Charles Lyons-Burt
Bryon Kroger, Rise8 founder and CEO, is a U.S. Air Force veteran turned bureaucracy hacker who is relentless in his pursuit of making the world work better—a future where fewer bad things happen because of bad software. Rise8 enables large enterprises with critical missions to continuously deliver valuable software that users love.
Kroger recently sat down with ExecutiveBiz to discuss how agencies can rapidly develop high-quality software without compromising security or waiting months or years to deploy it.
ExecutiveBiz: Tell us a little bit about your background and why you decided to start Rise8.
Bryon Kroger: My journey to founding Rise8 began when I was a U.S. Air Force intelligence officer in targeting operations. It was easy to see the massive gap between the cutting-edge technology coming out of Silicon Valley and the outdated software systems we were using for critical military operations. But in the military, lives depend on this software. It’s not an overstatement.
The Kunduz Hospital airstrike — where U.S. forces incorrectly targeted a medical facility — resulted in 42 deaths and 30 injuries. Though I wasn’t directly involved, it affected me deeply. It’s a tragic example of what can go wrong when we don’t have the right tools for the job. I knew we needed to transform how the Department of Defense builds and deploys software.
I tried from within at first. I transferred to the Air Force Lifecycle Management Center as an acquisitions officer and co-founded Kessel Run. This unit was the first to bring Silicon Valley-style agile development practices and true continuous delivery into the military. We pushed for faster, better solutions for our technological challenges with an enterprise-scale software lab that defined DOD DevOps.
Kessel Run was a big step forward, but I realized I had to step outside the military structure for real change. I founded Rise8 the day I separated from the Air Force.
Ultimately, Rise8 is about continuing the mission I started in the Air Force. We work with our clients to ensure government agencies can access the best technology. We’re here to help them deliver high-quality software better and quicker because when the outcomes are critical — building, learning and deploying at the pace of the world around them is too.
EBiz: How has your experience as an Air Force veteran and co-founder of Kessel Run, the DOD’s first software factory, informed how Rise8 helps solve software development issues in government?
Kroger: My experience in the Air Force and Kessel Run gave me a unique perspective on the challenges and the potential for improving government software development practices. My passion and mission is to make the DOD the disruptor on the battlefield, rather than the disrupted.
Mission-critical tasks demand more than basic tools or weird workarounds. It’s inefficient and, frankly, dangerous. Kessel Run was about creating an environment that fostered innovation and could quickly deploy new capabilities. But change is hard.
At Rise8, we understand that effective change isn’t just about new technology; it’s about shifting mindsets and organizational culture — and usually a few bureaucracy hacks. We’re fluent in both Silicon Valley practices and government requirements. We’re not just fixing immediate software problems. We’re taking the lessons learned from both the challenges and successes in the Air Force and Kessel Run, and applying them to create lasting, positive change at scale.
EBiz: What is continuous authority to operate—or cATO—and why is it critical for effective software development in government?
Kroger: cATO is an approach to continuous software delivery I helped pioneer at Kessel Run and we champion at Rise8. It enables agencies to deliver the mission-critical software users love faster and more securely.
Obtaining authority to operate is a notoriously slow process. You can spend months or years waiting for that initial sign-off. We’ve figured out how to get that initial authorization much faster and, once it’s achieved, move to cATO. This disciplined approach enables continuous delivery with the application of the NIST Risk Management Framework.
cATO isn’t a shortcut, and it’s not a pipeline. Instead, cATO builds compliance into the software development lifecycle through robust controls, persistent monitoring for security and privacy risks and comprehensive documentation. An organization can build and release new system capabilities as long as they maintain compliance with approved security standards. Constant monitoring mitigates compliance drift and enhances cybersecurity.
A traditional ATO process doesn’t have the speed or security to keep up with continuous DevOps release cycles and emerging threats, but cATO can — without compromising security. The result is agencies that can rapidly deliver higher-quality software with reduced risk.
EBiz: What are some of the top IT trends you’re seeing in government, and how are they impacting agencies’ software development processes?
Kroger: There are parts of the government that want to adopt modern software practices but old habits are hard to break. To convince the bureaucracy to transform, we have to show them the value. You can’t adopt DevOps methods without building a culture that supports it. For example, leaders need to create low-friction environments for development teams. If you want a team to ‘shift left’ on security, you have to find ways to make space for it. Can you toss out backlogs of low-value tasks? Can the time for ticket resolution be shortened? One of the fundamental principles of DevOps is continuous improvement. Apply that to managing your team, too.
Agencies also love to build instead of buy — that has to change. One of the first tasks a fledgling software development team is asked to do is build their own platform. Immediately, the group’s priorities shift from building unique capabilities to developing and maintaining infrastructure that a commercial company could supply — usually more cost-effectively. This reluctance to buy commercial-off-the-shelf solutions is usually tied to fear of lock-in. The concerns are usually overstated and the real trade-off is between mission failure and success. Organizations obsessed with lock-in usually end up locked out of production.
Adopting proven, commercially developed solutions shortens implementation timelines, which gets agency teams delivering mission-critical applications more quickly than standing up DIY infrastructure.
EBiz: How can public sector and private sector organizations better collaborate to enable faster and more efficient modernization of processes in software development?
Kroger: Rise8’s mission is to help organizations continuously deliver valuable software their users love. It’s about getting better tools into the hands of the people carrying out their missions, whether Air Force, U.S. Space Force, USTRANSCOM, USSOCOM, or a civilian agency like the Department of Veterans Affairs.
Too often, government employees and service members rely on system workarounds based on spreadsheets, email, or other repurposed collaboration tools. Software should remove frustration, not be its source.
At the VA, for example, there is a strong push from leadership to the front lines to provide better digital experiences for caregivers and Veterans. This year, Rise8 worked with the VA to establish cATO, allowing its software development teams to make changes more frequently and securely and thereby enable more rapid improvement at scale. As a veteran myself, with a father who struggled with the VA system, helping to modernize the VA with cATO is one of the most meaningful things I have ever been able to be part of.
Rise8 embeds with our government clients to build software development teams focused on user experience and continuous improvement. We don’t solve a problem; we enable teams to develop solutions for whatever challenges arise.
We see ourselves as guides, helping our heroes overcome the red tape that can slow down their transformation efforts. We explore how to inspire organizational change, bureaucracy hacking and practical implementation strategies and more at our annual event, Prodacity. Prodacity is a movement committed to authenticity and learning that sets the standard for achieving mission outcomes in government. Our next event is February 4–6, 2025 in Nashville, Tennessee. Registration is open now, and our team is working tirelessly on a curated agenda around people, processes and technology without sales pitches and innovation theater.
