Cybersecurity’s role is evolving rapidly as the nature of federal missions, threats, and technology itself undergo transformation.
An Evolving Landscape
Cybersecurity’s role is evolving rapidly as the nature of federal missions, threats, and technology itself undergo transformation. After speaking with Andrew Rakicsany, CIO of cybersecurity startup ExoCyber Inc., it seems the sector is now at a pivotal moment-one that demands a shift from traditional compliance-based approaches toward mission-centric security solutions tailored to real-world threats and operational realities.
For many reasons, government cybersecurity has been dominated by compliance-checking boxes rather than confronting threats. This approach is increasingly inadequate, especially as adversaries grow more sophisticated and operations become more interconnected.
“As the world of geopolitics heats up, we’re seeing more and more attempts on critical infrastructure and on agencies. So, there certainly seems to be an understanding out there that this is an important mission and that more resources should go into it,” said Rakicsany.
Resource Challenges Within the Cybersecurity Space
FY25 budget delays and political turnover have slowed cyber contract awards, but agencies now face pressure to obligate funds quickly-especially in DHS and DoD. This has caused some ebbs and flows in the contracting space as one administration prepared to depart and operations for many agencies went on hold in anticipation of changes in staff, budgets, and more with the incoming administration.
“The government is going through transition and they’re trying to figure out how to work in this new mode,” said Rakicsany. When he continued to say that there’s been a lot of change around budgets – well, that was an understatement.
The transitions have taken time, further delaying projects and spending in some areas, meaning there are agencies which will need to play catch up very quickly to use up and justify last fiscal year’s budget; this may result in more contract opportunities coming up fairly quickly. And from the looks of the proposed budget for FY 2026, many of those contract opportunities will be from the DOD and DHS. Competition is about to get very tough (like it wasn’t already). This could have an impact on contracts being consolidated or using more advanced technologies to cut down on costs overall.
But you need more than just the budget to create contracts for you to take aim at. You must also be able to prove you have what it takes to build the cybersecurity solution needed. You need the right talent and capabilities on your team. “Generally, you need at least two components for a firm to be successful and for employees to be successful. You need to have the right clearances to work in the government space, and then you need to have the right technical talent to be able to execute the mission,” said Rakicsany.
The talent supply side solution is much less straightforward as AI works its way into the space interns used to occupy. Prompting AI to do the menial tasks an intern used to cover may be less expensive, but it means fewer people will be getting the on-the-job experience needed to be effective in the cybersecurity space.
That challenge works its way into the larger contract picture as well when you consider that as threats to our cybersecurity accelerate and evolve, our capabilities have to evolve as well; with a small pool of talent resources to pull from already, not all firms will have all the capabilities required to carry out any one contract.
Contract Trends in Cybersecurity
All of these challenges and transitions are driving some change in terms of the types and sizes of contracts that are developing as well. Here are some of the trends that Andrew Rakicsany has observed:
Teaming: There are larger and larger contracts emerging in the cybersecurity space, each requiring a wide spectrum of elements from administrative activities all the way through full stack development to be covered on a project. This has some firms looking at opportunities to team up or consider subcontractor roles. As Rakicsany noted, “With teaming, everything gets more complicated on the back end. It’s almost like we’re getting forced to make bigger and bigger bets on these pursuits because it costs more money to go after these.”
Some RFPs are asking for this wide spectrum of capabilities even as they ask for some small business participation. “I’ve seen requirements come out that have – within the same RFP – administrative support requirements and quantum computing requirements,” says Rakicsany. It would be a small business unicorn that had those capabilities covered on its own.
Types of Contracts: It seems FAR-based contracts are very much in-use in this sector, which makes sense considering the strict nature of compliance within the cybersecurity space. FARābased vehicles offer the transparency, auditability, and standardized terms that both government buyers and responsible contractors require. That said, other contract types-including OTAs-also play an important role in this space.
Performance-Based Contract Terms: Rakicsany has also noticed a general trend within this space toward performance-based contract terms, perhaps as a reflection of the transition into a faster-paced arena made possible by advanced technology.
All of these factors are adding to the stiffer competition overall as everyone fights at a faster pace for the available resources and contracts. As bidders compete for teaming or subcontractor opportunities within larger contracts, it will be all the more important to consider where and how resources are being utilized.
Beyond Compliance: The Call for Mission-Focused Cybersecurity
There can be a big gap between what satisfies regulatory requirements and what actually keeps critical systems safe. Agencies are looking for solutions that can have true operational impact-particularly in high-pressure, contested environments like the Department of Defense or homeland security domains. The solution created for each contract has to make the most of any resources it uses and align with the renewed focus on strong partnerships, personnel development and modernization overall.
We seem to be at an inflection point in GovCon driven by emerging technology, evolving acquisition strategies, a constant fight for limited resources, and a growing emphasis on speed and flexibility. Despite the size and scale of the federal market and the large size of contracts showing up more often, Rakicsany believes it’s often startups-not the largest incumbents-that are better positioned to deliver cutting-edge solutions. “It often takes time for these technologies to filter down from the bleeding edge to commercial use to government before we can put them into a safety-critical environment,” noted Rakicsany.
While startups and smaller firms have the benefit of ingenuity and flexibility that often gives them freedom to challenge traditional systems and utilize that bleeding edge tech, there are many challenges smaller firms face. Larger firms and incumbents seem to still have some advantage when trying to break into a market that favors past performance and long-term relationships. Further, larger and more mature prime contractors often have deep knowledge of an agency, how they operate, their mission and the legacy technology in use. However, they can’t just count on it anymore. With teaming on cybersecurity contracts becoming more commonplace, there is room for startups and smaller firms to shine with their newer solutions.
It makes the cybersecurity space one to watch for some exciting advancements and – potentially – investments. Private equity firms invest in new capabilities or to combine businesses with complementary capabilities to potentially be sold to a strategic buyer.
Regardless of the size or type of cybersecurity contract you are pursuing, the solutions and strategies in this highly competitive space are evolving and so should yours. As Andrew Rakicsany put it, “Success in this space will hinge on shifting from checklists to capabilities-balancing agility, talent, and mission alignment in a rapidly evolving threat landscape.” We couldn’t have said it better ourselves.
P.O. BOX 61351
Potomac, MD 20859
Marguerite Swallow
marguerite.swallow@fedsavvystrategies.com
fedsavvystrategies.com
Since 2012, FedSavvy Strategies has provided competitive intelligence on billions of dollars of winning federal prime contract pursuits. FedSavvy Strategies is your GovCon intelligence partner, ready to equip you with in-depth analysis of competitors, market intelligence and a laser focus on actionable intelligence to empower your success in the competitive federal contract market.
This release was published on openPR.
