Tag Archives: Cybersecurity

Key Insights from Global Cyber Innovation Forum 2025 

Posted on by
Reply

The 2025 Global Cyber Innovation Forum served as a premier gathering where cybersecurity’s most pressing challenges meet collaborative solutions.  

Hosted by  Forgepoint Capital, Snowflake, Forescout, Google Cloud and Carahsoft at the Embassy of Canada in Washington, D.C., the Forum brought together a curated audience of influential cyber leaders from across the globe, including industry executives, Government officials, policy leaders, venture capitalists and thought leaders from academia and the non-profit sector.  

This annual event provided a platform for critical discussions on emerging threats, technological innovation and strategic partnerships essential for securing our digital infrastructure. Five key themes stood out throughout the sessions: 

  • National Security Threats with Supply Chain Vulnerabilities 
  • The Rise and Race to AI Dominance 
  • The Edge of Quantum Transformation 
  • Typhoon of Attacks on Critical Infrastructure 
  • Streamlining Cybersecurity Compliance 

National Security Threats with Supply Chain Vulnerabilities 

The digital supply chain, specifically software and applications civilians use, have increasingly become a source of critical national security vulnerabilities. Government officials and industry leaders warn that software and digital platforms sourced from foreign adversaries have reshaped the threat landscape by implanting foreign influence in the U.S. technology ecosystem.  

Technology serves as a funding mechanism for adversaries and comes with a hidden price of mass data collection, making it easier for threat actors to access sensitive information and transform traditional cyberattacks. The lack of transparency in certain nation-states raises concerns on regulatory consequences, potentially giving adversaries a strategic edge in information warfare and creating a blind spot in the global tech supply chain.  

U.S. leaders emphasize the necessity for regulated technology supply chains and accelerated Federal certifications, specifically FedRAMP, to ensure innovation does not come at the cost of national security. 

Rise and Race to AI Dominance 

With the rise of artificial intelligence (AI), data has become the modern form of power. Foreign adversaries are striving to build or gain access to data pipelines to fuel their AI models, bypassing privacy in a way that allows them to train AI models much faster than has been possible in America. The U.S. must counter this by accelerating our own AI model training and innovation, while safeguarding privacy and data integrity.  

Government and industry experts state that AI is being underutilized across U.S. operations. The current administration has streamlined AI usage through Executive Order 14179: Removing Barriers to American Leadership in Artificial Intelligence and Executive Order 14277: Advancing Artificial Intelligence Education for American Youth. Additionally, AI should be deployed when combating advanced cyberattacks and automating routine cybersecurity efforts such as threat detection, incident response and vulnerability identification. 

The Edge of Quantum Transformation 

Emerging technologies such as quantum computing are rapidly approaching mainstream adoption. The massive amount of encrypted data currently stored in secret could be vulnerable to decryption within the next 5 to 10 years. This hovering threat has made the development and deployment of post-quantum cryptography a top priority for the U.S. Government. The race to post-quantum cryptography and quantum computers has not just been an urgency for the U.S. and its allies, but also for adversarial nation-states. 

Typhoon of Attacks on Critical Infrastructure 

Advanced persistent threat (APT) groups such as Salt Typhoon, Volt Typhoon and Flax Typhoon have already infiltrated critical infrastructure systems, often using “living off the land” techniques. These public and well documented attacks are considered digital terrorism, disrupting U.S. critical infrastructure operations and stealing intellectual property.  

In response, the U.S. Government is prioritizing cyber hygiene, secure-by-design and the development of an integrated and robust defense system. Agencies, technology providers and critical infrastructure operators are heavily encouraged to collaborate through information sharing, adoption of emerging technologies and routine threat assessments. The severity of these cyberattacks have increased substantially, highlighting the urgency for a more proactive and coordinated national response from the U.S. Government. 

Streamlining Cybersecurity Compliance 

The current cybersecurity regulatory landscape presents a fragmented maze of overlapping requirements that hinder both innovation and effective security implementation. Government and industry security teams are overwhelmed by conflicting standards across Federal, State and agency-specific frameworks. Organizations must navigate multiple compliance frameworks—FedRAMP, National Institute of Standards and technology (NIST) requirements, Cybersecurity Maturity Model Certification (CMMC) and various state requirements—creating redundant processes that drain resources without enhancing security. 

To address this, industry leaders are advocating for regulatory harmonization initiatives. Federal agencies are working to align various compliance frameworks while updating modernization strategies to build interoperability. By aligning around core standards like NIST 800-53 and implementing automated compliance tools, agencies can reduce complexity while maintaining robust cybersecurity postures. Forum participants agreed: harmonized regulations are essential to enabling secure innovation without compromising oversight. 

The Global Cyber Innovation Forum demonstrated that securing America’s digital future requires unprecedented coordination between Government agencies, private industry and international allies. As adversaries continue exploit emerging technologies, the U.S. must respond with unified strategies that streamline regulations, accelerate innovation and sustain global cyber leadership. The insights shared offer a critical roadmap for defending against tomorrow’s threats in a rapidly evolving digital landscape. 

Visit Carahsoft’s Resource Hub to dive deeper into the key takeaways, expert perspectives and resources from the 2025 Global Cyber Innovation Forum. 

Snyk for Government Achieves FedRAMP Moderate Authorization: A Milestone for Secure Government Software

Posted on by
Reply

Today marks a significant milestone for Snyk and, more importantly, for the security posture of the U.S. Government. I’m thrilled to introduce Snyk for Government, our FedRAMP Moderate authorized solution for the Public Sector.  

This authorization underscores our unwavering commitment to providing secure development solutions that meet the rigorous standards of the Federal Risk and Authorization Management Program (FedRAMP). It means that U.S. Government agencies can now confidently leverage Snyk’s comprehensive platform to identify and remediate vulnerabilities throughout their software development lifecycle, knowing it meets the stringent security and compliance requirements mandated by the Federal Government.

This achievement is not just a certification; it’s a testament to our dedication to building trust and ensuring the integrity of the software that powers critical Government functions. It allows agencies to embrace modern development practices, including the use of open source software and cloud-native technologies, with the assurance that security is baked in from the start.

The Power of Proactive Security

At Snyk, we believe that security shouldn’t be an afterthought. It needs to be an integral part of the development process. Our platform empowers developers to find and fix vulnerabilities in their code, dependencies, containers and infrastructure as code – early and often. This proactive approach not only reduces risk but also accelerates development cycles by preventing security issues from becoming costly roadblocks later on.

Snyk for Government offers the same powerful capabilities that our enterprise customers rely on, tailored to the specific needs and compliance requirements of Government agencies based on NIST 800-53v5 security controls. This includes:

  • Comprehensive Vulnerability Detection: Identifying security flaws in open source libraries, proprietary code, containers and infrastructure configurations.
  • Actionable Remediation Advice: Providing clear guidance and automated fixes to address vulnerabilities quickly and efficiently.
  • Policy Enforcement: Enabling organizations to define and enforce security policies across their development teams.
  • Integration with Developer Tools: Seamlessly integrating with popular IDEs, build tools and CI/CD pipelines.
  • Detailed Reporting and Compliance Features: Providing the visibility and documentation needed to meet FedRAMP requirements.

