Federal cost cutting leads cyber contractors to rework ties with government

SAN FRANCISCO — On the sidelines of last week’s RSAC Conference, cybersecurity practitioners said the Trump administration’s broad cost-cutting push is pressuring government contractors to rethink how they deliver their cybersecurity services to agencies with diminished budgets.

The Department of Government Efficiency’s federal reduction plans have targeted swaths of agencies who have budgeted for digital defense tools like antivirus or endpoint detection software. Parallel efforts led by senior administration officials have also targeted core security offices like the Cybersecurity and Infrastructure Security Agency, which recently ended some threat hunting contracts alongside the pursuit of broader workforce cuts.

But the U.S. government remains a prime target for hackers, in part because its computer networks were built on aging legacy systems and continue to store sensitive, high-value information on thousands of workers. That setup has helped create longstanding relationships with the private sector, a dynamic that’s been called into question for the first time in years.

“I think there is a higher level of disruption in this current transition than perhaps we’ve seen in the past. And I think when you see disruption like that, it generates a pause in the marketplace as people try and process: What does this mean?” said Bob Ackerman, co-founder and managing partner at cybersecurity venture capital firm DataTribe. “What does this mean from a national security perspective? What does this mean in terms of cybersecurity priorities, in terms of cybersecurity leadership?”

“I‘ve talked to people in the administration. I understand [they’re] trying to rationalize budgets. I understand [they’re] trying to get rid of fraud, waste and abuse — I applaud all that,” he added. “But you need to step away from that and say, at the same time … if we’re trying to engage industry, how do we make it easy for industry to engage with us, as opposed to harder for industry to engage with us?”

Right now, agencies appear to be focused on vendor consolidation and buying cyberdefense technologies that provide a clear return on investment so that, in the event of a DOGE-fueled audit, they don’t lose out on vital services.

Michael Leland, VP and Field CTO at enterprise browser company Island, said his company is still able to have conversations and map out proofs of concept with government agencies, but they aren’t translating into significant purchases. Agency decisionmakers are figuring out where to divert currently-existing funds in order to secure cyber spending, he noted.

“No one has a budget for a browser, but they do have a budget for [Virtual Desktop Infrastructure], they have a budget for [Secure Access Service Edge], they have a budget for application performance monitoring. These are areas where we go and say, we can consolidate for you,” he said in an interview. 

“You don’t have to find more money,” Leland said, but agencies are “going to trim a little bit from this, trim a little bit from that.”

The administration’s cost-cutting drive coincides with its stated goal of deepening partnerships with cybersecurity vendors. At the RSAC Conference, officials said in public and private discussions that they still want industry’s help to combat nation-state hackers and cybercriminals.

“How can we ensure that our businesses are thinking about cybersecurity in their business decisions? That’s something that we need to address, and that’s going to require a strong partnership between the public and private sectors to change the way that we think about cybersecurity,” Alexandra Seymour, the majority staff director on the House Homeland Security Committee’s cybersecurity panel, said of secure-by-design initiatives. 

Alexei Bulazel, the top cybersecurity official on the National Security Council, also told RSAC participants that the U.S. needs to rethink the role it plays in protecting the private sector from cyberattacks and stressed that administration officials want to engage further with industry counterparts to better share threat information. 

For decades, the U.S. government has leaned heavily on private contractors to build, secure and manage its digital infrastructure, particularly as federal agencies try modernizing aging IT systems and respond to a rising tide of cyber threats. The cybersecurity ecosystem has become deeply embedded in government operations, especially after the September 11 terrorist attacks.

That relationship has long been symbiotic: Agencies get digital defenses and technical expertise, while contractors secure long-term federal clients.

“We’ve migrated. We’ve learned actually how to look at the relative strengths of industry, of government, and figure out: How can we actually create partnerships for impact?” said George Barnes, a former deputy director at the NSA and now a president at incubation firm Red Cell Partners. “And that requires trust, levels of transparency and relationships, acknowledging value that each can bring, focusing each one on what only they can do best, and not pretending that each can do everything.”