Investments, Tech Partnerships, and the Future of Cyber

Brad Medairy: We have been in this [cybersecurity] fight for over 30 years, in hand-to-hand combat with our adversaries, supporting the U.S. federal government, including the Department of Defense, the intelligence community, civilian agencies, as well as the Fortune Global 500. Our origin story goes back to our work in the DoD and the intelligence community. That has taken us on a journey in cybersecurity over the last 20-plus years, as we’ve seen threats evolve and our adversaries’ tactics evolve as they’ve grown in sophistication.

Today, we’re a global leader. We have a broad footprint. We’re embedded in some of the nation’s most critical missions at the national level, where we support the cybersecurity infrastructure. Or we’ve been involved in critical initiatives to help protect and defend the government on programs like Continuous Diagnostics and Mitigation (CDM).

We’re involved in some large transformational programs in the DoD, like Thunderdome, which is helping accelerate zero-trust adoption across the entire department. We’re involved in also looking at the application of artificial intelligence, which I think will define the future of cybersecurity. And we’re involved in critical DoD pathfinder programs.

We’re supporting all 16 U.S. critical infrastructure sectors. A lot of people don’t recognize the breadth of our commercial footprint, but we’re engaged in over 1,000 incident responses annually. We’ve been in the fight since almost the beginning. We’re deeply rooted in the defense and intelligence communities. We have a large workforce, much of it in Virginia, who have been in daily hand-to-hand combat with the adversary. We’re passionate about the mission, we’re passionate about technology, and we’re passionate about innovating toward the future.

El Koubi: I’m struck by the language you’ve used around the fight and hand-to-hand combat. For folks unfamiliar with what this work looks like, give us a sense of what we’re dealing with here.

Medairy: The problems we tend to face are defending the nation and supporting our clients — really protecting critical infrastructure, their high-value assets, their networks, the physical world, whether it’s an industrial control system or a power grid or a weapons system — and defending those against very sophisticated, well-resourced nation-state adversaries. When you think about cyber, it’s often viewed as just computers and machines. But the reality is that there are human beings. And now, there’s AI on the other end, conducting sophisticated campaigns intended to disrupt, to potentially harm, to potentially exfiltrate intellectual property. This daily challenge in cyberspace is defending what’s most important to us. It’s been interesting to watch the evolution.

Cyber became notable publicly with some of the big retail breaches like Target and others. We saw smash-and-grabs of credit cards, and then it escalated to global ransomware attacks. In the early days of ransomware, someone would lock down some machines and you would pay to unlock them. We’ve seen that continue to escalate, and now ransomware is a big, big, big business — in many cases directly sponsored by state entities.

We’ve seen nation-states continue to use cyber for espionage, whether it’s targeting manufacturing from a commercial perspective, like pharma and other manufacturing verticals, or the defense industrial base, where they’re interested in military-grade secrets. It’s been interesting to watch how that has evolved over time, with the stakes continuing to escalate. Just in the last 18 months, we’ve seen Volt Typhoon, where a sophisticated nation-state adversary used advanced tradecraft to infiltrate the power grid, not only in the United States, but also in some of our partners and allies.

That particular attack was really alarming because it represented an escalation. No longer were nation-states just trying to steal secrets. They were in those environments for no purpose other than to potentially cause some type of disruption or kinetic effect — meaning they could turn off the power grid to disrupt electricity or other services that Americans and people around the world rely on. Today, I think the stakes have never been higher. Salt Typhoon is another attack aimed at telecommunications infrastructure. This is going to be a continued cat-and-mouse game.

We’re dealing with well-resourced adversaries who are not going to quit, and this fight changes daily. If you look toward the future, we’re talking about artificial intelligence. We’re seeing early versions of adversaries using artificial intelligence in their offensive cyber and exploitation operations. But I think the future will be defined by machine-on-machine battles. It’s going to be adversary AI versus our AI applied in the cyber defense domain. Continued investment will be needed. I think companies like Booz Allen, where we are one of the largest cybersecurity providers globally, and the largest provider to the U.S. federal government around artificial intelligence, will be able to bring that together to prepare for what’s next.

El Koubi: Give us a little insight into how you’re planning for this future within Booz Allen. What’s it like to be on your side of this?

Medairy: One of the important things with cybersecurity is there’s a massive investment stream in Silicon Valley and the global tech ecosystem around it, and we’re talking about Virginia here. There’s a tremendous number of startups and new and interesting tech coming directly out of Virginia. It’s important for Booz Allen to be an integral part of that broader tech ecosystem — to know the capabilities and be able to help assemble and bring those capabilities into our client’s mission.

On programs like CDM and Thunderdome, we’ve been a key player. We spend a lot of time in Silicon Valley. We look at hundreds, if not thousands, of tools and technologies annually. We’re able to help curate that technology, bring it in, and tailor it to our client’s mission.

One critical role we play is being the bridge translation in the tech ecosystem between commercial tech and the U.S. federal government and bringing some of that dual-use technology to bear. That’s really, really, really important. Another thing we do to prepare here is invest heavily in our own intellectual property and intellectual capital. We have a technology and solution incubator, DarkLabs, where we invest in solutioning.

