Mounting cyber defense in the face of unexpected staff reductions

The landscape of federal cybersecurity is undergoing a significant shift. This new reality adds an extra component of complexity to the cybersecurity strategy: achieving strategic goals like Zero Trust and Continuous Threat Exposure Management and fortifying defenses with fewer people, tools and processes than before. Recent workforce and budget reductions, exemplified by the Department of Government Efficiency’s initiatives, are directly impacting agencies, including critical bodies like the Cybersecurity and Infrastructure Security Agency. This amplified challenge demands a recalibration of cybersecurity strategies, compelling agencies to strategically leverage their core capabilities.

Federal agencies operate in a unique environment compared to the private sector. Their attack surface is vast and diverse, encompassing critical infrastructure, sensitive national security data, and public-facing services. The threat actors they face are equally unique, ranging from nation-states with sophisticated capabilities to hacktivists and cybercriminals. Building a robust security posture in this context is a continuous journey, often refined through years of experience and adaptation. However, the abrupt changes introduced by DOGE present an immediate and intensified challenge to these established primitives, demanding rapid and effective adjustments under increased constraints.

In this challenging environment, security leaders must focus on foundational principles to maintain and enhance their agency’s cyber resilience, all while navigating the complexities of reduced resources. Here are key areas to prioritize:

If you can’t see, you can’t prioritize and secure

In times of reduced staff, understanding the entirety of your digital footprint is paramount. Having a full understanding of what systems and assets — yours, your contractors’ and other agencies’ — are touching your data and processes becomes the bedrock of any effective security strategy. Without a clear and up-to-date source of truth for your attack surface — from workstations, to on-prem servers, to identities and private or public cloud services — it becomes impossible to prioritize and address risks with a resource constrained team. Siloed intel across disparate tools creates blind spots that adversaries can readily exploit. Integrating data from existing security and IT tools to establish a single source of truth for digital assets is crucial for effective decision-making when resources are scarce.

Focus team time and resources on what matters most

With fewer personnel, maximizing the impact of your team’s efforts is critical. Achieving strategic goals like Zero Trust and CTEM requires focused effort. Identifying major security gaps and addressing them at scale should be a top priority to ensure progress despite limited resources. The ability to prioritize security efforts based on the combination of target risk, likelihood of attack, and presence of exposures becomes critical. The combination of technical risk severity — i.e. common vulnerability scoring system — with business context — i.e. crown jewel, in production — and asset context — public network traffic, unpatched, missing endpoint protection — allows your personnel to focus their attention where it will matter most. This targeted approach keeps the security program in shape despite fewer resources, while keeping the team morale during this period of change.

Accelerate your abilities to act on change

The federal landscape is being further transformed by DOGE’s initiatives. This necessitates an agile approach to security, with the ability to quickly detect and respond to changes in the asset footprint, all while striving towards Zero Trust with fewer resources. Automated processes for cyber hygiene, such as removing software, reclaiming software licenses, recovering equipment and deprovisioning access for departed personnel, become even more vital. Automation plays a crucial role here, enabling security teams to safeguard least privilege in times of change and with reduced workforce.

Applying the Pareto Principle to cybersecurity

To compensate for staff reductions and continue the journey towards Zero Trust, agencies must embrace automation as a force multiplier. Applying the Pareto Principle — the 80/20 rule — to security operations means focusing on the 20% of efforts that yield 80% of the results. This involves identifying repetitive and time-consuming tasks — such as data collection, vulnerability triage and scanning, and basic remediation — and automating them. By managing assets at scale through automation, security teams can maintain a strong security posture despite having fewer personnel. This allows the remaining team members to focus on more complex and strategic challenges, contributing to the overarching goals of Zero Trust. Building a virtuous cycle where automation frees up resources for further optimization and enhanced security measures is key.

Setting a strong foundation for resilience

Implementing advanced security frameworks like Zero Trust remains important for long-term resilience. However, their effectiveness is significantly amplified when built upon a solid foundation of comprehensive visibility and robust actionability, especially with constrained resources. Knowing what assets exist, their configuration, and their relationships is a prerequisite for enforcing Zero Trust principles effectively. Similarly, understanding the attack surface and having the ability to act on identified threats are essential for a successful cyber threat and exposure management implementation.

In this era of change and resource constraints, federal security leaders must continue to achieve strategic objectives like Zero Trust and fortifying defenses with even fewer resources. Obtaining a system of truth for the attack surface and empowering their teams to take swift and decisive action is paramount. By focusing on foundational visibility, instrumenting prioritization, and embracing automation, agencies can navigate change and continue to mount a strong cyber defense, ensuring the security and resilience of critical federal systems. The strength of an agency’s cybersecurity posture will increasingly depend not just on the size of its team, but on its ability to strategically leverage technology that removes silos and drives effective action at scale, even with limited people, tools, and processes.

Dean Sysman is the Chief Executive Officer and Co-founder of Axonius.