's a risk we're willing to take to give the user software they'll actually use and be able to iterate on. That's so worth it just from that perspective. And then when they go into the evaluation and find it's like the most secure software in the air force because Like getting CVS remediated, that's when they realized like, wow, you're, you're giving the user something they want. And you're also actually making it more cyber secure yet. We don't have a policy to capture that that cyber security assessment is accurate and valid. And so now it's like the PM who owns the contract with, with second front, we've deep platform users who haven't. You know, like a new CV has been discovered and they didn't meet the CV remediation requirements in time. Um, we're going to bring them back on once they get their code back up to standards, but in the traditional way, Oh, they'd still be a platform. They'd still be pushing. And then we would just have exposed, you know, vulnerabilities. So it has, I think the policy has moved on and we've gotten better. And, uh, I really honestly, Enrique and a handful of other folks from like that early Kessel Run era are really kind of who set those conditions that the rest of us are just, we're standing on the shoulders of giants.
Enrique Oti:Let's get credit where credit's due on this one though. So, you know, Mike, you're kind of joking that I've said, Oh my God, what an amazing army policy. Um, policy matters. In the government policy is it's like the Bible, you know, and so it's great. Like what we were doing there, it was a lot of like these crazy ideas. Myself in a few years of the had, we stole the ideas from, uh, us digital services. We stole the ideas from NGA, uh, with Paul Puckett. We sold the ideas from Leo Garcia, got Jido. Um, and it's great that I have ideas and I sold them as deepest PowerPoint. And like, I'm like, I'm like going around, like evangelizing this new model based off a really colorful and PowerPoint slides with memes, but it actually took someone in this case, a guy named Brian Kroger to actually take that and turn it into an air force policy that you can show to leaders and get somebody to sign. Like that's, and that's what matters because there's all this innovation out there. That's absolute theater because until it is turned into a policy that is now repeatable. It doesn't matter. It's like it never happened. There's just way too much of that in the department of defense. And so, yeah, policy does matter. And somebody has to be willing to write that stuff down on paper and get it, uh, signed.
Mike Gruen:No, absolutely.
Enrique Oti:Yeah.
Tim Winkler:Yeah, we actually had Kroger on, on the pod, uh, talking, uh, yeah, he, he, he, he talked a little bit more about that, that Kessel run story and how it all came to be as well. I mean, it's, it's really a, uh, an excellent, uh, example of how, you know, you fall into the second front, uh, company and, and it's. It's just an organic, uh, kind of next step for you, given the Kessel Run backstory. Um, I want to get a little, a little bit more granular and we talked about this briefly, Enrique, in our discovery call, but, um, you know, trying to, you know, uh, simplify a little bit more for, you know, maybe these, you know, some founders that listen, uh, to, to our, our podcasts that, you know, are, are breaking into the defense space, or maybe they're working with a consultant or an advisory firm to help. You know, position themselves, maybe a dual use scenario or something like this. Walk me through like, what, uh, you know, how, how second front is, is working with these companies from, you know, uh, The different phases like discovery and how, you know, you don't get too deep into the weeds of it, but I'd love to hear just a little bit more of like, how, how does these engagement, how they flow?
