Filmed on location at TechNet Cyber 2026 | Baltimore, MD
Presented by Carahsoft
The cybersecurity landscape facing the United States government has never been more complex — or more consequential. At TechNet Cyber 2026 in Baltimore, Maryland, federal leaders and industry innovators gathered to tackle the defining challenges of the moment: implementing zero trust architecture across sprawling enterprise and tactical edge environments, harnessing artificial intelligence to outpace increasingly sophisticated adversaries, and building the workforce and acquisition pathways needed to sustain it all. In this special edition of Innovation in Government, presented by Carahsoft, host Francis Rose sat down with eight of the most influential voices in federal cybersecurity — spanning CISA, U.S. Cyber Command, DISA, the Air Force, and leading technology companies — for candid conversations about where the department is, where it's going, and what it will take to get there.
Building National Resilience from the Inside Out
Nick Andersen, Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA), joined host Francis Rose at TechNet Cyber 2026 to discuss CISA's Homeland Defense Working Group, the CI Fortify initiative, and what it truly means to protect the critical infrastructure that underpins American life.
Andersen opened by describing the Homeland Defense Working Group as a focused, interagency effort to bring together government stakeholders, critical infrastructure owner-operators, and international partners — all united around a single mission: measurably improving national resilience. The group draws on partners across the FBI, U.S. Cyber Command, NSA, and sector risk management agencies, and is structured around a "best athlete" principle — meaning the organization with the strongest relationships and technical capability leads each area of work, regardless of which agency that happens to be.
When it comes to measuring success, Andersen pointed to concrete, quantifiable targets. A defense-critical infrastructure energy company achieving the minimum base load required to deploy forces forward during a crisis is exactly the kind of outcome the working group is designed to produce. "What is that thin red line of what we absolutely need during our worst times in order to be successful?" he asked — a framing he borrowed from Canada's "minimum viable Canada" approach developed in partnership with Five Eyes allies.
CI Fortify, CISA's broader critical infrastructure resilience initiative, is extending that thinking to international partners and original equipment manufacturers, pushing secure-by-design principles into product development before vulnerabilities can take root. Andersen acknowledged the inherent paradox of the mission: making critical infrastructure so reliable that Americans never have to think about it — while simultaneously ensuring the government never stops thinking about it.
Andersen, who came to CISA with deep Pentagon experience, said that background gives him a natural fluency in Department of War mission risk — and helps him translate across the civil-military divide. When asked what a successful tenure at CISA looks like, his answer was personal: being able to look his family in the eye and say the agency took accountability seriously, invested wisely, and demonstrably reduced risk for communities across the country.
Key Takeaways:
- The Homeland Defense Working Group uses a "best athlete" model — leadership of each resilience effort goes to whoever has the strongest relationships and technical capability, not necessarily CISA.
- CI Fortify is extending secure-by-design principles to OEMs and international Five Eyes partners, ensuring resilience is baked into infrastructure from the design phase.
- Success is measured in quantifiable resilience outcomes — such as whether critical energy infrastructure can sustain minimum base load requirements during a national security crisis.
Zero Trust in the Age of Autonomous AI
Kevin Hansen, Chief Technology Officer at MFGS, Inc., sat down with host Francis Rose at TechNet Cyber 2026 to explore how zero trust principles are evolving in the era of artificial intelligence — and why the next frontier isn't just about securing networks, but about governing machine-speed action.
Hansen opened by affirming that zero trust will have a profound and multifaceted impact on defense operations. Where "defense in depth" once meant hardening the perimeter, that model has been fundamentally challenged by the reality that adversaries are already inside networks — the question is no longer if a breach will happen, but when. Zero trust addresses that by enabling continuous monitoring, precise identification of who is on the network, what devices they're using, and when — giving defenders the confidence and speed to act on threats before they affect the mission.
But the more forward-looking portion of Hansen's remarks centered on the implications of agentic and autonomous AI. As AI agents operate at machine speed and carry out tasks without human intervention, Hansen argued that traditional identity and access management frameworks need to evolve rapidly. Autonomous agents do not require the same permissions as human users — they should be issued time-limited tokens with tightly scoped capabilities, and that access should be terminated once the task is complete. It's an extension of least-privilege principles taken, as Hansen put it, "to the nth degree."
Hansen also addressed the growing importance of securing tactical edge environments — the forward-deployed systems that war fighters depend on for mission-critical decisions. The same zero trust philosophies being built into enterprise environments must travel with those systems into the field, where the stakes of a breach are highest. As for the obstacles — budget constraints and varying levels of organizational maturity — Hansen was characteristically direct: they're the same obstacles the department has always faced, and they yield to the same solution: clear priorities and committed investment.
