Original broadcast 10/1/25
Presented by Tines & Carahsoft
At the Billington CyberSecurity Conference in Washington, DC, Tiffany Kim, Public Sector Sales Leader at Tines, provided a candid assessment of the federal government’s progress toward zero trust. While much has been achieved across agencies in building the pillars of zero trust, she emphasized that two of the most critical components—automation and orchestration—remain the most challenging. Her perspective underscored not only the technological hurdles but also the cultural and organizational issues that agencies must navigate to achieve lasting success.
Kim began by explaining why automation and orchestration are particularly difficult areas for agencies. After agencies make initial progress implementing core pillars of zero trust, such as identity management and network segmentation, they are left with the complex task of coordinating workflows and integrations across teams. At this stage, agencies often struggle to decide which workflows are most essential to mission success and which systems must be prioritized for integration. Without clarity, progress slows, and zero trust can stall.
Kim pointed out that cultural buy-in becomes even more critical as agencies try to communicate with non-technical staff. Increasingly, the government workforce includes “citizen developers” and mission owners who may not be steeped in IT terminology. Agencies must therefore translate technical concepts like automation into language that resonates with these stakeholders. Clear communication and hands-on use of the technology, she explained, are essential for building confidence and driving adoption.
A significant question for agencies is how to measure their progress. Kim advised leaders to conduct regular assessments and set incremental goals to track their advancement. By measuring progress in smaller steps, agencies can quickly identify where they are falling behind and determine what additional technologies or strategies are needed to accelerate. She stressed that self-reflection is not optional: it is a discipline that ensures agencies stay aligned with their mission priorities while steadily advancing along the zero trust roadmap.
She also cautioned that no agency’s journey will be perfect. The rapid pace of technological change means that missteps are inevitable. However, she argued that this should be seen as part of the process. As long as agencies remain committed to the foundational pillars of zero trust and adapt based on lessons learned, course corrections can become opportunities for growth rather than setbacks.
Looking ahead, Kim emphasized the importance of flexible platforms that can evolve with the technology landscape. Agencies cannot always predict what new threats or innovations will emerge, but they can choose platforms that allow for adaptation. By adopting solutions capable of integrating with both current systems and unknown future technologies, agencies can safeguard their investments and maintain resilience.
The conversation also turned to the Defense Department, which faces a hard deadline for zero trust operationalization. Kim explained that while timelines may differ across agencies, the need for clear metrics and disciplined progress applies universally. Agencies must be honest with themselves about where they stand, ensuring that deadlines and goals serve as motivators for continuous improvement rather than box-checking exercises.
Importantly, Kim underscored that zero trust is not a destination. Even when agencies meet their operationalization goals, the journey continues. Adversaries will never stop evolving, and neither can defenders. The ongoing challenge for agencies is to remain vigilant, continually reassessing their posture and embracing new technologies as they emerge. Artificial intelligence, she noted, will play a particularly influential role in shaping the next phase of zero trust by enabling faster detection, better decision-making, and more adaptive defenses.
Kim closed by expressing optimism about the road ahead. Despite the cultural and technical hurdles, she sees tremendous progress in the federal government’s zero trust journey. Agencies are more willing than ever to confront difficult conversations about priorities, adopt innovative technologies, and rethink how they communicate with stakeholders. With the right mindset, flexible platforms, and ongoing commitment, she believes zero trust can deliver on its promise of stronger, more resilient government cybersecurity.
Key Takeaways
Automation and orchestration are the most challenging aspects of zero trust, requiring both technical and cultural alignment.
Incremental measurement and honest assessments help agencies stay on track and adapt quickly.
Zero trust is an ongoing journey, demanding flexible platforms and continuous improvement as adversaries evolve.