The public sector faces a security landscape more volatile and complex than ever before. With Artificial Intelligence (AI) rapidly changing the tactics of both defenders and adversaries, and long-standing issues like skills shortages and technical debt pressing down, federal agency leaders are at a critical inflection point. The traditional playbook is no longer enough to secure the nation’s most sensitive data and critical infrastructure.
Recently, Rocky Giglio, Global Director of Security at SADA, An Insight company, and Chris Klein, Head of Federal, Google Cloud Security Sales at Google, sat down to discuss the monumental pressures facing federal security leaders and the practical strategies available to not just cope, but thrive, in this new, demanding environment.
The four headwinds facing federal security
Chris Klein laid out four significant pressures that are uniquely impacting the federal government’s mission defense:
1. The cybersecurity skills gap and burnout
The need for highly skilled security personnel—especially those proficient in AI and advanced analytics—is outpacing the talent pool. As Chris Klein noted, the public sector is “disproportionately affected by persistent talent shortage,” which is only “being exacerbated by the need for staff skilled in AI and advanced analytics to manage modern systems.” This persistent shortage is compounded by another factor: burnout.
The complexity of modern systems, which have migrated from simple mainframes to vast, globally connected microservices, requires a depth of expertise that is difficult to maintain. As Rocky Giglio remarked, the challenge of securing complex environments has become exponential with the introduction of AI. This creates a moving target for upskilling and retention.
2. Regulatory fragmentation and compliance burden
Federal security leaders must navigate a patchwork of sometimes overlapping mandates. Klein cited the example of OMB’s federal directive M 21-31, which requires agencies to log and retain a vast amount of data. He stated that this was “a huge problem for cyber professionals. They didn’t have the storage. They didn’t have the money. They didn’t have the funding to go forward and execute on M-21-31.” Requirements that lack clear funding or implementation guidelines create an operational chokehold, diverting resources from proactive defense.
3. Technical debt and operational complexity
The evolution from simple OS/390 mainframes to client-server, virtual machines (VMs), containers, and now microservices has drastically increased complexity. As Chris Klein highlighted: “The environments that our staff and server security professionals have to operate and manage and control and secure are so much more complex, so much more vast, so much more globally connected.” This complexity results in endemic vulnerabilities and makes high-level mandates like zero trust incredibly difficult to apply across legacy systems.
4. Decentralization of security leadership
High-level changes and churn within cybersecurity leadership across both civilian and Department of Defense (DoD) agencies create instability and inconsistency in strategic direction. This churn makes it harder to maintain long-term initiatives and consistently support the mission.
The AI arms race: adversaries get smarter
The urgency of these challenges is magnified by the rapid evolution of the threat landscape. Nation-state actors and malicious groups are leveraging AI to automate and scale their attacks, giving them an unprecedented advantage.
Chris Klein detailed how AI has lowered the bar for sophisticated attacks. This includes:
- Hyper-personalized phishing: Generative AI is being used to craft highly convincing, context-aware phishing emails that are written with “perfect language”—making them far less suspect to the average user.
- Attacks at scale and speed: AI can automate the initial stages of the cyber kill chain, such as rapidly scanning for vulnerable systems, generating malicious payloads, and executing automated evasion techniques.
- Polymorphic malware: AI is contributing to the development of malware that can constantly change its code or appearance to evade detection.
The result is a constant, overwhelming flood of information, which can lead to a phenomenon similar to what Rocky Giglio referred to as the “skills gap”: data paralysis. As Klein explained, operators “can be flooded with so much information. They don’t know what to prioritize. Prioritize with respect to: How do you respond? What do I respond to? What’s critical, what’s not?”
Strategic solutions: Using AI and next-gen tools
To combat these pressures, the experts agreed that a shift in strategy focused on people, process, and technology is essential, with AI and automation being the force multiplier.