Key Takeaways:
- Zero trust's precision enables speed — continuous monitoring and precise threat identification allow defenders to act faster than adversaries, directly supporting mission success.
- Autonomous AI agents require a new approach to identity: time-limited, narrowly scoped tokens — not the broad permissions granted to human users — to enforce least privilege at machine speed.
- Tactical edge environments must receive the same zero trust protections as enterprise systems; the war fighter's mission depends on it.
Forging the Cyber Force of the Future
Brigadier General Reid Novotny, Chief Artificial Intelligence Officer at U.S. Cyber Command and the Department of War's Cyber Force Generation Lead, joined host Francis Rose at TechNet Cyber 2026 to detail Cybercom 2.0 — an ambitious initiative to fundamentally reform how the cyber mission force is built, sustained, and rewarded.
Novotny was clear that Cybercom 2.0 is not a top-down Pentagon mandate — it grew organically from the ground up, driven by the people in the domain who understood what needed to change. Young sailors, marines, soldiers, and airmen working in cyber have long raised concerns about inequitable incentive pay and limited pathways to technical mastery. Cybercom 2.0 is designed to address those concerns systematically, starting with getting incentive pay right and standardized across the services — a goal that required both budgetary investment and technical changes to training and tracking databases. The target: paying the right members at the right time with the right amount of money, beginning October 1, FY27.
The initiative's "optimized unit phasing" attribute addresses a related problem — operational burnout. Cyber mission force units have historically been "continuously presented," meaning members are on the clock 365 days a year with no structured rotation. Cybercom 2.0 changes that by implementing a sustainable operational tempo — rotating units off, allowing for rest, training, and recovery, then bringing them back sharper and more capable than before. Novotny was direct: burning through people is not a strategy.
The third major organizational pillar Novotny discussed was the Cyber Innovation Warfare Center (CWIC), which embeds operators, developers, and industry partners together to identify, procure, and field emerging technology at speed. Rather than waiting for programs to mature through traditional acquisition cycles, CWIC is designed to get technology into the hands of operators faster — with the right contracting vehicles to match. Novotny noted that the organization is running and building simultaneously, delivering results even as it stands up.
Key Takeaways:
- Cybercom 2.0's incentive pay reform — targeting FY27 implementation — aims to standardize and equalize pay across services for cyber work roles, a first-of-its-kind effort for the Department of War.
- Optimized unit phasing introduces structured rotation cycles for cyber mission force units, replacing the unsustainable 365-day continuous-presence model with a rhythm of operation, recovery, and training.
- The Cyber Innovation Warfare Center (CWIC) embeds operators and industry partners together to accelerate technology fielding — putting innovation directly in the hands of those executing the mission
Fighting Fraud at Machine Speed
Ivan Anderson, Principal Solution Consultant at Socure, joined host Francis Rose at TechNet Cyber 2026 to explore how federal agencies can build the enterprise-wide visibility and agility they need to fight identity fraud — and why the fraudsters of tomorrow will be far harder to stop than those of today.
Anderson opened by identifying one of the most persistent structural challenges facing federal agencies: the absence of a shared signal framework. When agencies operate with siloed technology and siloed processes, Agency A may understand a fraud pattern that Agency B has never seen — and by the time the knowledge spreads, millions of taxpayer dollars may already be lost. The solution, Anderson argued, is not necessarily a shared process, but a shared ecosystem of understanding — one where intelligence, not just data, flows across organizational boundaries.
Central to that vision is what Anderson called a "data is power" mindset. For too long, agencies treated data as a liability — something to be minimized and guarded. But in the fight against fraud, more data means better anomalous analysis, better signal detection, and faster response. Paired with modern application development and effective data science programs, agencies can move from months-long change control cycles to near-real-time fraud remediation — critical when fraudsters are extracting millions of dollars a day.
The most urgent challenge Anderson sees ahead, however, is the evolution of the fraud threat itself. Today's fraudsters are already using AI to spoof locations, forge documents, and defeat human reviewers. Tomorrow, those tools will be even more sophisticated — capable of generating fake documents so convincing that no human in the loop will catch them. Anderson's prescription: match AI with AI. Move from human-in-the-loop identity validation to automated machine learning models specifically designed to detect and defeat generative AI-powered fraud.
Key Takeaways:
- A shared signal framework — enabling intelligence, not just data, to flow across agency boundaries — is essential to fighting fraud at scale rather than one program at a time.