Investing in the Future of Security: The Snyk AI Advantage

At Snyk we recognize the transformative potential of AI in cybersecurity. By leveraging machine learning and advanced algorithms, we are building intelligent capabilities into our platform that will provide even more accurate vulnerability detection, smarter remediation recommendations and enhanced threat intelligence.

AI is accelerating development faster than ever with Snyk you can ensure the code flooding your systems is secure and, beyond development, verify AI-powered apps aren’t creating unmanaged security risks. Ensure your organization stays secure our AI enabled agentic solution:

  • Keep Pace with Development: Learn how to scale security to match AI-generated code’s unprecedented speed and volume.
  • Staying Ahead of New Threat Vectors: Tackle emerging AI threats as apps increasingly leverage LLMs.
  • Adapting Developer Workflows: Explore the evolving role of developers and the skills needed for a new era of AI-assisted coding and building AI-powered apps.
  • Build Upon ApSec Governance: Leverage AppSec governance towards secure AI adoption and risk management.

For U.S. Government agencies, these AI-driven advancements will translate into a more resilient and secure digital infrastructure. For the enterprises that service the Government, integrating Snyk’s AI-powered platform into their development processes will not only help them meet stringent security requirements but also provide a competitive edge by building more secure and reliable solutions.

The FedRAMP Moderate authorization for Snyk for Government is a significant step forward in our mission to empower organizations to build securely. Combined with our ongoing investment in cutting-edge technologies like AI, we are confident that Snyk will continue to be a trusted partner for the U.S. Government and its partners in navigating the evolving landscape of software security.

We are excited about this milestone and look forward to helping Government agencies and their partners build a more secure digital future, together.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Torq we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Digital Wallets: The Bridge Between Patient and Provider

Posted on by
Reply

Across the nation, healthcare services are indispensable in protecting people. As expectations grow and evolve, the healthcare industry must be ready to innovate to provide the best experience for patients and providers alike. Digital wallets with identity verification are a helpful tool which can establish trust, store data and enable patients to take control of their healthcare.

The Solution to a Divided System

Healthcare providers are spread across multiple companies, cities and states. The lack of a centralized database results in a fractured state of medical records. Patients often lose track of their medical history, and transferring data can be difficult in scenarios that happen across state lines—for example, if a patient needs emergency treatment in a state they do not reside in. Recent standards, such as the Trusted Exchange Framework Common Agreement (TEFCO), a legal consensus that enables network-to-network data sharing, promotes the idea of transferring data regardless of location. Digital wallets allow for a national, unified experience to review and obtain medical records, empowering patients and providers alike.

Bridging Healthcare Sectors Blog Embedded image 2025

Benefits of a Digital Wallet

Digital wallets with verifiable credentials embolden users with a quick, accessible way to deliver their framework across the healthcare sector.

There are numerous benefits to having a digital wallet. They provide:

  • Interoperability: Digital wallets are designed to work well with other systems, promoting a cohesive experience across different providers and geographical distances.
  • Enhanced Security: Patients can take control of their data and decide when it is shared.
  • Improved User Experience: By providing swift user verification without redundancy, users can enjoy a smooth and frictionless experience.
  • Unified Standards: The community driven nature ensures a consistent experience across all use cases.

Equipped with a digital identity, healthcare systems are enabled to provide and receive swift, efficient care.

Building A Unified Experience

The rise of verifiable digital credentials, such as multi-factor authentication (MFA), phishing resistant authenticators and strong identifiers like pass keys, enables end users to reliably tie themselves to a digital identity while protecting against fraud, waste and abuse. It is important to balance strong, accurate authenticators with an accessible end user experience. Patients value simplicity and accessibility, so structures that require numerous logins can be viewed as cumbersome.

Before deploying features of the digital wallet, all participants should agree on the framework for identity verification. Referring to the standards of the World Wide Web Consortium (W3C), TEFCO and 21st Century Cures Act can help involved parties agree on a method of identity verification and credentials that satisfy safety, accessibility and interoperability all at once.  

Functionally, digital wallets independently verify each user. First, the patient submits a digital representation of their identity, whether a passport, license or other form of identification. Next, a data broker verifies the information submitted for validation. This validation is secured and verified with cryptographic keys. Passkeys protect the digital wallet while simultaneously verifying that the party accessing it is correct.

With trust established, users can manage and own their healthcare data.

To learn more about integrating interoperability, security and a unified customer friendly experience through digital wallets, watch 1Kosmos’s webinar “Bridging Healthcare Sectors with Digital Wallets.”

The Top 6 Insights from GEOINT 2025 

Posted on by
Reply

Geospatial intelligence (GEOINT) stands at the forefront of national security innovation, where cutting-edge technologies are rapidly transforming how decision-makers understand and respond to global threats.  

At GEOINT Symposium 2025, industry experts, Government officials and thought leaders joined to discuss the latest technology innovations. This year’s conference saw discussion centering around several topics, such as the integration of artificial intelligence (AI), workforce development and new innovations.  

Carahsoft and over fifty of our technology partners attended to showcase solutions in AI, cybersecurity and more to support GEOINT mission objectives. Watch all GEOINT sessions to discover how emerging technologies, policy shifts and mission priorities intersect across the Public Sector.

Here are my top six takeaways. 

Global Intelligence Coordination and Artificial Intelligence Integration 

In the session “Global Intelligence, Local Impact: Source and Analysis at the Speed of Mission,” speakers Gary Dunow, the Executive Vice President at USGIF, Tracy Maloney, the Deputy Director of Source Operations at National Geospatial-Intelligence Agency and Shelby Pierson, the Director of Analysis at National Geospatial-Intelligence Agency discussed tools that maximize efficiency to help fulfill mission objectives. The National Geospatial-Intelligence Agency (NGA) aims to form efficient partnerships that enhance operational effectiveness across all Combatant Commands (COCOMs), and help with the development of streamlined tools that support current DOD intelligence needs. Change detection capabilities, large language models (LLMs) and other AI models are becoming increasingly valuable, with NGA focusing on building confidence in these technologies while curating essential content. The intelligence community is prioritizing geolocated open-source reporting through two active opportunities: metadata tagging to address imagery gaps regardless of source, and cross-domain solutions enabling seamless integration of varied intelligence sources from both domestic and foreign origins. Tulsi Gabbard, the Director of National Intelligence (DNI), emphasized the importance of proactive information sharing rather than waiting for agency requests, while simultaneously building workforce trust in AI through mechanisms for expressing concerns, understanding risks, acknowledging early adoption already underway and cultivating confidence in these emerging technologies. 

