Carahsoft’s Steve Jacyna on Shifting Cyber Mandates & Recent Trends

As director of innovative cybersecurity solutions for Carahsoft, Steve Jacyna stays agile to the biggest cyber threats to government organizations, as well as the latest cyber innovations that protect against them. His dual goals are to help cyber vendors understand agencies’ unique needs and to assist agencies in identifying the technologies that will safeguard their sensitive data.

Jacyna participated in a Spotlight interview with ExecutiveBiz that covered today’s most compelling cyber trends and issues, including the automation imperative, shifts in CISA’s Continuous Diagnostics and Mitigation program, new cyber mandates, data sovereignty, and growing interest in ID verification and identity proofing.

ExecutiveBiz: What are the most pressing cybersecurity issues and trends organizations should be aware of right now?

Steve Jacyna: There are two major trends emerging in the government cybersecurity space that I think are especially important to highlight.

The first is a rapid shift toward automating security functions. With current federal priorities and broader goals to do more with less, automation is becoming not just helpful but essential. Cybersecurity vendors must deliver automated solutions that help federal agencies bridge workforce gaps and secure more with fewer people.

The second trend, which is closely tied to the push for greater operational efficiency, is the consolidation of point products into integrated platforms. Instead of managing a patchwork of isolated tools like standalone firewalls or data loss prevention systems, many larger cybersecurity providers are now shifting towards platform-based solutions with modular components that work together seamlessly.

Some vendors have historically prioritized this type of integration and efficiency. Now, we’re coaching others to align with that model, knowing it’s where the federal market is headed.

Against this backdrop, we’re also seeing a lot of market consolidation as larger companies seek to fill gaps in their cybersecurity portfolios and smaller vendors look to scale their operations and gain market protection. Major moves, like Cisco’s acquisition of Splunk, are a sign that this trend is gaining momentum. 

EBiz: Carahsoft has a long history of supporting CISA’s Continuous Diagnostics and Mitigation program, known as CDM, and CMMC compliance. What developments are you seeing as agencies strive to meet national security requirements?

Jacyna: A key development in CDM is a shift away from compliance-focused initiatives, such as hardware and software asset management and continuous monitoring to a real-time threat detection and response approach.

Following several major breaches that have impacted the federal government, the Cybersecurity and Infrastructure Security Agency has worked more collaboratively across agencies to enable better threat hunting and incident response. This has resulted in more agile, customized CDM dashboards, driving more effective responses to emerging vulnerabilities and enhanced cyber risk management.

It’s a big shift from how CDM originally worked. Instead of a rigid one-size-fits-all approach, the program is now more flexible, allowing agencies to adopt security solutions that fit their unique environments.

AI is also set to play a pivotal role in the evolution of CDM, particularly in managing large data volumes and enhancing threat detection. As the field matures, we expect AI to be elevated to a category of its own within the CDM program.

When it comes to Cybersecurity Maturity Model Certification compliance, we’re seeing stricter enforcement and growing indications that CMMC could soon become a legal requirement. This heightened focus is pushing both vendors and contractors to prioritize compliance more urgently than ever before.

EBiz: How does the cybersecurity executive order signed by President Biden in his final days in office fit into the bigger picture?

Jacyna: Executive Order 14114 builds on Executive Order 14028 from 2021 and the National Cybersecurity Strategy. It outlines additional actions to improve our nation’s cybersecurity, including revisions to Circular A-130, which governs how federal agencies manage information resources.

The new guidance still emphasizes critical areas like zero trust and endpoint protection but is less technically prescriptive and allows more flexibility in the adoption of evolving cybersecurity practices like network segmentation, endpoint detection and response, and phishing-resistant multi-factor authentication — all critical to implementing zero trust.  

In addition to the traditional pillars of identity, newer concepts like ID verification and identity proofing are emerging. Several Carahsoft vendors and partners stand out in this space, from big players like Okta to emerging innovators like Socure.

EO 14114 is an exciting development, and we’re ready to assist agencies in identifying the best solutions for ensuring compliance with the EO’s ambitious directives.

EBiz: Data sovereignty is becoming increasingly important in federal government cybersecurity. What solutions support agencies in meeting these requirements?

Jacyna: One of our vendors tackling data sovereignty challenges is Snowflake. They help customers ensure that their data is stored in domestic FedRAMP High environments. Snowflake’s cloud data platform supports cross-cloud data sharing so agencies can collaborate securely, maintain control over their data and ensure sensitive information remains within authorized jurisdictions.

We’ll see increasing emphasis on this as the government continues to modernize and embrace cloud storage solutions for its data needs.

I’d suggest that readers who want more information should take a look at our Cybersecurity Resources or visit our CDM or CMMC pages.