7 Reasons Why Trustwave’s FedRAMP Status is Key for U.S. Vendors

Posted on by Bill Rucker

While selling technology or services to the U.S. Federal Government offers a tremendous opportunity, it also involves navigating complex requirements—especially in the area of cybersecurity.

Federal agencies handle sensitive data and demand the highest levels of security assurance.

This is where the Federal Risk and Authorization Management Program (FedRAMP) comes in, acting as the crucial gatekeeper for cloud services used by the Government.

For vendors looking to succeed in the Federal marketplace, partnering with or building upon services from a FedRAMP-authorized provider isn’t just helpful—it’s often essential.

Trustwave has achieved FedRAMP Authorization for its Government Fusion platform (delivering Managed Detection and Response (MDR) and Co-Managed SIEM/SOC services) which makes Trustwave an ideal partner for any U.S. Government vendor, and here’s why:

1. Instant Credibility: The FedRAMP Stamp of Approval

FedRAMP is the standardized, rigorous security framework mandatory for Federal agency cloud deployments. Achieving FedRAMP Authorization is a lengthy, complex and resource-intensive process, demonstrating an exceptional commitment to security.

Leveraging Trustwave’s FedRAMP-authorized platform instantly elevates your offering’s credibility. It signals to agencies that the underlying security meets the Government’s stringent standards and is vetted through an exhaustive process. Trustwave is notably the first pure-play MDR provider to achieve this status, adding further weight to its credentials.

2. Enhanced Trust and Credibility

Achieving FedRAMP authorization is no small feat. It involves a rigorous evaluation process that includes detailed security assessments and continuous monitoring. Trustwave’s compliance with these standards enhances its credibility and trustworthiness, making it a reliable partner for Government vendors who must adhere to strict security protocols.

Trustwave, 7 Reasons Why Trustwave's FedRAMP Status is Key for US Vendors, blog, embedded image, 2025

3. Meeting Rigorous Federal Security Mandates

FedRAMP isn’t just a checkbox; it ensures robust, ongoing security. Authorization requires continuous monitoring, regular assessments and adherence to strict controls based on NIST standards.

Partnering with Trustwave assures agencies that your solution’s security components adhere to these high standards. Furthermore, Trustwave’s authorization, operating within AWS GovCloud and meeting “U.S. eyes only” requirements, directly supports vendors needing to comply with other critical mandates like the Cybersecurity Maturity Model Certification (CMMC) required for the Defense Industrial Base (DIB).

4. Access to a Wider Government Market

Simply put, FedRAMP authorization is often a non-negotiable requirement for Federal cloud contracts. Without it, market access is severely limited.

By partnering with Trustwave, you align your solution with a provider that has already unlocked the door to Federal agencies requiring FedRAMP compliance. This accomplishment expands your potential customer base significantly. Trustwave also holds GovRAMP authorization, potentially easing access to State and Local Government markets as well.

5. Leveraging Proven Cybersecurity Expertise

Trustwave’s FedRAMP authorization covers its Government Fusion platform, delivering critical Managed Detection and Response and Co-Managed SOC services operated by cleared U.S. personnel.

This means you’re not just getting compliance; you’re gaining the backing of a recognized leader in threat detection, response and managed security. Access to Trustwave’s expertise, including insights from their elite SpiderLabs team, strengthens your overall security posture and value proposition.

6. Continuous Monitoring and Improvement

FedRAMP requires continuous monitoring of security controls and regular updates to address emerging threats. Trustwave’s commitment to ongoing security improvements ensures that Government vendors benefit from the latest advancements in cybersecurity. This proactive approach helps mitigate risks and enhances the overall security posture of Government operations.

7. Support for Cloud Adoption

As Government agencies increasingly adopt cloud technologies, having a FedRAMP-authorized partner like Trustwave is invaluable. Trustwave’s expertise in cloud security helps Government vendors transition to the cloud securely, ensuring compliance with Federal regulations while leveraging the benefits of cloud computing.

In the competitive and security-conscious Federal marketplace, alignment with FedRAMP is critical. Trustwave’s FedRAMP Authorization achievement provides U.S. Government vendors with a powerful advantage.

Partnering with Trustwave offers enhanced credibility, accelerates procurement cycles, ensures compliance with stringent security mandates like FedRAMP and CMMC, broadens market access and leverages world-class cybersecurity services.

For vendors serious about succeeding in the U.S. Public Sector, Trustwave’s FedRAMP status makes them a perfect fit.

To learn more about why partnering with a FedRAMP authorized vendor like Trustwave Government Solutions can help your organization succeed in the Federal marketplace, please visit TGS.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Trustwave we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Accelerating The Healthcare AI Revolution: Reasoning Models and Data

Posted on by Debojyoti (Debo) Dutta

The healthcare industry stands at the precipice of transformation. While artificial intelligence (AI) has been utilized in healthcare for decades, analyzing OMICS and supporting drug discovery, recent advancements in generative AI (GenAI) and reasoning models are redefining what’s possible, especially when connected to private data. This evolution represents not just incremental improvement but a fundamental shift in how technology can augment healthcare delivery.

The Accelerating Pace of AI Evolution

The GenAI movement that emerged around 2017 added a new dimension, enabling AI to create content. However, it was the 2022 release of ChatGPT that democratized access to these capabilities, creating a “Wright Brothers moment,” springboarding the industry of AI. Suddenly, everyone from children to healthcare professionals began experimenting with these systems, often finding productivity gains despite the limitations of early versions of the technology.

Just as organizations were adapting to this new reality, reasoning models emerged in late 2024. These systems do not simply generate content, but think through problems step by step, mirroring human cognitive processes. Within months, more efficient, open-source reasoning models followed, making this technology accessible even for regulated industries like healthcare (e.g. Med-R1 8B).

GenAI Reasoning Models in Healthcare

GenAI enables healthcare professionals to work more efficiently, freeing time to engage with patients. Unlike earlier models, recent GenAI reasoning models provide transparency into their decision-making process. These models can now power advanced AI agents using healthcare-specific models like Google AIM, Med-PaLM 2 or Med-R1. This auditability is crucial in healthcare, where understanding why a recommendation was made is often as important as the recommendation itself.

Before implementing AI agents and reasoning, agencies should define clear outcomes and goals. Here are several factors to consider when integrating GenAI into your agency:

Data Strategy: The effectiveness of AI models depends significantly on the quality and privacy of your data. Organizations need clear protocols for creating evaluation datasets and managing sensitive patient information that can be kept sovereign.
Infrastructure Decisions: Healthcare organizations must decide whether to deploy models in the cloud or on-premises, considering regulatory requirements and data sensitivity. A hybrid approach often provides the flexibility needed to address various use cases.
Model Selection: Open-source models now trail proprietary options by only about six months in capabilities while offering cost advantages and greater control. Many organizations are adopting hybrid strategies, using proprietary models for cutting-edge applications and open-source alternatives for routine tasks.
Scale Considerations: Small, specialized language models can be more efficient for specific healthcare tasks, while larger models may be necessary for complex reasoning about treatment options or research questions.

Agencies should prepare robust data governance frameworks and flexible infrastructure that spans cloud and on-premise environments to enable healthcare personnel to use GenAI effectively. Overall, GenAI enables healthcare professionals to work more efficiently, enabling them to connect more with patients.

Your Journey to an AI Future Starts Now

The future of healthcare will be augmented by reasoning models, making healthcare more affordable and accessible for all.

Some new, AI-driven areas to watch for include:

Data Interaction: LLMs will navigate complex healthcare data ecosystems, from electronic health records to genomic data, answering nuanced clinical questions without requiring complex programming.
Planning and Research: By functioning as collaborative partners in research, the models look to help design clinical trials, analyze research literature and develop treatment protocols.
Actionable Workflows: Reasoning models will help automate clinical and administrative processes while incorporating human feedback in a continuous improvement cycle.