Rapid Space-Related Intelligence Sharing 

The U.S. Space Force and NGA signed a memorandum of agreement at GEOINT, which was discussed at the keynote hosted by General Chance Saltzman, the Chief of Space Operation at U.S. Space Force, Vice Admiral Frank Whitworth, Director at the NGA, and Dan Smoot, the Chief Executive Officer at Maxar Intelligence.  

This memorandum comes from the demand for faster access to space-based intelligence for military missions. The agreement enhances intelligence sharing by streamlining coordination between the National Reconnaissance Office (NRO)’s collected commercial satellite imagery, the NGA ‘s data analytics that produce comprehensive intelligence products and the Space Force, who then delivers space-related intelligence to military commanders through its Tactical Surveillance, Reconnaissance and Tracking (TacSRT) program. Through this memorandum, the military gains rapid situational awareness and heightened synergy across Federal agencies. This collaboration streamlines intelligence sharing, enabling faster and more efficient coordination between  

GEOINT Initiatives 

In her keynote address, Tulsi Gabbard, the Director of National Intelligence of the United States, outlined the Federal approach to GEOINT initiatives, which emphasizes peace maintenance and military readiness. According to Gabbard, to maintain excellence, the Federal Sector must maintain pace with trending technology. Gabbard addressed procurement challenges facing small businesses and stressed the administration’s commitment to technology advancement, geospatial funding priorities and cross-agency partnerships. One such technology, AI, represents both a challenge and opportunity to transform geospatial professional roles without replacing human expertise. The Intelligence Community’s primary focus is conflict prevention rather than winning conflicts, with the GEOINT discipline building crucial trust.  

NATO Priorities in Intelligence and Defense 

The North Atlantic Treaty Organization (NATO) is actively investing in cutting-edge technologies across the space and sea. During Major General Paul Lynch, the Deputy Assistant Secretary General of Intelligence and NATO International Military Staff’s keynote address, he discussed Federal priorities to integrate AI to stay ahead of emerging threats. In response to these evolving threats, NATO has launched ambitious military exercises, including STEADFAST Defender 2024. One of NATO’s largest military exercises, STEADFAST Defender 2024 is actively pursuing digital transformation and intelligence sharing across while developing closer partnerships with industry experts. NATO’s recent initiatives with the private sector have launched underwater vehicles to aid in mission objectives of remaining at the forefront of defense.  

Education and Workforce Development in Geospatial Intelligence 

During her keynote address, Tulsi Gabbard emphasized that the geospatial field faces a critical shortage of young talent. Government programs that provide opportunities for new generations are important to inspiring growth. One such program is the United States Geospatial Intelligence Foundation (USGIF)’s “GEOINT Symposium Young Professionals Golden Ticket”, which provides mentoring sessions with GEOINT professionals and opportunities at USGIF events. Carahsoft’s Geospatial Internship Program is another opportunity for incoming professionals. Pathways for further educational curriculum development were discussed at the session “Keynote: Digital Twins and GEOINT – Transforming Intelligence with 3D Analytics.” This keynote offered encouraging developments that will allow the incoming workforce to get involved. The field is becoming increasingly accessible, with open-source data platforms, such as GitHub, significantly lowering entry barriers for newcomers. New opportunities in low-code and no-code environments have been created. While the speakers acknowledged a current pause in Government hiring, the democratization of geospatial technology allows students with creative mindsets to leverage open-source data to enter geospatial careers. 

A Hub for Geospatial Capabilities 

St. Louis is establishing itself as the epicenter of GEOINT and geospatial efforts. At his keynote session, Senator Eric Schmidt discussed the coordinated statewide university initiative to train the next generation of professionals and anchored with the T-Rex innovation center. This transformation is further enhanced by the new geospatial employment pilot program headquartered at the NGA West, recognizing GEOINT’s critical role in providing commanders with clearer operational pictures. As military leaders increasingly demand more ISR (Intelligence, Surveillance, and Reconnaissance) and GEOINT capabilities, strategic investments in people, partnerships and platforms continue to provide the United States with its competitive edge in the intelligence domain. 

Through developments for the future workforce, marine technology and defense initiatives, the GEOINT community maintains the nation’s security. As industry, Government and academia come together, these efforts ensure the United States remains prepared to meet global challenges with agility, innovation and intelligence-driven precision. 

To learn more about the innovative technologies featured at GEOINT, visit Carahsoft’s Geospatial portfolio.  For additional research into the key takeaways that industry and Government leaders presented at GEOINT, view Carahsoft’s full recap. 

Why Cloud, Why Now? Modernizing federal IT: Why the cloud is becoming the new standard

Posted on by
Reply

The shift to Atlassian Government Cloud unlocks new potential for federal agencies

Modernization has been a Federal priority for over a decade, but the realities of legacy systems, compliance mandates and limited resources have forced IT leaders to make hard tradeoffs. The pandemic accelerated digital transformation, proving just how critical resilient, cloud-based systems are to mission continuity and citizen services.

Yet many agencies have remained tethered to on-premises tools not by choice, but by compliance constraints.

Now that Atlassian Government Cloud is FedRAMP Moderate authorized, agencies can confidently shift core collaboration and service delivery workloads to the cloud with security and compliance in place.

The opportunity to modernize is clearer than ever. With compliance barriers removed, cloud adoption becomes not just feasible, but foundational to moving missions forward.

FedRAMP Moderate removes the guesswork

Atlassian Government Cloud is a dedicated environment built specifically for public sector teams and limited to U.S. Government agency and contractor usage. It delivers the performance Federal agencies need, with the security and compliance they require.

This includes:

  • FedRAMP Moderate Authorization for Jira, Confluence and Jira Service Management
  • Dual-region hosting on AWS commercial US East/West regions
  • Continuous monitoring aligned to FedRAMP Moderate standards

Atlassian’s Government cloud platform is built on the same architecture that powers Cloud Enterprise, offering the scale, reliability and control public sector teams need. It’s designed to reduce friction and deliver continuous innovation while maintaining trust and transparency.

From patching systems to powering missions

Agencies that remain on legacy infrastructure are fighting a battle on two fronts: maintaining outdated systems while trying to meet new mission demands. That approach is no longer sustainable.

Modernizing with Atlassian Government Cloud eliminates the distractions of infrastructure maintenance and opens the door to high-impact work. Instead of managing update cycles or responding to fire drills, IT teams can shift their focus to scaling digital services, working with disparate teams and improving citizen-facing outcomes.

For IT administrators, this shift is transformational. Cloud offloads the operational burden they’ve carried for years—manual upgrades, weekend patching, surprise outages. With that weight lifted, teams can focus on enabling smarter service delivery across the agency.

As Jeff Garrett, Technical Product Manager at the California Department of Health Care Services shared, “I’ve had to maintain server infrastructure in the past. It’s not pleasant. Being on Atlassian Cloud Enterprise means we don’t have to do that anymore. Plus, we can add and remove applications quickly.”

