Sarah Cleveland, senior director of federal strategy, ExtraHop

In this instalment of A coffee with, TechInformed speaks with Sarah Cleveland, senior director of federal strategy at ExtraHop, about her journey from U.S. Air Force Cyber Officer to the front lines of federal cybersecurity at ExtraHop.

She shares how operational lessons from military service continue to influence her approach to risk, resilience and real-time threat detection in an increasingly complex digital battlefield.

Earlier in your career, you were a U.S. Air Force Cyber Officer. What drew you to that field, and how has that experience shaped the way you look at today’s threat landscape?

When I started my career, “cyber” wasn’t a word used — it was called “information security.” Not everyone had a computer on their desk; some offices still had typewriters. I was fortunate to enter the field as it was forming, when the firehose of innovation was still a manageable trickle of discovery learning. Over time, that trickle became a torrent and I was lucky I had a foundation to understand the analog processes we were trying to make better. Eventually, the cyber domain evolved from a mission enabler to a battlefield of its own — adding an entirely new dimension of warfare and complexity.

During my 26-plus years in the Air Force, I learned that success in any domain depends on visibility and timing: understanding what’s happening in your environment, when it’s happening, and acting before the adversary does. Throughout history, that has been a constant. Today, cyber is not just a military capability; it touches every person, every organization and every aspect of modern life.

Is there a moment in your Air Force career that still influences your thinking?

When I was stationed at Kunsan, Korea, at a time things got a little sporty with North Korea. I worked with a Chief Master Sergeant who was a master at managing limited resources. He knew how to work a budget, prioritize requirements, take care of airmen and still make the mission happen. He taught me about risk and mission — and more importantly, risk to mission — and how to recognize when it’s time to adjust tactics. It was a foundational 13 months early in my career that shaped how I approach leadership and decision-making to this day.

Making calculated-risk decisions is never a cookie-cutter process. You quickly learn that prioritization is situational — what’s critical in one mission may not be in the next. The context, the threat environment, the resources available and the information you have shape how you respond. That mindset still guides me today: understanding the situation as best as possible, assessing the risk in real time and making the decision that will likely meet the objective.

In federal cybersecurity, the same principle applies. You can buy every tool on the market, but if you can’t operationalize them, where is the value? Visibility is a necessary place to start. If you can’t see your network and act decisively, you’re still vulnerable.

What are the biggest cyber challenges currently facing U.S. federal agencies?

The biggest challenge is modernizing fast enough to match the sophistication of today’s threats. Many agencies are still operating with legacy architectures, tools and data sets that are not designed for the speed, scale, tactics and stealth of modern attacks. Visibility gaps — especially east–west — make it impossible to detect lateral movement or insider threats before it’s too late.

ExtraHop’s Global Ransomware Trends report found that nearly half of government institutions say that 51% of their incidents stem from poor hygiene. Without visibility into encrypted traffic, unmanaged assets and lateral movement, agencies are defending blind.

How are you seeing nation-state adversaries evolve their tactics against government and critical infrastructure?

State-sponsored adversaries are increasingly shifting from headline-grabbing attacks toward stealth and persistence. They’re leveraging zero-day exploits, stolen credentials and “living off the land” techniques to move laterally, dwell quietly and study network behavior.

What’s different now isn’t just the tool kit — it’s the intent. Many of these campaigns are less about immediate financial gain and more about long-term access, influence and intelligence collection. In some cases, they’re focused on understanding the interdependencies across government, industry and critical infrastructure, so they know exactly where to apply pressure.

Ransomware continues to dominate headlines. From your perspective, how is the federal sector preparing for or mitigating this threat differently than the private sector?

For federal agencies, ransomware isn’t just a financial threat. A disruption in federal services can affect millions of people and directly impact national security. So the focus has shifted toward resilience and continuity: rapid detection, containment and recovery.

Federal procurement also plays a major role. Agencies can’t simply buy off-the-shelf software; every technology handling federal data (including ExtraHop) must meet stringent standards like FedRAMP.

Information sharing is another area where the public sector is leading. Collaboration between CISA, the intelligence community and federal agencies allows defenders to act on shared insights. That level of transparency is essential to staying ahead of large-scale ransomware operations.

How do you see threat groups exploiting AI and automation in ways that government and industry need to stay ahead of?

AI has amplified both sides of the cyber equation. Adversaries are using AI to make social-engineering more convincing, automate reconnaissance and create deepfakes that can be used for disinformation or insider manipulation.

The federal government needs to anticipate this by strengthening training and detection. Tools that can identify synthetic media, behavioral anomalies and AI-generated phishing will be essential. At ExtraHop, we’re integrating AI into our analytics to distinguish between legitimate and malicious behavior at machine speed.

What advice would you give to younger professionals considering careers in cybersecurity?

Stay curious and stay serious. Cybersecurity is one of the few fields where the rules, adversaries and technologies evolve every single day. Learn to think critically AND creatively, understand the why behind the data and develop both your technical and people (leadership/communication) skills.

Find mentors who challenge you. Some of the best leaders I’ve worked for were the ones who forced me to explain why I made a decision, not just what I decided and how I executed.

What does a typical day look like for you?

There’s a lot of reading involved. I probably ingest more cybersecurity material now than I did in the military, but I also make time for leadership, history and management books. That balance keeps me grounded. Much of what I read sparks ideas about how we can better shape our federal engagement — finding ways to help our government and the Department of Defense become more efficient and effective in securing their information and networks.

I also have the privilege of working with a sales team that is deeply committed to bringing the best cybersecurity solutions to our federal government. I spend time with them, our agency partners and system integrators on deployment strategies, helping ensure our technology truly aligns with mission needs. I also brief leadership teams on strategic alignment and operational urgency — which, in many ways, mirrors the duties I had throughout my military career.

Finally, if you could share a coffee with any figure from history or tech today, who would it be and why?

From history, I’d choose Rear Admiral Grace Hopper. She understood that technology is only powerful when people can understand and apply it. Her work in computing and programming languages still shapes the way we think about interoperability and efficiency.

And, if I could have another cup of coffee: Queen Elizabeth II. Her reign embodied calm leadership through unprecedented change, and she was a master at prioritization and risk management. She led with grace, restraint and a long view of history. I think it would be a valuable conversation about leadership and legacy in seemingly rapid and unmanageable change.