AI agents will begin to help address the acute staffing shortages plaguing healthcare systems worldwide. These digital assistants can handle routine documentation, answer common patient questions, and provide decision support, allowing clinicians to focus on direct patient care. As AI systems become more affordable and consumption increases, we’re likely to see a revolution in healthcare accessibility, particularly for underserved populations, with AI agents augmenting healthcare workers’ efforts.

The journey toward AI-augmented healthcare is accelerating faster than most experts predicted. For healthcare leaders, the question is no longer whether to embrace these technologies, but how to implement them to improve care while maintaining the human connection that defines healthcare.

The content of this blog was pulled from the Healthcare Information and Management Systems Society (HIMSS) panel, “Accelerating Enterprise GenAI.” To learn more about Nutanix GenAI, visit Nutanix’s AI Solution page.

Preparing Federal Systems for Post-Quantum Security: A Strategic Approach

Posted on by Gina Scinta

Federal agencies face an urgent timeline to protect their most sensitive data from quantum computing threats. Quantum computers leverage physics principles like superposition and entanglement to perform calculations faster than classical computers, posing a significant threat to current encryption standards. Adversaries employ “harvest now, decrypt later” tactics, collecting encrypted data to store until there is a quantum computer powerful enough to break the encryption. The National Institute of Standards and Technology (NIST) released standardized Post-Quantum Cryptography (PQC) algorithms designed to withstand quantum attacks, ensuring long-term data security. The U.S. Federal Government has also issued guidance urging Federal agencies to update their IT infrastructure and deploy crypto-agile solutions that utilize today’s classical encryption algorithms and provide the ability to upgrade to PQC algorithms to combat this threat.

With the Cloud Security Alliance projecting cryptographically relevant quantum computers by 2030, agencies must implement these quantum-resistant algorithms before current security measures become obsolete.

The Quantum Threat Landscape

Current public key infrastructure (PKI), which underpins the internet, code signing and authentication, faces an existential threat from quantum computing. This vulnerability extends beyond theoretical concerns to three specific risk areas affecting Federal systems:

Harvest Now, Decrypt Later: Attackers intercept communications and data today, storing them until quantum computers can break the encryption—potentially exposing Government secrets and sensitive information.
Forged Signatures: Quantum capabilities could enable impersonation of trusted entities, allowing attackers to load malicious software to long-life devices or create fraudulent financial transactions that impact both commercial and Federal Government systems.
Man-in-the-Middle Attacks: Advanced quantum computing could facilitate access to secure systems, potentially compromising military command and control (C2) environments, disrupting critical infrastructure and interfering with elections.

The most vulnerable assets are those containing long-lived data, including decades of trade secrets, classified information and lifetime healthcare and personal identifiable information. Short-lived data that exists for hours or months faces considerably less risk from quantum-enabled decryption.

Post-Quantum Cryptography Standards and Timeline

The standardization of quantum-resistant algorithms represents the culmination of an eight-year process spearheaded by NIST. In August 2024, NIST published its final standards for three critical algorithms:

ML-KEM (formerly Crystals-Kyber) | FIPS 203 | Key Encapsulation
ML-DSA (formerly Crystals-Dilithium) | FIPS 204 | Digital Signature
SLH-DSA (formerly HSS/LMS) | FIPS 205 | Stateless Hash-Based Signature

A fourth algorithm, FND-DSA (formerly Falcon), is still pending finalization. Simultaneously, NIST has released Internal Report (IR) 8547, providing comprehensive guidelines for transitioning from quantum-vulnerable cryptographic algorithms to PQC.

The National Security Agency’s (NSA) Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), released in September 2022 with an FAQ update in April 2024, outlines specific PQC requirements for National Security Systems. These standards have become reference points for Federal agencies beyond classified environments, establishing a staggered implementation timeline:

2025-2030: Software/firmware signing
2025-2033: Browsers, servers and cloud services
2026-2030: Traditional networking equipment
2027: Begin implementation of operating systems

Crypto Agility and Transition Strategy

It is essential for Federal agencies to deploy crypto-agile solutions that provide the ability to quickly modify underlying cryptographic primitives with flexible, upgradable technology. This capability allows organizations to support both current algorithms and future quantum-resistant ones without hardware replacement.

A comprehensive transition strategy includes seven critical steps:

Awareness: Understand the challenges, risks and necessary actions to prepare for quantum threats.
Inventory and Prioritize: Catalog cryptographic technologies and identify high-risk systems—a process the Cybersecurity and Infrastructure Security Agency (CISA) mandated via spreadsheet submission last year.
Automate Discovery: Implement tools that continuously identify and inventory cryptographic assets, recognizing that manual inventories quickly become outdated.
Set Up a PQC Test Environment: Establish testing platforms to evaluate how quantum-resistant algorithms affect performance, as these algorithms generate larger keys that may impact systems differently.
Practice Crypto Agility: Ensure systems can support both classical algorithms and quantum-resistant alternatives, which may require modernizing end-of-life hardware security modules.
Quantum Key Generation: Leverage quantum random number generation to create quantum-capable keys.
Implement Quantum-Resistant Algorithms: Deploy PQC solutions across systems, beginning with high-risk assets while preparing for a multi-year process.

Practical Implementation of PQC

Thales, Preparing Federal Systems for Post Quantum Security, blog, embedded image, 2025

Federal agencies should look beyond algorithms to consider the full scope of implementation requirements. The quantum threat extends to communication protocols including Transport Layer Security (TLS), Internet Protocol Security (IPSec) and Secure Shell (SSH). It also affects certificates like X.509 for identities and code signing, as well as key management protocols.

Hardware security modules (HSMs) and high-speed network encryptors serve as critical components in quantum-resistant infrastructure. These devices must support hybrid approaches that combine classical encryption with PQC to maintain backward compatibility while adding quantum protection.

The National Cybersecurity Center of Excellence (NCCoE) is coordinating a major post-quantum crypto migration project involving more than 40 collaborators, including industry, academia, financial sectors and Government partners. This initiative has already produced testing artifacts and integration frameworks available through NIST Special Publication (SP) 1800-38.

Crypto Discovery and Inventory Management

Automated discovery tools represent a crucial capability for maintaining an accurate and current inventory of cryptographic assets. Unlike the one-time manual inventories many agencies completed in 2022-2023, these tools enable continuous monitoring of cryptographic implementations across the enterprise.

Several vendors offer specialized solutions for cryptographic discovery, including InfoSec Global, Sandbox AQ and IBM. These tools can:

Discover and classify cryptographic material across environments
Identify which assets are managed or unmanaged
Determine vulnerability to quantum attacks
Support centralized crypto management and policies

The Cloud Security Alliance has coined the term “Y2Q” (Years to Quantum) as an analogy to the “Y2K bug,” highlighting the need for systematic preparation. However, the quantum threat represents a potentially more significant risk than Y2K, with a projected timeline that places a cryptographically relevant quantum computer capable of breaking current cryptography by April 14, 2030.

Moving Forward with Quantum-Resistant Security

The transition to post-quantum cryptography is not optional for Federal agencies—it is an imperative. While the process requires significant investment in time and resources, the alternative—leaving sensitive Government data vulnerable to decryption—poses an unacceptable risk to national security.

Agencies should begin by evaluating their existing cryptographic inventory, prioritizing systems with long-lived sensitive data and developing implementation roadmaps aligned with NIST and NSA timelines. By taking incremental steps today toward quantum-resistant infrastructure, Federal organizations can ensure their critical information remains secure in the quantum computing era.

