Driving Efficiency in Defense Business Systems with AI
The Department of Defense operates a vast network of business systems — more than 1,800 in total — supporting everything from personnel management to procurement. While each plays a role in enabling the mission, this sprawling landscape creates inefficiencies, redundancies, and unnecessary costs. Katie Arrington, Performing the Duties of the Chief Information Officer (PTDO CIO) at the Department of Defense, is leading an ambitious effort to streamline these systems with the help of artificial intelligence.
Accelerating Modernization Through ATO Innovation
Federal agencies are in a period of rapid modernization, with leaders seeking to streamline processes, reduce bureaucracy, and speed the adoption of new technology. Alex Whitworth, Director of Sales at Carahsoft, says the key to making this happen is rethinking how the Authority to Operate (ATO) process works.
Streamlining Acquisition and Supply Chain Security
Federal agencies face a growing challenge: how to purchase technology quickly while ensuring it meets an expanding list of cybersecurity and supply chain requirements. Theresa Kinney, Senior Deputy Program Director for NASA SEWP, says her team has developed a model that simplifies the process for agencies while increasing confidence in the products they buy.
Embedding Security in State and Local Procurement
State and local governments face many of the same cybersecurity challenges as federal agencies, but they often have fewer resources and a more diverse technology vendor base. Leah McGrath, Executive Director of GovRamp, is working to bridge that gap by helping states, cities, and school systems build security requirements directly into their procurement processes.
Applying the NIST Risk Management Framework to Emerging Technologies
In an era where technology is evolving at unprecedented speed, cybersecurity risk management needs to be both consistent and adaptable. Victoria Yan Pillitteri, Manager of the Security Engineering and Risk Management Group at NIST, says the NIST Risk Management Framework (RMF) provides exactly that — a flexible, repeatable process that can be applied to any technology, including emerging fields like artificial intelligence.
Clarifying Shared Responsibility and Strengthening Cyber Resilience
In cloud security, success depends on clear roles, open communication, and a shared commitment to protecting systems. Dale Hoak, Chief Information Security Officer at RegScale, says that while industry and government each have distinct responsibilities, both sides need to work together more effectively to deliver secure, innovative solutions.
Continuous Monitoring and Data Governance in Government IT
Government agencies have long relied on annual security audits and periodic compliance reviews to verify that systems are safe. But with cyber threats evolving daily, that approach is no longer enough. Melissa Carson, Vice President and General Manager at Iron Mountain, says the future lies in continuous monitoring — and pairing it with strong data governance to ensure agencies truly understand and control their information.
Moving to Continuous Cloud Security Visibility
For years, government agencies have relied on point-in-time security assessments — annual or periodic reviews that produce a compliance report but may not reflect the day-to-day reality of a system’s security posture. Josh Krueger, Chief Information Security Officer at Project Hosts, says that model is changing quickly.
Navigating Cloud Security Frameworks Through Industry Partnership
The shift to cloud computing has transformed how government agencies operate, but it has also introduced a maze of frameworks, compliance requirements, and security considerations. Penny Klein, Chief Information Security Officer at SAP NS2, has seen this evolution firsthand.
Industry Insight on ATO and Cloud Security
As cybersecurity threats escalate, cloud adoption accelerates, and compliance demands evolve, the conversation around ATO and cloud security is taking center stage. Three leaders shared their perspectives on strengthening resilience, streamlining compliance, and fostering deeper industry-government collaboration
Balancing Resilience, Compliance, and a Growing Threat Landscape
Dave DeWalt, Founder and CEO of cybersecurity investment and advisory firm NightDragon, brought more than 25 years of frontline experience to his perspective on today’s escalating threat environment.
Leadership, Urgency, and the Path to Continuous ATO
Gaurav Pal, Principal at stackArmor, framed ATO as a fundamental governance mechanism for ensuring the security and compliance of software and services consumed by government agencies
Building Trust Through Consistency and Emerging Governance
Zachary Zapata, Director of Assessments and Documentation for SAP NS2, focused on the FedRAMP 20x initiative and its “do once, use many” approach to enable faster, more consistent security control implementation across agencies.
