Contact me

Building AI-Ready Infrastructure in Air-Gapped Environments

by Wayne Grigsby, Founder & Software Engineer

Python, Prefect, and Pandas: A Strategic Technology Stack for Mission-Critical Data

Working in Secret, Top Secret, or TS-SCI environments? The rules are absolute: complete air gap, no exceptions. But that doesn't mean you have to sacrifice modern data capabilities or AI readiness.

Having worked in classified spaces for many years, I learned something crucial: 99% of data operations can be handled by a strategic technology stack built on three core components: Python, Prefect (both the SDK and the self-managed orchestrator), and Pandas. This isn't about any single product—it's about establishing a sustainable technology standard that enables AI readiness while surviving the realities of classified operations.

This matters more than you might think. When contract teams turn over (and they always do), you retain those pipelines. The knowledge stays. The processes remain documented. You're not starting from scratch every rotation, and no longer need 3-6 months for teams to get ramped up on 2 year contract.

No more random shell scripts. No more massive unintelligible PL/SQL scripts. No more expensive no-code solutions that break the second you modify a single thing.

It's time to do what I petitioned the Department of Defense and the Department of Justice to do many years ago: establish a standard of work that has the potential to build a solid foundation of code and data, using the most popular programming language for data workers all over the world—Python. But Python isn't enough. With just two additional libraries, you'll be able to automate, analyze, and validate 99% of all data problems within government.

Reliable. Resilient. Robust. That's what classified environments demand, and that's what self-managed Prefect delivers.

The Reality of Classified Data Operations

Let me paint you a picture that's familiar to anyone who's badged into a SCIF at 0600.

Your data lives in systems that can't always talk to each other. Not won't—can't. Different classification levels, different networks, different authorities. You're moving data through authorized transfer points, dumping it into unversioned spreadsheets, or worse—maintaining decades-old VBA macros that one person wrote in 2003 and nobody dares touch. Every byte tracked, every movement logged, every request documented in triplicate.

Need data from the central database? You don't query it yourself. Only two people have that access, and they're all in meetings. So you send an email request with your exact specifications, wait 48 hours, and pray they understood what you actually needed. Want to explore the data, test a hypothesis, or pull a larger sample? Forget it. You get exactly what you asked for—nothing more, nothing less. If you need something different, that's another request and another 24-hour wait.

Your tools? Whatever survived the last security review five years and two contract rotations ago. Your documentation? Scattered across SharePoint sites that may or may not still exist, written by contractors who left six months ago and took the institutional knowledge with them.

Your orchestration? If you're lucky, it's cron jobs that someone set up in 2015 and everyone's afraid to touch. If you're not, it's another contractor manually running SQL scripts every morning at 0530, copying results into Excel, and emailing PDFs to leadership. Or worse—it's you, manually refreshing that ancient Tableau dashboard you've been nursing along since the Obama administration because no one has come up with a better way to do this.

This is where Prefect changes everything.

The Pentagon's Data Dysfunction: A First-Hand Account

Something I learned early on in my time at the Joint Staff and Office of the Secretary of Defense: there's no shortage of data and no shortage of teams in desperate need of data. But there's also no shortage of tools that proclaim to be the ONE solution to solve all their problems.

These are typically over-engineered tools that require a ton of training. And given the high turnover rate amongst contractors in the government, once they leave, the tool is unusable by other staff members until the agency can hire someone with enough experience and the right clearance to pick up where the last SME left off. This lasts until they procure another tool that promises to solve their data problems.

What you end up with is a rotating door of tools, tool experts, and siloed data—in the largest office building in the world.

It's a maddening place to walk into as a data worker. You're given access to an antiquated system, maybe an old Oracle database, possibly Tableau or Power BI and Excel, and asked to perform miracles and build automations with systems and tools that were never engineered to solve these problems.

Most data and analysis lives in desperate sources in some shared drive that nobody has access to except for the IT team and the person who created it—who no longer works there. This causes an endless cycle of recreating the wheel. Unvalidated data running rampant. Mission-critical decisions (often life or death) being made using said data.

