Original broadcast 5/10/26

Presented by Symantec, Carbon Black & Carahsoft

Federal agencies are navigating one of the most challenging cybersecurity environments in years. Threat actors are moving faster, artificial intelligence is reshaping both offense and defense, and agencies are under pressure to operate with tighter budgets and smaller teams. At the same time, the mission requirements facing government organizations have only increased in complexity and urgency.

In this Fed Gov Today special program presented by Symantec, Carbon Black, and Carahsoft, host Francis Rose speaks with cybersecurity leaders from government and industry about how agencies are responding to these pressures. The conversation focuses on automation, AI, data protection, zero trust strategies, and operational efficiency, with an emphasis on how agencies can modernize cybersecurity operations while managing constrained resources.

Guests include Garrett Lee, Regional Vice President for Public Sector at Broadcom Enterprise Security Group; Carlos Rivera, Senior Analyst for Security & Risk at Forrester; Brian Snell, Director of the Broadcom Business at Carahsoft; and Manny Medrano, Director of the Security Operations Center at the U.S. Department of State.

Automation, Data Protection, and the New Cybersecurity Math

Federal cybersecurity teams are being asked to solve a difficult equation. Agencies face increasing cyber threats, rapidly evolving attack methods, growing volumes of data, and expanding hybrid environments — all while budgets and staffing levels remain under pressure. According to research discussed during this segment, many agencies are trying to determine how to maintain mission performance despite reduced resources and growing operational complexity.

Francis Rose begins the discussion with Carlos Rivera of Forrester, who explains that the research effort was designed to better understand how federal agencies are responding to these pressures. Rivera notes that while the private sector often focuses cybersecurity investments on revenue protection and business growth, government agencies face a different challenge: achieving mission outcomes while controlling costs and operating with limited personnel.

Rivera explains that agencies are increasingly being forced to reassess priorities due to budget reductions and staffing pressures. Even when organizations believe budgets may remain relatively stable, the operational and morale impacts of uncertainty are significant. Agencies are now being asked to accomplish the same mission with fewer people and fewer resources, which is forcing leaders to rethink how cybersecurity operations are managed.

One of the most significant findings from the research centered on the importance of network security. Rivera explains that while many cybersecurity conversations today focus heavily on identity or endpoint protection, agencies still see network security as foundational to defending the enterprise. Alongside network security, organizations identified data protection and incident response as areas of growing vulnerability.

Garrett Lee of Broadcom says the findings align closely with what he hears from government customers. He describes the current environment as a “nasty math problem” where agencies are simultaneously experiencing long-term budget reductions, staffing shortages, and increasingly sophisticated threats fueled by AI and machine-speed attacks.

Lee notes that many agencies understand the seriousness of the challenge. He points to findings showing that a large percentage of organizations expect cyber breaches to increase while relatively few feel fully confident in their ability to keep pace with evolving threats. At the same time, agencies are increasingly embracing automation as a way to offset staffing shortages and improve operational efficiency.

Brian Snell of Carahsoft explains that automation is becoming essential because cybersecurity teams simply cannot keep up manually with the growing scale and speed of attacks. He says agencies are recognizing that disconnected point tools create operational inefficiencies and increase the burden on already stretched teams.

Instead, Snell argues that agencies are moving toward platform-based approaches that integrate multiple cybersecurity functions. A more connected architecture enables organizations to automate repetitive tasks, share information across systems, and improve visibility throughout the environment.

The discussion also highlights the importance of cross-functional cybersecurity teams. Snell explains that agencies with highly siloed expertise and isolated tools struggle to automate effectively. In contrast, organizations that train personnel across broader platforms and workflows are better positioned to take advantage of automation and integrated security operations.

Lee adds that this integrated visibility is particularly important for incident response and data protection. Security teams need to understand not only what is happening on endpoints, but also how data is moving across the network, whether lateral movement is occurring, and whether sensitive information is being exfiltrated.

The panel also explores how AI and hybrid infrastructure are reshaping cybersecurity operations. Rivera explains that agencies are already managing highly complex hybrid workforces and hybrid workloads, and AI agents are adding another layer of complexity. Organizations are still working to secure human users while now also having to manage AI-driven interactions and automated systems operating across environments.

Data management becomes another major focus of the conversation. Snell notes that agencies are dealing with rapidly expanding volumes of data, especially as AI and large language models become more widely adopted. At the same time, agencies must balance cloud adoption with concerns about security, cost, resiliency, and operational control.

While government policy over the last decade strongly encouraged cloud adoption, the panel explains that many agencies are now reevaluating how much infrastructure should remain in the cloud versus on-premises or in private cloud environments. Some organizations are building private AI environments and reconsidering the importance of self-hosted infrastructure to ensure data sovereignty and mission continuity.

Lee describes this evolution as a shift from “cloud first” to “cloud smart,” with agencies now taking a more balanced approach based on mission needs, economics, resiliency, and risk management.

