Filmed on location at TechNet Cyber 2026 | Baltimore, MD
Presented by Carahsoft
The cybersecurity landscape facing the United States government has never been more complex — or more consequential. At TechNet Cyber 2026 in Baltimore, Maryland, federal leaders and industry innovators gathered to tackle the defining challenges of the moment: implementing zero trust architecture across sprawling enterprise and tactical edge environments, harnessing artificial intelligence to outpace increasingly sophisticated adversaries, and building the workforce and acquisition pathways needed to sustain it all. In this special edition of Innovation in Government, presented by Carahsoft, host Francis Rose sat down with eight of the most influential voices in federal cybersecurity — spanning CISA, U.S. Cyber Command, DISA, the Air Force, and leading technology companies — for candid conversations about where the department is, where it's going, and what it will take to get there.
Andersen opened by describing the Homeland Defense Working Group as a focused, interagency effort to bring together government stakeholders, critical infrastructure owner-operators, and international partners — all united around a single mission: measurably improving national resilience. The group draws on partners across the FBI, U.S. Cyber Command, NSA, and sector risk management agencies, and is structured around a "best athlete" principle — meaning the organization with the strongest relationships and technical capability leads each area of work, regardless of which agency that happens to be.
When it comes to measuring success, Andersen pointed to concrete, quantifiable targets. A defense-critical infrastructure energy company achieving the minimum base load required to deploy forces forward during a crisis is exactly the kind of outcome the working group is designed to produce. "What is that thin red line of what we absolutely need during our worst times in order to be successful?" he asked — a framing he borrowed from Canada's "minimum viable Canada" approach developed in partnership with Five Eyes allies.
CI Fortify, CISA's broader critical infrastructure resilience initiative, is extending that thinking to international partners and original equipment manufacturers, pushing secure-by-design principles into product development before vulnerabilities can take root. Andersen acknowledged the inherent paradox of the mission: making critical infrastructure so reliable that Americans never have to think about it — while simultaneously ensuring the government never stops thinking about it.
Andersen, who came to CISA with deep Pentagon experience, said that background gives him a natural fluency in Department of War mission risk — and helps him translate across the civil-military divide. When asked what a successful tenure at CISA looks like, his answer was personal: being able to look his family in the eye and say the agency took accountability seriously, invested wisely, and demonstrably reduced risk for communities across the country.
Key Takeaways:
Hansen opened by affirming that zero trust will have a profound and multifaceted impact on defense operations. Where "defense in depth" once meant hardening the perimeter, that model has been fundamentally challenged by the reality that adversaries are already inside networks — the question is no longer if a breach will happen, but when. Zero trust addresses that by enabling continuous monitoring, precise identification of who is on the network, what devices they're using, and when — giving defenders the confidence and speed to act on threats before they affect the mission.
But the more forward-looking portion of Hansen's remarks centered on the implications of agentic and autonomous AI. As AI agents operate at machine speed and carry out tasks without human intervention, Hansen argued that traditional identity and access management frameworks need to evolve rapidly. Autonomous agents do not require the same permissions as human users — they should be issued time-limited tokens with tightly scoped capabilities, and that access should be terminated once the task is complete. It's an extension of least-privilege principles taken, as Hansen put it, "to the nth degree."
Hansen also addressed the growing importance of securing tactical edge environments — the forward-deployed systems that war fighters depend on for mission-critical decisions. The same zero trust philosophies being built into enterprise environments must travel with those systems into the field, where the stakes of a breach are highest. As for the obstacles — budget constraints and varying levels of organizational maturity — Hansen was characteristically direct: they're the same obstacles the department has always faced, and they yield to the same solution: clear priorities and committed investment.
Key Takeaways:
Novotny was clear that Cybercom 2.0 is not a top-down Pentagon mandate — it grew organically from the ground up, driven by the people in the domain who understood what needed to change. Young sailors, marines, soldiers, and airmen working in cyber have long raised concerns about inequitable incentive pay and limited pathways to technical mastery. Cybercom 2.0 is designed to address those concerns systematically, starting with getting incentive pay right and standardized across the services — a goal that required both budgetary investment and technical changes to training and tracking databases. The target: paying the right members at the right time with the right amount of money, beginning October 1, FY27.