Throw AI into the mix, which is currently being rolled out in the Pentagon, and you have a recipe for disaster.

The Tool Carousel: Why Complex Solutions Fail in Government

Here's what I witnessed over and over:

Month 1-6: New enterprise tool arrives with fanfare. Vendor promises it will revolutionize operations. Six-figure training contract. Three contractors become certified experts.

Month 7-12: Tool is partially deployed. Only the two experts can use it effectively. They build critical workflows that nobody else understands.

Month 13-18: One expert leaves for a better contract. Knowledge transfer: two PowerPoints and a half-updated wiki page. New contractor hired, needs three months to understand the system.

Month 19-24: Second expert rotates. Tool is now effectively unusable. Contracting company can't find someone with existing experience with the tool and with the correct clearance level. All government staff who have become reliant on the output of this tool, are not bombarding the new person with requests they are unable to fulfill.

Repeat indefinitely.

The AI Wild Card: Making a Bad Situation Dangerous

And now we're throwing AI into this mess.

The Pentagon is rolling out AI capabilities across the board. But AI trained on what? Fed with what data? Validated how?

When your training data lives in:

  • Excel files with "Copy of Copy of FINAL_v3_ACTUALLY_FINAL.xlsx"
  • SharePoint folders nobody can find
  • Oracle databases with schemas nobody understands
  • Power BI dashboards pulling from unvetted sources

You're not building artificial intelligence. You're institutionalizing artificial ignorance.

AI amplifies whatever you feed it. Feed it unvalidated, siloed, inconsistent data? It will confidently make terrible recommendations at machine speed. And in the DoD, terrible recommendations don't just mean bad quarterly numbers. They mean lives.

This is why establishing a data standard matters now more than ever. Before we can trust AI with mission-critical decisions, we need:

  • Validated data pipelines
  • Documented data lineage
  • Reproducible transformations
  • Auditable processes

The three Ps give you all of this. Every transformation in pandas is explicit. Every pipeline in Prefect is reliable. Every decision is traceable.

Why the Three Ps Work: A Standard That Actually Sticks

This isn't about picking the "best" tools. It's about establishing a sustainable standard that survives contract rotations, procurement cycles, and the next shiny object that promises to solve everything.

Python: The Universal Language of Cleared Developers

Python is already approved in a few classified environments. Your security team knows it, your developers use it, your data scientists depend on it. It's in the baseline. No exotic dependencies, no compiled binaries that trigger security scans, no phone-home telemetry that sets off alarms.

More importantly: every data engineering contractor who walks through your door knows Python. No six-month ramp-up. No specialized certifications. No vendor lock-in. Just readable, maintainable code that the next person can understand.

Pandas: Data Processing Without the Drama

Pandas handles 99% of your data transformation needs without requiring external services. Reading CSVs from that overnight data drop? Pandas. Joining datasets from different classification sources after they've been properly downgraded? Pandas. Creating those daily rollups for leadership? Still Pandas.

No Spark clusters to maintain. No distributed systems to secure. No network traffic to monitor. Just Python processes running on approved servers, transforming data in memory.

And when that contractor who built the pipeline leaves? The next one already knows pandas. The code is readable. The logic is transparent. No black boxes, no proprietary query languages, no "you need to take the advanced course to understand this."

Prefect: Two Parts, Zero External Dependencies

Here's where we need to be precise, because in classified environments, details matter.

Prefect SDK is a Python library—just like pandas. It wraps your existing Python code with enterprise-grade capabilities: automatic retries, detailed logging, intelligent caching, parallelism, and concurrency. More importantly, it lets you create reusable libraries of tasks and flows that enforce your data governance policies. This is code that lives in your repo, and runs on your systems.

Prefect Cloud Self-Managed is the orchestration platform. This is what replaces your cron jobs and manual processes. It runs completely disconnected—no telemetry, no external API calls, no "checking for updates." It's a Saas application that runs in your environment and stays in your environment.