To learn more about implementing quantum-resistant security in Federal environments, watch Thales Trusted Cyber Technologies’ (TCT) webinar, “CTO Sessions: Best Practices for Implementing Quantum-Resistant Security.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Thales TCT we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Hidden Threat: Why Ignoring Non-Human and Third-Party Identities is a Risk You Cannot Afford

Posted on by Frank Briguglio

I had the opportunity to present and discuss the threat of Non-Human and Third-party Identities at AFCEA TechNet Cyber with the Department of Defense (DoD) community. It is obvious that the maturity of Identity, Credential and Access Management (ICAM) and all identities is top of mind. The Industry, the National Institute of Standards and Technology (NIST), Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (DHS CISA) and the DoD are all starting to focus on the problem, as it is recognized that identity is no longer just an IT problem—it is the front line of defense. We have been deep in digital transformation and the adoption of Zero Trust frameworks and have discovered an inconvenient truth: most organizations are flying blind when it comes to managing the very identities that power their operations—non-human and third-party users.

And that is a problem.

The New Cyber Perimeter: Identity

The old perimeter—firewalls and virtual private networks (VPNs)—is dead. What stands between you and the next breach is your ability to govern who or what has access to your systems. Yet many agencies remain fixated on credentials and authentication, while ignoring vast swaths of non-human actors (bots, robotic process automations (RPAs), service accounts) and external partners (vendors, contractors, mission partners).

This is not just a gap. It is a canyon.

According to Deloitte, 63% of organizations lack visibility into third-party access. Even more troubling, most have no way to list or audit all machine identities operating in the background. These invisible accounts often have persistent, high-level access and no formal governance, making them prime targets for threat actors.

Real-World Breaches, Real-World Consequences

Look no further than the SolarWinds and Okta breaches. In both cases, attackers exploited unmanaged service accounts or contractor credentials to move laterally and escalate privileges. These were not arcane zero-days—they were lapses in identity governance. And they cost credibility, customer trust and in some cases, national security.

The lesson? You cannot protect what you cannot see. And you definitely cannot secure what you do not control.

Why Automation and Governance Are Non-Negotiable

In a Zero Trust architecture, access is no longer assumed—it is continuously verified. But that verification breaks down when service accounts are created ad hoc, with no expiration dates, no ownership and no audit trail. The same goes for third-party users who are onboarded through spreadsheets or informal emails, then forgotten once their project ends—yet their access lives on.

This is how breaches happen.

Governance gaps like these leave organizations exposed to avoidable risks: policy drift, compliance violations, excessive access rights and a lack of accountability. Without automation and lifecycle management, identities multiply faster than security teams can manage them—leading to sprawl, privilege creep and ultimately attack surface expansion.

The Case for Identity-Centric Security

Modern enterprises need identity security platforms that extend beyond the traditional workforce. That means treating machine and third-party identities with the same level of scrutiny, controls and lifecycle management as full-time employees.

SailPoint’s approach offers a compelling blueprint:

Non-Employee Risk Management (NERM): Centralized, auditable workflows for third-party access, including onboarding, offboarding and access reviews.
Machine Identity Security (MIS): AI-driven discovery, classification, ownership assignment and access certification for bots, RPAs and service accounts.

Together, these capabilities provide visibility and governance across all identities, regardless of origin. They also support Zero Trust mandates like least privilege, just-in-time access and continuous verification.

Business Benefits Beyond Security

This is not just about reducing risk. It is about enabling speed and scale without sacrificing control.

With strong identity governance:

Mission partners and contractors get the access they need faster—without creating long-term exposure.
Audit preparation becomes easier, with clear logs of who had access to what, when and why.
Compliance improves, especially in regulated industries, based on NIST and other frameworks.
Security teams can shift from reactive firefighting to proactive risk management.

And perhaps most importantly: organizations become more resilient in the face of evolving threats.

The Bottom Line

Cybersecurity is no longer just about protecting data—it is about protecting trust. And trust starts with visibility and control over every identity that touches your systems.

If your organization is still relying on outdated processes to manage non-human and third-party users, now is the time to act. Inaction is not neutral—it is a strategic liability. As attack surfaces expand and adversaries grow more sophisticated, unmanaged identities will remain the soft underbelly of your defenses.

Zero Trust is not just a framework—it is a mindset. And in that mindset, every identity matters.

It is time to see what has been hiding in plain sight.

Ready to reinforce your identity perimeter? Discover how SailPoint’s ICAM solutions empower organizations to manage digital identities with precision. Explore Now.

The Top Zero Trust Events for Government in 2025

Posted on by Alex Whitworth

Zero Trust stands out within the cybersecurity market because of its transformative approach to the immensely secure framework of “never trust, always verify.” Zero Trust cybersecurity technology industry experts are driven to safeguard Government networks and offer solutions that align with protecting critical information and reducing risk to national security. Carahsoft supports vendors that help Government organizations understand Zero Trust frameworks, develop a Zero Trust strategy and implement a Zero Trust Architecture (ZTA). Throughout this year, Carahsoft and our partners are participating in several events focused on strengthening Zero Trust throughout the Public Sector. Join us to learn how the industry and Government can collaborate to stay ahead of cybersecurity challenges and build a strong foundation for proactive security.

Public Sector Network Government Cybersecurity Showcase Series

Multiple Dates | In-Person Events

Join PSN’s Government Cybersecurity Showcases, a series of events making multiple stops where attendees can explore how Public Sector leaders can embrace innovation while strengthening cybersecurity. As agencies adopt AI, data analytics and smart technologies, the need for resilient Zero Trust frameworks has never been greater. This event will highlight strategies for securing digital transformation, protecting critical infrastructure and fostering cross-sector collaboration—ensuring that innovation enhances, rather than compromises, security and trust. Don’t miss the teaser for our upcoming cybersecurity series to get a sneak peek at the experts, insights and innovations shaping the future of cyber defense.

Events to look out for:

Tallahassee, FL – August 27: Agenda

Columbus, OH – September 2025: Agenda Coming Soon!

Austin, TX – November 12: Agenda coming soon!

Carahsoft has partnered with Public Sector Network to host the 2025 Government Cybersecurity Showcase Series, a multi-city event series focused on the evolving landscape of cybersecurity in the Public Sector. These in-person events will bring together Government decision-makers and industry leaders to explore how innovative technologies—from AI to Zero Trust—are reshaping agency security strategies. Carahsoft is offering sponsorship opportunities to our partners. If you are a partner interested in further details on how to participate, please contact your Carahsoft Team.

SANS Government Security Solutions Forum

July 22 | Virtual Event

The SANS Institute stands on a mission of empowering cybersecurity professionals and honoring the highest standard in cybersecurity education to make the world a safer place. The Government Security Solutions Forum will delve into the latest trends in network protection, AI and cyber defense, supply chain, workforce development and more to help attendees understand how to combat modern threats effectively. In previous years, participants engaged with technology experts and listened to unique panel discussions with audience Q&As surrounding invaluable security initiatives across the Public Sector in areas such as Zero Trust implementation, achieving CMMC compliance and harnessing AI. Join us at this year’s event for all this and more!

Stay tuned for the official 2025 agenda. Here are some of the topics you can expect at this year’s event:

AI-Augmented Cyber Defense

Zero Trust Architecture

Cyber Defense Best Practices

Securing Government’s Expanding Attack Surface

Navigating Compliance Challenges

Emerging Cyber Threats and Future Trends

Carahsoft looks forward to partnering with the SANS Institute for the 5^th year in a row to bring this event to life. Carahsoft has over 800 employees focused on cybersecurity and partnerships with over 150 vendors. To learn more about the topics discussed at the forum and what to expect in July, read our highlights from last year’s event.

930gov Conference

July 31 | Washington, D.C. | In-Person Event

The 930gov Conference is the annual multi-track conference that brings together Government IT professionals, thought leaders and solution providers for a full day of education and networking. Hosted by the Digital Government Institute, this one-day event covers a range of critical topics including Cybersecurity/Zero Trust, AI, Cloud, Data and Records Management and Enterprise Architecture. With its turnkey format, 930gov offers Government attendees and sponsors alike a streamlined, high-impact experience—making it one of the most accessible and valuable events of the year.