- The "data is power" mindset shift is foundational: more available data enables better anomaly detection and faster fraud response, reducing taxpayer losses.
- The next generation of fraud will be AI-driven — agencies must move from human-in-the-loop validation to automated machine learning models capable of defeating generative AI fraud techniques.
Zero Trust as a Journey, Not a Destination
Wanda Jones-Heath, Principal Cyber Advisor for the Air Force, joined host Francis Rose at TechNet Cyber 2026 for a candid assessment of where the Department of the Air Force stands on zero trust — the progress made, the surprises encountered, and the talent strategies needed to sustain momentum.
Jones-Heath was confident but measured. The Air Force is engaged, invested, and moving — but she's under no illusion that zero trust is a checkbox. Governance is in place, investments are being made across all the zero trust pillars, and senior leadership is actively engaged. DISA, she noted, has been an essential partner, providing enterprise solutions that prevent the Air Force from pursuing costly one-off implementations. The department's architecture is unique, but Jones-Heath is deliberately looking for opportunities to capitalize on enterprise solutions from sister services — avoiding redundant investment and maintaining interoperability.
Industry, she said, has delivered. Looking back at TechNet Cyber a year prior, when Randy Resnick had set ambitious timelines for zero trust solution availability, Jones-Heath was satisfied with what has come through the pipeline. The next challenge isn't getting solutions — it's integrating them. Working alongside the Air Force CTO and the Triple C functional manager at Scott, the goal is to ensure solutions are tested, integrated into the architecture, and ready to scale — with a joint purple team assessment on the horizon.
Jones-Heath was also forthright about surprises. The zero trust pillars were designed somewhat independently, but implementation has revealed significant cross-cutting dependencies that weren't fully anticipated. Adaptability has been essential, and strong senior leadership engagement has made it possible to course-correct without losing momentum. On talent, Jones-Heath described a broadened recruiting strategy — reaching into technical schools, prioritizing aptitude over degrees, and creating innovation spaces where people can experiment. Retention, she noted, is equally important — which means understanding human and cognitive behavior, not just technical skill.
Key Takeaways:
- Zero trust integration — not solution availability — is now the primary challenge; the Air Force is focused on testing, interoperating, and scaling solutions already in the pipeline.
- Strong senior leadership governance is the key adaptive mechanism when cross-pillar dependencies create unexpected complexity during zero trust implementation.
- Talent strategy must evolve beyond traditional pathways — emphasizing aptitude, AI literacy, and cognitive adaptability — while equally investing in the retention of trained personnel.
Securing Data at the Tactical Edge
Rob Gilman, Federal Account Executive for the Department of War at Cloudera, joined host Francis Rose at TechNet Cyber 2026 to discuss how AI is transforming cybersecurity data architecture — and what it means to extend zero trust protection to war fighters operating in the most austere and contested environments on earth.
Gilman set the stage by explaining why the Department of War's cybersecurity challenge is unlike any other regulated industry. It's not just personally identifiable information at stake — it's classified, top-secret, intelligence-grade data. That reality demands a zero trust architecture built to the highest standards, governed by frameworks including FedRAMP and FIPS compliance, and now augmented by artificial intelligence.
Historically, cybersecurity data — ICAM logs, network telemetry, threat indicators — was collected into large repositories like SIEMs, where human analysts would manually sift through it, sometimes taking hours or days to identify a threat. That timeline is no longer acceptable. AI is changing the equation by parsing that data in real time, filtering out noise, surfacing genuine anomalies, and — through AI agents — acting on threats the moment they're detected. The shift, Gilman explained, is from identification to autonomous response.
The more complex challenge lies at the tactical edge. As the department pushes capabilities forward to give war fighters access to the data they need wherever they are, the same adversaries those war fighters are facing are actively attempting to breach those forward-deployed systems. Gilman argued that the zero trust philosophies governing enterprise environments must follow the mission into the field — C4IT tactical edge solutions need to apply the same rules, the same guidelines, and the same protective architecture as their stateside counterparts. He closed by highlighting the Department of War's mandatory generative AI training for all service members as a promising model for preparing the force — and called for continued collaboration between the best minds in government and the best capabilities in industry.
Key Takeaways:
- AI agents are shifting cybersecurity from reactive analysis to autonomous real-time threat response — dramatically compressing the detection-to-action timeline.
- Zero trust architecture must extend to tactical edge environments; the adversary doesn't stop trying to breach systems just because they're forward-deployed.
