Original broadcast 4/6/25
Presented by Palo Alto Networks and Carahsoft
Katie Arrington is back at the Pentagon — and she’s wasting no time getting to work. In her first media interview since rejoining the Department of Defense as the official performing the duties of Chief Information Officer, Arrington sat down with Fed Gov Today with Francis Rose to share her vision for the department’s cyber future. The themes were unmistakable: culture, speed, and accountability.
Fresh off the 2025 Cyber Workforce Summit, Arrington described the current mood in the building as energized and mission-focused. “It’s good to be home,” she said. “This is a time of change — a time for impact — and the Secretary is leading an ambitious charge forward.”
Central to that charge is the concept of Zero Trust, which Arrington calls a “cultural movement” more than a cybersecurity framework. “Zero Trust is not a product you buy off the shelf,” she explained. “It’s a mindset, a way of thinking about cybersecurity as part of everything we do — from software development to acquisition to warfighting.”
She described how DoD leadership is leaning in, not just in word but in action. “We’ve got a tight deadline — full Zero Trust implementation by FY 2027 — and everyone in the building is onboard,” Arrington said. “This isn’t compliance for compliance’s sake. It’s mission delivery.”
That mission focus extends to one of Arrington’s signature initiatives: the Cybersecurity Maturity Model Certification (CMMC). While she left the program in the hands of others during her time away, she expressed deep gratitude for the team that carried the torch. “They’ve been through every hurdle imaginable and kept moving forward,” she said.
Now, with CMMC nearing its next implementation phase, Arrington sees it as an essential part of the Zero Trust puzzle. “The DIB is part of our warfighting capability,” she said. “We don’t fight wars alone, and if the DIB isn’t secure, the mission is at risk.”
She praised the Army for taking early steps to integrate supply chain requirements — like SBOMs — into contracts, and she hinted at broader DoD efforts to flatten the infamous “valley of death” in acquisition. “We’re seeing more non-traditional players, more commercial innovation,” she said. “And we’re making space for them in the building.”
Cloud and software modernization are also top of mind. Arrington highlighted lessons learned from the Joint Warfighting Cloud Capability contract and pointed to an upcoming iteration, “JWCC Next,” which will build on both security and speed. “We’re embracing industry best practices and making them mission-ready,” she said.
What’s the biggest barrier to all of this? According to Arrington, it’s alignment. “We have to fuse the functional community — the requirement builders — with acquisition leaders,” she explained. “You can’t build for a future capability if you don’t understand what’s needed.”
She also stressed the importance of buying down tech debt and retiring legacy systems, especially as DoD pushes toward audit readiness. “We’ve got to be smart with every dollar,” she said. “Because at the end of the day, it’s not just about cybersecurity — it’s about national security and taxpayer trust.”
Arrington closed the conversation with a challenge: “We’ve got the leadership, we’ve got the momentum, and we’ve got the resources. Now it’s about execution.”