We’re focused on a couple of areas right now. One is zero-trust, and also the intersection of cyber and the physical world. Whether it’s supporting DoD to better secure weapon systems, or the military to secure their bases and installations, or U.S. critical infrastructure clients to secure the power grid, we think the intersection of cyber in the physical world is really important.

I think everything will be defined by the application of artificial intelligence in the cyber domain. We’re pushing the envelope in applying new concepts like agentic AI to advanced cyber detection. We’re looking at how to use large language models to do things like advanced malware analysis. We’re continuing to invest in new tradecraft and the application of artificial intelligence to the cyber defense domain.

El Koubi: One of the things Booz Allen talks about in its approach is this notion of one battle space. What does that phrase mean and how does it influence how you think about approaching cybersecurity?

Medairy: A lot of times we talk about cybersecurity in silos, such as defending the .mil domain or the .gov domain. We’ll talk about 16 separate critical infrastructure sectors. We’ll talk about the intelligence community, or our partners and allies. But the reality is if you put yourself in the adversary’s seat, they look at our nation not as separate domains, but one target-rich environment. So, as opposed to having siloed businesses focused on each of those sectors individually, one of the things we did in Booz Allen, and the business I lead called National Cyber, is we fused all those clients into a single business entity that allowed us to task organize.

We say we meet the adversary where they are. That enables us to look at global cybersecurity trends around what the adversaries are doing — their tactics, techniques, and procedures — so we can get a holistic view of the adversary in the battle space. Based on that holistic view, we’re able to anticipate emerging trends, invest smartly, and source new technology in the way best aligned to combat and defeat those particular adversaries at the moment.

This provides a tremendous value proposition for our talent. At Booz Allen, we have a large workforce of over 8,000 cybersecurity professionals. Part of the employee value proposition is that we don’t hire you just to work on a single job. We hire you for a career, and part of that career is being able to build your skill set, work on different opportunities, and gain different experiences. Organizing and thinking about this more holistically as a battle space provides a tremendous value proposition for our people because you can move across different assignments. You can get different skills, you can work different problems, you can work with different people, get different mentorship, and grow in a much more accelerated way.

El Koubi: You touched on the employee value proposition and what this looks like as a career. When we talk about AI, there’s this notion that maybe AI changes the way we work. In some cases, folks predict it will destroy some jobs. What’s going on in the cyber labor market? Are you seeing less demand for cyber talent, or is there an inexhaustible demand?

Medairy: One consistent thing that’s talked about at the national level in our country is the cyber workforce crisis. We just don’t have enough cyber professionals to support the massive demand across our entire nation. That includes the public sector, federal clients, and the commercial sector. I think AI will certainly help fill some of those gaps. Cyber is all about speed. AI will drive automation and acceleration around detection and other elements of the cyber defense kill chain. But more importantly, it’s going to free up analysts and cyber operators to focus on more of the heavy lifting and true analysis that we need to really spend time on.

AI may shift where people are focusing, but I think it’s going to help accelerate and scale. Things continue to get more complicated and sophisticated. We’re finally getting enterprise security under control and there are still a lot of breaches. Cars, space, the power grid, all the rest of the critical infrastructure sector — everything is hyperconnected now. The problem is getting bigger and we can’t just throw more and more people at it. We need talented cyber professionals, augmented by AI and machine learning, to combat this significant challenge we’re facing.

El Koubi: You’ve talked about what Booz Allen and your team do to support the U.S. government and partners in this area relative to adversaries, including foreign nation-states. But there’s a certain amount of international coordination on these issues as well. How important is international coordination to our national cybersecurity measures?

Medairy: Partners and allies are a key piece of the puzzle. We have this notion of one battle space, where the adversary looks at our nation as one target-rich environment. The reality is that the adversary is executing activities and campaigns globally. The more we can collaborate with partners, the more we can piece together the picture of what’s happening and be able to address it at speed and pace. Collaboration, information sharing, and maintaining strong partnerships with our allies are really critical.

As we’ve seen with things like Volt Typhoon, when we’re relying on partners, allies, and their critical infrastructure in certain countries, that directly impacts our military readiness and capabilities in those areas as well. Partnership will continue to be important in the future to get the holistic global picture of what’s happening, so we can best respond from a cyber defense perspective in our nation.

El Koubi: Cybersecurity is one of the key industries my team at VEDP is cultivating. Give us a sense of what the cybersecurity industry in Virginia is like. How does that fit into the overall industry as we think about the United States and globally?

Medairy: Because some key U.S. federal government agencies and departments in cyber are in Virginia, there’s a need to build a cyber workforce to support them. I view Virginia as a cybersecurity talent incubator, and I think we do an amazing job in building talent and accelerating that talent into mission and new skill sets.

Because we have some of the most complex cybersecurity missions, and some of the best talent nationwide, there’s naturally going to be a group of entrepreneurs in that population. Because those folks are in hand-to-hand combat with the adversary, they’re able to anticipate over-the-horizon threats and needs from a technology perspective. I see a lot of interesting startups and technology companies coming out of Virginia and feeding that tech ecosystem I talked about.