Sessions to look out for:

Cyber/Zero Trust Track: Intersection of Cyber, AI and Privacy – This track will feature Zero Trust implementation lessons learned, advancements in continuous monitoring and the evolving threat landscape, including the rise of AI-driven phishing.

Carahsoft is partnering with DGI to support this event. 2025 sponsors included Carahsoft partners such as Microsoft and Armis. Carahsoft and DGI are offering Turn-key Booth sponsorships that feature premium exhibitor booth space, lead retrieval and overall access to the event. If you would like to get involved, please contact your Carahsoft Team.

Billington Cybersecurity Summit

September 9-12 | Washington, D.C. | In-Person Event

A long standing and experienced event, the Billington Cybersecurity Summit features an extensive array of cyber topics, speakers, sessions and interactive breakouts for attendees to truly immerse in the world of today’s emerging cybersecurity solutions and trends. In its 16^th year running, this leading Government cybersecurity summit promises an exceptional lineup of Government presenters, an invaluable leadership luncheon, an all-attendee networking reception and over 100 vendor booths featuring strategy development and technology demos.

For a sneak peek into what you can expect at the summit, topics covered during last year’s event included:

Zero Trust

Ransomware

Advancing cyber diplomacy

Protecting critical infrastructure

Learning how to use proactive defenses

Engineering AI into cybersecurity platforms

Implementing an effective risk management approach

Carahsoft is looking forward to sponsoring this year’s event and will feature a booth to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions. Check out the events tab on our website for more details closer to the event! 

Carahsoft Cyber Leaders Exchange

October 1-2 | Virtual Event

Presented by Carahsoft in collaboration with Federal News Network, The Cyber Leaders Exchange will dive into how the Government is building cyber resilience, including showcasing tips, tactics and tools to support your organization’s mission-critical cybersecurity efforts. Look forward to sessions about cybersecurity strategy-building, workforce challenges, AI within cybersecurity, Zero Trust and informative speakers from trusted technology vendors as well as Government experts.

Join Federal News Network for Carahsoft’s 4th Annual Cyber Leaders Exchange, taking place virtually on October 1st and 2nd. This dynamic two-day event will spotlight top voices in Government and industry talking about Cybersecurity. Additional details coming soon. Carahsoft is offering sponsorship opportunities to our partners. If you are a partner interested in further details on how to participate, please contact your Carahsoft Team.

ATARC Public Sector Zero Trust Summit

October 23 | Reston, VA – Carahsoft Conference and Collaboration Center | In-Person Event

This in-person event will feature expert discussions, networking opportunities and insights into the strategies and technologies driving secure, resilient Government operations.

Sessions to look out for:

Building and Measuring Success in Public Sector Security – This session explores practical approaches to adopting ZTA aligned with current Executive Orders focusing on challenges such as identity management, secure access and legacy system integration.

Zero Trust Beyond Compliance – This session will explore how to leverage modern tools, enhance data protection and integrate Zero Trust into existing infrastructures without disrupting mission-critical operations.

Zero Trust and the Cloud: Strategies for Federal Hybrid Environments – This session will focus on strategies for implementing Zero Trust in federal operations that span both cloud and on-premises systems.

Enhancing Efficiency: Trends, Innovations and the Future of Zero Trust – Explore emerging trends and innovations shaping the future of cybersecurity, including advancements in automation, AI-enhanced threat detection and quantum-resilient encryption.

Carahsoft is proud to serve as the event partner and host for the ATARC Public Sector Zero Trust Summit for the 7^th year. Carahsoft is offering sponsorship opportunities to our partners. If you are a partner interested in further details on how to participate, please contact your Carahsoft Team. Attendees will also have the opportunity to earn up to 6 CPE Credits.

RSA Public Sector Day 2026

March 23-26 | San Francisco, CA | In-Person Event

The 13th Annual RSA Public Sector Day at the RSA Conference examines key areas such as developing a strong cybersecurity workforce, understanding the impact of artificial intelligence (AI) on both offensive and defensive cyber operations and improving the exchange of information among Government entities.

Attendees will hear directly from top Government leaders and industry professionals as they discuss their perspectives and strategies for enhancing cybersecurity across all levels of Government and healthcare. Check out our website for more information about our involvement in 2026.

AFCEA TechNet Cyber

June 2-4 | Baltimore, MD | In-Person Event

This flagship event serves as the center of gravity for a whole-of-government effort to bring together the policy, strategic architecture, operations and Command and Control (C2) leaders—along with the joint capabilities—needed to meet the global security challenges and successfully operate in a digital environment.

Carahsoft’s and more than 50 partners will attend to showcase a full range of cybersecurity, AI, DevSecOps and cloud solutions.

As Government agencies are implementing Zero Trust strategies to meet sophisticated threats, it is imperative that the tech industry provides the most up-to-date information and solutions surrounding cybersecurity. Join Carahsoft and our partners at this year’s events to be a part of the innovative path forward.

To learn more or get involved in any of the above events please contact us at ZeroTrustMarketing@Carahsoft.com. For more information on Carahsoft and our industry leading OSINT technology partners’ events, visit our Zero Trust solutions portfolio.

Key Insights from Global Cyber Innovation Forum 2025

Posted on by Alex Whitworth

The 2025 Global Cyber Innovation Forum served as a premier gathering where cybersecurity’s most pressing challenges meet collaborative solutions.

Hosted by Forgepoint Capital, Snowflake, Forescout, Google Cloud and Carahsoft at the Embassy of Canada in Washington, D.C., the Forum brought together a curated audience of influential cyber leaders from across the globe, including industry executives, Government officials, policy leaders, venture capitalists and thought leaders from academia and the non-profit sector.

This annual event provided a platform for critical discussions on emerging threats, technological innovation and strategic partnerships essential for securing our digital infrastructure. Five key themes stood out throughout the sessions:

National Security Threats with Supply Chain Vulnerabilities

The Rise and Race to AI Dominance

The Edge of Quantum Transformation

Typhoon of Attacks on Critical Infrastructure

Streamlining Cybersecurity Compliance

National Security Threats with Supply Chain Vulnerabilities

The digital supply chain, specifically software and applications civilians use, have increasingly become a source of critical national security vulnerabilities. Government officials and industry leaders warn that software and digital platforms sourced from foreign adversaries have reshaped the threat landscape by implanting foreign influence in the U.S. technology ecosystem.

Technology serves as a funding mechanism for adversaries and comes with a hidden price of mass data collection, making it easier for threat actors to access sensitive information and transform traditional cyberattacks. The lack of transparency in certain nation-states raises concerns on regulatory consequences, potentially giving adversaries a strategic edge in information warfare and creating a blind spot in the global tech supply chain.

U.S. leaders emphasize the necessity for regulated technology supply chains and accelerated Federal certifications, specifically FedRAMP, to ensure innovation does not come at the cost of national security.

Rise and Race to AI Dominance

With the rise of artificial intelligence (AI), data has become the modern form of power. Foreign adversaries are striving to build or gain access to data pipelines to fuel their AI models, bypassing privacy in a way that allows them to train AI models much faster than has been possible in America. The U.S. must counter this by accelerating our own AI model training and innovation, while safeguarding privacy and data integrity.

Government and industry experts state that AI is being underutilized across U.S. operations. The current administration has streamlined AI usage through Executive Order 14179: Removing Barriers to American Leadership in Artificial Intelligence and Executive Order 14277: Advancing Artificial Intelligence Education for American Youth. Additionally, AI should be deployed when combating advanced cyberattacks and automating routine cybersecurity efforts such as threat detection, incident response and vulnerability identification.

The Edge of Quantum Transformation

Emerging technologies such as quantum computing are rapidly approaching mainstream adoption. The massive amount of encrypted data currently stored in secret could be vulnerable to decryption within the next 5 to 10 years. This hovering threat has made the development and deployment of post-quantum cryptography a top priority for the U.S. Government. The race to post-quantum cryptography and quantum computers has not just been an urgency for the U.S. and its allies, but also for adversarial nation-states.

