HSDF THE PODCAST
The Homeland Security and Defense Forum proudly presents HSDF THE PODCAST, an engaging series of policy discussions with senior government and industry experts on technology and innovation in government. HSDF THE PODCAST looks at how emerging technology - such Artificial Intelligence, cloud computing, 5G, and cybersecurity - is being used to support government missions and secure U.S. national interests.
HSDF THE PODCAST
The Autonomous Adversary Rethinking Cybersecurity for the Next Decade
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Welcome to our “TUESDAY EDITION of HSDF THE PODCAST,” a collection of policy discussions on government technology and homeland security brought to you by the Homeland Security and Defense Forum
AI is turning cyberattacks into a speed game, and the federal government can’t afford to keep playing defense with yesterday’s pace. We sit down with Michael Duffy, Acting Federal Chief Information Security Officer, Office of Management and Budget, to unpack why this is a true inflection point and what has to change before the next crisis forces everyone’s hand.
Featuring:
- Michael Duffy, Acting Federal Chief Information Security Officer, Office of Management and Budget
- Kate Yamashita, Managing Director, Global Security Strategy Lead, Accenture (moderator)
This discussion took place June 10th, 2026, at HSDF’s Cyber Symposium
Follow HSDF THE PODCAST and never miss latest insider talk on government technology, innovation, and security. Visit the HSDF YouTube channel to view hours of insightful policy discussion. For more information about the Homeland Security & Defense Forum (HSDF), visit hsdf.org.
Welcome And Who’s On Stage
SPEAKER_01It's so great to be here. I've been listening to the panel this morning and it's been really just fantastic to get the perspectives from so many different people in the room, both on the panel and the questions that we've been getting from the audience. So I appreciate everyone and your participation. Mike and I are super excited to be talking to you today. We're going to shift gears a little bit because we're going to talk about some common themes that you've heard already, because AI is definitely the topic of the generation, perhaps. But I think for me, what's going to be great about this dialogue here is getting the perspective of a CISO that's working in the federal space and on the front lines, making these decisions day to day. So taking some of these national security priorities and strategies and the changes that we're seeing, and how does that translate to decision making and real-time operational effect on the ground? So I'm really excited. Before I turn over to Mike for a quick intro, just why am I here? My name again is Kate Yamashida. I've been working at Accenture for the past eight years. I am on the commercial side. So I work across industries with all of our clients, advising them on cybersecurity and seeing the latest and greatest changes. One of the great things about Accenture, however, is that we also have Accenture Federal Services. So I get to partner with our federal services to inject what we're learning from the commercial space into our federal services so that we can collaborate. And when they work with people like Mr. Duffy and Sissa and other federal agencies, we do that from a very informed space. So that's why I'm here. Really looking forward to learning more today from Mr. Duffy and others. But I'll let Mike introduce himself and then we'll get started.
SPEAKER_02Fantastic. Thank you, Kate. Great to be here again with all of you at this year's symposium. My name is Mike Duffy. I'm the acting federal CISO at the Office of Management and Budget. That is a White House office that oversees the work of our federal departments and agencies. So the executive branch, cybersecurity posture, the way that we're improving the way that agencies are building out their cyber programs, the way that we are building out what is an enterprise cyber program. And to ensure for my role, is we're looking at the federal CISO across all 101 federal agencies, how we're thinking about performance improvement over time. So it's especially important to have this discussion about where we are with artificial intelligence, where agencies are building out capability, what the workforce looks like, how we're thinking about risk in different ways moving forward, and how ultimately we can position the federal government to be a leader in AI-enabled cyber defense.
SPEAKER_01We're going to do all that in under 30 minutes. Buckle up.
AI Creates A New Inflection Point
SPEAKER_01Great. So just to get started again, we've talked a lot about how AI is impacting security. And obviously, this rapidly evolving threat landscape towards an autonomous enabled threat actors is making all of us as defenders think differently, maybe about the problem. And this is really being seen as a fundamental shift. And on the earlier panel, they talked about the shift is primarily about speed. So a lot of the challenges aren't the same. It's speed. But I think that still has a lot of impact again on the decisions that we're making on a day-to-day basis to make sure that the adversary doesn't outpace us or continue to outpace us because our cyber defense models are outdated for habits. So today we're going to go through a range of topics, like really want to think about how this changes cyber defense and what we're doing to defend at machine speed. We're going to talk about a shift from vulnerability to exposure management and really think about what resilience and how that plays a part in our strategy. And then go into again some of the government industry cooperation that we talked about in the earlier panels. But either way, end to end, a lot of people are talking about this. And so I'm interested in hearing from your perspective, Mr. Duffy, is this truly a fundamental shift? And how do you think that OMB is showing up to really respond to that shift in the industry?