This is how mission work moves forward with greater speed, clarity and alignment.

Built-in collaboration, automation, and insight

Atlassian Government Cloud offers more than security and compliance. It enables new ways of working across teams and departments, aligning your entire agency and harnessing your data.

Consider this scenario: A Federal program team launches a new initiative to expand community outreach. Rather than waiting weeks for a custom workflow, they spin up a new Jira project using a pre-built template with no administrator required. HR and legal teams contribute to project planning in Confluence, while real-time insights track progress across departments. No tickets. No silos. Just forward momentum.

The scenario above shows how teams can move faster using features like team-managed projects and templates in Jira, along with native incident management in Jira Service Management.

In addition to streamlining work, Atlassian Government Cloud will soon include Atlassian Analytics, bringing cross-product visibility and supporting data-driven decision-making across teams.

Beyond what’s available in Atlassian Government Cloud today, we’re also committed to delivering the same innovative features you’ll find in our commercial products, like Confluence Whiteboards and Goals. We’re actively developing our roadmap for Atlassian Government Cloud and will share more information soon.

Migration isn’t a barrier. It’s a supported journey

Atlassian has helped thousands of organizations transition to the cloud, including some of the world’s largest enterprises and Government agencies. We have reliable tooling for migrating data from Data Center to Atlassian Government Cloud that has been hardened through years of supporting migrations to commercial cloud. And for those migrating from commercial cloud to AGC, we’re releasing tooling for this soon.

Federal teams benefit from specialized migration support designed to streamline the process and minimize risk. That includes:

  • A Cloud Migration Manager assigned to each Atlassian Government Cloud project
  • Migration guides, training resources and toolkits to support end-user adoption
  • The choice to engage with a network of experienced solution partners if your agency wants even more support.

Agencies already using Atlassian Cloud are seeing measurable results that support faster delivery, smarter governance and stronger collaboration:

  • Utah Department of Technology Services cut Jira project setup time by 90%, enabling faster response to internal and citizen needs
  • California Department of Health Care Services standardized on Atlassian Cloud and reduced one project’s delivery time from 18 months to 6 months, cutting costs from $2.8M to $600K

With Atlassian, cloud migration becomes a guided path to modernization — not an obstacle.

The results are measurable

The shift to Atlassian Government Cloud delivers tangible results. Early adopters, including public sector agencies and private sector enterprises, are already seeing gains in performance, collaboration, and insight.

In a recent customer impact survey, organizations migrating to Atlassian Cloud reported:

  • Up to a 53% increase in productivity
  • 47% improvement in cross-functional collaboration
  • 44% gain in insight-driven decision-making

These outcomes directly support the goals of Federal agencies: improved cross-team collaboration, greater agility and faster progress on mission priorities. In a time when agencies are under pressure to do more with less, results like these make a big impact.

Take the next step

With FedRAMP Moderate authorization in place, Federal agencies can now adopt Atlassian Government Cloud with confidence. It’s time to move from maintaining systems to empowering missions.

Curious about your agency’s migration path to Atlassian Government Cloud? You can become a part of our Early Access Program. Join the waitlist here!

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

SOF Week 2025: Top 5 Insights on Interoperability, Artificial Intelligence and More

Posted on by
Reply

Effective defense often relies on operations that are agile, adaptable and focused. Special Operations Forces (SOF) Week 2025 is an international conference for thought leaders, Government representatives and key military decision-makers involved in the Department of Defense (DoD). Jointly hosted by the United States Special Operations Command (SOCOM) and Global SOF, the conference platformed discussions surrounding the improvement of cybersecurity and technology within SOF.

This year, Carahsoft and over fifty of our technology partners attended to showcase solutions in artificial intelligence (AI), cybersecurity and much more, supporting SOCOM and DoD mission objectives.

The SOF Week conference featured five key themes for attendees to learn about.

Leveraging Artificial Intelligence to Achieve SOF Objectives

One of SOCOM’s innovation priorities is to onboard products that have AI integrations, uncrewed and autonomous systems, power computing and quantum capabilities. In the session “Keynote Address: U.S. Special Operations Command Team,” speakers General Bryan P. Fenton, Commander of USSOCOM and the Command Sergeant Major Shane Shorter, Senior Enlisted Leader of the USSOCOM, discussed optimizing the computing power of adapted technology to maintain pace with adversaries. By providing the needed tools, SOCOM can help reduce the cognitive load placed on personnel.

In the session “PEO Overview: Tactical Information Systems,” speaker Chad Skiendsiel, the PM for Transport Systems, PEO TiS, requested multiple AI capabilities that would be useful to SOCOM operations. These are:

  • Automation of data and containerization
  • Software infrastructure that enables more containerization of data and configuration.
  • Commercial solutions that can enable classified data computing as well as compute power out to the edge
  • Embedded computing that can be attached to the warfighter to achieve better situational awareness

In the session “Fireside Chat: AI Innovation and Integration in National Security,” speaker Akash Jain, CTO of Palantir discussed SOF’s efforts to implement AI into SOCOM operations. One key area that requires special attention is AI integration into legacy systems, many of which have existed for years and cannot easily have AI added to enhance the work SOF does. This is why vendors with solutions, such as Hewlett Packard Enterprise, can be utilized to integrate AI into existing infrastructure.

Bolstering Cybersecurity in SOCOM Operations

One of the key themes present in SOCOM’s evolving cybersecurity efforts is the adoption of a Zero Trust architecture, particularly within the Enterprise Information Systems directorate. It is referenced across multiple capability areas as essential to aligning with broader DoD cybersecurity mandates. To advance this strategy, SOCOM is actively engaging with industry and conducting assessments to define mission-driven requirements. Technology experts such as Dell Technologies, Red Hat and VMware are constantly working to be at the forefront of Zero Trust efforts.

Following this focus, the Professional Employer Organizations (PEO) is implementing cybersecurity initiatives in its contracting services. All solicitations will include cyber discipline and hygiene requirements, supply chain risk management and cybersecurity risk management requirements. Across the portfolio within SOCOM, post-quantum encryption is being looked at as the future strategy for cyber and will continue to develop as time goes on. The PEO SOF Digital Applications (SDA) also notes that CISA’s Software Bill of Materials (SBOMs) will continue to be added to its cybersecurity pipeline to ensure software is open and honest. These initiatives work to fortify existing and future cyber structures to protect the effectiveness of missions and the safety of personnel.

As supply chains, SOF and the Defense Industrial Base (DIB) continue to be under threat from adversarial cyber-attacks, PEO Services continue working to fully implement CMMC guidelines in their procedures. For unclassified solicitations, SOCOM will implement CMMC Level One, while any classified solicitations will be level two or higher.

Industry Partnerships to Meet Demand

In the session “Keynote Address: U.S. Special Operations Command Team,” Major General Bryan P. Fenton heavily emphasized that partnerships are key to meeting industry needs. While SOF is maintaining pace with current requirements, to stay ahead in the future, SOCOM must look to industry partners for their specialty and assistance.