Typhoon of Attacks on Critical Infrastructure

Advanced persistent threat (APT) groups such as Salt Typhoon, Volt Typhoon and Flax Typhoon have already infiltrated critical infrastructure systems, often using “living off the land” techniques. These public and well documented attacks are considered digital terrorism, disrupting U.S. critical infrastructure operations and stealing intellectual property.

In response, the U.S. Government is prioritizing cyber hygiene, secure-by-design and the development of an integrated and robust defense system. Agencies, technology providers and critical infrastructure operators are heavily encouraged to collaborate through information sharing, adoption of emerging technologies and routine threat assessments. The severity of these cyberattacks have increased substantially, highlighting the urgency for a more proactive and coordinated national response from the U.S. Government.

Streamlining Cybersecurity Compliance

The current cybersecurity regulatory landscape presents a fragmented maze of overlapping requirements that hinder both innovation and effective security implementation. Government and industry security teams are overwhelmed by conflicting standards across Federal, State and agency-specific frameworks. Organizations must navigate multiple compliance frameworks—FedRAMP, National Institute of Standards and technology (NIST) requirements, Cybersecurity Maturity Model Certification (CMMC) and various state requirements—creating redundant processes that drain resources without enhancing security.

To address this, industry leaders are advocating for regulatory harmonization initiatives. Federal agencies are working to align various compliance frameworks while updating modernization strategies to build interoperability. By aligning around core standards like NIST 800-53 and implementing automated compliance tools, agencies can reduce complexity while maintaining robust cybersecurity postures. Forum participants agreed: harmonized regulations are essential to enabling secure innovation without compromising oversight.

The Global Cyber Innovation Forum demonstrated that securing America’s digital future requires unprecedented coordination between Government agencies, private industry and international allies. As adversaries continue exploit emerging technologies, the U.S. must respond with unified strategies that streamline regulations, accelerate innovation and sustain global cyber leadership. The insights shared offer a critical roadmap for defending against tomorrow’s threats in a rapidly evolving digital landscape.

Visit Carahsoft’s Resource Hub to dive deeper into the key takeaways, expert perspectives and resources from the 2025 Global Cyber Innovation Forum.

Snyk for Government Achieves FedRAMP Moderate Authorization: A Milestone for Secure Government Software

Posted on by Danny Allen

Today marks a significant milestone for Snyk and, more importantly, for the security posture of the U.S. Government. I’m thrilled to introduce Snyk for Government, our FedRAMP Moderate authorized solution for the Public Sector.

This authorization underscores our unwavering commitment to providing secure development solutions that meet the rigorous standards of the Federal Risk and Authorization Management Program (FedRAMP). It means that U.S. Government agencies can now confidently leverage Snyk’s comprehensive platform to identify and remediate vulnerabilities throughout their software development lifecycle, knowing it meets the stringent security and compliance requirements mandated by the Federal Government.

This achievement is not just a certification; it’s a testament to our dedication to building trust and ensuring the integrity of the software that powers critical Government functions. It allows agencies to embrace modern development practices, including the use of open source software and cloud-native technologies, with the assurance that security is baked in from the start.

The Power of Proactive Security

At Snyk, we believe that security shouldn’t be an afterthought. It needs to be an integral part of the development process. Our platform empowers developers to find and fix vulnerabilities in their code, dependencies, containers and infrastructure as code – early and often. This proactive approach not only reduces risk but also accelerates development cycles by preventing security issues from becoming costly roadblocks later on.

Snyk for Government offers the same powerful capabilities that our enterprise customers rely on, tailored to the specific needs and compliance requirements of Government agencies based on NIST 800-53v5 security controls. This includes:

Comprehensive Vulnerability Detection: Identifying security flaws in open source libraries, proprietary code, containers and infrastructure configurations.
Actionable Remediation Advice: Providing clear guidance and automated fixes to address vulnerabilities quickly and efficiently.
Policy Enforcement: Enabling organizations to define and enforce security policies across their development teams.
Integration with Developer Tools: Seamlessly integrating with popular IDEs, build tools and CI/CD pipelines.
Detailed Reporting and Compliance Features: Providing the visibility and documentation needed to meet FedRAMP requirements.

Investing in the Future of Security: The Snyk AI Advantage

At Snyk we recognize the transformative potential of AI in cybersecurity. By leveraging machine learning and advanced algorithms, we are building intelligent capabilities into our platform that will provide even more accurate vulnerability detection, smarter remediation recommendations and enhanced threat intelligence.

AI is accelerating development faster than ever with Snyk you can ensure the code flooding your systems is secure and, beyond development, verify AI-powered apps aren’t creating unmanaged security risks. Ensure your organization stays secure our AI enabled agentic solution:

Keep Pace with Development: Learn how to scale security to match AI-generated code’s unprecedented speed and volume.
Staying Ahead of New Threat Vectors: Tackle emerging AI threats as apps increasingly leverage LLMs.
Adapting Developer Workflows: Explore the evolving role of developers and the skills needed for a new era of AI-assisted coding and building AI-powered apps.
Build Upon ApSec Governance: Leverage AppSec governance towards secure AI adoption and risk management.

For U.S. Government agencies, these AI-driven advancements will translate into a more resilient and secure digital infrastructure. For the enterprises that service the Government, integrating Snyk’s AI-powered platform into their development processes will not only help them meet stringent security requirements but also provide a competitive edge by building more secure and reliable solutions.

The FedRAMP Moderate authorization for Snyk for Government is a significant step forward in our mission to empower organizations to build securely. Combined with our ongoing investment in cutting-edge technologies like AI, we are confident that Snyk will continue to be a trusted partner for the U.S. Government and its partners in navigating the evolving landscape of software security.

We are excited about this milestone and look forward to helping Government agencies and their partners build a more secure digital future, together.

The Top Human Capital Events for Government in 2025

Posted on by Daniel Bauer

The recent emphasis on reforming the Federal workforce has highlighted the pivotal role of effective human capital management (HCM) in driving mission readiness and Government efficiency. From improving recruitment processes, including accelerated hiring timelines and increased transparency, to implementing strategic workforce development initiatives leveraging skills-based assessments, a modern HCM approach is being used to rapidly transform agencies with the expectation that they will continue to deliver exceptional public service.

Carahsoft and our partners equip Government professionals with the technologies and strategies that will shape the next generation of public service excellence in this evolving landscape.

Modern AI-powered recruitment platforms, predictive analytics and cutting-edge workforce development tools enable agencies to streamline talent acquisition, enhance employee engagement and strengthen team resilience in an era of increasing demands and limited resources.

For over two decades, Carahsoft’s commitment has been to help Government agencies harness the power of information technology to fulfill their missions, and that focus has never been more relevant than it is today.

Here are the top human capital events of 2025 and 2026.

Government Customer Experience and Engagement Summit

June 3 | Washington, DC | In-Person Event

At the center of technology, culture and strategy is customer experience (CX). At the Government Customer Experience and Engagement Summit, attendees can learn about new and emerging technology from experts in the Federal Government. Sessions will focus on digital transformation and how agencies can utilize technology to build trust through a customer-first culture. By learning how to streamline operations, agencies can focus on building trust, enhancing services and creating a culture that inspires lasting impacts for customers.

Sessions to look out for:

Balancing CX with Cybersecurity

Data Analytics: Turning Insights into Impact

The Employee Experience: A Foundation for CX

Harnessing Your Inner Leader: Empowering a CX Culture

Carahsoft is looking forward to sponsoring the event this year with leaders in the industry. Join us, Government leaders and our CX technology and solutions experts to address and discuss the future. Featured sessions will highlight empowering a CX culture, leveraging automation and analytics to enhance CX and overcome organizational silos.

