Cybersecurity After DOGE: Why Efficiency Is Becoming a Security Strategy

By Brian Snell, Carahsoft Director of Broadcom Business

The conversation around artificial intelligence in government is changing. For the past two years, much of the focus has been on where agencies could use AI. Now the discussion is shifting toward how agencies should govern it. The bipartisan discussion draft of the Great American AI Act reflects that evolution, proposing a framework for AI standards, oversight and accountability across the federal government.

The timing is significant. Agencies are integrating AI while also adapting to a new operational reality. A year after DOGE-driven workforce reductions, many security teams are still operating with fewer people, tighter budgets and no reduction in the threats they’re expected to defend against. The agencies adapting most successfully aren’t trying to rebuild the organizations they had before the cuts. They’re taking the opportunity to rethink how security gets done and where their limited resources can have the greatest impact.

Rebuild security around mission risk

Trying to protect every system, every vulnerability and every compliance requirement equally was difficult even before staffing reductions. Today, it’s simply not realistic. Agencies need to identify the infrastructure, networks and data that are most critical to their mission and focus their attention there first.

That approach aligns with recent research conducted with Forrester Consulting, which found agencies are increasingly prioritizing the systems and capabilities that have the greatest impact on mission continuity. Critical infrastructure ranked among the top priorities, while network security, data protection and incident response emerged as the areas requiring the most immediate attention under current resource constraints.

Rather than trying to defend everything equally, agencies are concentrating their efforts where they can reduce the greatest amount of operational risk. That also means accepting that some lower-priority work may have to wait so teams can spend more time protecting sensitive data and improving incident response.

Simplify the security environment

Over the years, many agencies accumulated security tools to solve individual challenges, but the result has often been overlapping capabilities, disconnected dashboards and workflows that require analysts to jump between multiple systems just to investigate a single incident. Smaller teams don’t have the capacity to manage that level of complexity.

One of the smartest things agencies can do right now is take a step back before investing in another tool. I’ve talked with organizations that started by taking inventory of what they already owned and were surprised by how many capabilities they weren’t fully using. Others found they had multiple products solving essentially the same problem. Instead of adding more technology, they’re looking for ways to bring data together so analysts don’t have to piece together an incident by bouncing between a dozen different dashboards. That frees up time for analysts to investigate threats instead of navigating tools.

The same principle applies to AI and automation. It’s easy to be drawn to the newest capabilities, but agencies should begin with a much simpler question: what problem are we actually trying to solve? Some of the most valuable applications of AI aren’t the flashy ones. They’re the repetitive tasks that consume analysts’ time every day, such as gathering context from multiple systems and generating reports. Automating those workflows allows experienced personnel to spend more time investigating sophisticated threats and less time on administrative work. AI should help security teams operate more efficiently, not become another technology that requires constant management.

Data governance as the foundation

Before agencies expand their use of AI, they need confidence in the data those systems will rely on. That starts with the fundamentals: understanding what data exists, where it’s stored, how it’s classified, who has access to it and how it moves across the environment. While those tasks may not generate the same excitement as deploying a new AI capability, they’re what make responsible AI adoption possible.

Many agencies have delayed this work because inventorying and classifying data can be difficult, particularly in large, hybrid environments. But AI raises the stakes. Agencies aren’t just managing data created by people anymore. Automated systems are generating, analyzing and moving information at a much greater scale, making strong governance even more important. Organizations that invest in visibility and data governance today will be in a much better position to adopt AI securely and confidently tomorrow.

A year after DOGE, one thing has become clear: agencies can’t simply wait for staffing levels or budgets to return to where they were. The organizations making the most progress have accepted that this is the new operating environment. Rather than trying to do more with less, they’re becoming more intentional about where they invest their time, simplifying security operations and using automation to help smaller teams stay ahead of increasingly sophisticated threats. That’s a model that will continue to serve agencies well long after today’s budget pressures have passed.

About Brian Snell

Brian Snell currently leads a 500-person organization spanning sales, sales operations, channel management, customer success and post-sales engineering across the Broadcom and VMware businesses at Carahsoft, supporting more than $2 billion in annual revenue. With over 17 years at Carahsoft, Brian has successfully recruited, onboarded and scaled multiple strategic vendor partnerships while driving operational alignment across highly complex organizations. Under his leadership, his teams launched Broadcom’s global cybersecurity aggregation (Catalyst) program for state, local and federal government customers, giving Carahsoft and its partners greater ownership of go-to-market strategy, technical support, customer success and long-term adoption outcomes. 

 

The only Public Benefit Corporation built specifically to serve the GovCon market. Learn more about OrangeSlices PBC



Not Yet an OrangeSlices Insider? Learn more about the OS PBC Insider Corporate and Individual Plans here. Plans start at $295 annually.

LEAVE A REPLY

Please enter your comment!
Please enter your name here