One such category of offerings is autonomous, unmanned systems promote efficiency by saving time on menial, repetitive tasks. SOCOM is looking to implement dual-usage, capable autonomous products, such as self-driving cars, drones and robots. Modeled after the Private Sector’s success with unmanned systems, SOCOM agencies aim to evolve at the same speed. To enact this, all onboarded unmanned systems must be interchangeable, adaptable and successful within any region of the world to meet mission requirements.

The Importance of a Modular Open Systems Approach (MOSA)

For the military, multi-domain connectivity is the way forward. Military agencies are focusing on modular open-mission systems that can be interoperable, as they are the key to staying ahead of future conflicts. Depending on industry trends and the latest in cybersecurity, equipment may need to be changed on the fly. Some technologies will need to be found preemptively; in these scenarios, industry experts can provide assistance.

In the session “PEO Overview: SOF Digital Applications session,” Modular Open Systems Approach (MOSA) was noted by every program manager as a solution. This approach is desired as it allows systems and products to remain agile when new software is added.

MOSA consists of three main components:

  • Infrastructure and Deployment: Hybrid deployment of cloud, multi-vendor capabilities, Open-source technologies and COTS integration
  • Data Centricity & Interoperability: Messaging & EDA, Black Box interfaces, Ontology Support, preferences on containerization and VMs
  • AI Implementation & Sustainment: Low-cost and remotely maintainable solutions, lifecycle management and updates, AI support for LLMs and at the edge and adaptability on mission needs

By enabling agencies within SOCOM to implement software updates, MOSA promotes interoperability and the speedy onboarding of key technologies.

Humans Over Hardware

While technology is vital to SOCOM Operations, humans are the backbone of the agency. In the session “Keynote Address: US Secretary of Defense,” Secretary of Defense Pete Hegseth spoke on the three pillars for success within the DoD and how SOCOM can reiterate and emphasize them. Among these three, the warrior ethos is targeted with the slogan, “humans are more important than hardware.” Secretary of Defense Pete Hegseth, USSOCOM Commander General Fenton, and the Chairman of the JCOS Dan Caine all echoed this point that warfighters are the most important aspect within SOF. Any person that meets warfighter standards can serve, and all purchases and developments should center the safety and wellbeing of the warfighter in mind.

Through the collaboration between people and technology, SOF is able to work securely, quickly and smoothly. With top cybersecurity, automation integrations and industry partnerships, SOCOM continues to fulfill DoD mission objectives and keep personnel safe.

To learn more about technologies featured at SOF Week, visit Carahsoft’s defense portfolio.

SOC of the Future: Advanced Strategies for Modern Cybersecurity Challenges

Posted on by
Reply
Carahsoft-Innovative Care for Shadow Warriors-blog-embedded image-2025

In today’s fast-paced digital world, security teams are under immense pressure to defend against a surge in sophisticated cyber threats. Expanding attack surfaces, driven by new technologies, cloud adoption, remote work and interconnected devices, create countless entry points for attackers. Security Operations Centers (SOCs) must evolve by leveraging automation, AI and machine learning (ML) to stay ahead—cutting through the noise, accelerating threat detection and streamlining responses to provide scalable, real-time defense against ever-evolving risks.

Modern SOC Challenges

As cyber threats continue to rise in both frequency and sophistication, SOCs are coping with an overwhelming volume of security incidents. Check Point Software’s 2025 Security Report reveals a staggering 44% year-over-year increase in cyberattacks, highlighting the urgent need for stronger, more scalable defenses.

Organizations are no longer operating within clearly defined perimeters. Today’s digital environments are sprawling and dynamic, spanning on-premises infrastructure, multi-cloud deployments, software as a service (SaaS) platforms, Internet of Things (IoT) devices and a remote workforce. Each layer adds complexity—and with it, new vulnerabilities. The expanding attack surface increases not only the number of potential entry points but also the volume of activity that must be monitored.

This leads to another major challenge: organizations are now generating unprecedented volumes of security data. SOCs are tasked with analyzing vast, continuous streams of telemetry to detect threats in real time but extracting meaningful insights from this flood of data has become increasingly difficult.

While traditional Security Information and Event Management (SIEM) systems remain a core component of enterprise security, they are struggling to keep up. Many SIEM platforms are constrained by schema designs, database capacity and a limit on the number of detection rules that can be ingested.

As a result, SOCs are often forced to make difficult trade-offs, choosing which data to collect and analyze based on storage and processing limitations. This selective approach creates blind spots, potentially allowing critical threats to go undetected. In fact, 56% of organizations report coverage gaps directly linked to the limitations of legacy SIEM systems, underscoring the need for modernization.

Alert fatigue is compounding the issue. Even well-configured SOCs can generate thousands of alerts daily, overwhelming analysts and increasing the risk of real threats being missed. According to a 2023 RSA survey by Gurucul, 61.37% of security teams report receiving more than 1,000 alerts per day, while 4.29% deal with over 100,000. Alarmingly, 19.74% say the volume is so high they cannot even quantify it.

SOC Prime-SOC of the Future-blog-embedded image-2025

Beyond the operational strain, cost is another major barrier. A medium-sized organization can produce terabytes of log data every day, and storing and processing this information—especially at the scale required for comprehensive threat detection—can cost hundreds of thousands annually. SOC leaders are under constant pressure to strike a balance between broad visibility and tight budget constraints.

In this high-volume, high-velocity environment, traditional manual analysis simply cannot keep up. To close visibility gaps, reduce alert overload and operate efficiently at scale, organizations must adopt intelligent automation. Advanced analytics, ML and AI-driven detection can dramatically reduce noise, prioritize critical alerts and help SOC teams focus on what matters most—responding to real threats in real time.

The Role of Automation in SOC

Automation is a key force multiplier for SOC teams, enhancing threat response speed and accuracy. Over the past decade, security orchestration, automation and response (SOAR) solutions have had mixed success. While these solutions streamline workflows and incident response, they require significant maintenance, including scripting, playbook development and continuous security stack integration. The high total cost of ownership often outweighs initial investments, making long-term sustainability a challenge.

To address these limitations, SOCs are adopting telemetry pipelines, which intercept and filter traffic before SIEM processing, ensuring only relevant security data is analyzed. Advanced enrichment reduces redundant data, improving efficiency while lowering cloud storage costs.

Extended detection and response (XDR) solutions are also gaining traction. XDR integrates multiple security layers, correlates alerts locally and reduces reliance on centralized SIEMs. Vendor-specific XDR stacks work best within their own ecosystems but streamline threat detection and response.

Data lakes are becoming essential for long-term threat hunting, enabling analysts to detect subtle, prolonged attacks by retaining historical data for extended periods. This allows analysts to uncover patterns that might otherwise go unnoticed.

