Josh Salmanson has spent his career showing up after the worst has happened — and making sure it can’t happen again.
A vice president of the Defensive Cyber Practice at Leidos, he has worked across civilian agencies, the Defense Department and the intelligence community building his expertise on one through line: resilience under pressure.
Now, Salmanson is focused on reshaping how the government approaches cyber defense — automating compliance, modernizing overwhelmed security operations centers and closing workforce gaps through hands-on training.
In this Q&A, Salmanson discusses what real modernization looks like in 2026, the limits of reactive cybersecurity and what decades of mission-critical work have taught him about building systems that hold.
Can you provide a brief overview of your professional background and career progression?
I began my career in systems engineering, focusing on designing large systems, which later transitioned into cybersecurity. I’ve supported government agencies at all levels, including leading teams at the FBI post-9/11 and addressing insider threats. My work spans civilian agencies, the Department of War, and the intelligence community, contributing to initiatives like U.S. Cyber Command and cloud migrations. Returning to Leidos last year, I was drawn by the organization’s understanding of cybersecurity as a mission partner, emphasizing resilience and security rather than restrictions.
Why was this the path you chose, and how influential was it to your career?
I chose this path because of my passion for solving complex challenges and supporting mission success through technology. Cybersecurity became a natural progression as I witnessed its growing importance across industries. My experiences have shaped my ability to navigate risks, innovate solutions and support organizations in achieving their goals.
This diversity of experiences has been deeply influential, allowing me to contribute to critical missions, build resilient systems and mentor teams. It’s rewarding to see the impact of my work in strengthening national security and advancing technological capabilities.
Do you have a personal connection to the current mission you support?
Yes, I have a personal connection to the mission I support. Cybersecurity is not just a profession for me; it’s a commitment to safeguarding critical systems and supporting organizations to thrive in a digital world. My experiences with government agencies and the private sector have reinforced the importance of resilience and proactive risk management. I take pride in contributing to solutions that protect national interests, support innovation, and contribute to operational success. This mission aligns with my values and drives my dedication to advancing cybersecurity capabilities.
What are your current top priorities and responsibilities? How do these relate to your company’s overall mission/growth strategy?
My priorities include cataloging and structuring cyber capabilities into modular components aligned with core defensive functions: identify, protect, detect, respond, recover and govern. Additionally, I focus on advancing repeatable, high-impact solutions through innovation, internal R&D, and strategic partnerships.
Our repeatable solutions are called “mission drivers,” and we harden them for programs of national significance so we can deliver repeatable, resilient solutions efficiently. These efforts support Leidos’ mission by delivering scalable, adaptable solutions designed to enhance resilience and operational efficiency.
By packaging solutions as Mission Drivers designed to meet diverse needs, we aim to help organizations strengthen their defenses, mitigate risks, and pursue mission success. This strategy aligns with our growth objectives and commitment to driving value for customers.
Where do you and your team see growth opportunities in your current field or portfolio you support, or what do you anticipate to be your customers’ top pain points?
Growth opportunities lie in modernizing outdated processes like the risk management framework (RMF), transitioning SOCs from reactive triage to proactive operations, and addressing workforce challenges through reskilling. Customers face pain points such as slow, manual compliance processes, overwhelmed SOCs, and skill gaps in cybersecurity roles.
By leveraging automation, GPU-accelerated architectures, and immersive training programs, we aim to address these challenges. Our Mission Drivers are designed to reduce time-to-value, enhance threat detection, and build a skilled workforce. These efforts position us to help meet evolving customer needs and drive innovation in cybersecurity.
How are you and your team planning to address/prepare for these opportunities?
We are addressing these opportunities through our Mission Driver, UpHold Armor, which automates governance, risk management, and compliance, supporting real-time monitoring and democratized cybersecurity data. For SOC modernization, we leverage GPU/DPU architectures and agentic AI to enhance threat detection and response. Our training programs, including EXCITE 2.0 and CyberSPEAR, provide immersive, scalable solutions aligned with industry standards like NIST NICE and DoW 8140.
These efforts are designed to support readiness, resilience, and mission success. By integrating innovation and collaboration, we aim to guide organizations in navigating emerging risks and pursuing operational excellence.
How important is mentorship & networking in GovCon?
Mentorship and networking are vital in GovCon, fostering collaboration, knowledge sharing, and professional growth. Throughout my career, I’ve prioritized investing in others and building meaningful relationships across industry. I currently mentor about 30 individuals, connecting with them anywhere from weekly to quarterly, depending on their needs and career stage. More than 20 of those mentees have worked with me for over a decade, which really speaks to the value of sustained engagement and trust.
These relationships are mutually beneficial – they sharpen leadership skills, broaden perspectives, and create a strong, connected community that drives innovation and shared success.
What is something most people don’t know about you personally?
Most people don’t know that I used to own and operate a gym, and later in life, my wife and I developed and operated a STEM-focused early learning academy. These ventures reflect my passion for fostering growth and development, whether through physical fitness or education. They taught me valuable lessons in leadership, adaptability and community engagement, which I apply in my professional life. These experiences highlight my commitment to empowering others and creating opportunities for success, both personally and professionally.