Red Hat VP Garret Goldstein on AI Governance, Cybersecurity & Modernizing SLED Infrastructure

As state, local and education organizations face mounting cybersecurity threats, growing budget pressures and accelerating AI adoption, technology leaders are reevaluating how they modernize infrastructure while maintaining security and operational continuity.

Garret Goldstein, vice president for North American Public Sector Partner Ecosystems at Red Hat, brings three decades of global IT market experience spanning software development, IT delivery, public sector partnerships and business leadership.

Before joining Red Hat, he helped build Appian’s U.S. public sector partner ecosystem and previously held leadership roles at CA Technologies supporting aerospace, defense and government customers. His experience also includes positions at France Telecom, Freddie Mac and federal systems integrators, giving him a broad perspective on modernization challenges across both government and commercial sectors.

Goldstein joined ExecutiveBiz for an Executive Spotlight interview, in which he discussed the evolving cyber landscape, the increasing importance of automation and why unified platforms are becoming essential for agencies navigating complex IT environments. He also shared insights into AI governance, operational resilience and how organizations can modernize without disrupting mission-critical systems.

ExecutiveBiz: I notice that Red Hat provides open-source IT solutions to state and local education organizations. How do Red Hat’s technologies help state and local agencies and institutions modernize infrastructure and improve the citizen experience?

Garret Goldstein: State, local and education leaders are working under conditions that have meaningfully changed in the past twenty-four months. The National Association of State Chief Information Officers’ 2026 priorities placed artificial intelligence at the top of its annual list for the first time in the survey’s 20-year history, displacing cybersecurity, which had held the #1 spot for 12 consecutive years. Cybersecurity is now #2. Budget and cost control jumped to #3.

The 2026 NASCIO-Deloitte Cybersecurity Study reported that only 26 percent of state CISOs feel confident in their security posture, down from 48 percent in 2022. And the licensing changes in the market  are forcing many SLED organizations to revisit virtualization strategies.

At Red Hat, we believe we can help our SLED customers in three connected ways:

1. A unified infrastructure platform to run, secure and scale across hybrid cloud
2. Built-in security and compliance where security is embedded in the platform, not bolted on after deployment
3. A governed AI factory that enables controlled and agile AI adoption

ExecutiveBiz: What do you think is the biggest threat facing U.S. cyber systems today, and what can be done to protect against that threat?

Goldstein: The biggest threat I see facing U.S. cyber systems is twofold: The first is the increasing complexity of IT estates. The second is the collapsing window between vulnerability discovery and active exploitation.

On the defender’s side, AI-assisted research will surface vulnerabilities faster than ever before. That is good news, in principle. But the same capability is available to adversaries and bad actors, who can quickly exploit what they find. At the same time, IT estates are increasing in complexity and organizations have less skilled workers. Defenders who have complex and heterogeneous IT environments and rely on manual patching cycles, ticket queues and human-paced remediation will lose that race.

The credible response has two parts that have to work together. The first is automation: policy enforced, automated remediation, continuous compliance and a single control point across the IT estate. The second is a common operating platform spanning data center, cloud and edge, with the same configurations, the same controls and the same enforcement model everywhere a workload runs. Fragmented environments produce fragmented defense.

Specifically we are helping the following customers.

• The State of Missouri adopted Red Hat Ansible Automation Platform to centralize disparate IT automation across the enterprise, significantly reducing the time required for routine processes.
• The Florida Court Clerks and Comptrollers adopted Red Hat OpenShift Platform Plus to harden the resilience and security posture of judicial applications across the state.
• Emory University utilized Red Hat Ansible Automation Platform to reduce what would have been a two-week manual remediation effort across more than 500 servers to roughly four hours. 

Join leaders uncovering the connections increasingly critical to cybersecurity at the 2026 Cyber Summit on May 21.

ExecutiveBiz: How do you balance leveraging technology innovation while maintaining existing organizational infrastructure and workflows?

Goldstein: The realistic path is consolidation, not replacement. Innovation does not require ripping out what works. It requires reducing the number of platforms an organization has to manage so that new capabilities can be added without additional operational burden. Again, unifying the infrastructure to abstract the complexity and drive down the operational burden. With budget pressures as they are, consolidation needs to happen fast.

• The City and County of Denver saved $4.06 million and 81,000 work hours through enterprise automation. That is what consolidation looks like when it compounds over time.
• The State of Michigan’s Department of Technology, Management and Budget consolidated infrastructure across 19 state agencies onto a shared container platform, accelerating delivery of citizen-facing digital services.
• Las Cruces Public Schools in New Mexico and North Carolina State University migrated directly from a legacy virtualization solution to Red Hat OpenShift Virtualization.
• California’s Health Benefit Exchange runs CalHEERS, the platform that serves more than 17 million Californians on Red Hat OpenShift. CIO Kevin Cornish has publicly credited the platform with enabling faster updates in response to regulatory changes and user needs.
• North Carolina Department of Health and Human Services worked with KPMG to modernize its Medicaid systems platform on Red Hat.
• The State of Tennessee Department of Human Services accelerated citizen service delivery with KPMG on a SaaS-based integration and shared services platform powered by Red Hat.
• Washington Health Benefits Exchange, working with Deloitte, used the same foundation to scale smoothly through rapid demand spikes on its healthcare portal.

Innovation arrives without ripping out what works because the platform is unified. The same platform that absorbs the virtualization estate is the platform that runs the next AI workload, with consistent management on-premises and in the cloud. That is what makes fiscal predictability possible without trading one form of vendor lock-in for another. 

ExecutiveBiz: How do you approach trust, transparency and accountability when AI starts influencing operational outcomes?

Goldstein: AI, governance and accountability depend on the infrastructure choices agencies make today. When a model touches eligibility determinations, permitting, clinical decisions, or citizen-facing services, leaders need to demonstrate which model was used, on what data, by whom, within what guardrails, while controlling costs and delivering agility. That is difficult when AI work is scattered across public SaaS tools and disconnected clouds, not to mention the “shadow AI” problem.

A governed AI factory keeps sensitive data inside the agency’s control, provides a consistent platform for building and running models and produces the audit trail that regulators, privacy officers and constituents will rightly demand.

Boston Children’s Hospital is using open source infrastructure and AI to transform clinical workflows, which is a model for how mission-critical institutions can adopt AI without ceding control of their data or their decisions.

Georgia Institute of Technology supports a wide range of data science projects across the College of Engineering on Red Hat OpenShift Platform Plus, giving researchers a consistent, governed environment for AI and machine learning work without the fragmentation that creates risk at scale.

Governance and transparency depend on whether the infrastructure underneath the AI gives leaders the visibility, audit trail and policy enforcement they need, wherever the workload runs. That is a platform choice, not a policy.

Red Hat’s three priorities are connected because our customer’s problems are connected. The platform that handles compliance is the platform that absorbs the virtualization estate and it is the same platform that will govern AI workloads as those move from pilot to production. SLED leaders who treat these as one decision rather than independent decisions will move faster, spend less and carry less risk into the next budget cycle. That is where we focus.