Episode Summary:
In this episode of Engineering Choices You Have to Defend, host Nicola Onassis sits down with Kevin DiGilio, President of KMD Technology. Kevin explains how compliance frameworks like ITAR, NIST, and DFARS don’t just guide documentation; they dictate core system architecture.
When regulations evolved, KMD faced a choice: layer compliance on top of existing software or refactor the entire platform. They chose the latter, embedding user classification, role-based permissions, encryption, and access control throughout the stack. Kevin shares the trade-offs between usability and security, explaining how granular permissions and clear data classification maintain operational efficiency while staying fully compliant.
The conversation also explores AI in regulated manufacturing environments. Kevin highlights how AI systems must inherit compliance rules, log every decision, and enforce strict data boundaries. Improper access or hallucinations aren’t minor—they can be catastrophic.
For founders and engineering leaders, Kevin emphasizes that compliance should shape architecture from the start. Delaying integration almost guarantees costly rewrites, while proactive planning ensures systems that are secure, auditable, and operationally smooth.
Key Takeaways:
- Compliance must be embedded into core architecture
- Role-based permissions balance usability and security
- Encryption and access control are essential at every layer
- AI must respect regulatory boundaries with full logging and citation tracking
- Delaying compliance leads to costly refactors
Connect with Kevin DiGilio:
- LinkedIn: https://www.linkedin.com/in/kevindigilio
- Company: https://kmdtechnology.com/
Listen Now & Subscribe:
Apple Podcasts, Spotify, Amazon Music, or wherever you get your podcasts.
"Engineering Choices You Have to Defend explores the real technical decisions behind regulated software, compliance, and AI integration, helping leaders build secure, auditable, and user-friendly systems."