Enrique Oti:Yeah. So I think the engagement actually, it kind of has two halves. So the first half is obviously what we do with the government first. Like, how do we make sure that the platform we deploy, the tooling we have, the reports that the tools generate, how do we make sure it meets what the government cares about and what they need to see? And that's kind of an, uh, an evolving process. Is, you know, different accreditors, different security officials want to see stuff slightly differently. Um, as time goes on, it's one of the things like there's the expectation always increases. It's like, sure, that was secure last quarter, but how about this quarter? What else have you added to, to give us a higher level of assurance? So there is a, as we as a company are delivering to the government. We are constantly having to engage, I think, and this is very different than, you know, there's other ways to deliver the government there. You can provide services where it's just like, you're just butts and seats, your bodies for the government to use at will. You know, that is not our model. We provide a technology, but the thing is, we're providing our technology. What we're not doing is we didn't build a technology based off the government giving us it. 800 pages of technical specs saying, please build this widget. And so what's happened is because we built it to what we think is the right thing to do, it ends up becoming a continuous negotiation with the government. Like, does this meet your standards? Do you want to see it differently? Do you want to see something else? And so it's a constantly evolving process of what our technology looks like. And so that's our government relations. But then the other side of the house, like we talked about is working with the commercial side. So for commercial companies that want to work with the government, that engagement really starts with us, um, doing like a tech screen saying, you know, what is your app look like? How is it built? What's your tech stack? What toolings are you using? What cloud services are you using? What external connections do you have? And we really kind of do an assessment saying, does it fit our model? Cause at the end of the day, I love our platform. But I'm a firm believer that there's no one solution for everything. There are definitely some use cases of technologies that I'm sorry, our platform, it just, it's not compatible for you. I wish it was, but that's not how technology works. There's software that is so advanced using so many advanced underlying cloud features, like there's no way we could support that 'cause it's well beyond what an accreditor or policy would feel comfortable with. At the other end, there's these technologies that are like, man, you're like nowhere close to being cloud native or containerized. We like, it's gonna take you a year to to refactor to work with us. So we try to cover like the core center of the bell curve of modern app development, containerization. So we do a tech screen. Then once we bring the company on as a customer. Uh, we start off by like, we just take their containers. We don't take their code. We take their containers. We scan them against a bunch of security tooling. We run hardening scripts against it to minimize, you know, basically STIG and minimize the container images and all the root accounts and extra libraries. And then we throw them up in a dev cluster, run a, make sure the stuff works. We have a full observability stack and login and monitoring. So we make sure performance is there. And then we work with it to deploy out into our environment where we force an integration with our IDAM solution, force an integration through our networking paths, our observability stack, our security stack. And that's actually what allows them to inherit our accreditation or be given a certificate to field off our accreditation. Is because they're using all of our tooling that has already been accredited and that's what makes it work. So, uh, for a company that's considering this kind of model, you know, the downside is you lose a little bit of control in prod and a little bit of architecture design of saying, you know, your engineers cannot be as creative as they want to be. But on the positive side, you actually don't have to have as many infrastructure engineers. You don't have to have the compliance team. You don't have to have the 24 hour monitoring team because we're covering all that for you. So it's a, it's a, it's a business and technology trade off for that company saying, do they want to go at all themselves and have full control? Or do they want to give up a little bit of control in those day two ops for the fact that you can go for, go faster and have a quicker market.
Mike Gruen:And I feel like that's just the same old, like in the technology world, build versus buy type. Discussion like what's our core competency and having lived through that, where we actually had to hire a full time person who is going to be sort of trying to deploy the stuff at the government and various Intel agencies and like trying to figure out how we take what we did in the cloud at AWS and how are we going to get this deployed into these data centers? And luckily we didn't use it. AWS, like we're not cloud agnostic, but it's still a pain. Um, so I see the value. I mean, we, I would have loved to have you guys back then, but it made things so much easier
Enrique Oti:when you kick off your next tech company. Let us know,
Tim Winkler:I'll be in touch. So it's kind of a, you know, a genius, uh, concept, uh, just knowing the, you know, the, the hoops that you have to jump through, you kind of cut out all that legwork for them. Um, but it sounds like a, you know, a kind of continuous iterative delivery for them to kind of given how always changing, like the policies and the requirements are going to be on the government side. So then when you, when you engage this, this commercial company and. Things are kind of kicked off. It's a good fit. You, you, you agree to, to kind of press forward. What's the level of communication? Uh, how much back and forth is there between, you know, you and that commercial company moving forward? Is it, you know, what kind of cadence do you guys connect back and forth? Uh, or is it just kind of.
Enrique Oti:Do you want me to show you our Slack channels? Can you? I would love to say, uh, our Slack channels blow up because they're always happy that we do incredible work, but you guys know how the reality is. Sometimes their Slack channels blow up because something went wrong. But at the end of the day, like we have that kind of literally the day to day interaction with our customers and the day to day interaction with the government. Like, Relationships matter. Like I know everybody says technology, it's an abstraction. You can move away from people. AI can move away from people. No, no, no, no. The relationships are even more important when you're doing something that both for mission has purpose and it's more technologically advanced or cutting edge. Like you have to have those relationships. And so we try to maintain good relationships with our customers. I hope they would agree if they're listening to this, but you know, if you don't, please let me know black and I'll, uh, start to solve it.