SPEAKER_02I definitely see this inflection point happening right now. I think everything from the way that agencies have internalized what they're seeing from the threat landscape to the way that they are working with industry and their partner agencies to think through what it means for us to tackle the challenges in the road ahead. I've often said that our current federal cyber policy apparatus, the framework that we're currently working off of, was largely shaped over the past decade based on the result of major incidents, major events that have hit the federal government in one way or another back to 2015 and the OPM breach, more recently, the solar wind supply chain compromise. A lot of policy came from those events. A reaction to what happens to the federal government could say, never again. We've taken steps to ensure that what got us once won't happen to us again. And that's worked fairly well for the past decade. I think we've built a strong foundation in the way that we're looking at high-value assets, the way we're scanning our networks, the way we're building out architectures to be more resilient against the threat. And we've been in that kind of reactive to in the wake of the cyber crisis mode. Why it's so important for us to think of this as unique and a different type of inflection point is because we can no longer be in a posture where we are waiting for the next crisis to occur for us to make dramatic change. At that point, with AI capabilities and the speed of automation, I think we'll be too late. So right now, why this is an inflection point is because we have to understand what's coming down the road and take steps now to ensure we're ready for it. There's been a lot of discussion of resilience, a lot of discussion about how we can ensure we have greater operational visibility, greater insight of what's happening across within our networks, across our networks, and across the federal government as a whole, and how we as a larger, broader cyber community can tackle this. That is the inflection point that we're in. That's where we have to make sure that now is the time to act, not waiting for the next crisis to occur, but understanding the severity as well as the opportunity of what artificial intelligence and the capabilities provide to the federal government. Now's the right moment for us to harness that and ensure that our policy for the next decade is purpose built for this moment.
SPEAKER_01Yeah.
unknownYeah.
SPEAKER_01And I think you talked a lot about crises, and maybe this isn't one, but never let a good crisis go to waste. And I think on the commercial side, that is my clients are absolutely in crisis mode, right? They are trying to figure out how to leverage this to get the type of funding and or initiatives passed so that they could really keep up. Because I think that to your point, like it's really difficult to be proactive without the crisis. And so treating this as such, even if it's not as an opportunity to get out in front of it, I think is really important. And so you touched on this a little bit, but again, given this inflection point and just how you've operated over the last six to 12 months when this has really become come to light, what have been your top priorities?
Three Federal Cyber Priorities
SPEAKER_02So we're fortunate in the fact that since a lot of these cyber models have come up, the cyber community by and large has sprinted towards having these conversations about what needs to happen. So many of you have likely seen really good recommendations, reports, analysis based on everything that we're seeing in the cyber-centering models and what that means to build a cyber ready program for the foreseeable future. So, all that's to say, generating a to-do list of what needs to happen is really the most simple part of this. Applying that to-do list to unique agency missions, complexity in architectures, and the reality of kind of operating every day is where the challenge really is. Fortunately, we've been seeing this coming for some time. I think the federal government has taken steps over the past several years to ensure resilience of its systems, to ensure that we are framing things like zero trust and hardening cloud environments and reducing exposures. We've seen a lot of discussion from the federal government through CISA, through other parts of government, this discussion on edge devices, ensuring that end of life, end of service, edge devices are being focused. Priority number one, make sure that we're not making it easy for adversaries to get into our networks. And that continues. I think the way that I've described it, I think last year when I was here, was my priorities are kind of broad framework in understanding how we can focus our enterprise cyber defense across all federal agencies. That's the collective cyber defense side of it. How do we unify the work that's happening across all agencies to make sure that the sum is greater than the sum of its parts? The way that we're approaching this as a government is one unified effort. The second is how we're looking at improving operational resilience. This is something we've seen after every crisis, is ensuring that we're able to continuously deliver on the federal government's critical mission in the face of an advanced persistent threat. The last part of it, which has been really important to where we are right now, is securing a modern U.S. government. And this is a recognition that we are driving for change. We are looking for modernization across the federal government, either through the efficiency initiatives, through optimization, through looking at artificial intelligence and new capabilities coming online. We know that the business of government is changing. And that means we need to consider the way that we need to protect that data, ensure our mission, and really make sure