Closing the Gap Between Policy and Deployment

Presented by Versa Networks & Carahsoft

Kelly Ahuja, President and CEO of Versa Networks, joined host Francis Rose at TechNet Cyber 2026 to offer a frank industry perspective on why the federal government's strongest cybersecurity policies too often take too long to become operational reality — and what's actually working to close that gap.

Ahuja identified three structural barriers at the heart of the policy-to-implementation problem. First, the procurement process: by the time a solution navigates the full acquisition cycle, the threat landscape it was designed to address has already evolved. Second, interoperability: even when individual agencies successfully deploy a capability, the absence of integration and standards between organizations means those deployments remain isolated, creating a patchwork rather than a unified defensive posture. Third, investment pacing: funding lags behind both acquisition and implementation, slowing deployment even when the right solutions and the will to act are in place.

The good news, Ahuja noted, is that the Other Transaction Authority (OTA) process has proven to be a powerful workaround on all three fronts. He pointed to Thunderdome — DISA's zero trust implementation program — as a model of what's possible. Versa Networks entered Thunderdome through an OTA alongside Booz Allen Hamilton, and the result has been rapid, auditable progress: seven DAFAs, approximately 400 sites transformed, with scaling underway toward 12 DAFAs and 900 sites. The program also generated over $300 million in documented savings in a single year — a proof point that brings other organizations along.

Ahuja was candid about where resistance comes from: not typically from the agencies themselves, but from incumbent vendors who see OTAs as a threat to their existing positions. The "people, politics, process, and products" framework he offered is simple — it's rarely the products that are the obstacle. And while the federal budget process will never move as fast as the threat environment demands, OTAs create pockets of speed that can be expanded. The key is doing the upfront assessment work to ensure an agency's identity infrastructure is modern enough to support deployment — without that foundation, even the best zero trust policy won't translate into operational security.

Key Takeaways:

• The three core barriers between zero trust policy and implementation are procurement timelines, lack of interoperability standards across agencies, and insufficient investment pacing — all of which the OTA process helps address.
• Thunderdome is a replicable model: its success stems from the combination of OTA flexibility, rigorous upfront assessment, close vendor-integrator-government teaming, and a clear path from pilot to operational scale.
• Modern identity infrastructure is a prerequisite for zero trust deployment — agencies with legacy authentication systems must modernize that foundation before they can fully benefit from programs like Thunderdome.