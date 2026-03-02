Josh Salmanson, vice president and defensive cyber practice lead at Leidos, outlined several emerging cyber defense trends federal leaders should prioritize as part of modernization strategies.

As federal cyber priorities continue to evolve, conversations around resilience, modernization and emerging defense strategies are gaining momentum across government and industry. Leaders exploring these issues will have an opportunity to engage directly with peers shaping the cyber landscape. Register now and take part in the conversation at the Potomac Officers Club’s 2026 Cyber Summit on May 21.

In a recent GovCon Conversation video interview with Executive Mosaic Senior Content Manager Charles Lyons-Burt, Salmanson identified cyber deception, artificial intelligence adoption, risk management reform and the evolution of cyber defense architecture as key focus areas.

Why Is Cyber Deception a Priority for Federal Leaders?

Salmanson described cyber deception as an immediate capability that agencies can deploy.

He said deception can disrupt adversaries inside enterprise environments.

“If we put some speed bumps into our environment, that’ll trip up our adversaries and kind of illuminate the fact that they’re in our environments when we didn’t think they were. It’s a win,” Salmanson said.

He added that imposing cost on adversaries changes the defensive dynamic.

“When you can impose cost when they’ve been running roughshod over, you know, most of our defenders for a really long time, it’s a very nice win,” he said.

What Did Salmanson Say About AI & Machine Learning?

Salmanson addressed the pace of AI and machine learning adoption in cyber defense.

“I think AI/ML is definitely on its way. It’ll be here soon, but I don’t know how to define soon. I think it’s not quite yet ready to take on a leading role,” he said. “So we still need really good competent people to be able to make the decision as to whether or not we’re ready to trust the technologies.”

He noted that adversaries are already using AI to accelerate and increase the volume of attacks.

“I think what we’re seeing is it’ll be able to help balance out the fact that our adversaries are using it to just attack faster and at higher volumes,” Salmanson said.

He added that AI could improve filtering at higher fidelity rates.

What Are Salmanson’s Thoughts About Risk Management Reform?

Salmanson said reforming risk management processes is necessary.

He indicated that modernization efforts should significantly reduce system authorization timelines. Salmanson said that for new cloud-native and container serverless-based systems, agencies should be able to achieve an authorization to operate, or ATO, and a continuous ATO within under a week in most cases and possibly even less for many capabilities.

He acknowledged that legacy systems may require more time.

“The things that are based more on legacy architectures is going to take a little longer because we’re going to have to work through some of those conversion pieces,” Salmanson said.

He also emphasized that the Risk Management Framework must evolve beyond static compliance.

How Is Federal Cyber Defense Architecture Evolving?

Salmanson said he is seeing a “renaissance” in how organizations are examining the way they have architected and structured their cyber defense over the years, adding that while agencies will continue to rely on sensors, collectors, analytics and visualizations, those capabilities will take different forms.

He noted that tools that organizations have relied on over the last 20 years, including security orchestration, automation and response and threat intelligence platforms, may be overtaken by AI tools, particularly private AI and private large language models where the information is curated and managed in a way organizations trust.

The Leidos executive added that once that shift occurs, many of the capabilities traditionally associated with security operations will be refined and could convert into a more DevOps-like security operations model focused on detection engineering and response engineering rather than reviewing large volumes of alerts.