Together, they transform chaos into order. The SDK makes your code production-ready. The orchestrator makes sure it runs when it should, retries when it fails, provides observability and logs everything for your auditors. And unlike every other tool in that rotating carousel: it's all just Python. Your workflows are Python functions. Your configuration is Python code. When someone new arrives, they don't need to learn a proprietary scripting language or drag-and-drop interface. They read Python code and understand what's happening.

The Contract Rotation Problem (And How Prefect Solves It)

Anyone who's worked in classified environments knows the drill. Your lead developer? Their contract ends in six months. That subject matter expert who built your entire data pipeline? They're rotating to a different contract next month. The institutional knowledge that walks out the door every year is staggering.

Traditional script-based operations become archaeological expeditions:

  • "Why does this script check for a file in /tmp/staging?"
  • "What system creates the Tuesday drop?"
  • "Why do we skip processing on the third Thursday?"

Nobody knows. The person who knew left eight months ago.

With Prefect, your workflows become self-documenting. The workflow metadata includes descriptions, version tracking, and operational notes. New contractors can immediately understand what runs, when it runs, and why certain decisions were made. The workflow is the documentation. The orchestrator shows the history. New contractors see what ran, when it ran, and why it failed. They can trace through the lineage, understand the dependencies, and maintain operations without three months of knowledge transfer.

Deployment Patterns for Air-Gapped Excellence

The Minimalist Deployment

For small teams or single-system deployments, Prefect can be installed with a single Python package and started with one command on your approved RHEL/CentOS box. No Kubernetes required. No cloud services needed. Just Python and full enterprise orchestration.

The Production Deployment

For larger operations with high availability requirements, Prefect runs in containerized environments using Docker Compose with PostgreSQL for persistence. This runs on your existing VMware infrastructure, your existing Docker environment, or bare metal if that's what security requires. No external dependencies, no internet access needed.

The Multi-Classification Pattern

Here's where it gets interesting. Different networks, different classification levels, but you need unified orchestration? Run separate Prefect instances:

  • UNCLASSIFIED NETWORK (NIPR): Public data ingestion, open source intelligence processing, sanitized report generation
  • SECRET NETWORK (SIPR): Classified data processing, cross-domain solution monitoring, guard-approved data preparation
  • TS-SCI NETWORK (JWICS): Compartmented processing, special access program workflows, executive briefing generation

Each network gets its own Prefect instance. No cross-talk, no data leakage, complete isolation. But your workflows? They're consistent across all levels. Your contractors can work at any classification level without relearning tools.

Common Classified Challenges and Prefect Solutions

"We can't install packages from the internet"

Build an approved wheel archive on your unclassified build system, transfer it through your approved process, and install offline in your classified environment. This is standard practice for Python packages in air-gapped systems.

"Our data arrives at random times from random systems"

Prefect's event-driven automation handles this with file watchers and event triggers. Monitor your drop zones for new files from authorized data transfers and automatically trigger appropriate workflows when data arrives.

"We need to track everything for compliance"

Every flow run, every task execution, every retry—it's all in the database. Your security auditor can query exactly what ran, when it ran, who ran it, and what the results were. Need to prove data lineage for that critical report? The full execution history and task dependencies are queryable and auditable.

"Our developers don't have admin access"

Prefect runs entirely in user space. No sudo required, no root access needed. Run it on high ports that don't require privileges. Your developers can deploy and manage their workflows without waiting for IT tickets.

The Human Side of Classified Operations

Let's be honest about something that doesn't get discussed enough: working in classified environments is hard on people.

You can't Google error messages. Stack Overflow is blocked. That cool new Python package everyone's talking about? You'll get it in two years, maybe. You're solving 2024 problems with 2019 tools.

This isolation makes reliable, well-documented tools invaluable. When Prefect shows you exactly where your pipeline failed and why, that's hours of debugging you don't have to do blind. When the UI shows you the full DAG of your workflows, that's documentation that actually matches reality.

And when that new contractor shows up (because there's always a new contractor), they can see:

  • What's supposed to run
  • When it last ran successfully
  • Where the data comes from
  • Where it goes
  • Who to contact when it breaks

This isn't just operational efficiency. It's career satisfaction. It's the difference between firefighting and engineering.

