Original Broadcast Date: 06/28/2026

Sponsored By Appgate

Federal agencies continue searching for ways to strengthen cybersecurity while maximizing the value of limited resources. According to Appgate CEO Leo Taddeo, one of the smartest approaches is learning from organizations that already operate under the most demanding conditions.

Taddeo says agencies looking to improve cybersecurity should pay close attention to Department of Defense organizations because those agencies routinely test technologies and practices against more stringent requirements and more active adversaries.

“Borrowing from the agencies that are doing it the best is probably the smartest way to go,” Taddeo says.

The rationale is straightforward. Defense organizations must protect highly sensitive missions while operating in complex environments. Their cyber programs often face tougher testing and validation requirements before technologies reach production environments. When solutions succeed there, they often provide valuable lessons for other parts of government.

Taddeo notes that the gap between defense and civilian cybersecurity requirements is narrower than many people assume. Both communities face sophisticated adversaries. Both support large numbers of users. Both operate globally. Those similarities create opportunities for agencies to adopt proven practices rather than develop entirely new approaches.

The result is a practical strategy focused on efficiency.

Rather than reinventing cyber programs from the ground up, agencies can evaluate what already works elsewhere in government and apply those lessons to their own environments. According to Taddeo, this approach helps organizations deploy cybersecurity investments more effectively.

A major consideration in that effort is operational resilience.

Taddeo highlights disconnected operations as an important requirement not only for defense organizations but also for civilian agencies. While many commercial enterprises rely heavily on external vendors and cloud providers, he argues that federal agencies should carefully consider architectures that remain self-contained and operationally independent.

From Appgate’s perspective, reducing dependency on third-party services creates a more resilient foundation for sensitive government missions. Agencies that can continue operating even when external dependencies become unavailable gain additional flexibility and security.

At the same time, agencies face a rapidly changing threat landscape driven by artificial intelligence.

Taddeo explains that AI benefits both defenders and attackers. On the offensive side, AI compresses the time, cost, and expertise needed to conduct sophisticated cyberattacks. It also reduces the time defenders have to detect and respond to those threats.

That shift creates a significant challenge for security teams.

Traditional remediation processes, such as patching vulnerabilities, remain essential, but they often take time. Organizations must identify vulnerabilities, prioritize fixes, test updates, and deploy changes across complex environments. Meanwhile, attackers continue looking for opportunities.

To address that challenge, Taddeo advocates a strategy focused on gaining time.

Instead of attempting to solve every vulnerability immediately, organizations can reduce exposure by cloaking vulnerable environments from adversaries. If attackers cannot locate a target, they cannot easily attack it. This approach serves as a mitigating control while agencies complete the longer-term work of patching and remediation.

AI also changes the composition of the threat community itself.

According to Taddeo, AI tools can help less-experienced threat actors perform at a much higher level. Capabilities that once required extensive training and expertise become more accessible when supported by advanced AI systems. That means agencies may face a larger pool of capable adversaries than ever before.

As cybersecurity leaders prepare for the future, Taddeo’s message remains focused on practicality. Learn from organizations operating in the toughest environments, build resilient architectures, and find ways to free up more time for defenders in an increasingly fast-paced threat landscape.