Los Angeles County AI Professional Development Summit

June 25 | City of Industry, CA | In-Person Event

This single-day summit unites IT leaders and LA County businesses to explore the immediate and long-term opportunities for artificial intelligence (AI). Attendees can expect sessions that dive deep into AI in the Public Sector, discussing the latest trends and use-cases, its opportunities and challenges and AI’s potential for bold leadership and novel possibilities. Whether new to the industry or a veteran, there is something for all attendees to learn from and opportunities to share in.

Sessions to look out for:

The AI Leadership Imperative: Navigating Change

AI Demystified: For All of Us

Unified Intelligence: Collaborative Data Strategies for AI Across LA County

As an anchor sponsor, Carahsoft will be attending the summit alongside several of our partners including Adobe, Salesforce, Accenture, Glean, Knowledgelake and more. Sessions held will showcase many of our vendors with city Government leaders in California to showcase artificial intelligence.

INSA The New IC Fair

June 25 | Arlington, VA | In-Person Event

Before INSA’s New IC event, join an exclusive in-person career networking opportunity focused on the Intelligence Community and national security professionals. The Career Conversations event brings together cleared talent and leading organizations for meaningful dialogue that goes beyond traditional job descriptions. With the majority of cleared candidates being passive job seekers, this unique format emphasizes relationship-building and strategic conversations that lead to successful placements and partnerships.

Event highlights:

Career Conversations: 12-2 pm networking format

Exclusive access to passive cleared talent

Strategic teaming and partnering opportunities

Focus on Intelligence Community and national security roles

Carahsoft partners with ClearanceJobs and the Intelligence and National Security Alliance (INSA) to support this premier career networking event. We are committed to connecting cleared professionals with mission-critical opportunities while supporting the unique talent acquisition needs of the Intelligence Community. Through strategic partnerships and specialized recruitment technologies, Carahsoft and our partners help bridge the gap between exceptional cleared talent and the agencies that depend on their expertise.

NASPE Annual Meeting

July 13-16 | Louisville, KY | In-Person Event

The National Association of State Personnel Executives (NAPSE) provides a collaborative forum for State Human Resource (HR) leaders to share strategies and best practices on developing an effective workforce. Through this annual event, NAPSE, an affiliate organization of The Council of State Governments, hosts human capital directors and senior-level staff to discuss the latest trends in HR, improving the overall quality of HR resources and services provided to State Governments.

Carahsoft and our partners connect state HR leaders with cutting-edge human capital technologies designed specifically for Government environments at NASPE’s 2025 Annual Meeting. The conference allows attendees to spend time networking and learning about human resource products. Sponsors of the event will get to spotlight their solutions during the scheduled sessions. Be on the lookout for more information on this event.

NASWA Summit

September 10-11 | Dallas, TX | In-Person Event

The National Association of State Workforce Agencies (NASWA), a national organization representing all 50 state workforce agencies, D.C. and U.S. territories, hosts this premier workforce summit. Leaders in the state workforce agencies and key staff will discuss key issues in the labor system, such as training, employment, careers and wages. This year, the main discussions will be on unemployment insurance, employment statistics and labor market information.

View the Agenda at a Glance for an overview of this year’s Summit.

As a key technology partner, Carahsoft is committed to bringing you the latest tech in human capital. Eightfold.ai, Salesforce, AWS, Deloitte and many other vendors have been attending this event for over 4 years. Come check out the latest and greatest updates at their booths. We hope you will join us at NASWA Summit to learn, network and prepare for our future workforce. 

Leap HR: State & Local Government

September 9-10 | Denver, CO | In-Person Event

Leap HR welcomes HR leaders, IT professionals and State and Local Government officials to brainstorm and collaborate ways to retain the Public Sector workforce, enhance performance and manage talent across various careers. Uncover the Public Sector’s best practices and data-driven insights on attracting and retaining the next generation of the workforce, driving talent mobility, incentivizing high performance and employee growth and more.

Sessions to look out for:

Discover: Optimizing Performance Management with Data Analytics

Develop: What More Can We Learn About the Technology That Can Help Us Reduce Time to Hire?

Action: How Can You Utilize Data and Analytics to Inform Your Performance Strategy and Increase Effectiveness Within Your Workforce?

As an official partner of Leap HR, Carahsoft showcases the technology solutions that solve State and Local Government’s most pressing workforce challenges. This year’s event will be led by expert speakers in human resources roles from State and Local Governments.

HR Tech

September 16-18 | Las Vegas | In-Person Event

This event brings together leaders in the HR technology community to share industry insights. Attendees can expect a large HR expo, exhibit and leading educational sessions on the future of HR. Do not miss this key executive event to explore the latest in HR technology, gain exclusive access to current research, build professional ties and interact with top thought leaders to learn about the intersection of technology and human capital.

Sessions to look out for:

Investor Summit Welcome: Unveiling the Future of WorkTech Investment

The Balancing Act: Human Sustainability in the Age of AI

Crafting Exceptional Employee Journeys with Better HR Tech Adaption

Carahsoft and our partners look forward to showcasing the best in human resources technology at HR Tech 2025. Multiple sessions will take place at the same time on similar topics, so attendees learn what best aligns with their hr needs. Come check out partner exhibits at the expo. Look out for more information on the agenda of speakers.

ClearanceJobs Connect

September 18-19 | Reston, VA | In-Person Event

ClearanceJobs Connect hosts leaders in the national security space to discuss recruiting professionals. As the only event focused on security cleared recruiting, ClearanceJobs Connect recruits Government speakers from both the Defense Office of Hearings and Appeals (DOHA) and the Defense Counterintelligence and Security Agency (DCSA). Attendees will learn about the latest security clearance policies, network with associates and discover the newest and greatest industry insights.

Details about the sessions for the event will be announced later this year.

Carahsoft’s strategic partnership with ClearanceJobs positions us at the epicenter of national security talent acquisition. We are excited to attend ClearanceJobs Connect this autumn alongside several of its partners. Through specialized sessions and partner demonstrations, we’ll showcase how modern recruitment technologies can streamline the complex process of finding, vetting and onboarding cleared talent while maintaining the highest security standards.

WorldatWork Total Rewards ‘26

April 20-22 | San Antonio, TX | In-Person Event

WorldatWork Total Rewards ‘26 is the premier event for Total Rewards revolutionaries, providing a platform to form deep connections with professionals and gain new, inventive insights focused around transforming talent within your organization. With innovative sessions and curated networking aimed at fostering meaningful connections, this event offers a powerful, personalized experience that delivers immediate solutions within a unique, festival-like atmosphere. Experience a transformative journey that enables your organization to enlist real solutions in the realm of human capital.

Carahsoft’s participation in WorldatWork Total Rewards ’26 showcases our commitment to revolutionizing how Government organizations approach compensation and benefits. Our technology partners will demonstrate how modern total rewards platforms enable agencies to compete for top talent with dynamic, personalized compensation packages while maintaining fiscal responsibility and regulatory compliance. For an idea of what to expect, check out the program overview for WorldatWork Total Rewards ’26.

Only by fully leveraging its workforce can agencies and organizations carry out their objectives effectively and efficiently. By using modern workforce analytics and strategic HR solutions, agencies can enhance their ability to attract, develop and retain the skilled professionals needed to achieve mission objectives.

Carahsoft is committed to supporting Government workforce transformation through proven technology partnerships and comprehensive solutions. Our vendor ecosystem spans the complete human capital management spectrum, from recruitment and onboarding platforms to performance analytics and professional development tools.

Ready to transform your workforce strategy? Contact us at HRIT@carahsoft.com to discover how our Human Capital Technology solutions portfolio can drive mission success through strategic human capital management.

