Deputy Federal CIO Maria Roat asserted at the Billington Cybersecurity Summit that the Federal government is using a DevSecOps approach to integrate security into every aspect of modernization, but she insisted that the workforce must be cyber ready to be entirely secure.
“Cybersecurity is being built into everything and the Federal government has moved into a DevSecOps model,” she said. Roat continued, “It’s the response, it’s the mitigation, it’s training people to understand.”
Federal budgets and policies have to support building cybersecurity into every aspect of technology as agencies continue modernizing IT systems, she added, “even as we’re moving into things like zero trust networks, and really leveraging and taking advantage of cloud technologies to build in those cybersecurity capabilities.”
Roat reiterated the importance of the zero-trust approach and transitioning to the cloud as the security tactics that provide the flexibility and scalability needed to secure devices and emerging technologies. Even with these tech advances, however, Roat said that efforts to train the workforce are necessary to maintaining security.
“First and foremost, it’s about the people, then the tools and the processes around it, and they have to continue to keep cybersecurity front and center,” she said. “The workforce really needs to be part of the solution around cybersecurity,” Roat added later.
Workforce efforts like the Cyber Reskilling Academy are keeping Feds on top of cyber best practices, but Roat added that everyday employees will be the last defense against many attacks.
“It’s not just the tools that are blocking whatever may be coming in on spam or phishing, but whatever comes through … [Feds] have to understand and be skilled in the technology and they have to be skilled in cyber awareness and recognize the phishing attempts as they’re coming in,” Roat explained.