that the federal government is one step ahead of the threat when it comes to the way that our business is being delivered. So, through that, though, you ask the way that we're taking those priorities forward is convening agencies, using my authority through the Federal CISO Council to bring all agencies to the table, have a discussion of where you are in your maturity against this threat, how you're building out your artificial intelligence cyber tool stack, how you're considering risk across your mission, not just in the cybersecurity silo, but across your business units within the mission. And really the CISO has to understand what's coming and what's next. So, really tactically, we've been looking at this through three ways. The first is I mentioned a lot of those recommendations for how the federal government or how organizations as a whole need to ready themselves for this new era of AI. So it's addressing that head on, making sure that federal agencies have what they need. They are equipped and ready, they are built through policy, through practice, they have tabletops and they've had adequate plans to ensure the correct level of cyber posture against the coming threats. The second is making sure that the tool stack is being optimized to the degree possible. We've heard a lot from agencies over the past several years that how can we integrate? How can we ensure that we are consolidating these rather expensive investments being made across individual agencies? How are we looking at that from an enterprise perspective? How are we looking at component agencies and ensuring that there's an enterprise approach to gain greater operational visibility, to drive the right level of risk decisions at the senior levels within that department, and ultimately bake that into the mission? The third area that's equally important is making sure that as we're considering what is happening across individual agencies, that is being built into the risk calculus where CISOs alone are making these cyber-centric decisions. CISOs bet understand the mission better than they ever have. And we have to ensure that driving that level of cultural change within departments and agencies is critically important right now. We know that things are moving fast, they're moving automated. We know that adversaries are able to know environments and architectures better than a lot of organizations know themselves. And that means it's important for CISO to truly represent the business line, truly represent the mission to ensure that the capabilities, the resources, the priorities that they are putting forth are really addressing that business need so that we aren't talking about downtime and mission impact and a failure in the way that we've architected our networks.
Empowering CISOs Beyond IT
SPEAKER_01Oh, I was gonna make a joke about how that sounds really easy, but oh, I think I got anxiety just thinking about it. Because it's a very large ask. And I think doing it across federal space is obviously it's critical and it is monumental.
SPEAKER_02And you do I think the one good thing is agencies right now are passionate about this. They've been given the direction we have to optimize, we have to find efficiencies. Those who are right now on the front lines at federal agencies are really inspired by the fact that they have the potential for new capability, the potential to make a true impact. And frankly, top cover from OMB, from CISO, from the Office of National Cyber Director, you heard someone on the previous panel. This is a moment where we are empowering CISOs and CIOs to have these discussions across their departments and agencies so that they are able to say, I'm making a risk determination on behalf of my mission, and it's not siloed just within the IT portfolio. That's a big step forward.
SPEAKER_01It's huge. And that would, that was gonna be my question. You took it right out of my mouth because you mentioned culture change and empowering CISOs. And I get that people within the security organizations across the federal space understand the mission. But are you seeing those headwinds and are you seeing that mission being translated outside of the IT world and getting a lot of support?
SPEAKER_02We had a few agencies early on in the administration take a look at their cyber programs, and this was a year and a half ago or so. A few of them said, let's run a sprint of the known exploited vulnerabilities across the agency. Look at the backlog. How can we take this backlog to zero? And maybe there was no practical way to get to zero, but let's make best effort. Let's test our systems, let's ensure our capabilities are up to the challenge. Let's make sure that we are not only integrating and consolidating our cyber tool stack for this moment, but we're also thinking about how we're consolidating and integrating our SOPs. And this is exactly where the cyber mission needs to further integrate to every other business line, every other mission set within the organization, because a CISO will be the first one to say, I said all the right things. I said that needs to be patched immediately. I said that this was an issue, but that only goes so far. That went fairly far in the old world of cybersecurity, where it was less likely that an adversary was everywhere all the time. Now, with machine speed, with automation, with something that's truly concerning, which is this practically autonomous attack path discovery, which throws that out the window. It's truly important for a CISO now to understand their mission better than they ever have before, to have that seat at the table with senior leadership at the agency so that they can provide a sense of where the risk lies and where they can address this decisively and how they are speaking on behalf of agency mission and not just as the cyber people within the agency. That's a big shift.
