SolarWinds Voices: Travis Galloway in Cybersecurity Insiders

In an era marked by increasingly sophisticated cyber threats, expanding digital infrastructure, and the rise of AI and cloud technologies, Travis emphasizes the need for continuity, innovation, and accountability in federal cybersecurity policy. It explores how past legislative and executive actions have laid a strong foundation and outlines the critical steps the new administration must take to build upon this momentum.

The Role of Federal Cybersecurity

Cybersecurity isn’t just a tech issue anymore—it’s a national priority. The article kicks off by pointing out how cyberattacks are becoming more frequent, more sophisticated, and more expensive.

The Trump Administration made a big move in 2018 by creating the Cybersecurity and Infrastructure Security Agency (CISA), giving the federal government a dedicated team to focus on cyber threats. Then, in 2021, President Biden signed Executive Order 14028, which pushed federal agencies to modernize their cybersecurity practices and work more closely with the private sector.

One of the biggest shifts came in 2022 with the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). This law requires companies in critical sectors to report cyber incidents and ransom payments to CISA. It’s a big step toward better visibility and faster response times when attacks happen.

The article also highlights a follow-up memo that tightened the rules for software vendors. Now, if a company wants to sell software to the government, it has to follow strict security standards set by the National Institute of Standards and Technology (NIST). This is part of a broader push to make sure software is secure from the ground up, a key feature of Secure by Design.

What Can Software Developers Do?

To make that happen, Travis suggests four key practices for software developers:

• Use temporary (ephemeral) build systems to reduce long-term risk.
• Make sure software builds are consistent and verifiable (deterministic).
• Keep build environments separate and secure.
• Apply standardized security checks throughout development.

The article wraps up by acknowledging that the road ahead isn't easy. With AI, cloud computing, and nation-state hackers all in the mix, the threats are evolving fast. But the good news is there’s already a strong foundation in place, and with continued focus, collaboration, and innovation, the U.S. can keep moving forward in the fight to secure its digital future.