Government agencies need to create cybersecurity strategies that immediately strengthen their security posture while also providing a roadmap for mid- and long-term investments that advance cyber maturity. This paper outlines steps agencies can take to move incrementally toward a Zero-Trust security model and stronger overall resiliency.