DIB Innovators: Zero Gravity Summit Edition

Eide Bailly's Anders Erickson on Cutting CMMC Scope from 70 Licenses to 3 Using CUI Flow Mapping

A manufacturer approached Eide Bailly [https://www.eidebailly.com/] expecting to buy 70 Azure GovCloud licenses for CMMC compliance. Principal Anders Erickson [https://www.linkedin.com/in/anders-erickson-61794b1/] scoped them down to 3 people by mapping actual CUI flow. The company received purchase orders and occasional schematics from DOD, but everything they manufactured went to commercial markets. Commercially available products don't require the same controls as true CUI, which most SMBs miss entirely. Anders spent 11 years auditing NSA, NRO, and Homeland Security systems before bringing that federal risk-based methodology to Eide Bailly's SMB clients. The assessment advantage comes from partnerships: when Eide Bailly sees RADICL prepared a company, they know documentation exists and risk is managed, cutting both timeline and cost. While competitors sit on 9-month backlogs, Anders told a client this morning "we can get it done December 1st." The bottleneck isn't assessment capacity, it's C3PAOs trying to execute everything in-house. Topics discussed: * Scoping CMMC by mapping CUI flow patterns to distinguish DOD-specific data from commercially available products * Applying federal audit methodology from NSA and NRO engagements to accelerate SMB assessment timelines * Building consultant-C3PAO partnerships where shared security implementation knowledge reduces assessment cost and duration * Categorizing CUI assets versus security protection assets to establish accurate scope boundaries for compliance * Restructuring C3PAO operations from in-house assessment execution to risk management coordination across external assessors * Implementing CMMC readiness process: contract review, CUI movement mapping, and asset categorization frameworks * Evaluating assessment cost drivers including architecture complexity, cloud service provider count, and documentation maturity * Leveraging risk-based assessment approach versus uniform-depth checkbox audits to focus effort on actual vulnerabilities

Talbot West's Jacob Andra on Why AI Czars Need Systems Optimization over Pure Tech Focus

The MIT study showing 95% of AI projects fail to deliver meaningful ROI isn't about the technology, it's about scoping. Jacob Andra [https://www.linkedin.com/in/growthandcommunity/], CEO & Founder of Talbot West [https://talbotwest.com/], treats AI deployment as an organizational systems problem, not a technology implementation. AI solutions should become force multipliers for a process redesign, not the primary intervention itself.  Jacob also shares his definition of agentic AI: systems making independent decisions as part of larger orchestrations, with quality control agents that must sign off before processes advance.  Topics discussed: * Why 95% of AI projects fail to deliver ROI due to inadequate scoping of organizational adjacencies and dependencies * Differentiating AI capabilities across three categories: no human precedent tasks, force multipliers, and autonomous decision-making within orchestrations * Applying digital transformation methodology that combines business systems optimization expertise with full-spectrum AI and machine learning capabilities * Identifying revenue opportunities through process redesign before deploying AI solutions as force multipliers for customer-facing teams * Clarifying agentic AI definitions from digital employees and autonomous systems to decision-makers within orchestrated workflows * Implementing quality control agents with specific validation criteria that must approve outputs before processes advance to next stages * Building human-in-the-loop oversight systems where agent managers monitor multiple AI assistants

Palo Alto Networks' Daryan Dehghanpisheh on Extending Vulnerability Management to AI

