Innovation in Government from the Billington CyberSecurity Conference

Original Broadcast 10/1/25

Presented by Carahsoft

Filmed on location at the Billington CyberSecurity Conference in Washington, DC, this episode of Innovation in Government brings together leading voices from government and industry to explore the latest challenges, solutions, and innovations in the cyber landscape. The discussions span cutting-edge technologies like AI-driven defense, resilient software engineering, and zero trust, as well as operational issues such as workforce readiness, procurement, and healthcare resiliency. Together, these perspectives provide a comprehensive view of how agencies and partners are working to stay ahead of adversaries and strengthen America’s cyber posture.

Harnessing Emerging Technologies in Cybersecurity

Alex Whitworth, Cybersecurity Solutions Executive at Carahsoft, highlighted how innovation from venture-backed companies is rapidly reshaping the government cybersecurity market. He emphasized the growing importance of “agentic AI” — artificial intelligence systems capable of detecting and responding to incidents autonomously — and its potential to transform areas like software supply chain security and ransomware defense. Whitworth also noted that new acquisition pathways, including the FedRAMP 20x initiative, are helping government adopt these technologies faster, while cultural shifts in venture capital are pushing firms to prioritize public sector markets earlier.

Key Takeaways

• Agentic AI is driving toward the vision of self-healing networks and autonomous cyber defense.

• Emerging tech in ransomware defense and security awareness training is closing critical gaps.

• Government initiatives like FedRAMP 20x and CSOs are accelerating adoption of innovative solutions.

Modernizing Through Acquisition and Supply Chain Trust

Bob Costello, Chief Information Officer at CISA, discussed the opportunities presented by GSA’s One Gov initiative, which enables agencies to work directly with cloud and software providers. He underscored the importance of strong acquisition and contracting practices, noting that CIOs must often be as fluent in procurement as they are in technology. Costello also highlighted the complexity of software supply chains and CISA’s guidance on software bills of materials (SBOMs), emphasizing transparency and trust as cornerstones of modernization.

Key Takeaways

• CIOs must integrate acquisition and technology strategies to maximize modernization efforts.

• Direct engagement with suppliers improves speed, visibility, and trust in IT procurement.

• SBOMs are critical for understanding software provenance and improving cybersecurity resilience.

Overcoming Barriers to Zero Trust Adoption

Tiffany Kim, Public Sector Sales Leader at Tines, focused on the challenges agencies face in automation and orchestration during their zero trust journey. She emphasized that cultural buy-in across teams is as important as technology, and that agencies must align workflows with mission priorities. Flexible platforms that can adapt to future innovations are essential, as zero trust is an ongoing process rather than a final destination.

Key Takeaways

• Cross-team participation is essential to align zero trust with mission objectives.

• Agencies must measure incremental progress to stay on track with implementation goals.

• Flexible platforms prepare organizations for rapid technological change and evolving threats.

Building Resilient Software Systems

Dan Wallach, Program Manager in DARPA’s Information Innovation Office, outlined DARPA’s efforts to improve software security through its Resilient Software Systems capstone. He described projects such as SafeDocs, which creates secure data parsers, and Assured Micro Patching, which enables rapid fixes to compiled binaries. Wallach pointed to trends in formal verification and artificial intelligence as converging forces that could deliver higher-assurance systems while enabling faster development and deployment.

Key Takeaways

• Resilient software requires connecting legacy and modern systems securely.

• DARPA programs like SafeDocs and Assured Micro Patching address critical vulnerabilities.

• Formal methods combined with AI offer a pathway to provably secure software systems.

Securing AI and Its Data

Matt Topper, CEO and Founder of UberEther, explored the dual challenge of using AI to strengthen cybersecurity while protecting the AI tools and data themselves. He warned of risks when sensitive data enters AI training models without safeguards, and highlighted the immaturity of current security standards. Topper pointed to advances such as non-human identities, short-lived certificates, and AI-enabled SOC operations as critical to balancing AI’s promise with its risks.

Key Takeaways

• Agencies face risks from unsecured AI pipelines and data misuse in training models.

• Stronger identity management and time-bound certificates are improving AI security.

• AI can help SOC analysts prioritize alerts and detect patterns more effectively.

Measuring and Advancing the Cyber Workforce

Matthew Isnor, Program Lead for Cyber Workforce Development, and Alfredo Rodriguez III, Program Lead for Cyber Workforce Data & Analytics in the DoD CIO’s office, shared their work on creating data-driven insights into the Department’s cyber workforce. They described efforts to map roles, qualifications, and readiness across services, supported by standardized frameworks and data integration. Their vision is to deliver actionable workforce “heat maps” for leaders and operational commanders alike, ensuring the Department can meet mission demands with qualified personnel.

Key Takeaways

• Workforce readiness requires moving from counting roles to qualifying and measuring capabilities.

• Integrated frameworks ensure consistent data across military services and components.

• Future plans include tracking performance on the job to better align skills with mission requirements.

Partnering for Cyber Resilience

Ronald Ringold, Field CISO for Public Sector at SentinelOne, emphasized the importance of co-developing solutions with government partners. By embedding federal requirements like FISMA and FedRAMP into product design, SentinelOne helps agencies streamline compliance and reduce operational burdens. Ringold also pointed to growing demand for integrated platforms that combine endpoint detection, SIEM, and other tools into a unified console, while advising agencies to prepare for the next generation of autonomous SOC operations powered by AI.

Key Takeaways

• Collaboration between industry and agencies is essential to meet compliance and mission needs.

• Platform integration reduces complexity and improves efficiency in cyber operations.

• AI-driven autonomous SOC capabilities will reshape detection and response.

Protecting Healthcare from Cyber Threats

Brian Mazanec, PhD, Deputy Assistant Secretary and Director of H-CORE at HHS, described the escalating cyber threat landscape facing the healthcare sector. He noted that ransomware attacks on hospitals not only disrupt operations but also threaten patient lives, creating urgency to improve resilience. Mazanec outlined HHS’s sector-specific cybersecurity performance goals, its partnerships with agencies like FBI and CISA, and the importance of addressing cross-sector dependencies such as energy and water.

Key Takeaways

• Ransomware attacks in healthcare pose direct risks to patient safety.

• Tailored cybersecurity performance goals help harden healthcare systems quickly.

• Strong partnerships across government and private sector are vital for resilience.

Closing Gaps with Browser Isolation

Justin Valdes, Senior Director for U.S. Public Sector at Menlo Security, highlighted the critical role of browser security in zero trust environments. With up to 45% of cyberattacks exploiting browser vulnerabilities, he argued that isolation technology provides a vital safeguard. Valdes stressed the need for interoperable solutions that work with existing platforms, while also warning that AI-driven threats are accelerating the pace of malware evolution.

Key Takeaways

• Browser security is a growing blind spot in zero trust implementations.

• Isolation provides safe access to the internet without exposing networks to threats.

• AI is driving faster, more adaptive malware, requiring proactive defenses.