Original broadcast 5/11/25
Presented by Okta & Carahsoft
As federal agencies ramp up their zero trust implementations, many are running into a common obstacle: complexity. With dozens of vendors offering solutions aligned to the Department of Defense's (DoD) Zero Trust Reference Architecture, it can be tempting to approach the journey as a checklist—one vendor for each of the 91 target activities, selected to fulfill a technical requirement.
But according to Sabrina Lea, Federal Sales Director at Okta, that approach is a recipe for trouble.
“Don’t just buy a bunch of vendors and go down a checklist,” Lea cautioned in a recent interview on Fed Gov Today. “You can find a vendor for all 91 [activities], or maybe center it around 30. It doesn’t matter. The key is not how many boxes you check. It’s how well your tools talk to each other.”
Lea’s perspective, grounded in her experience with a leading identity and access management provider, challenges conventional procurement models and places a spotlight on the unseen connective tissue of modern cybersecurity: shared signals.
Shared Signals: The Heart of Zero Trust
The principle of shared signals is central to how Okta—and Lea—thinks about effective zero trust architecture. In practical terms, it means that one tool’s security insight can and should trigger action in another. If an identity provider detects a compromised account, it should be able to notify an endpoint protection solution, which can then restrict access or isolate the device. And vice versa.
“The most important thing in zero trust is this concept of shared signals,” Lea emphasized. “If I’m an identity vendor and you’re an endpoint vendor, and we don’t alert each other when something looks suspicious, then we’re not achieving the promise of zero trust.”
This interoperability isn’t just a nice-to-have—it’s a necessity for building a truly adaptive, responsive security posture. Yet it’s often overlooked when agencies assess products on their own merits rather than on how well they integrate into a broader ecosystem.
Open Standards and Pre-Built Integrations
One of Lea’s key recommendations for agencies is to prioritize vendors that support open standards and protocols. Open standards not only make integrations easier but also future-proof investments by avoiding proprietary lock-in.
“There are better ways to assess what’s out there in the market than traditional RFIs,” she said. “Go with vendors who support independent, neutral, open protocols.”
Pre-built integrations are another area where agencies can accelerate progress. Okta, for example, offers hundreds of integrations with infrastructure and security providers. These out-of-the-box connectors can significantly shorten deployment timelines and reduce complexity—two advantages that are particularly valuable in fast-moving zero trust environments.
Rethinking Procurement: Smaller RFIs, Faster Wins
Lea also questions the efficacy of large-scale RFIs and RFPs that require vendors to conform to every operational environment—including highly customized, air-gapped, and classified systems.
“There’s a lot of talk in DoD about wanting modern SaaS cloud and innovative technology,” she said. “But when requirements say the tool must work on all fabrics, including every classified system, you’re basically ensuring that only legacy vendors can respond.”
Her solution: break down big problems into smaller, more targeted procurements. Agencies can pursue modular RFIs that solve a specific problem or deliver a quick win, rather than trying to “eat the whole elephant” with a single, monolithic acquisition.
It’s a mindset shift—one that’s gaining traction thanks to new guidance around Other Transaction Authorities (OTAs), which allow for faster and more flexible contract execution. OTAs can help agencies test new capabilities quickly and iterate based on results, without being locked into long-term commitments.
Talent Will Drive the Future
For all the emphasis on technology, Lea believes that human capital will ultimately determine how successful the government is at modernizing its cybersecurity posture.
“Retaining talent right now is critical in our government,” she said. “The more innovative talent we can keep on staff, the better the process will be.”
That talent is what enables agencies to evaluate emerging tools more effectively, implement them efficiently, and stitch together the integrations that bring zero trust architectures to life.
A Clear Message to Agencies
Lea’s message to federal IT leaders is clear: focus less on checkboxes, and more on connections. True zero trust isn’t about how many tools you have—it’s about how intelligently they work together. That means investing in open standards, pursuing practical procurement models, and supporting the technical teams who make integration happen.
“Innovation doesn’t come from complexity,” she said. “It comes from clarity, and from systems that talk to each other when it matters most.”
Recorded on location at TechNet Cyber
Please fill out the requested information below