It Takes Shifting Culture to Institute Zero Trust in Government
Federal officials say that priorities in identity management are critical to cybersecurity, but it requires a mindset shift.

Successful implementation of zero-trust cybersecurity strategies in government requires a significant cultural and systemic shift.
“[It’s like] an immune infrastructure, kind of like the way the human body works, understanding those networks, keeping the adversary out once they get in … and then operate to compromise,” Lawrence Livermore National Laboratory (LLNL) Principal Associated Director for Global Security Huban Gowadia said at the RSA Conference in May. “All that begins with a sound cybersecurity culture.”
Former Federal CISO and Deputy National Cyber Director Chris DeRusha said that agencies will struggle without implementing zero trust, especially as teams continue to develop vulnerable applications at a rapid pace.
“You’re just going to keep being victim and you have too many holes—too many ways in,” he said.
Building a workforce that is comfortable with zero-trust, identity management and other critical cybersecurity concepts is a huge part of building a more secure culture at agencies, Gowadia said. That shift, she added, is already underway.
“In the National Laboratory system today, more than 50% of us have been in the system less than five years, which is an incredible generational shift,” Gowadia said. “I’d like to believe that a generational shift brings with it so much innate sense of cyber systems and cybersecurity. I’d like to believe that that we have a shot at building a whole new culture based on a whole workforce generation that’s coming in.”
Adopting a “trust nothing” approach addresses concerns, preventing vulnerabilities from being exposed by systematically reviewing and understanding the risks introduced to large environments. Culture and legacy systems make this hard to implement, according to DeRusha.
“It’s a complete re-architecture across all these different pillars, and it’s a completely different way of working,” he said. “It can be pretty scary to make that change because you’re going to potentially break some of your applications, which may be delivering critical services to hundreds of thousands of citizens.”
The White House’s plans for zero-trust implementation have made it so agencies need to think about cybersecurity in different and more immediate ways, Gowadia noted, and zero-trust implementation is a key part of the administration’s executive plans.
“I think we all felt that sense of urgency,” Gowadia said. “You see it reflected in the zero-trust strategy document. You see it in some of the timelines stipulated in the [White House Cybersecurity Executive Order] and the strategy document.”
According to DeRusha, the goal is not to flip a switch, but to set benchmarks for progress.
“A lot of it for us is getting people ready and having them do the activities that are necessary precursors to making progress anywhere,” he said. “We just try to knock over a bunch of barriers in the meantime with finally getting towards phishing-resistant multi-factor authentication everywhere and ensuring that we are getting to our high-value assets. But if you don’t have categorization of your high-value assets, your crown jewels, you can’t even do that.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Can No Longer Assume Superiority in Digital Warfare, Officials Warn
The DOD must make concerted efforts to address cyber vulnerabilities to maintain the tactical edge, military leaders said at HammerCon 2025.
4m read -
Tracking CIOs in Trump's Second Term
Stay informed on the latest shifts in federal technology leadership as new CIOs are appointed and President Trump's second term takes shape.
6m read -
Inside Oak Ridge National Lab’s Pioneer Approach to AI
Energy Department’s Oak Ridge National Lab transforms AI vulnerabilities into strategic opportunities for national defense.
22m listen -
AWS Summit: Innovation Accelerates IT Delivery at DOD
Marine Corps Community Services is tackling outdated IT processes with agile development and cutting-edge cloud security to deliver mission-critical capabilities faster.
12m watch -
AWS Summit: NIST Secures High-Performance Computing Against Evolving Threats
NIST’s Yang Guo reveals the broad attack surface of high-performance computing and explains developing guidance and future-proofing security strategies.
9m watch -
Trump Overhauls Federal Cybersecurity with New Executive Order
The new directive aims to strengthen digital defenses while rolling back "burdensome" software requirements and refocusing AI security.
3m read -
AWS Summit: Forging Successful Cloud Modernization Partnerships
Industry leaders share insights on the critical role industry partnerships have in enabling government agencies to navigate procurement challenges for cloud and zero trust solutions.
24m watch Partner Content -
CISA's CVE Program and Why it Matters for Zero Trust
The vulnerability program provides the cybersecurity community visibility into software as part of a key pillar of CISA's zero trust model.
5m read -
Air Force, Coast Guard Talk Data Security Efforts for AI Development
The services' AI initiatives include efforts like creating clean training data, countering data poisoning and bridging siloed teams.
4m read -
DHS Secretary Urges Congress to Reauthorize CISA 2015
Federal leaders highlight CISA 2015's role in strengthening public-private partnerships and defending against evolving cyber threats.
3m read -
Rep. Gerry Connolly Leaves Lasting Mark on Federal Tech
Connolly's leadership in Congress significantly advanced government IT, emphasizing accountability, efficiency and a robust cybersecurity posture.
4m read -
Agencies Use AI to Boost Efficiency, Cybersecurity Under White House Mandates
DLA and GAO are investigating how AI can boost efficiency and bolster cybersecurity as agencies align with the president's tech directives.
3m read