SPEAKER_01That's an important one. Having stakeholder buy-in and having people understand the mission, I think really unlocks our ability to protect holistically. Otherwise, we're doing it in a sile in a bubble and it's never effective. So you mentioned a lot of topics that I want to make sure that we could at least touch on, even though we don't have enough time. And
Pre-Authorization And Machine-Speed Response
SPEAKER_01one is looking at sort of the broader security posture and you mentioned cyber defense. And I think one thing that's interesting is looking at the role that AI is playing, not just for the autonomous adversaries, but how are we leveraging it for our defenders? And in the federal space, we often talk about human in the loop, right? But when the threats are moving so quickly that we no longer have time to have humans at every decision point, how do we really start to restructure the way that we think about cyber defense and leveraging AI as defenders in an effective way to protect the federal government?
SPEAKER_02We in March convened industry partners, agencies at the White House and had a discussion, an open discussion of to private sector partners, what is the latest and greatest technology on continuous event monitoring, on threat hunting, investigation, response, forensics, all of these tools that we've been hearing about. What's real? What is most mature? What is able to be incorporated within an agency tool stack today? That was a really enlightening conversation for many CISOs. It also brought to light conversations on pre-authorization, something that speeds up. If you're talking about machine speed and AI, it's really making sure that CISOs feel empowered to preauthorize certain actions within their environment. When we look at this, we're saying that we need to get to machine speed. We need to ensure that our detections and response capabilities are firing off. That means we need to make sure that the machines have access to adequate logs, that they are searchable, that they are relevant, that we're looking at tailoring them based on risk, based on the mission of the organization. And that's been an important step forward. You've seen recently with the issuance of a new OMB policy on logging. This was really to say that times have changed. What M2131, which was the original logging memo from OMB, really sought to address, and it did drive progress in logging across the federal government, was we need more logs. After the SolarWinds compromise, OMB and CISO went to threat hunters and say, how can we make sure this doesn't happen again? The answer was logs. When we're looking now with artificial intelligence, with the capabilities we have now, I think the recognition is we have to make sure we're focusing on the right things, that we're prioritizing the right types of logs to enable machine speed actions, cyber defense at scale to ensure that we're keeping up with our adversaries. And that is a more tailored approach to the way that we're building a framework that is both risk-based, organization-centric, really understanding the organizational risk profile within an agency and say these are the types of logs, continuous event monitoring, threat hunting-related logs that we need on the ready. Now, you mentioned cumin in the loop. I think this all ties together in the way that we're thinking about the logs that we have accessible, the capabilities we have that are firing off these machine-to-machine type responses. It is a moment now where I mentioned that CISOs really have to understand their mission, have to be part of these decision-making process. When we're looking at pre-authorization, where we're looking at policy-bounded automation. This is all central to what we're looking to do in building and configuring these capabilities at the federal agency level to ensure that we've already made the decision that these types of actions can occur. And that allows it to move as quickly as possible anytime we're seeing this kind of threat action. Now, that's to say that makes the human really an important part of that loop. It also means that the human, the CISO, the senior decision maker, has to understand how to enable the mission, how to facilitate this kind of cyber effect without pre-authorizing too much or taking down systems or feeling that you need to continue to be in the loop on every decision. We want to make sure that we are considering risk in different ways. I know we've said for the past decade that CISOs are thinking about mission risk and the way organizational profiles go. This is the moment where that really matters. Really making sure that the CISO is able to definitively say, these are the types of actions that I'm comfortable with my tool set making. This is the way that I'll tune it and ensure that a word that you'll hear more and more now is less on human in the loop, but governance in the loop. Thinking about the way that you can set policy, the thresholds, the exceptions to the way that those capabilities are firing off so that the CISO, the SOC, the security team can watch all of this happening and navigate to ensure that you're calibrating as threats come online and to ensure that you are taking advantage of machine-to-machine type detection and response capabilities.
SPEAKER_01Yeah, it's it's fascinating because not only is it important to be thinking about this, but just what I think is inherent in the logging, the OMB logging memorandum, and is the fact that we can collect infinite amounts of logs now. So one, another thing the AI unlocks is our ability to do that, right? Because data, the big data problem was something that us as security professionals back in the 90s, we were up against all the time. And so now being able to say that I can have maximum amounts of visibility to drive those risk-based decisions is something that is relatively novel. And it's using that at our fingertips and taking advantage of that, I think really drives the outcomes that you're talking about. You
Moving From Vulnerabilities To Exposure
SPEAKER_01also talked a little bit earlier about exposure management. I think to me, this is a really fascinating shift, right? We took in light of mythos and these models that are coming out, obviously it's just we're all panicking about just the volume of vulnerabilities that we're going to be seeing. And so we have to touch on the fact that vulnerability management, the way that we did it before, is no longer capable. And I think the thing that's really interesting to me, because you talked about risk, is how we assigned risk scores and criticality to those vulnerabilities and how that needs to change over time. When we see this shift from old school vulnerability management to continuous front exposure management, I think there is that is a big leap for a lot of entities to take. How are you navigating that transition and what does that look like for OMB?
