Partnering for Cyber Resilience

Original broadcast 10/1/25

Presented by SentinelOne & Carahsoft

At the Billington CyberSecurity Conference in Washington, DC, Ronald Ringold, Field Chief Information Security Officer for Public Sector at SentinelOne, spoke about the critical role of collaboration between industry and government in strengthening cyber resilience. From aligning product development with federal requirements to anticipating future trends like autonomous security operations, Ringold emphasized that success comes when both sides share responsibility for building and sustaining effective solutions.

Ringold began by underscoring the importance of designing technology with federal requirements in mind. Agencies are bound by strict cybersecurity mandates such as the Federal Information Security Modernization Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP). Too often, vendors develop tools and only later attempt to retrofit them for compliance. SentinelOne, he explained, takes a different approach by embedding these requirements during the product design phase. This not only ensures alignment with federal needs but also reduces the burden on agencies, streamlining the often complex process of security assessment and authorization. By integrating compliance upfront, industry partners can deliver technology that is ready for government use more quickly and with less friction.

He described this model as a win-win. Agencies gain solutions that meet their legal and operational obligations, while vendors benefit from smoother adoption and reduced costs associated with retroactive adjustments. It is also an example of how industry can act as a force multiplier for government cybersecurity efforts. By building compliance into the DNA of their products, companies help agencies focus less on paperwork and more on mission execution.

Collaboration, Ringold noted, extends beyond compliance. SentinelOne conducts quarterly business reviews with its federal customers, using those sessions not only to gather feedback on user experience but also to explore what features agencies will need in the next three to five years. This forward-looking dialogue ensures that industry roadmaps align with government priorities. For agencies, it provides confidence that their partners are anticipating evolving threats and investing in the capabilities that will be most relevant.

Feedback from these engagements varies depending on the user. Threat hunters, for example, may focus on specialized data views, while executives may care more about streamlined dashboards and reporting. By tailoring user experiences to the diverse needs of government stakeholders, vendors can maximize both adoption and impact.

A major trend Ringold highlighted is the move toward integrated platforms. In the past, agencies relied on separate tools for antivirus, incident response, and security information and event management (SIEM). Today, the demand is for consolidated platforms that bring these functions together into a single console. This shift delivers efficiency gains by reducing the need to pivot between multiple systems and lowers the training burden for personnel. For security operations centers already stretched thin, platform integration can make a meaningful difference in both speed and accuracy of response.

The cloud, Ringold added, is accelerating this trend. As agencies continue migrating workloads to cloud environments, integration through APIs becomes easier and more cost-effective. By connecting endpoint detection, SIEM, and other tools in the cloud, agencies can feed richer data into centralized platforms and give analysts a fuller picture of their threat landscape. This model streamlines operations while also providing greater flexibility as technology evolves.

Looking ahead, Ringold urged agencies to prepare for the next phase of cyber operations: the autonomous SOC, powered by agentic artificial intelligence. In this vision, AI-driven systems augment human analysts by automating detection, triage, and even aspects of response. By shifting the mean time to detect and respond “to the left,” as Ringold put it, agencies can catch adversaries sooner and drive them out of networks faster. This is not about replacing humans but about enabling them to focus on the highest-value tasks.

Ringold also stressed that successful partnerships require effort from both sides. Industry must be willing to invest in understanding federal missions and requirements, while agencies must provide clear feedback and context for their needs. When government partners explain not only what they want but why they need it, vendors can design solutions with broader applicability. The result is technology that benefits not just one agency but the entire federal enterprise.

Ultimately, Ringold’s message was that cyber resilience cannot be achieved in silos. It demands continuous collaboration between industry innovators and government practitioners, informed by compliance requirements, shaped by user needs, and driven by a shared commitment to staying ahead of adversaries. By building compliance into products, engaging in honest dialogue, and preparing for the rise of autonomous SOCs, government and industry can together create a stronger, more resilient cybersecurity posture for the nation.

Key Takeaways

• Embedding federal requirements like FISMA and FedRAMP into product design reduces agency burden and speeds adoption.

• Integrated platforms and cloud-based connections improve efficiency and visibility for government cyber operations.

• Autonomous SOCs powered by AI will be central to future resilience, requiring close collaboration between industry and government.