Late last month, millions of U.S. federal workers received an email titled “Fork in the Road.” It invited them to resign while receiving full pay and benefits through September. Tens of thousands of employees have taken the Trump administration up on its offer, amounting to a seismic shift in the federal workforce.
Public sector cybersecurity is at its own crossroads. U.S. agencies are being asked to do more with less, and pressure is mounting amid layoffs and intense budgetary scrutiny driven by the Department of Government Efficiency (DOGE). On Wednesday, the White House issued a new executive order (EO) tasking agencies to work with DOGE finding further cuts to their activities and workforces.
Setting aside the politics of the bureaucratic shakeup, federal agencies must hold the line against nation-state adversaries. (Hailing from a CIA background, I respect this mission more than most.) A day after the latest Trump administration EO, Cisco’s Talos intelligence arm issued an investigation into the Salt Typhoon threat actor, a Chinese state-sponsored cyberespionage campaign known to have targeted U.S. government networks and critical telco companies.
“There are several reasons to believe this activity is being carried out by a highly sophisticated, well-funded threat actor, including the targeted nature of this campaign, the deep levels of developed access into victim networks, and the threat actor’s extensive technical knowledge,” Talos researchers concluded.
How can the U.S. government drive efficiency while squaring off against the likes of Salt Typhoon and the even more alarming, critical infrastructure-focused Volt Typhoon cyberthreat?
PTaaS: A Path to Efficiency
As Synack’s integration partner ServiceNow pointed out in a recent announcement touting its own efficiency efforts, the U.S. government spends around $125 billion on IT annually. Like their counterparts in the private sector, agency CISOs are poised to field pointed questions about the cost and effectiveness of their cybersecurity programs. How can they leverage data to prove their security programs are a responsible use of taxpayer dollars? What changes should they make now to underscore the strategic value of their security program so DOGE doesn’t see it as a cost center?
The dust has not settled on the Trump administration’s early moves to transform the U.S. federal government. However, adversaries aren’t waiting for the White House’s efficiency plans to come to fruition.
At Synack, we are uniquely positioned to drive public sector efficiency and meet the urgency of the moment. Our approach to Penetration Testing as a Service does not add headcount to our customers’ organizations. Instead, it taps into the 1,500-strong cohort of security researchers on our Synack Red Team, many of whom hold security clearances. Add to that our FedRAMP Moderate Authorized status, which allows us to securely hit the ground running with our federal clientele.
Let me be clear: In this time of federal uncertainty and upheaval, Synack’s PTaaS platform is not a replacement for the critical work being done by in-house federal security teams. We’ve consistently highlighted the importance of augmenting organizations’ cybersecurity capabilities with the unique adversarial perspective brought by the Synack Red Team. So far this year, our federal clients have asked us to conduct significantly more authenticated and high-value asset testing than we have in the past.
Change is coming. But no matter what plays out in the legal and political arena, we must continue to defend America’s most critical public sector networks. Let’s meet the moment.
