TechNet Cyber 2026: Data, Legacy, and the Intelligence Edge

Presented by Carahsoft

The technology powering America's defense and national security mission is only as strong as the data beneath it — and at TechNet Cyber 2026 in Baltimore, three conversations cut to the heart of that reality. From the aging mainframe systems quietly running mission-critical workloads that almost no one fully understands anymore, to the challenge of securing AI-generated intelligence as it moves across classification levels, to the foundational question of how organizations master their data fast enough to outpace an adversary operating at machine speed — the conversations with Sam Sanders of Mechanical Orchard, Ned Miller of Everfox, and Bart Larango of Splunk reveal a common thread: the federal government's most urgent technology challenges aren't about any single platform or program. They're about comprehension — understanding what you have, trusting what your data is telling you, and building the architecture to act on it before the window closes.

The Hidden Risk Hiding in Plain Sight — Ultra Legacy Systems

Sam Sanders, Field Chief Technology Officer at Mechanical Orchard, joined host Francis Rose at TechNet Cyber 2026 in Baltimore to address a modernization challenge that rarely makes headlines but represents one of the most significant operational risks facing federal agencies today: the ultra legacy systems quietly running mission-critical workloads that almost no one fully understands anymore.

Sanders opened by drawing a sharp distinction that often gets lost in modernization conversations — the focus on software modernization has largely crowded out the equally urgent conversation about legacy hardware. For agencies still running mainframe systems, that hardware is purpose-built, physically fixed, increasingly expensive to maintain, and concentrated in data centers that carry their own operational and security risks. Migration to cloud and commodity hardware, Sanders argued, is not just a cost decision — it's a risk mitigation imperative.

The concept Sanders introduced — "ultra legacy systems" — goes beyond simply old technology. These are platforms built and maintained over decades by dozens of different people, whose accumulated complexity has rendered them effectively incomprehensible to the organizations that depend on them. That loss of comprehension is the core of the problem: when an agency can't fully understand a system, it can't adapt it as the mission changes, turning what should be a competitive asset into technical debt. Compounding the urgency is a workforce reality Sanders described as familiar to anyone who has watched the software side of this problem play out — the handful of remaining experts who understand these systems all have retirement in their sights, and when they leave, the institutional knowledge goes with them permanently.

The Mechanical Orchard approach begins not with replacement but with comprehension. By characterizing the legacy system through a structured suite of behavioral tests, the organization effectively maps what was thought to be unmappable — restoring enough understanding to make informed decisions about what to modernize and what to leave in place. Critically, for mainframe workloads that cannot be taken offline, Sanders described a modernization path that produces a behaviorally equivalent modern workload indistinguishable from the legacy system to outside observers — allowing agencies to cut over to modern infrastructure in a live production environment with zero mission disruption.

Key Takeaways:

• Ultra legacy systems are not obsolete — they are mission-critical — but the loss of institutional comprehension surrounding them transforms them from assets into technical debt that agencies can no longer afford to ignore.
• The retirement of the last remaining experts who understand these systems represents a hard deadline: once that knowledge is gone, it cannot be recovered, making modernization a time-sensitive priority.
• Mechanical Orchard's characterization-first approach restores comprehension before modernization begins, enabling agencies to make informed decisions about what to change — and to cut over to modern workloads in live environments with no disruption to mission.

📺 Watch Interview

Securing AI Across Classification Levels — The Data Provenance Challenge

Ned Miller, Senior Vice President for Strategic Growth Initiatives at Everfox, joined host Francis Rose at TechNet Cyber 2026 in Baltimore to discuss one of the least-visible but most consequential challenges in federal AI adoption: securing data as it moves across classification levels — and ensuring decision-makers can trust what AI systems are telling them.

Miller opened by noting that AI adoption inside the Department of War and the intelligence community is further along than most public conversations acknowledge. Everfox specializes in cross-domain data transfer — moving information securely between classification levels — and that capability sits squarely at the center of how agencies are deploying AI for decision support. The challenge isn't just getting AI to work; it's ensuring that the data feeding those systems can be accessed, shared, and trusted across environments with fundamentally different security requirements.

One of the most operationally active examples Miller discussed is the Mission Partner Environment — the framework through which the U.S. shares information with allied nations. Different allies have different releasability permissions, and the data flowing through MPE spans an enormous range of sensor types, from satellites to sensor-to-effector systems. Determining what can be shared, with whom, and at what classification level, in real time, is a problem Everfox is actively helping solve — and Miller noted that real missions, already covered in public media, have demonstrated this capability in action.

Looking ahead 12 to 24 months, Miller identified data provenance as the defining challenge: as AI systems draw on large language models from global sources, decision-makers will need to know not just what the AI is recommending, but where the underlying data came from, who had access to it, and how confident they should be in it. On the question of humans in the loop, Miller was clear: today, that's a feature, not a bug. Trust in AI-generated intelligence is still being established, and senior Department of War leaders remain committed to human oversight — particularly in fire control systems. But as data provenance becomes better understood and AI systems mature, the pace of autonomous decision support will accelerate.

Key Takeaways:

• Securing AI across classification levels — including the Mission Partner Environment — requires granular, real-time access controls that govern both the data going in and the intelligence coming back out.
• Data provenance is the next frontier: as AI systems draw on globally distributed language models, decision-makers will need full visibility into where data came from, who touched it, and how much to trust it.
• Human oversight in AI-driven decision support is currently a feature, not a limitation — but as confidence in data provenance grows, the pace of autonomous AI action in defense contexts will increase.

📺 Watch Interview

 Mastering the Data Domain — The Key to Winning in Cyber Defense

Bart Larango, Industry Advisor for Public Sector and Federal Government at Splunk, joined host Francis Rose at TechNet Cyber 2026 in Baltimore to make the case that data mastery — not any single technology — is the foundational challenge that will determine who wins in the cyber defense domain.

Larango's central argument is straightforward: the organizations that can master their data and make decisions faster than the adversary are the ones that will prevail. But that mastery remains elusive for most, because too many organizations still operate with siloed network and security operations that never share information. The consequences are real — advanced persistent threat actors are actively exploiting that gap, using network anomalies that look like normal traffic to the network operations team while remaining completely invisible to the security operations team. Until those two functions share a unified data picture, that blind spot persists.

The solution Larango described is full-stack observability across the entire enterprise — spanning network systems, operational technology, and every other data-generating asset that adversaries are already using as threat vectors. He pointed to the recently released M26 Hack 14 policy directive as a step in the right direction, while noting that the harder work lies in implementation: normalizing data so downstream systems can operate effectively, while simultaneously preserving raw telemetry for the deep-dive forensic analysis that security investigations demand.

His proposed architecture centers on two concepts: schema at read — the ability to ingest data rapidly and normalize it at the point of analysis rather than before ingestion — and a dual data pipeline that sends structured, normalized data where compliance and interoperability require it, while routing raw telemetry to analytics platforms where operators can conduct advanced analysis. Larango closed by pointing to a live demonstration at Mobile World Conference in Barcelona, where Cisco and Splunk unified SOC and NOC operations with agentic AI to deliver a real-time network and security operations picture — a preview of what mature cooperation between those two functions can look like.

Key Takeaways:

• Data mastery is the foundational competitive advantage in cyber defense — the organization that drives data to decisions faster than the adversary wins.
• Siloed SOC and NOC operations create exploitable blind spots; unifying those functions under shared visibility is essential to closing the gap advanced threat actors are already using.
• A dual data pipeline — schema at read for downstream normalized systems, plus preserved raw telemetry for advanced analytics — enables full-spectrum operations without sacrificing either compliance or investigative capability.

📺 Watch Interview