As SOC automation evolves toward autonomous SOC models and “SOCless” SIEM architectures, ML-driven algorithms will handle much of the processing and correlation, facilitating faster threat detection and response. By automating repetitive tasks like log analysis and low-level alert triage, SOC analysts can focus on complex investigations, enhancing security while addressing the skills gap.

Still, Gartner predicts that by 2030, 75% of SOC teams will see a decline in core security analysis skills as they grow too reliant on automation and AI. Therefore, deployments aimed at both augmenting human tasks and adding precision and speed to human investigations will be more effective than single-technique AI analytics. Striking the right balance between machine-driven speed and human insight seems like a feasible solution that keeps security teams agile, informed and in control of threats.

Evolving Technologies and Solutions

AI and ML capabilities enhance predictive analytics and threat-hunting capabilities, keeping SOC teams ahead of attackers. According to Gartner, by 2026, advancements like “action transformers” and the continued evolution of Generative AI (GenAI) will power semi-autonomous platforms that can greatly enhance and support the day-to-day operations of cybersecurity teams.

As cybersecurity AI assistants evolve, they will be used as more sophisticated tools for interactive support and investigation, covering tasks like incident response, risk assessment and code reviews. These tools are expected to boost efficiency and reduce response times, whether in organizations just building their security programs or in mature teams with established processes. These innovations improve threat detection and SOC readiness to withstand modern cyber risks.

Future SOC Operations

Progressive organizations understand the real value of AI/ML-powered SOC technologies that can be reasonably used and shift their focus from single-technique tools to building integrated systems that fuse software, AI and human expertise. Achieving scalable impact means having a clear strategy that targets the most meaningful opportunities.

Additionally, investment in workforce development and upskilling will be essential to bridging the cybersecurity talent gap. Organizations that invest in these areas will elevate their SOC effectiveness, better safeguard critical assets and build a resilient, future-ready cybersecurity posture.

To gain deeper insights into these strategies and hear directly from industry experts, watch SOC Prime’s webinar, “The SOC of the Future: Advanced Strategies to Evolve SOC for Modern-Day Enterprise Cybersecurity.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SOC Prime we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Modern Fraud Threats in Government Relief Programs: How Agencies Can Defend Against Cybercrime

Posted on by
Reply

A recent investigation by CBS News’ “60 Minutes” has highlighted a significant issue: organized crime rings, often operating from overseas, are using stolen identities to steal billions of dollars from the U.S. Federal and State programs. These sophisticated fraud schemes specifically target public assistance initiatives, taking advantage of digital vulnerabilities and overwhelmed systems. The COVID-19 pandemic accelerated the delivery of relief funds, presenting new challenges for security systems still being implemented.

As these cyber-enabled crimes grow in complexity and scale, Public Sector organizations must evolve their defenses. HUMAN Security offers a modern solution that aligns with Public Sector standards and frameworks, like the NIST Cybersecurity Framework, to protect against automated fraud, account takeovers and bot-driven exploitation.

The Expanding Threat Landscape: Government Fraud at Scale

The fraud rings described in the CBS report do not fit the Hollywood stereotype of a lone hacker in a basement. These are industrial-scale operations run by criminal syndicates that:

  • Use stolen or synthetic identities to apply for public benefits such as unemployment insurance, COVID relief, food assistance and housing vouchers.

  • Leverage bots and automated scripts to rapidly test stolen credentials against Government login portals.

  • Host phishing websites and fake document generators to fool verification systems.

  • Exploit the lack of robust digital defenses in legacy Public Sector infrastructure.

At the height of the pandemic, the U.S. prioritized the rapid distribution of trillions in relief funds to support individuals and businesses in crisis. In the urgency to deliver aid quickly, some agencies adjusted standard fraud controls—creating unforeseen opportunities for bad actors. According to the CBS report, an estimated $280 billion was lost to fraud, with an additional $123 billion categorized as wasted or misused.

The tactics employed have now evolved into permanent tools of financial exploitation. Many cybercriminals continue to exploit social welfare and Government programs by leveraging automation and AI. Fraud isn’t slowing down—it’s scaling up.

Why Public Sector Agencies Are Attractive Targets

Government systems present a unique target profile for attackers due to a combination of high-value data, broad user bases and strained IT resources. Here’s why the Public Sector is particularly vulnerable:

1. High Payout Potential

Each successful fraudulent claim can yield thousands of dollars in benefits. Fraudsters often operate in bulk, submitting thousands of applications using stolen identities.

2. Legacy Infrastructure

Many State and Local agencies still operate on outdated software stacks that lack modern bot detection or behavior-based threat analysis.

3. Lack of Real-Time Monitoring

Fraudulent applications often go undetected until after funds are dispersed. Manual review processes are insufficient to handle the volume of claims.

4. Increased Script & API Vulnerabilities

Fraudsters exploit front-end vulnerabilities, such as JavaScript manipulation or misuse of APIs, to simulate real user activity, bypass verification checks and deploy fake documents.

HUMAN Security: A Modern Solution for a Modern Threat

Carahsoft, HUMAN 60 min, blog, embedded image, 2025

HUMAN Security specializes in protecting organizations from automated attacks, fraud and abuse by distinguishing between real users and malicious bots. HUMAN’s solutions are uniquely positioned to help Public Sector agencies address the specific types of fraud exposed by 60 Minutes.

1. Bot and Automation Mitigation

Fraudsters frequently use bots to submit applications at scale, probe systems for weaknesses and conduct credential stuffing attacks. The HUMAN Defense Platform analyzes over 20 trillion digital interactions weekly to identify real-time anomalies.

Through behavioral analysis, device fingerprinting, and machine learning, we can help public sector clients:

  • Detect non-human interaction patterns
  • Prevent fake accounts from being created
  • Block bot-driven denial-of-service or overload attempts

2. Account Takeover & Credential Abuse Defense

Many fraud schemes begin with access to a real person’s Government credentials. We prevent account takeovers by identifying compromised credentials in real time and helping clients stop  unauthorized login attempts.

Our Application Protection Package also integrates into public-facing login portals to block brute-force attempts and detect unusual login behavior.

3. Fake Identity and Synthetic Account Prevention

Fraudsters use fake IDs or generated synthetic identities to bypass identity checks. Our behavior-based analytics distinguish real users from fabricated personas—stopping fake account creation before it starts.

4. Real-Time Threat Intelligence:

By continuously monitoring emerging threats, we equip Public Sector clients with up-to-date information to counteract evolving fraud tactics.

5. Integration with Public Sector Frameworks:

Leading-edge solutions that align with standards like the NIST Cybersecurity Framework, HUMAN facilitates seamless integration into existing Government infrastructures and helps public sector clients with compliance and regulatory requirements.

Real-World Benefits to Government Agencies

By adopting fraud protection solutions, public agencies can:

  • Minimize Fraud Risk: Real-time prevention minimizes the risk of sending funds to bad actors.