AI's democratization of capabilities creates a paradox: the same technology that enables a three-person firm to compete with enterprise operations also enables nation-state actors to target them at scale. Daryan Dehghanpisheh [https://www.linkedin.com/in/daryand/], North America’s GTM Leader for AI Security at Palo Alto Networks [https://www.paloaltonetworks.com/], breaks down why defense contractors can no longer operate under the assumption they're too small for sophisticated targeting.  Daryan’s two-debt framework separates technical debt from organizational debt (the latter being significantly harder to pay off) making security solutions that eliminate both critical for companies that can't afford to build internal security teams.  Topics discussed: * Extending vulnerability management processes into AI components like models, agents, and MCP servers using specialized tools * Distinguishing technical debt from organizational debt with the latter being significantly harder to eliminate when building internal security  * Targeting defense contractors and SMBs by nation-state actors through democratized AI attack tools * Evolving ransomware tactics from billing system attacks to destroying operational technology like CNC routers and physical equipment * Adopting enterprise-sanctioned AI versus uncontrolled employee AI usage on personal devices across networks  * Addressing supply chain vulnerabilities where small businesses represent the weakest security links for large enterprises in upstream and downstream operations

HHI's Trevor Scott on Using Defense Tradeshows to Discover Who Needs What and How You Can Help

Small defense manufacturers face a relationship continuity problem that costs them contracts: your primary contact at a base rotates out every 2 years with no formal transition to their replacement. Trevor Scott [https://www.linkedin.com/in/trevor-scott-42719a4b/], Senior Procurement Manager at HHI Corporation [https://hhicorp.com/], rebuilds these institutional relationships through a three-pronged approach: trade shows, on-site base visits to understand actual problems, and strategic cold calling to find new decision-makers. His procurement workflow runs from initial customer contact through estimate facilitation to drawing release, where production management takes over. Trevor reflects on how his welding background creates bidding advantages invisible to pure engineers, including revealing cost traps in RFP drawings that can sink profit margins. He explains how his team uses AI specifically for proposal refinement on government contracts by writing base content themselves, then using AI to clean language and verify requirement coverage across 50-page submissions. He also offers his management test: can the team run independently for 3 weeks without you? For teams built on respect and accountability rather than micromanagement, the answer is yes because people care about outcomes, not merely compliance.  Topics discussed: * Managing defense procurement relationships through the 2-year contact rotation cycle using trade shows, base visits, and cold calling * Building aircraft maintenance stands and fall protection systems for customers across Air Force, Navy, and Army * Implementing AI for proposal refinement on government contracts while maintaining human-written base content * Leveraging welding and fabrication experience to identify cost traps in weld symbols and blueprint specifications during bidding * Outsourcing CNC machining and advanced manufacturing capabilities while maintaining in-house control of core detailing and assembly work * Creating accountability-based management systems where teams can operate independently for weeks without constant oversight * Navigating DIB procurement challenges where knowing the right program office contact becomes obsolete within 2 years

SAE's Jake Bodily on Why Speed Requirements Can Kill Tech Adoption Despite Benefits

Jake Bodily [https://www.linkedin.com/in/jake-bodily-70bba6b9/], Director of Business Development at SAE [https://sae-inc.com/], walks through why their test for automation success is binary: done right, technology spreads through your operation like wildfire; done wrong, you get an expensive paperweight in the CFO's corner office. He offers a cobot failure as a case study: Jake sold 12 collaborative robots to a major manufacturer, but all 12 were donated to education within months because inherent speed limitations killed operational fit regardless of safety benefits.  His core framework is now: the robot is the engine, the integrator builds the car. Essentially, you're buying the complete solution, not components. Jake also explains SAE's deliberate approach to AI adoption (watching rather than leading), why recent vision system advances justify reopening 10-year-old automation specs, and how Utah's aerospace manufacturing infrastructure positions the Wasatch Front for significant defense production growth. Topics discussed: * Testing automation ROI through operational spread patterns: successful implementations scale rapidly * Understanding cobot limitations when speed requirements override safety proximity benefits in high-throughput environments * Applying systems integrator perspective where robots function as engines requiring complete solution architecture * Executing 24-year automation roadmaps in 4 years through proven implementation approaches that deliver consistent ROI * Evaluating AI adoption strategies by prioritizing proven technologies over hyped solutions in aerospace manufacturing applications * Reassessing old automation projects using modern vision system capabilities that have significantly advanced since implementation