Public Sector Summit 2026: Key Takeaways for Forging a Cyber Strong Nation

Thank you to everyone who joined us for the 2026 Public Sector Summit. This year’s conversations were grounded in a shared mission: forging a cyber strong nation. That mission directly aligns with the recently released 2026 National Cyber Strategy, which calls for accelerating zero-trust architecture, cloud transition, and AI-powered defenses across federal networks, reinforcing the very priorities our speakers and attendees focused on throughout the summit.. It is about protecting critical services, enabling innovation that improves citizen outcomes, and modernizing security in ways that make our agencies and institutions more resilient, not more burdened.

Below is a high level wrap of the most consistent takeaways I heard from our speakers, along with practical actions you can apply as you plan what comes next.

1) A cyber strong nation starts with Zero Trust for every entity

The keynote reinforced a reality public sector leaders live every day: the mission depends on access, but security depends on control. The path forward is expanding Zero Trust beyond users to all entities that access applications, including users, cloud workloads, IoT and OT devices, and the next wave of AI agents.

That is a critical shift for forging a cyber strong nation, because national resilience is compromised when users or agents are "on the network" and can move laterally to discover sensitive assets. The right entity must have the right access at the right time, with continuous verification. When access is policy based and identity based, organizations can reduce exposure without slowing the workforce.

Practical takeaway: Treat “never put users or agents on the network” as a strategic principle. Build access around applications and identity, not IP ranges and implicit trust.

2) Modernize branches to stop lateral movement and protect services where they are delivered

Branches and field sites are where public sector services meet the real world: hospitals, clinics, schools, transportation hubs, regional offices, factories, classified sites, and mobile operations. Multiple sessions highlighted the same risk: a branch compromise can quickly turn into lateral movement and broad disruption, especially in flat networks built on legacy architectures.

The Zero Trust Branch model reframes the site as an island, similar to an internet cafe approach, where connectivity is granted through policy rather than through network adjacency. By moving traffic through policy enforcement and adding agentless internal segmentation for east west communications, organizations can make sites “dark,” reduce exposed attack surface, and limit blast radius during incidents.

This is exactly what forging a cyber strong nation looks like in practice: securing the places where constituents receive services, and where OT and IoT systems increasingly intersect with mission operations.

Practical takeaway: Use branch modernization as a dual lever for security and cost reduction. Simplify architectures, reduce appliance sprawl, and make segmentation policy driven instead of VLAN (Virtual Local Area Network) and ACL (Access Control List) driven.

3) Cloud resilience and secure modernization require avoiding “lift and shift” security

As government and public sector organizations expand cloud and hybrid adoption, the summit message was direct: do not rebuild old perimeters in new places. Extending networks into cloud or recreating north south and east west firewall patterns increases complexity and often fails to deliver the speed the mission requires.

Instead, speakers emphasized applying Zero Trust to cloud workloads, shifting from IP based rules to identity and tag based segmentation, and enabling direct to app access patterns that keep pace as cloud environments evolve. This approach supports faster onboarding and reduces chokepoints, while improving security posture.

Forging a cyber strong nation means modernizing without adding brittleness. Cloud adoption is part of that, but so is building continuity and resilience as more traffic flows through centralized security platforms.

Practical takeaway: If your cloud security still relies on legacy approaches like virtual firewalls and network based trust, you will keep paying a complexity tax. Move toward identity and policy driven segmentation that can evolve at cloud speed.

4) Transformation succeeds when culture and leadership match the technology

A theme that resonated strongly across customer stories was that the hardest part of modernization is often not technical, it is human.

Lockheed Martin spoke about a long horizon transformation effort focused on redesigning processes and building a digital thread - connecting systems and data end to end so work can be traced across the lifecycle, from requirements and engineering through production and sustainment. A key lesson was that resistance is frequently about changing how people work, not about the tools themselves. The Centers for Medicare & Medicaid Services (CMS) echoed this point from the perspective of operating at national scale, emphasizing empathy, partnership, and workflow redesign, especially for technical teams used to designing traditional network architectures.