The Top 10 OSINT Events for Government in 2025

Posted on by Michael Shrader and Marty Gryski

Open Source Intelligence (OSINT) is no longer a niche capability—it is a core component of modern intelligence work. Carahsoft and our partners have spent years attending and supporting the top OSINT events. We have seen firsthand how AI, automation and smarter data strategies are reshaping the way Government teams gather, analyze and act on intelligence.

This list of the top OSINT events for 2025 and beyond highlights the best places to learn, connect and bring new ideas back to your mission.

OSMOSIS: DC

August 6-7 | Reston, VA | In-Person Event

OSMOSIS:DC is a two-day conference held by OSMOSIS, an Association for OSINT Professionals. The theme for this year is “Technology, Trends, and Transformations.” The expo-style event offers participants direct access to leading vendors, hands on experience with the latest tools and expert-led workshops. Attendees will have the opportunity to connect with industry leaders and build career advancement strategies to help stay ahead of emerging OSINT trends. OSMOSIS:DC is a great opportunity to gain transformative insights from the OSINT industry!

Take a look at some of last year’s top themes in preparation for the 2025 event:

Harnessing Location Intelligence: Advanced OSINT Techniques for Cyber Intelligence Investigations

Linguistic Fingerprints: Using Language to Profile Subjects in OSINT Investigation

Digging for Digital Dirt: Unearthing Bad Actors with Open-Source Intelligence

Carahsoft invites our partners to exhibit at OSMOSIS:DC, hosted at our Conference & Collaboration Center in Reston. Whether you are looking to sponsor, speak, exhibit or just attend, reach out to osintverticalmarketing@carahsoft.com to get involved in this intimate networking event!

Billington Annual Cybersecurity Summit

September 9-12 | Washington, D.C. | In-Person Event

The Billington Annual Cybersecurity Summit is the leading forum for cybersecurity professionals, Government leaders and industry executives to discuss emerging threats, best practices and the latest trends. With over 200 expert speakers, 100+ cyber-focused vendors and more than 40 sessions, attendees will have the chance to engage with top specialists, explore state-of-the-art technologies and participate in thought-provoking discussions. The Summit’s strong focus on collaboration between the Public and Private Sectors provides insights that address real-world security challenges. Learn about cybersecurity strategies, AI-driven threat detection and the latest advancements in national defense at this crucial event!

Carahsoft is looking forward to sponsoring and exhibiting at this year’s event. We’re excited to engage with attendees throughout the week. We will also be hosting a large partner pavilion and encourage attendees to stop by and learn more about our partners and their technology solutions! Check out the events tab on our website  for more details closer to the event!

Intelligence & National Security Summit

September 18-19 | National Harbor, MD | In-Person Event

The Intelligence and National Security Summit (INSS), held by AFCEA International and the Intelligence and National Security Alliance (INSA), gathers thought leaders, policymakers and industry experts dedicated to advancing solutions for shaping the future of intelligence and national security. The two-day event will feature five plenaries, and six breakout sessions focused on AI and emerging technologies, critical infrastructure security, space acquisition and more. Attendees will gain hands on experience with innovative technologies in the Intelligence Community (IC), insights from experts in the field, as well as networking opportunities with Government leaders, technical professionals and leading researchers. Expert-led panels and interactive discussions will cover critical national security challenges and provide actionable strategies for navigating the complex world of intelligence. Join this premier forum to explore the emerging threats, intelligence operations and technological advancements that are redefining the security landscape!

Carahsoft supports INSS by enabling our vendor partners to participate as sponsors and exhibitors, ensuring a strong industry presence at the event.

IACP

October 18-21 | Denver, CO | In-Person Event

The International Association of Chiefs of Police (IACP) is an annual event that brings together public safety professionals from around the world to explore new techniques, share expertise and prepare their departments for future success. The conference features an exposition hall showcasing products from more than 600 vendors, education workshops and networking opportunities with fellow law enforcement professionals. Spanning four days, attendees will have the chance to engage in policy discussions on the latest challenges in policing, leadership and public safety innovation. As one of the largest law enforcement events, IACP 2025 is an essential gathering for agencies looking to enhance their strategies and stay ahead in an evolving security landscape.

Attendees should expect sessions surrounding how to leverage OSINT for criminal investigations, OSINT for threat assessment and risk mitigation, as well as Dark Web and Deep Web investigations.

Carahsoft will have a booth at IACP where several of our vendor partners will demonstrate their solutions and share educational content. We will also be hosting a networking reception with several of our vendor partners, welcoming conference attendees for food, drinks, networking and more! 

OSINT Foundation Awards

November 7 | VA | In-Person Event

The OSINT Foundation Awards recognize individuals and organizations that have made significant contributions to the field of OSINT. Attendees will explore the latest OSINT methodologies, data analysis techniques and the critical role of open source information (OSIF) in national security and risk assessment. This prestigious event highlights major achievements, facilitates professional networking and demonstrates OSINT’s impact on intelligence operations. Join industry experts as they honor innovation, dedication and the future of OSINT!

Awards honored at last year’s ceremony included:

Innovation of the Year

Volunteer of the Year

Practitioner of the Year

Unit of the Year

Catalyst of the Year

Product of the Year

View a more in-depth explanation of the selection criteria here.

Carahsoft is a proud partner of the OSINT Foundation, supporting them annually by hosting the OSINT Foundation Tech Expo. We encourage our partners to get involved with this event by nominating individuals who they believe exemplify excellent service to the nation and contribute to the OSINT discipline.

DoDIIS

December 7-10 | Ft. Lauderdale, FL | In-Person Event

The 2025 Department of Defense Intelligence Information System (DoDIIS) Worldwide Conference, hosted by the DIA, will bring together leaders from the DoD, industry and academia experts, the IC and Five Eyes (FVEY) partners to discuss the future of Information Technology (IT), cybersecurity and intelligence integration. The conference will feature keynote addresses from top defense officials and breakout sessions on AI, data analytics, cloud computing and emerging threats. Attendees will have the opportunity to connect with decision-makers and explore innovative technologies in the exhibition hall. DoDIIS 2025’s dynamic speakers and hands on technology demos make it the principal event for advancing national security through innovation.

Check out our website closer to the event for more information.

Carahsoft will showcase its Partner Pavilion with interactive demo kiosks and exhibitor booths; this will include several vertical alleys for attendees to visit. Carahsoft will also offer several speaking opportunities to its partners, including FedGovToday interviews and executive briefing sessions. Additionally, all DoDIIS attendees are invited to join Carahsoft for a networking reception.

OSINT Foundation Tech Expo

April 30 – May 1, 2026 | Reston, VA | In-Person Event

The OSINT Foundation Tech Expo is an annual event that brings together professionals and experts in the field, showcasing the latest advancements in OSINT technologies and related services. Attendees can expect a variety of presentations, workshops and networking opportunities designed to enhance knowledge and skills in gathering and analyzing publicly available information. The event aims to foster collaboration and innovation within the OSINT community, making it a must-attend for anyone involved in intelligence and cybersecurity!

Carahsoft is proud to host the OSINT Foundation Tech Expo at the Carahsoft Conference & Collaboration Center in Reston, a space dedicated to ensuring collaboration and support across the technology industry and Government. Carahsoft invites our partners to join the 50 OSINT vendors and agencies already lined up to showcase their own tabletop exhibits. Carahsoft has also collaborated with FedGovToday’s Francis Rose to interview our partners for their Innovation in Government and Video Insights!

GEOINT 2026

May 3-6, 2026 | Aurora, CO | In-Person Event

The Geospatial Intelligence (GEOINT) Symposium is the nation’s largest gathering of industry professionals and Government leaders and will be held at the America’s Center Convention Complex in St. Louis. This year’s theme, “Building a Secure Tomorrow Together,” highlights the collaborative efforts and cutting-edge innovations shaping the future of geospatial intelligence. The symposium will feature industry-leading keynote speakers, main stage panels and hands on training sessions on topics such as mission planning, precision timing and navigation. Attendees will be able to engage with geospatial intelligence experts to deepen their understanding, foster connections and stay at the forefront of innovative technologies. Attend GEOINT 2026 to explore the critical role geospatial intelligence will play in building a secure future!

