"It’s really allowing those analysts to do triage very fast, so they focus on what matters versus the noise," Tammy Barbour, acting chief of application management at CISA, said.
CISA reports its largest AI gains in the Security Operations Unit
On Tuesday, agency officials described measurable improvements from artificial intelligence automation inside the Cybersecurity and Infrastructure Security Agency. CISA "has gotten 'by far' the biggest gains" from AI automation in its security operations unit, the agency said, where automation helps analysts sift through threats and perform rapid, real-time assessments before many events unfold.
That framing places the immediate benefit squarely on analyst efficiency: automation reduces noise, accelerates triage, and redirects human attention toward substantive threats such as malware, a point CISA officials reiterated in public remarks at the UiPath FUSION Public Sector event hosted by Scoop News Group.
Tammy Barbour on the Technology Operations Center and data migration
Barbour, speaking in her role as acting chief of application management at CISA, described broader operational wins beyond the security operations floor. She said automation has been "a boon" to the agency’s Technology Operations Center: "The top analysts are able to quickly respond to customers who are reaching out to talk and asking questions, and be able to get real-time efficiencies with that."
Barbour also highlighted that automation has assisted with data migration, signaling that tooling is being applied to both front-line threat work and behind-the-scenes infrastructure tasks. At the same time she acknowledged cultural and technical headwinds that slow adoption inside the agency.
Lauren Wind on mission-support automation and AI governance
From the technology leadership side, Lauren Wind, acting deputy chief technology officer at CISA, said her office is looking for automation benefits in mission-support areas such as human resources, contracting and finance. "So we can continue to drive mission, but also accelerate the mission-supporting functions," she said, adding that the aim is to ensure cyber analysts remain focused "on the things that matter, like malware."
Wind also emphasized governance: "One of the biggest things is ensuring that the CTO is driving governance, whether that’s for data, whether that’s for AI." She described the agency’s posture as relatively advanced on generative approaches while noting that "everyone’s a little bit catching up to industry on agentic." Her comments position governance and a CTO-led approach as central to responsible deployment within CISA.
Barriers CISA names: legacy workflows, modernization, and data structure
Both officials were candid about constraints. Barbour said, "We’re still kind of in our infancy," and described ongoing struggles with legacy workflows and systems that require modernization. She offered a wry aside about human habits that blunt progress: "People love their spreadsheets. I just can’t force it out of their hands, especially the — sorry, all the accountants in the room, I apologize, but you’ve got to let it go."
Wind singled out data architecture as a practical limiter on automation: whether an environment is cloud-based and serverless or still on-prem, "if you haven’t figured out what your structure of your data platform looks like, it makes automation a lot more difficult." Together those observations frame adoption as a mix of cultural, architectural, and governance work.
What this means for cyber analysts, mission-support teams, and accountants
- Cyber analysts: Automation is already shifting where analysts spend time, enabling faster triage and freeing them to focus on substantive threats such as malware, rather than sorting low-value alerts.
- Mission-support teams (HR, contracting, finance): Wind said these functions are explicit priorities for automation so the agency can "accelerate the mission-supporting functions" that underpin operations.
- Accountants and entrenched tool users: Barbour’s remarks highlight an adoption friction point — established habits, notably spreadsheet use, are a social and workflow constraint that CISA officials expect to counter as systems are modernized.
In the officials’ account, AI automation has moved from pilot to practical use in multiple corners of the agency — most notably in security operations — but substantial work remains. CISA is pursuing systems modernization, clearer data-platform structures, and CTO-led governance as the next steps toward wider adoption, while continuing to apply automation across both mission and mission-support functions.