SPEAKER_02I think what when we're thinking about the shift from vulnerability management to exposure management and considering the, I mentioned briefly, just the concern of attack path discovery at scale, kind of adversary comprehension of our networks in ways that we never expected before. This is where when vulnerability management is looking to address what is broken, what need what it needs to be fixed, what is broken across the board, let's count everything that has a CBE that we haven't patched yet, versus where we need to go, which is that understanding of are you exposed to likely adversarial activity? Can you make it very difficult for an advanced attacker to leverage that attack path? Are you closing off all of those openings within your organization? That's quite different from going down the list of what needs to be patched. Of course, as in my role as federal CISO, there's always a concern about burnout in agency cyber teams. We've seen that time and time again with resource needs and workforce and skill set shortages, ensuring that we are focusing these really capable, focused cyber defenders on the right things, not spreading them thin to tackle every problem that can be observed within an organization, but really making sure that they can tailor the approach, focus on what matters most, the types of vulnerabilities that we're seeing. Exploited across the scale across the globe and make sure that exposure management side of it stays top of mind. You've heard, I don't know if CISA was at the symposium earlier today, but CISA has been talking about a new way that they're thinking about the Kev catalog, a new way to think through remediation to ensure that we are focusing on what's intranet connected, what could be automatable. How are these exploits chaining together in different ways because of AI so that we're not just chasing down? I mentioned the agency teams trying to get to zero in their backlog of the keves that exist within their environment, thinking about this differently to ensure that we are truly closing off what matters most and making sure that we're protecting against the threat as they move.
SPEAKER_01Yeah, it almost seems like an oxymoron to say that we have finite resources and we're worried about burnout, but we want to shift to a continuous model. And so I think really making sure that we are doing what we can to not only automate what we can, but to your point, I think get the right information, get the right prioritization into the hands of the people who need to make the decisions.
SPEAKER_02For sure. And I think there's a there's nuance between continuous visibility and continuous validation and shifting that model to say I know what's happening and I can make a determination of whether it is worth the time and effort to move things forward on that specific vulnerability, or is it something that I can leverage zero trust or put forth a containment first strategy to ensure that I've taken appropriate steps and I'm not chasing patches?
SPEAKER_01I
AI Executive Order And Agency Sprints
SPEAKER_01know we're almost out of time, but I do have one more question because we talked a lot about the AI executive order, and then hopefully there'll be a few minutes for QA. But just from your perspective, again, as a federal CISO, this uh the AI executive order is coming out. How are you and other CISOs across the federal space responding to that? And how do you think the different branches are going to really take on the challenges that the AI executive order is putting out there?
SPEAKER_02I think it is a really exciting moment for agencies to look to translate. Translate what they've heard from the executive order, the direction of where things need to go at the federal agency level, how they can rethink their cyber posture based on the threats. And frankly, I think this was clear in the executive order. Make use of the opportunities that we have with AI capabilities, leverage them as part of an optimized cyber defense tool stack. Ensure that we are building out policy and programs at the enterprise level to ensure that we're driving forward with AI in mind. Specifically, we're working, as I mentioned, at the Federal CISO Council to talk about what matters most right now. What is a sprint that maybe we were thinking we'll get to this in the next two years? But let's really make sure with the resources and capabilities we have today, can we do more today in a collective way, in a way that we are standardizing the approach across agencies to make sure that we can share lessons learned, to understand what has worked for some, what may work for others. Because frankly, as we're looking at this inflection point of where we're going as the federal government faces the threat and opportunity of AI, it's ensuring that we can take some meaningful step forward. Even the most mature agencies need to take some actions. This is a really good time for us to look across the board, how we can take cohesive, collective action and then share back with each other this worked. This didn't. We need immediate changes to policy XYZ. We need to re-architect the way that we're thinking about this program. There's plenty for us to work through. And that's right now the focus is first and foremost, how do we build an advanced AI ready cyber defense program at agencies? How do we make sure that we've have policy and enterprise level programs that are leveraging both the technology and also this moment to make sure that I'm not up here next year saying the past 11 years were built on blah, blah. We are saying we're confident in the approach that we've taken. We have the capabilities, the know-how, the expertise to confront the threats as we see them today. And we do that in a decisive manner moving forward. And the third is, of course, this continuous refresh of our cyber tool stack. So agencies right now are leveraging things like the continuous diagnostics and mitigation program at CISA, leveraging that foundational cyber defense program to make sure they have the capabilities necessary for this environment. Now, right now we're working with CISA to modernize the way that this is delivered to agencies, to ensure that integration is across department levels. So that's driving decision making at the agency level, not just the CISO, not just the CIO. But as I mentioned, now is the moment for CISOs, for CIOs to drive that level of culture change where they understand their mission. They are part of those discussions with the business units, and they're having the risk calculus change at the senior level to make sure that they can navigate what AI brings forth, the good and the bad.