CMS also shared concrete execution detail, including implementing thousands of micro segments to peel back access layers and remove unnecessary reach. This is the operational heart of forging a cyber strong nation: reducing risk one policy decision at a time, while keeping access stable for high volume, high impact services.

Practical takeaway: Build an adoption plan the way you build an architecture plan. Expect friction, engage early, and tie Zero Trust to mission outcomes rather than “another security tool.”

5) AI is accelerating innovation, and expanding the attack surface

AI was central to the summit because it is central to the future of public sector outcomes. We heard how government is moving from pilots to scaling by focusing on repeatable patterns and building toward standardized “AI factories” over time. We also heard how quickly shadow AI and tool sprawl are growing, and how difficult it is to govern usage when business teams move faster than policy and security processes.

Speakers consistently framed AI security in three practical buckets that align well to forging a cyber strong nation:

• Visibility and inventory: discover AI apps and embedded AI usage across users, endpoints, and cloud services.
• Secure access: sanction and enable approved AI platforms, restrict risky behaviors, and block what should not be used.
• Guardrails and lifecycle security: secure AI apps and infrastructure with runtime protection and continuous red teaming to defend against malicious behavior like prompt injection.

A major forward looking point was the arrival of agentic AI. As agents proliferate, they become both productivity accelerators and a new weak link. Securing agent identities, authorization, and agent to agent communication will be essential to preventing high speed, high impact misuse.

Practical takeaway: Start with AI visibility, then apply Zero Trust as the foundation. Move quickly toward guardrails and continuous testing so innovation can scale safely.

6) Threats are faster, more automated, and still deeply human

Threat intelligence sessions underscored how adversaries are chaining techniques across discovery, phishing and voice based social engineering, malware staging, lateral movement, and exfiltration through legitimate services. AI is helping attackers speed up reconnaissance, craft more convincing lures, and scale campaigns.

At the same time, several speakers reminded us that many of the most effective attacks still exploit human behavior. Email remains the top vector, and deepfake enabled fraud is a growing reality. Forging a cyber strong nation requires both technical control and operational readiness, including the ability to respond under pressure when adversaries time incidents for maximum disruption.

Practical takeaway: Align defenses to the attacker’s path: reduce attack surface, prevent compromise, stop lateral movement, and prevent data theft with strong controls across web, email, endpoints, and cloud.

7) SecOps needs context and closed loop enforcement

A recurring operational pain point was tool sprawl and alert overload. The summit highlighted the importance of modernizing traditional SecOps by connecting signals into context, prioritizing what truly creates risk, and then using Zero Trust controls for precise response. When detection and enforcement are linked, response becomes faster and blast radius becomes smaller.

Deception was also highlighted as a high fidelity signal, because interaction with realistic decoys is rarely legitimate. In complex environments, deception can help defenders detect earlier, reduce noise, and disrupt attackers before production systems are impacted.

Forging a cyber strong nation is not just about preventing incidents. It is about ensuring public sector organizations can detect quickly, contain precisely, and recover confidently.

Practical takeaway: Invest in approaches that reduce “chair swivel” and turn intelligence into action, including the ability to tighten access rapidly when threat conditions change.

Closing: What forging a cyber strong nation looks like next

If there is one takeaway I would leave you with, it is that forging a cyber strong nation is not a single program or product. It is a sustained commitment to modernize security around mission outcomes, resilient operations, and responsible innovation.

A few actions you can take now:

• Reduce attack surface by hiding apps that require authentication behind Zero Trust.
• Do not put users, devices, workloads, or agents “on the network.”
• Treat branches and sites as islands to prevent lateral movement.
• Segment mission critical applications and protect crown jewels with least privilege access.
• Build AI governance starting with visibility, then enforce secure access and add guardrails.
• Modernize SecOps with better context and faster response by correlating key signals into incidents, reducing alert noise, and connecting detections to enforcement so you can contain threats quickly.
• Plan for resilience as more activity centralizes through security platforms.

Thanks again for joining us at the Public Sector Summit. We are offering the recorded sessions on demand and hope these help you bring the ideas back to your teams and turn them into measurable progress as we keep forging a cyber strong nation together.