The initiative's "optimized unit phasing" attribute addresses a related problem — operational burnout. Cyber mission force units have historically been "continuously presented," meaning members are on the clock 365 days a year with no structured rotation. Cybercom 2.0 changes that by implementing a sustainable operational tempo — rotating units off, allowing for rest, training, and recovery, then bringing them back sharper and more capable than before. Novotny was direct: burning through people is not a strategy.
The third major organizational pillar Novotny discussed was the Cyber Innovation Warfare Center (CWIC), which embeds operators, developers, and industry partners together to identify, procure, and field emerging technology at speed. Rather than waiting for programs to mature through traditional acquisition cycles, CWIC is designed to get technology into the hands of operators faster — with the right contracting vehicles to match. Novotny noted that the organization is running and building simultaneously, delivering results even as it stands up.
Key Takeaways:
Anderson opened by identifying one of the most persistent structural challenges facing federal agencies: the absence of a shared signal framework. When agencies operate with siloed technology and siloed processes, Agency A may understand a fraud pattern that Agency B has never seen — and by the time the knowledge spreads, millions of taxpayer dollars may already be lost. The solution, Anderson argued, is not necessarily a shared process, but a shared ecosystem of understanding — one where intelligence, not just data, flows across organizational boundaries.
Central to that vision is what Anderson called a "data is power" mindset. For too long, agencies treated data as a liability — something to be minimized and guarded. But in the fight against fraud, more data means better anomalous analysis, better signal detection, and faster response. Paired with modern application development and effective data science programs, agencies can move from months-long change control cycles to near-real-time fraud remediation — critical when fraudsters are extracting millions of dollars a day.
The most urgent challenge Anderson sees ahead, however, is the evolution of the fraud threat itself. Today's fraudsters are already using AI to spoof locations, forge documents, and defeat human reviewers. Tomorrow, those tools will be even more sophisticated — capable of generating fake documents so convincing that no human in the loop will catch them. Anderson's prescription: match AI with AI. Move from human-in-the-loop identity validation to automated machine learning models specifically designed to detect and defeat generative AI-powered fraud.
Key Takeaways:
Jones-Heath was confident but measured. The Air Force is engaged, invested, and moving — but she's under no illusion that zero trust is a checkbox. Governance is in place, investments are being made across all the zero trust pillars, and senior leadership is actively engaged. DISA, she noted, has been an essential partner, providing enterprise solutions that prevent the Air Force from pursuing costly one-off implementations. The department's architecture is unique, but Jones-Heath is deliberately looking for opportunities to capitalize on enterprise solutions from sister services — avoiding redundant investment and maintaining interoperability.
Industry, she said, has delivered. Looking back at TechNet Cyber a year prior, when Randy Resnick had set ambitious timelines for zero trust solution availability, Jones-Heath was satisfied with what has come through the pipeline. The next challenge isn't getting solutions — it's integrating them. Working alongside the Air Force CTO and the Triple C functional manager at Scott, the goal is to ensure solutions are tested, integrated into the architecture, and ready to scale — with a joint purple team assessment on the horizon.
Jones-Heath was also forthright about surprises. The zero trust pillars were designed somewhat independently, but implementation has revealed significant cross-cutting dependencies that weren't fully anticipated. Adaptability has been essential, and strong senior leadership engagement has made it possible to course-correct without losing momentum. On talent, Jones-Heath described a broadened recruiting strategy — reaching into technical schools, prioritizing aptitude over degrees, and creating innovation spaces where people can experiment. Retention, she noted, is equally important — which means understanding human and cognitive behavior, not just technical skill.
Key Takeaways:
Gilman set the stage by explaining why the Department of War's cybersecurity challenge is unlike any other regulated industry. It's not just personally identifiable information at stake — it's classified, top-secret, intelligence-grade data. That reality demands a zero trust architecture built to the highest standards, governed by frameworks including FedRAMP and FIPS compliance, and now augmented by artificial intelligence.