1. The power of integrated AI security platforms
The most significant shift comes from using AI to close the skills gap and fight speed with speed. Google is tackling this by combining threat intelligence, high-speed search, and AI-driven analysis in its security platform, which includes tools like SecOps and the Security Command Center (SCC).
As Rocky Giglio highlighted, the value of this integration is immense: “You take Google threat intelligence data and ask your SecOps questions about your environment…you can just go in natural language and say, ‘Hey, you know, I saw this in the news today. What are the indicators of compromise?’”
This capability enables the operator to:
- Retro-hunt at scale: Search massive data lakes (20PB of data) for historical indicators of compromise in seconds—a task that would have taken days, or been practically impossible, with legacy tools.
- Use actionable intelligence: Go beyond alerts and receive concrete recommendations, such as the necessary Terraform code to deploy a fix.
Chris Klein emphasized that the core investment from Google is about owning the infrastructure to enable this scale and speed: “Our mission…is we want to own the chips and we want to own the models.” By controlling the tensor processing units (TPUs) and large language models (LLMs) like Gemini, Google can build inherent security, privacy, and intelligence directly into the defense tools, leveraging its massive visibility into the world’s internet traffic.
2. A zero trust architecture, end-to-end
The goal of zero trust is often misunderstood as only applying to the endpoint. However, both experts agree it must be an architectural philosophy applied across the entire ecosystem.
Chris Klein, referencing Google’s post-Aurora attack architecture, stated: “I think that we should trust no one…Google did a really good job after what was called the Aurora tech about a dozen years or so ago, where we actually, I believe we invented zero trust.”
For federal agencies, zero trust can be simplified by:
- Standardizing the endpoint: Migrating to a browser-centric operating environment, like Chrome Enterprise Premium, eliminates entire classes of vulnerabilities. As Klein noted, “When you’re on the Chrome operating system. There’s no such thing as Patch Tuesday. There was no malware on our devices.”
- Securing identity: Shifting identities from legacy Active Directory into a cloud identity platform to simplify access management.
- Micro-segmentation: Applying zero trust principles within the cloud architecture itself, ensuring that all microservices and APIs are strictly controlled, logged, and only communicate with the components they are explicitly authorized to reach.
The key takeaway is that modernization—especially the move to cloud-native security investments—allows agencies to “design and build in security on the front of application deployment.” This “DevSecOps” approach ensures that vulnerabilities are prevented at Day Zero rather than patched in production.
3. Quick wins and the value of partnership
In a time of fluctuating budgets and critical mandates, leaders need to focus on quick, impactful wins. The experts agreed that the most important first step is gaining visibility. The fastest path to greater visibility and operational efficiency is through trusted partnerships and managed services.
- Managed security services: Outsourcing lower-value but essential tasks, like 24/7 eyes-on-glass monitoring, through a managed security service provider (MSSP). This frees up highly skilled in-house staff to focus on strategic, high-value work.
- Leveraging tribal knowledge: Chris Klein emphasized the power of the SADA/Insight partnership, noting that partners have “such longstanding, trusted relationships” that make it easier to “get the customer to open up about where they really need help” and quickly identify the most critical next steps.
- Strategy first: A quick win can be as simple as defining a clear strategy.
The combination of Google’s AI-powered technology (Mandiant’s front-line intelligence, VirusTotal’s malware insights, and Google’s massive threat surface visibility) with the domain expertise of a federal-focused partner like SADA provides the necessary human capital and actionable intelligence to transform an agency’s security posture.
In this AI-driven era, the fight is less about collecting data and more about instantly knowing what matters and how to respond. By modernizing tools, embracing zero trust principles, and leveraging AI to augment human teams, federal agencies can finally move beyond a reactive, vulnerable stance to a proactive, secure footing.
Continue the good fight by exploring how your agency can leverage AI-powered security to create an impenetrable digital fortress, ensuring the safety of your mission-critical data and the uninterrupted confidence of your stakeholders. Start your comprehensive AI security audit today to identify vulnerabilities and implement the next generation of threat intelligence. The future of your agency’s integrity depends on it.
