How federal cybersecurity teams can adapt to a post-DOGE environment

Wong Yu Liang / Getty Images

COMMENTARY | The long-lasting impact of DOGE has been to accelerate a broader shift toward more disciplined, efficient and operationally resilient security strategies. 

The actions of DOGE may have faded from the news cycle, but for government chief information security officers the cuts that were made last year still feel fresh. Most are facing rising cyber threats with leaner teams and smaller budgets, including increased risks tied to the Iran conflict

There is a silver lining, however. Many security teams are using this moment to modernize and operate more efficiently. They’re not necessarily trying to do more with less. Instead, they’re prioritizing, automating and simplifying.

What’s more, CISOs are concerned but not panicking. A new Forrester Consulting report found only 38% of public sector cybersecurity decision-makers are confident in their agency’s cybersecurity posture in the wake of headcount reductions. But those same decision-makers are proactively — and successfully — adapting their risk management approach to accommodate the current reality.

Here are the operational shifts they’re adopting to meet the demands of a post-DOGE world.

A renewed focus on high-priority vulnerabilities and critical infrastructure

Agencies simply do not have the resources to try to protect everything equally. According to OPM workforce data published in March, the federal government had experienced a net workforce reduction of more than 278,000 employees since January 2025. As a result, security teams are under pressure to move faster while managing increasingly complex environments with fewer people.

That reality is forcing CISOs to become far more disciplined about how risk is prioritized and managed. Instead of spreading limited resources across every possible vulnerability or compliance requirement, agencies are increasingly concentrating on the systems, networks and data sets most critical to mission continuity and public services. According to the Forrester report, most security teams are focusing on network security, data loss prevention and incident response, all areas where operational disruption or data exposure could have immediate consequences for agency operations and citizen trust.

This represents a broader shift away from attempting to defend every asset equally and toward a more mission-focused security strategy. That means improving visibility into critical infrastructure, reducing response times for high-impact incidents and ensuring analysts are focused on the threats most likely to create operational or reputational damage.

An emphasis on operational simplicity

DOGE was ostensibly about streamlining government operations and creating greater efficiency, though for many agencies that ultimately manifested in workforce reductions. Those staffing cuts have also forced CISOs to confront a challenge that had been building for years: cybersecurity environments had become too complex to manage effectively. Tool sprawl was already creating operational inefficiencies, fragmented visibility and alert fatigue. 

With leaner teams now responsible for securing increasingly complex environments, maintaining large collections of disconnected security tools is no longer sustainable. CISOs must respond by consolidating technologies, improving interoperability across platforms and prioritizing integrated environments that provide clearer visibility across networks, endpoints and data. 

The goal is not simply to reduce the number of tools, but to eliminate overlapping capabilities and redundant workflows that add complexity without improving security outcomes. Agencies that simplify operations while maximizing existing investments will be better positioned to respond to an increasingly sophisticated threat landscape.

A commitment to AI and automation 

Earlier conversations often centered on whether or not to experiment with the newest AI capability or add another tool to the already overflowing stack. Now, agencies must stop and ask if what they’re considering will actually help their smaller teams operate more effectively.

Even as agencies consolidate, many analysts are still forced to jump between disconnected systems and manually piece together information during an incident, creating operational drag when speed matters most. Automation and AI can help reduce that friction by correlating data across security environments, prioritizing high-risk activity and giving analysts faster access to the information they need during an investigation. That allows smaller teams to spend less time managing workflows and more time responding to threats. 

A willingness to adapt

In the immediate aftermath of DOGE, there was understandably much concern over how staff cuts would impact government cybersecurity operations. Would the reductions be an open invitation for hackers to target agencies they perceived as vulnerable? Would this finally be the chance those adversaries have been waiting for? 

A year later, agencies are still very much targets, but enterprising CISOs have managed to successfully adapt their cybersecurity strategies. They’ve become more focused on critical issues. They’re reducing the number of unnecessary tools clogging up their systems. And they’re creating environments that give smaller teams clearer visibility across the tools that are remaining.

Instead of diluting agencies’ cybersecurity infrastructure, the long-lasting impact of DOGE has been to accelerate a broader shift toward more disciplined, efficient and operationally resilient security strategies. 

Brian currently leads a 500-person organization spanning sales, sales operations, channel management, customer success and post-sales engineering across the Broadcom and VMware businesses at Carahsoft, supporting more than $2 billion in annual revenue.