- Mandatory generative AI training across the force, paired with deep government-industry collaboration, is essential to keeping pace with an adversary that is also rapidly adopting AI.
Modernizing Acquisition to Match the Speed of the Threat
Caroline Bean, Director of Portfolio Acquisition Executive Command, Control, Communications Enterprise (PAEC3E) at DISA, joined host Francis Rose at TechNet Cyber 2026 to discuss what acquisition reform really means — not just for DISA's portfolio, but for the culture and workforce that have to live it.
Bean opened by explaining the significance of the name change to C3E — Command, Control, Communications Enterprise — and why it matters. The portfolio has always been about getting the right data to the right people at the right time for senior leaders and combatant commanders. The new name aligns DISA's portfolio with how the rest of the department speaks about command and control, while the "E" signals enterprise-wide scale and ambition.
The deeper challenge Bean described is cultural. Acquisition reform — streamlining processes, eliminating redundant steps, adopting out-of-the-box technology without customizing it to death — requires people to let go of deeply ingrained habits. Bean illustrated this vividly: if a commercial solution delivers a process in 10 steps, and the organization currently runs it in 50, the answer is not to shoehorn 50 steps into a 10-step tool. It's to restructure the organization around the 10-step process. That requires not just policy change, but genuine buy-in — and she acknowledged that not every member of the workforce will make the transition. The goal is to find the pockets of movement and build from there.
Bean also described her DevSecOps philosophy, in which security accreditation is not an end-of-pipeline event but a continuous thread woven through every phase of development. By embedding war fighters and stakeholders directly into the development process, DISA can fail fast early, catch vulnerabilities during design rather than after fielding, and deliver capabilities that actually match what operators need — when they need it. Industry partners, she said, are essential to this model — but they must come prepared to interoperate with what already exists, not just pitch standalone solutions.
Key Takeaways:
- Acquisition reform requires cultural transformation, not just process change — organizations must restructure around more efficient tools, not force legacy workflows into modern platforms.
- DevSecOps means embedding security and stakeholder input from day one — catching vulnerabilities during design rather than discovering them at the testing or fielding stage.
- Industry partners are most valuable when they understand the existing architecture and come prepared to interoperate — integration capability matters as much as individual product quality.
Closing the Gap Between Policy and Deployment
Kelly Ahuja, President and CEO of Versa Networks, joined host Francis Rose at TechNet Cyber 2026 to offer a frank industry perspective on why the federal government's strongest cybersecurity policies too often take too long to become operational reality — and what's actually working to close that gap.
Ahuja identified three structural barriers at the heart of the policy-to-implementation problem. First, the procurement process: by the time a solution navigates the full acquisition cycle, the threat landscape it was designed to address has already evolved. Second, interoperability: even when individual agencies successfully deploy a capability, the absence of integration and standards between organizations means those deployments remain isolated, creating a patchwork rather than a unified defensive posture. Third, investment pacing: funding lags behind both acquisition and implementation, slowing deployment even when the right solutions and the will to act are in place.
The good news, Ahuja noted, is that the Other Transaction Authority (OTA) process has proven to be a powerful workaround on all three fronts. He pointed to Thunderdome — DISA's zero trust implementation program — as a model of what's possible. Versa Networks entered Thunderdome through an OTA alongside Booz Allen Hamilton, and the result has been rapid, auditable progress: seven DAFAs, approximately 400 sites transformed, with scaling underway toward 12 DAFAs and 900 sites. The program also generated over $300 million in documented savings in a single year — a proof point that brings other organizations along.
Ahuja was candid about where resistance comes from: not typically from the agencies themselves, but from incumbent vendors who see OTAs as a threat to their existing positions. The "people, politics, process, and products" framework he offered is simple — it's rarely the products that are the obstacle. And while the federal budget process will never move as fast as the threat environment demands, OTAs create pockets of speed that can be expanded. The key is doing the upfront assessment work to ensure an agency's identity infrastructure is modern enough to support deployment — without that foundation, even the best zero trust policy won't translate into operational security.
Key Takeaways:
- The three core barriers between zero trust policy and implementation are procurement timelines, lack of interoperability standards across agencies, and insufficient investment pacing — all of which the OTA process helps address.
- Thunderdome is a replicable model: its success stems from the combination of OTA flexibility, rigorous upfront assessment, close vendor-integrator-government teaming, and a clear path from pilot to operational scale.
- Modern identity infrastructure is a prerequisite for zero trust deployment — agencies with legacy authentication systems must modernize that foundation before they can fully benefit from programs like Thunderdome.