Security Hardening for the Paranoid (Which Should Be Everyone)

Even in an air-gapped environment, defense in depth matters:

Encrypt Everything at Rest

Configure Prefect with AES-256 encryption keys and enable database encryption. Every sensitive value, every credential, every piece of metadata gets encrypted before it hits disk.

Lock Down the UI

Configure your nginx proxy to require CAC/PIV authentication for UI access. Restrict access to specific distinguished names from approved organizational units. Every access attempt gets logged, every session gets tracked.

Audit Everything

Implement comprehensive security audit logging with classification-level decorators. Every function call, every data access, every user action gets logged with classification level, user identity, terminal information, and timestamps. All executions are traceable for security review.

The Bottom Line: Mission Success Through Standardization

Here's what I've learned from years in classified environments and my time at the Joint Staff: complexity is the enemy of security. Every additional system is another attack surface. Every external dependency is another supply chain risk. Every proprietary tool is another silo that dies with the next contract rotation.

The Pentagon doesn't need another "revolutionary" platform. It needs a standard. A boring, reliable, learnable standard that every contractor understands on day one.

The three Ps—Python, Prefect (SDK + Self-Managed Cloud), and Pandas—give you enterprise-grade data operations without enterprise-grade complexity. You can:

  • Process gigabytes of classified data without distributed systems
  • Orchestrate complex workflows without cloud dependencies
  • Maintain operations through contract rotations
  • Pass security audits without scrambling
  • Actually validate your data before making life-or-death decisions
  • Build on the work of previous teams instead of starting over
  • Actually get home before 2000 on a Friday

Is this setup as feature-rich as the latest six-figure enterprise platform? No.

But it's running in production in SCIFs around the world. It's processing classified data for national security decisions. It's surviving contract rotations. It's readable by the new person who started yesterday. It's maintainable by the team that takes over next year.

And unlike that expensive tool gathering dust because the one person who knew how to use it left six months ago, this standard keeps working. Day after day. Rotation after rotation. Mission after mission.

We have enough unvalidated data running rampant through government systems. We have enough siloed information trapped in tools nobody can use. We have enough contractors recreating wheels that have been built a dozen times before.

It's time for a standard that sticks. Python. Prefect. Pandas.

That's what matters in classified environments. Not the perfect tool. Not the next revolution. A sustainable standard that ensures mission success.

Frequently Asked Questions

What are the Three Ps of classified data operations?

The Three Ps refer to Python, Prefect (SDK + Self-Managed Cloud), and Pandas - a strategic technology stack designed for classified environments that enables AI readiness while surviving contract rotations and security requirements.

Why is Python the best choice for classified environments?

Python is already approved in many classified environments, has no exotic dependencies that trigger security scans, and every data engineering contractor knows it. This eliminates the 6-month ramp-up period typical with proprietary tools.

How does Prefect work in air-gapped environments?

Prefect Cloud Self-Managed runs completely disconnected with no telemetry, external API calls, or "checking for updates." It's a SaaS application that runs entirely within your classified network.

What makes this approach different from other enterprise tools?

Unlike complex enterprise platforms that require specialized training, the Three Ps use standard Python libraries that any contractor can understand on day one. This eliminates the "tool carousel" problem common in government contracting.

How do you handle contract rotations with this approach?

Prefect workflows become self-documenting with metadata, descriptions, and version tracking. New contractors can immediately understand what runs, when it runs, and why certain decisions were made without months of knowledge transfer.

Remember: This blog post is UNCLASSIFIED. Specific implementation details for your environment should be discussed through appropriate classified channels.

More articles

Execution. Empathy. Vision. The Three Pillars of Technology Transformation

Understanding the Three Pillars of Technology Enablement and how they work together to drive successful digital transformation.

Read more

Moving Past Consulting

The distinction between "counseling" and "consulting" is more than just semantic; it marks a significant paradigm shift from transactional engagements to transformative relationships.

Read more

Hit Me Up

Location

  • Washington
    District of Columbia
    United States