Mike Gruen:Totally agree. I mean, it goes back to, I mean, I'm not trying to plug myself here, but that pairing that I had around trust, right? If I know that you have the, that you're competent and trust that you know how to secure things like that goes a long way when I'm reviewing your security documentation and I. As opposed to if I don't think that, you know, and then I'm going to be looking for, you know, through it more fine tooth and so the relationships absolutely matter.
Tim Winkler:I'm curious, is there, um, you know, on the AFWERX side, uh, in connection to second front, like, are there specific. You know, metrics, uh, that you all are looking at to, you know, it's kind of evaluating the success of the of the solution.
Chee Gansberg:Oh, yeah. Uh, I mean, specific metrics themselves, like from a, um, you know, cybersecurity perspective, obviously, those are all well documented. But there's even the onboarding process like he talked about, um, you know, there's a relationship there between the two companies, which Totally benefits the government in that it's like from an engineering perspective, it's B2B and I'm not getting involved in the middle, um, which really saves the government a lot of time and headache. But for all of these apps with, with rare exceptions, the exceptions being autonomy prime, which are also mine. Um, the, the rest of them are, there's another government personnel involved too. So you've got a government sponsor for the actual app that's getting on board. That government sponsor and I will work together and figure out, like, is second front the right fit? And then if they are, then that becomes a natural transition path for them. And then the company will start working together. But there's still another government PM involved in all of this. So, uh, which has worked out great because that government PM. Like I'm, I'm focused because of the platform with second front, I'm just focused on like cyber security and, and compliance and policy that other PM gets to, he doesn't even have to think about that he gets to focus on like day two ops and prod and like adding features. And what does his actual user base that he represents? What do they care about? And then that other company is to focus on that too. So you, it's, it's not. To, to quote, uh, uh, it's, it's a lot of blocking and tackling and it's, it's not sexy stuff, but it has to get done by doing that and abstracting that layer out from, you know, from the, the companies that are actually performing, they get to focus on the things that really matter. Um, that's actually how I ended up at DIU is I wanted to do that for JTAC software and take the thing that every JTAC in the Air Force has in common. Or not the air force and the DOD abstract that out, do the unsexy stuff and then let all the program offices focus on what made them unique and special snowflakes. Uh, and it turns out like that same process needs to happen at that corporate dual use level for everything we're
Tim Winkler:at now. Yeah, it's really interesting. And Enrique, you all are probably, you know, getting exposure to so much interesting, you know, companies and entrepreneurs and technologies that are coming through the door. And it's a really, really neat kind of like funnel that you all get to play a part in and bridging that gap of how to add value into the larger defense ecosystem. I think, um, you know, I, unless there's anything specific that you wanted to, to tack on in terms of, you know, how, you know, how this process kind of flows, then we kind of tackled it from a bird's eye view. I don't think we need to get too much more granular unless there's something there, Enrique, that you, you wanted to add on as a final takeaway.
Enrique Oti:Yeah, a final takeaway. And it's less about our, like our process, you know, it's our process, but like. If you step it back, like what's the process of a company working with a government, like something I did not realize when I was on the government side, I'm like, Oh my God, this is so easy. Uh, I didn't actually realize the pain we put companies through to work with us. Now that we're on the company side, I really see what that pain is. And it's incredible. Things like you never think about like, uh, pieces of paper, like there's this magical piece of paper called a DD 254, which is a piece of paper. She might. It's, it's a piece of paper that lets you get access to like, you're allowed to have access to this facility. You're allowed to have access to this classification, whatever. Shockingly, sometimes getting someone to sign a sheet of paper can take months and you don't really think about that when you're on the commercial side, like, Oh, I got to execute on a contract and I have to get a bunch of people piece of paper signed or like, how do I actually get on a network to see if my product works? You don't actually really think about that when you're delivering to the government that, oh yeah, you actually have to have a government virtualized computer somewhere. And how do you get that kind of thing? Like there's all these little things that when you're a commercial vendor and you're so excited about submitting for an RFI or putting your proposal in or something like what you don't realize is that the hard part is not getting the contract. The hard part is there's so much other bureaucracy after you've been in the contract and really none of it's under the control of the program manager that you're working with. It's actually They're usually just as frustrated because there's all these other rules, even the simple things like, Hey, I need it. My team needs ID cards so we can either get on a base or log in. It's like, and then you ask, like, ID cards and your program manager, like, I don't know. I got my, I don't know how you get yours. You just described my
Mike Gruen:experience of trying to get down to the Aberdeen. And like, this
Enrique Oti:was stuff that I was on the government side. I never considered because I'm like, It's just what we do every day. And then you don't realize the commercial companies have no idea how to do it. And when they ask you, you realize. Oh, I actually don't know how to do it either. Um, so anyway, that's the fun part of delivering to the government. It's a challenge every day.
Chee Gansberg:Thank you for describing most of my life lately. It's been doing those things. Yeah. No, it's, uh, the, the deeper I get into supporting other war fighters, like outside of my community, the more, um, the more I found that a SOCOM had a pretty well oiled machine in terms of conventional acquisitions and the rest of the DOD is not. Um, And yet I don't even exist trying to do the rest of the DoD from a conventional acquisitions perspective. I'm working in a. You know, innovative acquisitions perspective, which is trying to go even faster than so calm, but it turns out that, uh, yeah, you're that means I'm one on Monday afternoon. I'm sitting there with, uh, you know, and PhDs talking about real high level stuff. But Tuesday afternoon, I'm going to be working on forms for. People to get ID cards and find access to networks. So I think it's taken 15 drafts of a DD 254 because I'm learning as I do it. So it's,
Enrique Oti:yeah, the totally unsexy side of defense innovation is paperwork. Yeah.
Tim Winkler:Oh yeah. All right. We don't want to sugarcoat it for folks too. I mean, it could be a huge time suck and a waste of time for you to consider like, you know, really making that, that pivot down, down that rabbit hole. And so I think it's, it's an interesting, I mean, you have that level of empathy, Enrique, where, you know, having sat in that and on both sides, um, it is creating also, you know, there's a lot of opportunities that are being created from like advisory firms coming in and, You know, helping those, those, uh, entities kind of save that time. Um, but, um, there's obviously a lot of work to be done. We're, we're having some interesting conversations coming up here soon in a couple of weeks on, on more of this, you know, government reform and dissecting like, um, the, the FAFSA, the federal acquisition streamline, uh, act. Um, cause that whole Palantir use cases is a fascinating one to kind of pick apart. But, um, there's, There's, you know, there's definitely a, uh, I would say in the last few years, you know, there's, you know, certainly been a lot of, uh, interest, uh, building, uh, and, and getting involved in, in the defense sector. There's been, you know, there's, there's a level of stability that comes with this, you know, with the government as well, where you see a downslide in some of the commercial markets, like we've been seeing that, you know, leads to founders figuring out how to diversify and become more. Um, you know, dual use if the use case exists, but I think this, you know, this is just another episode, another example of, you know, just a small nugget of wisdom on, you know, how some of it's done as a, as a good use case with second front. So definitely value the, uh, uh, the time that you guys, uh, contributed to, to break that down and explain it. And, um. I know we have just a couple of minutes left, so I want to, I do want to get to the five second scramble real quick. I think it's a fun one to just kind of learn a little bit more about you guys as guests. Um, so, uh, Mike, I want you to kick it off with Enrique, and then I'll, I'll, I'll take a, take Chi. So here we
Mike Gruen:go. I'm just going to ask you questions. Don't worry about it. It's a mix of like business questions, then personal questions, you'll be fine. All right. You ready? Uh, explain second front to me as if I were a five year old.
Enrique Oti:Um, you, you just bought a new toy and you want to play with your new toy, but you can't play with it until your dad spends eight months filling out pieces of paper that says you're allowed to play with it. Uh,
Mike Gruen:what type of technologists thrive at second front?
Enrique Oti:Oh man. Uh, Technologists that have actually served at like the tip of the spear in the military. Like if you're like a cutting edge special operator and you like tech, those are the kind of people that thrive because, you know. It's an undefined problems and you just have to solve them. And that kind of, it's the mindset that seems to work basically to anybody, anyone who has that kind of mindset. It was like, I just want to solve problems.
Mike Gruen:Uh, what's your favorite part about the culture at second front?
Enrique Oti:Um, I don't think we take ourselves too seriously. We have like a whole meme channel, which is just a blast. And like everything we do is like, there's a lot of like. Unserious aspects of our day to day life, uh, which then compensates for the fact that we have to act serious when God in public. So, you know,
Mike Gruen:it's good. Do you have a chief memes officer? That's a lot of companies. We've had that.
Enrique Oti:We actually do. His name is Dylan Sims. Uh, he's a rock star. I mean, yeah. Awesome. That wasn't
Mike Gruen:one of the ones. Anyway, uh, if you could have one hour mentor session with any tech giant, who would it be? Oh my
Enrique Oti:God. Um, you know, I actually, I'll, I'll say Kevin Mandia. I just, the work that he has done on pioneering security for attribution of adversaries, which again, this is me putting my former military hat on what I used to, like, I love that stuff. Love to sit down. It was like biggest brain for an hour on adversary threats.
Mike Gruen:Uh, something you did as a kid that you still enjoy. Was that something you did as a child that you still enjoy?
Enrique Oti:Uh, so I, you know, over Christmas, my kids bought me another Lego set, so I still do Legos. Yeah.
Mike Gruen:Nice. Uh, what's a, uh, charity or corporate philanthropy that's near and dear to you?
Enrique Oti:Um, I donate, I've been donating for years to an organization called International Justice Mission, which, so IGM actually helps, uh, free, uh, slaves, uh, from around the world. We had a huge slavery issue right now. It's, it's, it's massive. It's all over the world. And so they go out and try to get, uh, slaves both through legal systems and through other methodologies, like. Education and then the legal system to get people removed from slavery.
Mike Gruen:Wow. Um, what's something you love doing but are really bad at?
Enrique Oti:Uh, so I broke my elbow dislocated at playing soccer because I'm that bad and that clumsy that I fell, but I still love it. I'm still a great sport. So there we go.
Mike Gruen:Cool. Uh, last one, cause I know you got to go. Uh, what's the most outdated piece of tech you can't let go of?
Enrique Oti:Well, like most people, I still have like two gigantic boxes of old cabling. I just never know when I might need it. So it's still there. That's what's in my closet. It's my wife. It is going to kill me at some point. I drag it from place to place. Um, yeah, I think that's probably it. It's just all my cables.
Tim Winkler:Classic. That's great. Yeah. Everybody can relate to that. Freaking drawer of just old cables, just sitting there. God knows what they go to. I've got some good SCSI cables. It's awesome.
Chee Gansberg:Oh, I don't have a SCSI.
Tim Winkler:That's awesome. Uh, all right. Yeah. Last, uh, last few minutes here, Chi. Uh, you, you ready? All right. So what is one word you'd use to describe the innovation culture at AFWERX?
Chee Gansberg:Complex
Tim Winkler:said, uh, what's one emerging technology that you believe will revolutionize air force operations?
Chee Gansberg:Um, I mean, I could take the cheap way out and say AI, but, um, I, I think it's actually. It's not so much technology itself. It's going to be the way we ingest technology, um, and changing the, changing the way we, we proliferate it throughout the DoD.
Tim Winkler:What's the first step that you would advise startups to that are looking to take that next leap to working with the DoD?
Chee Gansberg:First look internally to make sure you really want to do this. Um, second, I would say having a, um, While there's a lot of benefit to working with the D. O. D, especially if you're trying to mature a product is make sure you have some sort of, uh, you know, corporate dual use case in mind, uh, something commercial because, uh, the government is really good at putting a carrot on the end of a string and then leading you really, really far down a rabbit hole before you get paid off. So having like if that's if we're you're Yes, sir. If you're basing your business model and your venture capital on just dealing with the government, it can get very dangerous, very fast. Check that runway.
Tim Winkler:Um, What, how do you envision the role of software and the air force changing over the next five to 10 years?