Throughout the segment, the panel repeatedly returns to one central theme: agencies cannot solve cybersecurity challenges simply by adding more tools. Instead, they must simplify operations, improve visibility, automate repetitive work, and adopt integrated strategies that help smaller teams operate more effectively.

Key Takeaways

• Agencies are balancing rising cyber threats against shrinking budgets and staffing levels.
• Network security, data protection, and incident response remain top concerns for federal organizations.
• Automation is becoming critical for improving efficiency and reducing operational burden.
• Platform-based security approaches provide greater visibility and operational integration.
• Hybrid cloud and on-premises strategies are becoming more important as agencies manage AI and sensitive data.

The State Department’s Approach to Automation, AI, and Cybersecurity Outcomes

The second segment shifts from research and industry trends to real-world implementation inside government. Francis Rose continues the conversation with Garrett Lee and Carlos Rivera while welcoming Manny Medrano, Director of the Security Operations Center at the U.S. Department of State.

Medrano explains that the State Department SOC is actively adapting to rapid technological change while managing the realities of constrained budgets and staffing shortages. Rather than chasing every new cybersecurity trend, the SOC is focused on outcomes — identifying how technology can genuinely improve operations, increase efficiency, and strengthen security.

One of Medrano’s core priorities is ensuring that automation is applied strategically. He explains that repetitive, process-driven tasks are ideal candidates for automation because they consume valuable analyst time while adding limited strategic value. By automating repeatable workflows, the SOC can allow cybersecurity professionals to focus on more advanced analysis and complex mission challenges.

However, Medrano warns against the tendency to apply AI indiscriminately simply because it is the newest technology trend. He argues that agencies should avoid “AI for the sake of AI” and instead identify where artificial intelligence can solve meaningful operational problems.

Carlos Rivera agrees, explaining that agencies largely view AI today as a supplemental capability designed to offset skill shortages and improve operational efficiency. AI can help personnel better understand data, simplify workflows, and gain insights from increasingly complex cybersecurity environments.

Rivera also emphasizes that many agencies are still struggling with operational complexity created by disconnected systems and overlapping technologies. He says organizations are increasingly reassessing whether they are fully utilizing the tools they already own before investing in additional capabilities.

This leads directly into the discussion around zero trust. Rivera explains that many organizations initially misunderstood zero trust as a requirement to purchase entirely new technologies. Instead, he argues that zero trust is fundamentally a strategic and architectural approach that requires agencies to reassess governance, processes, segmentation, and data management.

Medrano reinforces that idea by explaining that many zero trust principles are rooted in common-sense cybersecurity fundamentals such as segmentation, layered security, and stronger controls around sensitive data. The challenge is not necessarily the concepts themselves, but rather implementing them effectively across large and complex environments.

The conversation also dives deeply into data governance and visibility. Rivera notes that many agencies still struggle to inventory their data, understand where it exists, classify it properly, and apply the correct protections. The rapid expansion of AI-generated and AI-managed data only increases the urgency of solving these challenges.

Medrano argues that agencies must first understand their data before applying AI to it. Organizations need to know what information they collect, why they collect it, how it is tagged, and who should have access to it. Without those foundational controls, AI initiatives can create additional risk instead of improving security.

The panel also discusses operational efficiency inside security operations centers. Medrano explains that one of his first priorities was understanding what technologies the SOC already possessed and determining whether the team was fully utilizing available capabilities. That process revealed untapped features and opportunities for greater integration within the existing ecosystem.

Garrett Lee highlights how AI can improve SOC operations by accelerating complex tasks such as incident reporting and analysis. Security analysts often spend enormous amounts of time manually assembling reports and reconstructing attack timelines. AI can help summarize data, identify patterns, and automate portions of these workflows, giving analysts more time to focus on threat response and mission-critical work.

Toward the end of the segment, the conversation turns to the future threat environment. Lee warns that AI will likely uncover a massive wave of new vulnerabilities and increase pressure on cybersecurity teams already operating with limited resources.

Because of that, agencies that invest now in automation, governance, visibility, and operational discipline will be better prepared for the next phase of cybersecurity challenges.

Rivera closes the discussion with a simple but powerful takeaway: agencies should stop throwing money at cybersecurity problems without a strategy. Success will depend on governance, planning, integrated operations, and a clear understanding of mission priorities.

Key Takeaways

• Agencies are focusing on measurable cybersecurity outcomes rather than adopting technology for its own sake.
• Automation is most effective when applied to repetitive operational tasks.
• AI can help offset staffing shortages and simplify complex analysis.
• Zero trust requires strategy, governance, and architectural planning — not just new technology purchases.
• Strong data governance and visibility are essential for effective AI and cybersecurity operations.
• Agencies must maximize existing tools and capabilities before expanding technology stacks.
• Future AI-driven threats will require stronger automation, visibility, and operational discipline.