Historically, cybersecurity data — ICAM logs, network telemetry, threat indicators — was collected into large repositories like SIEMs, where human analysts would manually sift through it, sometimes taking hours or days to identify a threat. That timeline is no longer acceptable. AI is changing the equation by parsing that data in real time, filtering out noise, surfacing genuine anomalies, and — through AI agents — acting on threats the moment they're detected. The shift, Gilman explained, is from identification to autonomous response.
The more complex challenge lies at the tactical edge. As the department pushes capabilities forward to give war fighters access to the data they need wherever they are, the same adversaries those war fighters are facing are actively attempting to breach those forward-deployed systems. Gilman argued that the zero trust philosophies governing enterprise environments must follow the mission into the field — C4IT tactical edge solutions need to apply the same rules, the same guidelines, and the same protective architecture as their stateside counterparts. He closed by highlighting the Department of War's mandatory generative AI training for all service members as a promising model for preparing the force — and called for continued collaboration between the best minds in government and the best capabilities in industry.
Key Takeaways:
Bean opened by explaining the significance of the name change to C3E — Command, Control, Communications Enterprise — and why it matters. The portfolio has always been about getting the right data to the right people at the right time for senior leaders and combatant commanders. The new name aligns DISA's portfolio with how the rest of the department speaks about command and control, while the "E" signals enterprise-wide scale and ambition.
The deeper challenge Bean described is cultural. Acquisition reform — streamlining processes, eliminating redundant steps, adopting out-of-the-box technology without customizing it to death — requires people to let go of deeply ingrained habits. Bean illustrated this vividly: if a commercial solution delivers a process in 10 steps, and the organization currently runs it in 50, the answer is not to shoehorn 50 steps into a 10-step tool. It's to restructure the organization around the 10-step process. That requires not just policy change, but genuine buy-in — and she acknowledged that not every member of the workforce will make the transition. The goal is to find the pockets of movement and build from there.
Bean also described her DevSecOps philosophy, in which security accreditation is not an end-of-pipeline event but a continuous thread woven through every phase of development. By embedding war fighters and stakeholders directly into the development process, DISA can fail fast early, catch vulnerabilities during design rather than after fielding, and deliver capabilities that actually match what operators need — when they need it. Industry partners, she said, are essential to this model — but they must come prepared to interoperate with what already exists, not just pitch standalone solutions.
Key Takeaways:
Ahuja identified three structural barriers at the heart of the policy-to-implementation problem. First, the procurement process: by the time a solution navigates the full acquisition cycle, the threat landscape it was designed to address has already evolved. Second, interoperability: even when individual agencies successfully deploy a capability, the absence of integration and standards between organizations means those deployments remain isolated, creating a patchwork rather than a unified defensive posture. Third, investment pacing: funding lags behind both acquisition and implementation, slowing deployment even when the right solutions and the will to act are in place.
The good news, Ahuja noted, is that the Other Transaction Authority (OTA) process has proven to be a powerful workaround on all three fronts. He pointed to Thunderdome — DISA's zero trust implementation program — as a model of what's possible. Versa Networks entered Thunderdome through an OTA alongside Booz Allen Hamilton, and the result has been rapid, auditable progress: seven DAFAs, approximately 400 sites transformed, with scaling underway toward 12 DAFAs and 900 sites. The program also generated over $300 million in documented savings in a single year — a proof point that brings other organizations along.
Ahuja was candid about where resistance comes from: not typically from the agencies themselves, but from incumbent vendors who see OTAs as a threat to their existing positions. The "people, politics, process, and products" framework he offered is simple — it's rarely the products that are the obstacle. And while the federal budget process will never move as fast as the threat environment demands, OTAs create pockets of speed that can be expanded. The key is doing the upfront assessment work to ensure an agency's identity infrastructure is modern enough to support deployment — without that foundation, even the best zero trust policy won't translate into operational security.
Key Takeaways: