Defense Unicorns

Unlock the power of people in the cATO process in under a minute ⏱ In our latest video, Drew Belk 🦄 dives into the DevSecOps Continuous Authorization Implementation Guide, highlighting a crucial yet often overlooked aspect of the cATO process: the people. While tooling is important, a real game-changer in a continuous ATO is integrating and educating your team. Empowering your people to understand and utilize these tools effectively is key to success. You can keep an eye out here for more videos on the ATO and cATO, or you can read the Guide here: https://shorturl.at/FLS1P #DevSecOps #ATO

Biggest benefit of working at Defense Unicorns? ✨ THE SWAG ✨ Come check out our open roles and maybe you, too, can wear a unicorn shirt to work everyday ✨ 🦄 Security Engineer / Internal Penetration Tester 🦄 Contracts Specialist 🦄 DevSecOps Engineer 🦄 Golang Engineer 🦄 Lead Product Designer 🦄 Platform Engineer 🦄 Air Force Business Development Lead Head to the link below for more info and to apply 🦄 https://lnkd.in/g8xRVj-x #contractspecialist #devsecops #golang #penetrationtesting #platformengineer #hiring #productdesigner

The first #DefenseUnicornsWorkshop is in the books 🎉 We delved into the critical challenges facing the United States Department of Defense and explored how Defense Unicorns can help you walk away with actionable solutions to improve your mission capabilities. Thank you to all the incredible attendees of our first-ever workshop on Overcoming Software Delivery Challenges in Defense Missions! Share your experience with #DefenseUnicornsWorkshop If you want to connect with peers and 🦄s like Drew Belk 🦄, Austen Bryan, Victoria Wyler, Andrew Greene, Kyle Palko, and Phil Cole, who have gone through the same software delivery struggles, then stay tuned for a workshop near you! Where in the world should we workshop next?

📢 A Critical Lesson on the importance of Defense-in-Depth for the Government Cybersecurity Community 📢 A recent Cybersecurity and Infrastructure Security Agency Red Team exercise showed how important it is to strategically manage and mitigate vulnerabilities. CISA’s Red Team exploited a CVE at an undisclosed federal agency and was able to access the agency’s Oracle Solaris system. It took the agency more than two weeks to patch this vulnerability, during which time the Red Team maintained access, simulating a long-term threat. Here are a few key takeaways that a cybersecurity team or contractor should always have in place: ✨ It should never take more than 48 hours to patch a vulnerability. ✨ Dedicate time to enacting a strong Defense-in-Depth strategy upfront to avoid this level of breach in the future. ✨ Have an incident response plan prepared in case a vulnerability in your system is exploited; you don’t want to develop the plan as it happens. You can read the advisory here: https://shorturl.at/YeY1A

🚨 Say what!? 🚨 The Office of Management and Budget just dropped some exciting news about the Federal Government's cybersecurity budget for FY 2026, and guess what? Open source software (OSS) is taking center stage! Here’s the scoop 🍨 The memo is calling for a major upgrade in how the Government handles OSS, including: ✨ Promoting the security and sustainability of open source software (OSS) ✨ Motivating government agencies to engage in the development and maintenance of OSS ✨ Overhauling the government's approach to reviewing, approving, and centralizing OSS ✨ Incorporating these practices into cybersecurity frameworks ✨ Creating open source program offices to coordinate OSS usage across agencies and the government Seeing these changes make our unicorn hearts happy 💖 #opensourcesoftware #usgovernment #cybersecurity

Allow me to recommend some light reading for you 😉 The DevSecOps Continuous Authorization Implementation Guide is only 26 pages, and you will only have to read it 26 times to get the valuable information out of it… or just follow us, and we will break this down because we actually want to read this so you don't have to 🤷♂️ Joshua Oates discusses some common misconceptions between the ATO and cATO processes and gives you a sneak peek into how our open-source Software Factory Package will lighten the burden of those processes. Your mission deserves to work with a team that will read through this whole library for you, and then provide your people with the tools and best practice process to evolve your ATO into a cATO. But if, after all of that, you still want to read the document, you can find it here: https://shorturl.at/FLS1P

✨We are hiring! ✨ 🦄 Campaign Manager 🦄 Contracts Specialist 🦄 DevSecOps Engineer 🦄 Golang Engineer 🦄 Lead Product Designer 🦄 Platform Engineer 🦄 Air Force Business Development Lead Head to the link below for more info and to apply 🦄 https://lnkd.in/g8xRVj-x #jobs #hiring #golang #socialmedia #contracting #devsecops #productdesigner #platformengineer #businessdevelopment

One topic that unites industry partners and the United States Department of Defense - shared frustration with the #ATO process 🤯. Industry partners are trying to deploy the best software to the DoD quickly. Meanwhile, the DoD is waiting for up-to-date solutions to effectively execute the mission. But, there's hope! Here are some recent updates you should know about as the ATO discussion continues: ✨ Office of the DoD Chief Information Officer released the Resolving Risk Management Framework and Cybersecurity Reciprocity Issues memo. ✨ Defense Information Systems Agency has recently updated numerous Security Technical Implementation Guides and Security Requirements Guides to ensure they align with the latest standards set forth in the fifth revision of the NIST Special Publication 800-53. ✨  Defense Unicorns launched a workshop to address the DoD's various struggles related to software delivery, including the ATO and cATO processes.  #Cybersecurity #Defense

How much time do you waste manually validating the security of your system? Whether it’s mandatory or just good practice, validating your system security is valuable but can take time you don’t have. Lula is a completely open source tool designed to give you that time back and probably catch a few risks you missed too 😉 What you get when you use Lula: 🦉 Defense in Depth: detection of malicious or insecure configurations. 🦉 Continuous Risk Management: validate live system compliance against controls, benchmarks, industry standards and best practices. 🦉 OSCAL Native: Uses NIST OSCAL to map implementations to requirements from catalogs and produces an assessment results OSCAL file. No proprietary data format required. Go to https://lula.dev to learn more about the capabilities Lula can bring to you and your security.

Happy Independence Day! 🇺🇸 "The essence of America—that which really unites us—is not ethnicity, or nationality, or religion. It is an idea—and what an idea it is: That you can come from humble circumstances and do great things." — Condoleezza Rice Let's celebrate the spirit of unity and the incredible potential that defines our nation. We extend our heartfelt gratitude to those who have served and continue to serve our country, safeguarding the #freedom we cherish. #FourthOfJuly #IndependenceDay