  • Protect Citizens: Reduce identity theft and unauthorized access to sensitive citizen data.

  • Build Trust: Demonstrating robust cybersecurity fosters public trust in digital Government systems.

  • Streamline Compliance: Meet modern standards like PCI DSS 4.0 requirements 6.4.3. & 11.6.1 and NIST CSF with confidence.

  • Save Taxpayer Dollars: Every fraudulent dollar blocked is money that can be returned to real beneficiaries or saved for future programs.

A Call to Action for Government Leaders

The fraud revealed in the CBS 60 Minutes report isn’t an isolated event—it’s a warning sign. Digital transformation has accelerated across public agencies, but fraud defenses haven’t always kept pace.

Government leaders must take a proactive stance by:

  • Modernizing fraud detection capabilities

  • Closing visibility gaps across digital infrastructure

  • Adopting behavior-based, real-time defenses like HUMAN Security

  • Aligning security strategy with established frameworks (NIST, PCI DSS)

Fraud is no longer just a compliance risk—it’s a national security issue. As public trust and taxpayer funds hang in the balance, Government agencies must embrace modern, intelligent and automated defense systems to keep fraudsters out.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

TechNet Cyber 2025: Top 5 Insights on Zero Trust, Interoperability and More 

Posted on by
Reply

Technology is a vital part of the United States Department of Defense (DoD)’s capabilities, making security and enhancements essential to the nation’s stability and growth. AFCEA International’s flagship event, TechNet Cyber, emphasizes the role of cybersecurity and IT within the DoD. Alongside its partners, such as such as Amazon Web Services (AWS), Everfox and Ciena, Carahsoft attended TechNet Cyber to support DoD mission objectives. Carahsoft maintains a unique position in the defense industry with the ability to connect DoD and intelligence community (IC) personnel, Government IT decision-makers, thought leaders and industry and vendor partners. At this year’s conference, leaders and operators in the IT and Defense Department joined to network, facilitate problem solving and explore ways to expedite and secure the procurement process.

Expanding Zero Trust: “Flank Speed” is Ready to Scale 

To safeguard against potential cybersecurity attacks, the DoD is working to secure its networks with Zero Trust, a security strategy focused on identity, credential and access management. In the session “DoD Zero Trust Success Stories,” David Voelker, Zero Trust Architecture Lead for the Department of the Navy, discussed recent initiatives to bolster Zero Trust within Flank Speed, the Navy’s single enterprise Microsoft 365 solution that provides productivity tools, collaboration tools and OneDrive storage. The Department of the Navy is planning to conduct autonomous penetration testing to determine the quality of Zero Trust capability implementation. Last year Flank Speed met 151 of 152 Zero Trust activities, meeting target far ahead of schedule. Flank Speed is the Navy’s single enterprise Microsoft 365 solution that provides productivity tools, collaboration tools and OneDrive storage.

Another speaker, Ian Leatherman, the Zero Trust Strategy Lead for Microsoft U.S. Federal, discussed key takeaways from Microsoft’s work with Flank Speed. Visibility into agency networks is critical to emboldening existing Zero Trust strategies. Mr. Leatherman stated, “When in doubt, collect the telemetry: you never know what new or novel adversary techniques you may find.” Knowing exactly how many endpoints, applications and users are on the network at any given time positions the DoD to swiftly deal with incoming threats. 

Leatherman also discussed recent initiatives to involve all Navy personnel in a cybersecurity strategy; security is more than a technology solution, but a way to ensure safety within the agency. David Voelker, Zero Trust Architecture Lead at the Department of the Navy echoes this statement. While the Zero Trust Portfolio Office set their DoD-wide Zero Trust adoption target as the end of fiscal year 2027, Flank Speed is already operational. Voelker notes that the Flank Speed configuration could be lifted and shifted to other customers in the DoD, with a quick deployment time of under 24 hours. Mr. Voelker also recommends automating this shift.  

Carahsoft and our vendor partners offer several cybersecurity solutions to help Government agencies implement Zero Trust architectures that protect critical information and reduce national security risk. Our offerings align with Public Sector Zero Trust maturity models developed by NIST, the DoD and CISA.  

Carahsoft, TechNet, blog, embedded image, 2025

How Mission Objectives Drive Acquisition  

Acquiring powerful, up-to-date technology enables the DoD to protect against persistent and increasingly sophisticated cyber-attacks. The DoD aims to streamline its procurement process to maintain pace and safeguard against attacks. In the session “DoD Software Modernization Senior Steering Group,” speaker Sean Brady, Senior Lead for Software Acquisition Enablers at the Office of the Undersecretary of Defense (Acquisition and Sustainment), explained that there are two key drivers to this transformation. The first is mission objectives; software should be tailored to allow the DoD to adapt its systems to rapidly changing threats. The second is access to commercial innovation, which allows the DoD to access products in weeks or months rather than years.  

Digital Transformation for Operational Effectiveness 

Digital transformation in the DoD is crucial for maintaining pace with an increasingly technology-driven security environment. Thomas W. Simms, Principal Deputy Executive Director for Systems Engineering and Architecture at the Office of the Under Secretary of Defense for Research and Engineering, discussed the major digital transformation efforts within the DoD. 

The main four are: 

  1. Modular Open Systems Approach (MOSA), a congressional requirement that integrates technical and business strategies to promote acquisition and drives modular designs 
  1. The DoD’s Digital Engineering Instruction, which requires programs to use digital engineering in their design process 
  1. Application Program Interfaces (APIs), a ruleset that allows communication between software applications and is driven by the DoD’s API guidebook, which enables the DoD to become more data-centric   
  1. The DoD’s System Engineering Guidebook, which is currently undergoing an update to incorporate guidance from the Secretary of Defense’s latest memos  

By modernizing legacy systems and enabling the DoD to acquire the newest and greatest in IT, these initiatives enhance operational effectiveness and improve decision-making speed.

Fast-Tracking Authority to Operate (ATO) 

In the defense industry, technology must be approved to mitigate security risks. The Software Fast Track (SWFT), a process that expedites software verification within the U.S. Government, is changing the way the DoD manages risks and conducts Authority to Operate (ATO). Contractors can get involved with the latest software acquisition and risk management changes by participating in the three recently released requests for information (RFIs).  

These RFIs, which close May 20th, are: 

Katie Arrington, the Acting DoD Chief Information Officer (CIO), also discussed the Software Fast Track (SWFT) set to launch on June 1st of this year. The initiative will replace the traditional Authority to Operate (ATO) structure and add a few requirements, such as third-party Software Bill of Materials (SBOM), third-party risk assessments and the population of Enterprise Mission Assurance Support Service (eMASS) with artifacts. Once these guidelines are in place, contractors will gain a Provisional ATO. 