Carahsoft intends to showcase a Partner Pavilion with our vendors again in 2026. We look forward to attending GEOINT 2026 and join our OSINT customers to learn more about the latest in geospatial open source intelligence.

SOF Week 2026

May 3-8, 2026| Tampa, FL | In-Person Event

SOF Week 2026 is the annual gathering for the international Special Operations Forces (SOF) community. Jointly sponsored by U.S. Special Operations Command (USSOCOM) and the Global SOF Foundation, the event serves as a platform for fostering collaboration, innovation and excellence in modern special operations. SOF Week will feature keynote addresses from senior leaders, professional development workshops, chances to network and sessions focused on non-profit initiatives. Do not miss this key event shaping the future of SOF operations!

Carahsoft and more than 45 partners will attend and showcase solutions in AI, DevSecOps, cybersecurity, cloud technologies and open source intelligence.

TechNet Cyber 2026

June 2-4, 2026 | Baltimore, MD | In-Person Event

TechNet Cyber 2026, hosted by the Armed Forces Communications and Electronics Association (AFCEA), is a flagship cybersecurity event bringing together U.S. Cyber Command, the Defense Information Systems Agency (DISA), Joint Force Headquarters-Department of Defense (DoD) Information Network and DoD Chief Information Office (CIO), as well as a mix of military, Government, industry and academic leaders. This conference serves as a platform for collaboration, uniting policy, strategic architecture, operations and command and control to address global security challenges in the digital domain. Attendees can expect a comprehensive program featuring expert panels on cybersecurity advancements, technology demonstrations and networking events aimed at enhancing national cybersecurity efforts. Join us in Baltimore to connect with top decision-makers and help drive solutions for this vital mission!

The event will feature a range of exhibitors, including Carahsoft’s leading cyber technology providers. Carahsoft looks forward to joining our open source intelligence customers at TechNet Cyber in 2026.

Join us at one of our 2025 OSINT events to connect with intelligence leaders and professionals dedicated to advancing OSINT. Do not miss this opportunity to explore innovative OSINT techniques and tools, data analysis, cybersecurity and more!

To learn more or get involved in any of the above events please contact us at OSINTVerticalMarketing@Carahsoft.com. For more information on Carahsoft and our industry leading OSINT technology partners’ events, visit our OSINT solutions portfolio.

From Concept to Implementation: Operationalizing Zero Trust Architecture in Government Environments

Posted on by Norman Wong

Zero Trust has evolved over the last 15 years into a cornerstone of Federal cybersecurity strategy, influencing enterprises as well as State and Local Governments. While the principles of continuous authentication and least privilege are widely accepted, many organizations still need the industry’s support with implementation.

The National Institute of Standards and Technology’s (NIST) National Cyber Center of Excellence (NCCoE) has bridged this gap by offering practical guidance for applying Zero Trust concepts in real-world solutions.

Understanding Zero Trust Principles

Zero Trust is a cybersecurity strategy built on the assumption that networks are already compromised, making it the most resilient approach for securing today’s hybrid environments. Rather than relying on network perimeters, Zero Trust focuses on continuous authentication and verification of every access request, regardless of where those resources are located.

This approach requires organizations to secure all communications through encryption and authentication, grant access on a per-session basis with least privileges, implement dynamic policies, continuously monitor resource integrity and authenticate before allowing access. The objective is to reduce implicit trust between enterprise systems to minimize lateral movement by potential attackers.

Organizations must also collect and analyze as much contextual information as possible to create more granular access policies and strengthen current controls for an enhanced Zero Trust Architecture (ZTA).

NIST’s Role and Guidance

NIST has been instrumental in defining and operationalizing Zero Trust through guidance documents and practical demonstrations like Special Publication (SP) 800-207, published in 2020, which established the foundation for ZTA. Building on this framework, NIST’s NCCoE worked with industry, Government and academia to launch a project to show how these concepts could be implemented in real-world environments.

Initially focused on three example implementations, the project expanded to 19 different ZTA implementations using technologies from 24 industry collaborators, including Palo Alto Networks.

These implementations were built around three primary deployment approaches:

Enhanced Identity Governance: Emphasizes identity and attribute-based access control, ensuring access decisions are linked to user identity, roles and context.
Microsegmentation: Uses smart devices such as firewalls, smart switches or specialized gateways to isolate and protect specific resources.
Software-Defined Perimeter (SDP): Creates a software overlay to protect infrastructure—like servers and routers—by concealing it from unauthorized users.

Although not included in SP 800-207, the project also recognized Secure Access Service Edge (SASE) as an emerging deployment model that integrates network and security functions into a unified, cloud-delivered service.

Practical Implementation Strategies

Palo Alto Networks - Operationalizing Zero Trust - Blog - Embedded Image - 2025

The NCCoE project tackled the critical question: where should organizations start on their Zero Trust journey? By adopting an agile, incremental approach with “crawl, walk and run” stages, the project phased its implementation based on deployment approaches. This allowed gradual, manageable builds while addressing real-world complexities.

Technologies such as firewalls, SASE with Software-Defined Wide Area Network (SD-WAN) and Endpoint Detection and Response (EDR) using Palo Alto Networks Cortex XDR® were utilized, with remote worker scenarios reflecting modern hybrid environments. NIST SP 1800-35 outlines the phased approach and provides a practice guide, including technologies, reference architectures, use cases, tested scenarios and security controls built into each implementation.

One of the most significant challenges addressed was interoperability between different security solutions. Rather than overhauling infrastructure, organizations can leverage existing technologies while gradually introducing new solutions to enhance security and move toward a mature ZTA.

Integrating Technology Solutions

The NCCoE highlighted how comprehensive security platforms enable Zero Trust principles across hybrid environments. Palo Alto Networks presented a comprehensive ZTA built with artificial intelligence (AI) and machine learning (ML), leveraging capabilities including Cloud Identity Engine for federated identity management, next-generation firewalls for microsegmentation, cloud-delivered security services and SASE for remote access and EDR.

The approach focused on three key objectives:

Continuous trust verification and threat prevention
Single policy enforcement across all environments
Interoperability with other security solutions

AI was embedded throughout the platform—from policy creation to user and device analysis—ensuring that Zero Trust policies are enforced consistently and adapted automatically in response to evolving threats. This intelligent strategy provides a scalable and resilient foundation for securing modern, hybrid environments.

Community Collaboration and A Holistic Approach

The success of the NCCoE project underscored the importance of collaboration between Government and industry to develop practical Zero Trust solutions. This partnership enabled the development of a holistic security monitoring system that can track user behavior across on-premises, cloud and remote environments. The integration of AI and ML streamlined incident response, reducing mean time to detection and resolution.

Experts recommend that organizations begin their Zero Trust journey with fundamental capabilities such as identity and access management (ICAM), endpoint security and compliance and data security. Implementing multi-factor authentication (MFA), integrated with existing Active Directory (AD) systems or identity providers, is an effective first step in strengthening access security. Monitoring network traffic and endpoint behavior using threat intelligence, user behavior analytics and AI allows organizations to proactively detect and respond to threats, providing a solid foundation for a resilient ZTA.

The journey to operationalizing Zero Trust continues to evolve, with NIST planning updates to their guidance documents to address emerging technologies like SASE and special considerations for operational technology (OT) environments. By adopting the principles, frameworks and practical implementation approaches demonstrated through the NCCoE project, Government agencies can develop more resilient security architectures that protect resources across diverse environments.

To learn more about implementing ZTAs in Government environments, watch the full webinar “Operationalizing Zero Trust: NIST and End-to-End Zero Trust Architectures,” presented by Palo Alto Networks, NIST and Carahsoft.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Palo Alto Networks, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.