Chee Gansberg:I tried to, uh, be in another soft guy, uh, sat down yesterday and said, we need to update the SOCOM, uh, mantra from humans are more important than software. That is more important than hardware. Um, I definitely think software is, uh, Especially getting involved in big programs now that that involve a lot of high end technology. Software is the most important thing. Uh, I get cheap hardware to do all sorts of amazing things, but I need exquisite software to enable those amazing things. So, uh, yeah, it's, that's, that's why I call myself a software evangelist.
Tim Winkler:Nice. If you could race any car on any racetrack in the world, what and where would it be?
Chee Gansberg:Oh, the track is, is, uh, probably want to do the Nürburgring. Um, the car would be, that's, that's a, that's a better question. Um, I would, I would love to lie and say like a modern F1 car, but honestly I would just like, I would probably want something, you know, Some exquisite new supercar, uh, that I, I feel like I'd be able to, to, to go drive myself. What's the name of the first beer that you ever brewed? Ooh, the first one I brewed, I don't know. That's a hard one. I think the first one I brewed of my own, um, recipe I've, I've named our show, um, after a Belgian model, uh, Uh, but, uh, the, uh, my dad calls it the mistake because, uh, it's me trying to like merge two recipes of two of my favorite Belgian beers together. And then when it got to brew day, I was missing some ingredients. So I had to just make stuff up and the resulting beer, uh, when I put it on tap. Months later, uh, I, I poured a pint for my dad and I was like, I apologize if this is trash, but this, this is, this is, this, this is what I had it forward with. And my dad took a sip. He's like, this is 1 of the best beers I've ever had in my life. Please tell me you wrote this down. And I'm like, yeah, so I've now made it numerous times. And if I ever. Start my own brewery. That will definitely be my flagship beer. It's amazing. Uh, what
Tim Winkler:is a charity or corporate philanthropy that's near and dear to you?
Chee Gansberg:I've been donating to the special operations warrior foundation pretty much my whole career. Um, they've done amazing stuff and taking care of, uh, uh, the families of fallen operators who, um, and, and, I mean, just in, In not just financial ways, but intangible ways, uh, you, you, you're, you're a high school student and they're going to get you a scholarship, but you're having problems getting grades. They'll reach out to the community and find a nerd like me who loves deep math and tutor those kids before they go off to college. So, uh, it's more than just about money. It's about actual connections and keeping those, uh, those people part of the family is, uh, I, we, we did a, uh, a call. Every January on the anniversary of one of my buddies, uh, dying and his wife has since remarried and moved on and she dials in and, um, she's, she's got a thousand older brothers that are still looking out for her. So I love that organization. Very cool.
Tim Winkler:Yeah. We'll plug both of those in the, in the show notes as well. So build some awareness as well. Um, what was your dream job as a kid?
Chee Gansberg:I probably had it. Um, honestly, uh, I'm working in an IndyCar team. Um, it was great right up until I did it. And then, um, uh, like, well, this is a lot more work than I was expecting. Uh, and then, uh, and then when I went into the military, um, you know, my, my first tech where, um, When, when things went to hell at a hand carton and a gun run, and a guy tells me he's going to go home and see his daughter because of me, it was like that heroin
Tim Winkler:hit
Chee Gansberg:and I was dragging the whole rest of my career. Um, and, and now I'd say this is feels like my dream job right now. So much so that as my active duty retirement is around the corner. I'm actually like going to stay government for a little while as a, as GS, just to get like this program over the line, uh, I've got, I'm too like passionately involved. And I think the big reason is when, when I was at Fort Bragg doing Fort Bragg stuff there, sorry, Fort Liberty go, um, they would, um, I felt like I was solving today's problems right now. And it was great. It was very fulfilling, but now I'm in a position where it's like, Hey, go prevent the next 30 years of war. And, uh, Make it so that the U S has competitive advantage that we haven't even thought about, um, instead of just refighting the last, last war over the next fight at three to 5 percent more efficiently, because that's traditionally what government acquisitions does.
Tim Winkler:That's great. Um, uh, awesome, uh, answers all around you guys pass the flying colors. Uh, it's been, it's been a pleasure having you both, uh, you know, share your experiences with us and. Um, I love the innovation that you're, you're doing it for national security at large. It's, it's definitely inspiring and, uh, grateful for your time and, uh, thank you for your service and I appreciate you all joining us on the pod. Thanks. Thank you for having us on. Thanks.