Ms. Arrington attests that these changes will revolutionize the Risk Management Framework (RMF) by allowing industry experts to provide feedback to the DoD. Paper compliance isn’t enough anymore, Ms. Arrington says. The DoD is looking for “continuous monitoring, red-teaming and people to continually evaluate their capability.”  

She also added that the DoD will be sunsetting the Approved Products List (APL). Additional sponsor additions are no longer being accepted. Instead, the SWFT initiative will take over, establishing a “trust, but verify” procedure, promoting both security and swift ATO action.

Using Interoperability to Pitch to DoD 

As operations increasingly move online, interoperability becomes increasingly important to efficiency and accessibility. Venice Goodwin, the outgoing CIO for the Department of the Air Force, offered advice to industry professionals on navigating changes within DoD. Goodwin recommends that the industry practice “extreme teaming;” rather than service each department individually: vendors should focus on servicing the DoD as a whole. As the DoD prioritizes capabilities that have cross-departmental benefits, industry experts should demonstrate the effectiveness of their capabilities and solutions in every domain across land, sea, air and space. With this collaboration, both the Private and Public Sector can get the results they need.

The digital transformation journey within the Department of Defense represents not just an evolution of systems, but a commitment to defending interests at home and abroad. Acquisition, ATO and Zero Trust are all valuable assets to maintaining pace with the current, constantly evolving technological climate, ensuring the United States carries out its mission of protecting the nation. 

To learn more about mission-critical technology, visit Carahsoft’s defense portfolio to explore solutions showcased at TechNet Cyber. For additional research into the key takeaways that industry and Government leaders presented at TechNet Cyber, view Carahsoft’s full synopsis of key sessions from the tradeshow.  

National Laboratories Information Technology(NLIT) Summit 2025:Top 5 Insights on Automation, Cybersecurity and More

Posted on by
Reply

Technology enables Government agencies to strengthen security, increase efficiency and collaborate across departments. This year at the National Laboratories Information Technology (NLIT) Summit, representatives from the National Laboratories, Government IT decision-makers and industry and vendor partners gathered to discuss recent advancements in IT across the Department of Energy (DOE) labs, featuring panels, interactive sessions and demonstrations focused on emerging, mission-driven technologies. Carahsoft stood alongside its partners, such as Amazon Web Services (AWS), Snowflake and GitLab to support the DOE’s mission objectives. Together, we deliver secure, compliant solutions that drive innovation—from MultiCloud strategies and generative AI to streamlined IT procurement.

Here are the top themes discussed at this year’s summit.

Artificial Intelligence Exploration

The National Laboratories are at the forefront of advancing artificial intelligence (AI) and High Performance Computing (HPC) to meet critical mission objectives. Several DOE labs are showcasing this commitment through transformative initiatives. At Los Alamos National Laboratory, the establishment of the National Security AI Office and the deployment of the Venado AI supercomputer reflect a strategic focus on embedding AI into national security operations. Sandia National Laboratories is leading innovation with “vibe coding,” an AI-assisted development methodology that allows developers to generate code based on described functionality, streamlining the software development process.

To further accelerate AI and HPC capabilities, the National Laboratories are leveraging NVIDIA technologies, including GPU-powered infrastructure and AI toolkits, to support high-throughput data analysis, simulation and machine learning applications. This partnership enables scalable performance and energy-efficient computing tailored to complex scientific workloads.

In response to growing cybersecurity threats, labs are also deploying AI-driven automated response systems to detect and neutralize risks in real time. These combined efforts enhance the DOE’s cybersecurity posture while reinforcing the National Laboratories’ leadership in next-generation computing and AI innovation.

Argo: A New Generative AI Platform

As part of its development, Argo incorporates technologies from OpenAI to support advanced natural language processing and generative tasks. By integrating OpenAI models with internal controls and security protocols, Argonne can deliver high-performing language tools tailored to research and mission needs, without compromising data integrity.

Future enhancements to Argo will include:

  • Document upload for summarization and analysis
  • Adjustable response styles that range from creative and exploratory to focused and deterministic
  • Integration of Argonne-specific knowledge and internal documents for contextualized outputs
  • Onsite deployment of GPU resources to host fine-tuned and open-source LLMs, enabling operational applications such as translation, code generation and scientific research

Through Argo, Argonne is setting a benchmark for secure, mission-aligned AI deployment across the DOE ecosystem.

An Automated Approach to Cybersecurity 

Sandia National Laboratories emphasized the critical need to embed security at every stage of the software development lifecycle through a DevSecOps approach. In the session “From DevOps to DevSecOps: ASC DSO at Sandia’s Journey toward Secure Software” Stuart Baxley, a Senior Research & Development Computer Scientist shared how Sandia integrates automated tools and continuous monitoring to enable early threat detection and fast remediation—reducing both risk and cost compared to reactive approaches. Agencies with automation tools, such as GitLab, enable the National Laboratories to manage their unique software development environments.

To enhance cybersecurity posture, Sandia recommends the adoption of key security practices and tools, including. Static Application Security Testing (SAST), Software Bill of Materials (SBOM) and container scanning. Leveraging these capabilities is essential to maintaining resilience in an increasingly complex and dynamic threat environment.

Efficiency Through the Cloud

Lawrence Berkeley National Laboratory has advanced its cloud adoption efforts through the Materials Project initiative, leveraging Amazon Web Services (AWS) to significantly improve the availability, accessibility and scalability of its data products. This successful deployment offers a strong blueprint for other national laboratories exploring cloud migration.

By transitioning to cloud infrastructure, the lab has unlocked a range of strategic benefits including enhanced collaboration, improved high-performance computing capabilities, robust encryption and data security and accelerated AI-driven research. These advantages position cloud adoption not just as a technical upgrade, but as a critical enabler of research efficiency, data innovation and scientific discovery in today’s increasingly data-intensive environment.

Managing Diverse Data

As datasets across the National Laboratories continue to grow in size and complexity, effective data management becomes increasingly challenging. Oak Ridge National Laboratory advocates for a holistic approach, recognizing that no single tool can address every need. Instead, the focus should be on strengthening data transfer capabilities and adopting integrated strategies to improve overall data mobility and accessibility.

In alignment with federal mandates, laboratories and agencies managing research data must prioritize the following:

  • Transparency – ensuring data is accessible to the public to support open research
  • Up-to-date data management practices – implementing current tools and processes
  • Comprehensive audit trails and metadata documentation – maintaining accountability and traceability

By improving data transfer methods and aligning with these core principles, National Laboratories can enhance collaboration, uphold security standards and maximize the impact of their research.

Through a combination of strong data governance, cloud adoption, AI integration and cybersecurity automation, the National Laboratories remain committed to advancing innovation and IT excellence across the DOE ecosystem.

Through data management, cloud application, AI and cybersecurity automation, the National Laboratories maintain a comprehensive strategy to continually fulfill their mission of advancing IT knowledge and collaboration across the DOE.

To learn more about technologies featured at NLIT, visit Carahsoft’s artificial intelligence portfolio.