Original Broadcast Date: 3/22/2026

Tony Brannum, Chief Information Security Officer at the U.S. Department of Agriculture, is focused on a clear challenge: how to help his agency move faster while staying secure. In a rapidly evolving technology landscape, that balance is becoming more difficult—and more important—than ever.

At the top of Brannum’s priority list is the integration of artificial intelligence. Like many federal leaders, he sees strong demand across the department for AI-driven automation. But his focus is not just on adopting the technology—it is on doing so securely. He emphasizes the need to balance innovation with risk management, ensuring that new capabilities do not introduce new vulnerabilities.

That balance shows up across multiple areas of his work. One is acquisition. Brannum is looking closely at how USDA invests in technology, with an emphasis on getting better returns while still strengthening security posture. He is also targeting one of the most resource-intensive parts of federal cybersecurity: the risk management framework and governance processes that underpin system authorization.

These processes, he explains, are still highly manual. His team is working to automate them, share authorization packages more effectively, and streamline workflows across the department. The goal is not just efficiency—it is consistency. By standardizing approaches and potentially delivering these capabilities as a shared service, USDA can reduce duplication and improve outcomes across its many components.

Communication is another major focus. A recent federal continuity test highlights a persistent challenge: agencies may communicate well internally, but coordination across departments can break down at scale. Brannum notes that while individual organizations may have strong information, sharing that information effectively across government is still a work in progress.

He sees a continued need for centralized coordination, particularly through organizations like CISA, to serve as a single source of truth. Without that, agencies risk operating on fragmented or outdated information. As cyber threats increasingly span multiple agencies and sectors, that coordination becomes essential.

Brannum’s background across multiple USDA mission areas shapes how he approaches these challenges. Having worked both in emergency response and in program areas like rural development, he understands how cybersecurity decisions affect real-world operations. That experience informs his approach: instead of saying “no,” he focuses on how to enable mission delivery securely.

That mindset is especially important as agencies push to deploy new technologies quickly. Brannum acknowledges that cybersecurity is sometimes seen as slowing things down, but he emphasizes that the goal is the opposite—to enable faster, safer deployment. The question is not whether to move quickly, but how to do so responsibly.

Artificial intelligence plays a central role in that effort. Brannum and his team are currently exploring pilot programs that apply AI to threat detection, log analysis, and vulnerability scanning. These areas generate massive amounts of data, and AI offers a way to process that information more efficiently. He is particularly interested in predictive analysis—using AI to identify anomalies and guide analysts toward the most important issues.

Beyond detection, he is also thinking about how AI can support active defense. That includes using AI internally to scan systems, identify weaknesses, and simulate potential attacks. By applying these tools to their own environments, teams can better understand and address vulnerabilities before they are exploited.

One of the most promising use cases is automating the authorization process. Today, obtaining an Authority to Operate can take six to nine months—a timeline that does not align with the speed of modern mission needs. Brannum sees an opportunity to reduce that significantly by automating control testing and other manual steps. Faster authorizations mean faster delivery of critical programs, especially when new systems are needed quickly.

At the same time, he is careful to emphasize that speed cannot come at the expense of security. As USDA evaluates AI tools, the team is looking closely at outcomes: do they reduce time and labor while maintaining—or improving—risk management? If not, they are not worth scaling. Success means finding the right balance between efficiency and effectiveness.

Looking ahead, Brannum is also interested in deeper integration across systems. That includes connecting cybersecurity tools with service desk operations, enabling more seamless handling of vulnerabilities and incidents. He highlights certificate and credential management as another area ripe for automation, noting the significant manual effort currently required to manage expiring certificates and prevent outages.

Ultimately, Brannum’s approach reflects a broader shift in federal cybersecurity. It is no longer just about protecting systems—it is about enabling mission success in a fast-moving environment. That requires new tools, new processes, and stronger collaboration across government.