Why Agencies Are Preparing for Mission Disruption, Not Just Data Breaches: Carahsoft’s Steve Jacyna

Steve Jacyna works at the intersection of government cybersecurity priorities and emerging technologies. From zero trust and identity security to AI-driven threats and modernization challenges, the director of innovative cybersecurity solutions at Carahsoft helps agencies and vendors navigate a rapidly evolving threat landscape.

In his latest Spotlight interview with ExecutiveBiz, Jacyna discussed the shift from data breaches to mission disruption, how AI is reshaping the cyber threat landscape, why agencies are doubling down on resilience and zero trust, and the emerging technologies poised to define the next era of cybersecurity.

We always love connecting with Jacyna on the latest cybersecurity trends. Be sure to check out our interviews with him from the past few years:

• Carahsoft’s Steve Jacyna on Shifting Cyber Mandates & Recent Trends (April 2025)
• Carahsoft’s Steve Jacyna on the Cybersecurity Issues & Trends Agencies Need to Understand Now (July 2024)
• Carahsoft’s Steve Jacyna Discusses Emerging Cybersecurity Capabilities for Government Organizations (June 2023)

And don’t miss Jacyna’s colleague, Mike McCalip, VP of government programs and strategy at Carahsoft, who will moderate a panel session at Potomac Officers Club’s 2026 Army Summit on June 18. The discussion will examine the tech stack needed to enable a hyperconnected battlefield and will also feature Army leadership like Robert Monto, program manager for robotic control and integration; and Christopher Manning, the incoming capability program executive for intelligence and spectrum warfare. Don’t miss this excellent GovCon event!

ExecutiveBiz: What are the biggest cybersecurity threats government agencies are focused on right now?

Steve Jacyna: Cyber threats are evolving, that’s a given. But we’re also seeing a disturbing shift from data exfiltration to the disruption of missions and operational continuity. Whether it’s healthcare delivery at the Department of Veterans Affairs, transportation safety at the Federal Aviation Administration, or citizen services at the Social Services Administration, threat actors are targeting the systems that keep those operations running — with potentially devastating impacts.

Identity compromise, supply chain vulnerabilities, ransomware and resilience to ransomware also remain major concerns. Agencies are starting to accept that compromise will eventually happen, so the conversation is shifting from “How do we prevent every breach?” to “How do we recover quickly and continue the mission?”

There’s also growing concern around AI-driven threats, deepfakes and misinformation. AI is making phishing attacks more sophisticated and harder for people to spot. When you layer in threats to critical infrastructure — pipelines, electrical grids, railways — the operational implications become very real.

The big focus for agencies right now is resilience. How do you continue the mission regardless of the attack?

EBiz: How is AI changing the cybersecurity environment for government agencies?

Jacyna: AI is changing both sides of cybersecurity right now. It’s helping organizations strengthen defenses, but it’s also making attacks much more sophisticated.

We see that clearly in phishing and social engineering. Attackers are now using AI and language models to craft highly personalized, believable messages. Five or six years ago, many phishing attempts were fairly easy to spot. Today, some of these attacks are extremely convincing.

Deepfakes, voice cloning and vishing are also concerning. The line between legitimate and manipulated content is getting much harder for people to identify.

There’s also a growing discussion about AI systems, such as Anthropic’s Claude Mythos, that can identify vulnerabilities faster than organizations can patch them (including some that have gone undetected for years). That creates a very different kind of challenge because security teams are already operating in extremely complex environments.

The broader conversation now is around governance. As agencies adopt more AI and agentic systems, organizations will need stronger controls around what those systems can access and do. 

Companies like Okta are already starting to think about AI agents as identities that require governance, permissions, and access controls.

If you look at where the industry is headed, there may eventually be more AI agents interacting with enterprise systems than people. Legacy security models simply won’t be able to manage that effectively.

EBiz: Government modernization has been underway for years. What challenges still remain?

Jacyna: A lot of agencies are still modernizing on top of decades of legacy infrastructure that continues to support critical missions. That creates a unique challenge for cybersecurity leaders.

Most government environments today are highly hybridized — cloud infrastructure, on-prem systems and legacy applications all operating together. What works from a security perspective in the cloud doesn’t always translate cleanly to legacy systems.

Visibility is another major issue. It’s difficult to secure infrastructure if you don’t fully understand everything that exists across the environment, which makes continuous monitoring extremely important.

Patch management also remains a challenge because many legacy systems simply can’t be updated seamlessly. As a result, agencies are managing a complicated mix of security policies, technologies and risk postures.

What we’re seeing in response is continued investment in zero trust architecture, microsegmentation, continuous monitoring and security orchestration platforms that help automate some of those manual processes. 

EBiz: How important is workforce education and cyber awareness today?

Jacyna: It’s still incredibly important. I always say that people are both the strongest and weakest link within a network.

Most attacks today still involve some form of social engineering, and AI is making those attacks harder to detect. So cyber hygiene and workforce education remain critical. The agencies doing this well are focusing on continuous training, phishing simulations and role-based education instead of treating cybersecurity awareness as a one-time exercise during onboarding.

I also think organizations need to continue elevating the role of cyber operators internally. Technology is obviously important, but at the end of the day, people are still the ones making decisions and responding to threats.

EBiz: Are there any emerging cybersecurity companies or technologies you’re watching closely?

Steve Jacyna: One company that has really caught my attention is Doppel. They focus on AI-based threat detection and helping organizations identify sophisticated deepfake and impersonation attacks.

That entire category is going to become much more important over the next several years. As AI-generated attacks continue to evolve, organizations will need technologies specifically designed to identify deception and manipulated content at scale.

I think we’re still very early in that market, but it’s going to become an area of focus across cybersecurity.

EBiz: How has the federal government’s approach to cybersecurity changed under the current administration?

Steve Jacyna: From what I’m seeing, cybersecurity absolutely remains a priority for government agencies. You see that in the spending priorities, the RFQs and RFPs entering the market, and the continued investment in zero trust and modernization initiatives.

I think what’s changed is the visibility around it. During the previous administration, there were frequent executive orders and very public conversations around cybersecurity. Today, there seems to be more public emphasis on AI.

But those two areas are very connected. The more organizations adopt AI technologies, the more important security and governance become. Strong cybersecurity foundations are essential for successful AI adoption.

I invite anyone interested in learning more about the administration’s priorities to join me at the SANS 2026 Government Security Forum on July 22 (online). This forum brings together federal, state and local cyber leaders to share how they are strengthening mission readiness, modernizing infrastructure and improving cyber resilience.