Shifting From Compliance To Outcomes
SPEAKER_01That's amazing. And again, no small task. So, in closing, at least for me, if you could make one decision, one change, one policy decision or budget investment, whatever it is, what would you do?
SPEAKER_02I think we're starting it. I think it's this conversation of changing the way that we think about risk, the way that we are shifting from a very compliance-centric focus to one where we're looking at operational cyber outcomes. You'll see that in the policy that's coming out of OMB. A good example is a logging memo. It's easy to count on compliance. It's easy to look at have you done X, Y, and Z thing? Do you have these logs in this rigid way? Versus establishing a framework that allows agencies to be more flexible. That is less easy for someone in my role to say, did you count the right check the right boxes? But it's meaningful for the agency. It's delivering on those operational outcomes in ways that matter for organizations and across the enterprise. You'll be seeing more of that. And it's that shift from compliance alone to frameworks and models that allow us to flex, to adapt within this environment to make sure we're taking appropriate steps against the threat.
SPEAKER_01Okay, I think we're just about out of
Audience Q&A On CSOs And Workforce
SPEAKER_01time. Do we have time for a few questions? Are there any questions in the audience?
SPEAKER_00Or what permeates throughout society, particularly when we're talking about national security, economic prosperity, public well-being. Thank you. And in thinking through the next decade or so, have you thought from the OMB perspective of thinking about or benchmarking performance if it's jointly in an agency between the CISO and the CSO, the chief security officer? There, I think that it would be interesting to s to see the kind of data that a CSO is privy to, workforce issues. And I think there might be a piece of growing the cyber workforce by incorporating folks who have grown up in the security world, different the different disciplines there. So just a thought to address it. Because nobody said critical infrastructure a couple of decades ago. I'm just gonna say that.
SPEAKER_02Excellent. I think it's a really great point. And I have been thinking about not only from the CSO perspective, but we're looking now is as I said, CISOs have to truly understand the mission and not the cyber mission, not the IT mission, but the actual mission to the American people that they are delivering on. The CSO is a great kind of connectivity in the way that the CISO cyber program relates to the CSO. We've also been thinking about everything from the chief data officer, the AI officer, down the line, chief procurement officer. When we talk about the changes that we've seen as a CISO in the federal government in the past decade, I haven't yet spoken about the fact that things have drastically changed in who's sitting at the cyber discussion table: chief procurement officer, chief data officer, legal officers, all of these different groups, as I say that cyber needs to continue to integrate across those various mission levels to speak on behalf of the mission for cyber risk and risk broadly. The same is going from their perspective as well. How can I sit at the cyber table if I'm the procurement officer or the acquisitions officer to make sure that we're looking at supply chain, that we're looking at other risks? So I think it's a great point of both, and I love, I think you weren't mic'd for this. So I'll say it again. The federal government sharing the way it operates as a way to inform the dialogue at the national level. I truly believe that. I think that the policies, the operational directives, the results of our programs, the reason it's so important for those to be public is because those matter everywhere. Though federal government and the way that our architectures are quite unique, the way that we're approaching cyber defense is something that is that is applicable anywhere across the nation. And we have that duty, I believe, to make sure that other parts, critical infrastructure, small partners can look at the federal government and say, hey, there's a new binding operational directive on this topic. I should look into this one as well. That communication is an important tool. Thank you for the question.
SPEAKER_01Okay.
Final Takeaways And Closing
SPEAKER_01I think that's all the time that we have. Thank you, everybody. And thank you so much, Mike. That was a really great discussion. I learned a lot, and I'm always a little bit more anxious after speaking to you and others. But again, thank you for your time and thank you, everyone, for your participation.