A few years ago, part of our DarkLabs team had an interesting idea, a threat detection, hunting, and detection engineering concept. We incubated it within Booz Allen as SnapAttack. As we started market testing across both federal and Fortune 100 clients, it quickly became apparent that this was a product. We had an interesting concept that was market-backed and market-validated, and Booz Allen made the strategic decision to spin SnapAttack into a new company.

We partnered with a local venture capital firm to do a Series A funding round, and we launched it. Booz Allen maintained a strategic partnership, but this was a standalone entity, and they embedded themselves in the cybersecurity startup ecosystem. They continued to scale their product. They innovated in ways that we never anticipated and built something really special.

In February, Cisco, who had bought Splunk, acquired SnapAttack. Now, SnapAttack is fueling innovation in defensive cyber operations that’s going to power the future of Splunk and Cisco. That’s just one great example of what’s coming out of Virginia. Amazing talent — folks who are close to the mission, who have this amazing tradecraft, who can anticipate both the threat and future capability needs. Those with entrepreneurial spirit are launching startup companies that have the opportunity to change the world. That’s happening in our own backyard here in Virginia.

I think Virginia is a talent incubator and accelerator. I think we’re contributing to the global startup ecosystem, building some emerging tech that’s transformative by itself, but then through acquisition, transforming big companies as well.

We also did something pretty cool a couple of years ago, in recognition that we’re a big company, but a lot of startups also have amazing ideas. One problem the startups have is translating their capability and accelerating into the U.S. federal government. One of our nation’s strategic advantages is our entrepreneurial spirit and all this amazing tech we’re developing. The question is, how do we use it to our strategic advantage to accelerate government and national security?

One conclusion we came to is that we’ll invest and build stuff within the walls of Booz Allen that’s really special and going to help our clients. We’ll continue to do that. We may build things like SnapAttack that may be best suited as a startup. But the strategic question we had was: How do we help accelerate some of these emerging tech startups so they can best help our U.S. government clients? We concluded that we needed to stand up our own venture arm. So we established a $100 million venture capital fund, Booz Allen Ventures.

We do targeted investments ourselves now in new and emerging companies. That’s an important role we think we can play in that ecosystem — to be a startup accelerator, not only from a funding perspective, but to help teach them the government mission, help them engage in conversations with those clients, and translate their capabilities to accelerate our clients’ mission outcomes.

El Koubi: That kind of collaboration is really driving and enriching that ecosystem. I’d like to turn back to talent. Give us an overview of what’s happening in the cyber talent pipeline in terms of strengths and weaknesses you encounter when recruiting people to Booz Allen. What would you tell university folks? Or folks in the military who are transitioning to civilian life and looking to transfer their skills? Give us a sense of the state of the pipeline — good, bad, and ugly.

Medairy: It’s always great to have classroom experience, but putting those insights into action is really important. Engaging in the cyber defense world takes a multidisciplinary skill set. You need folks who do embedded systems and reverse engineering. You need computer scientists and data scientists. You need AI/machine learning professionals and engineers and, potentially, industrial control system engineers. There’s not one single skill set needed from a cyber perspective. Cyber is defined by being able to fuse multidisciplinary skill sets to get a holistic perspective around the problem. I think that’s what’s really cool about cyber. It offers an opportunity for so many different folks of different backgrounds and experiences to come into this world and have an impact.

El Koubi: What’s your view of big trends the next five or 10 years? For somebody thinking about getting into this business, is there anything you’d add about challenges and opportunities for impact ahead?

Medairy: I think that we’ve got to fundamentally modernize and transform our infrastructure to infuse core zero-trust principles. That’s going to pave the way for a series of activities that will happen probably over the next three to five years.

El Koubi: What does that mean, zero-trust principles?

Medairy: It’s modernizing your architecture and infrastructure to implement better data security, to look at the future of identity and how you actually protect and defend your networks. Look at principles of least privilege holistically to modernize both your infrastructure and cyber operations defense. I think that’s going to drive a lot of activity over the next couple of years, and it really comes down to infrastructure modernization.

I also think AI will be the future of defensive cyber operations. It’s going to transform how we structure and run a security operations center. It’s going to change how we fuse and analyze cyber data across an enterprise. We’ve spent a lot of time bringing all this big data together and having security operations teams run through it. We’ll be able to do that at machine speed now.

I think cybersecurity is going to move more to the edge. We’ll conduct more sophisticated analytics, using things like agentic AI at the edge, at the point where data’s collected, so we can detect and respond to sophisticated adversary tradecraft faster. I think that’s going to lead us on a journey over the next several years around the application of our artificial intelligence.

Another area is this notion of cyber in the physical world. Hyper-connectivity is driving this. Electric cars are basically computers. There’s a massive set of activities happening in space. We’re looking at the power grid and the critical infrastructure sector. Things that were never connected before are connected. It takes an attack surface that we spent years and years bounding and exponentially expands it and makes it more difficult to defend. So we’re heavily investing in the intersection of cyber and the physical world, and how to best protect and defend that.

We’ve been talking about post-quantum cryptography. The National Institute of Standards and Technology has offered some guidance around post-quantum readiness for national security systems. We don’t know when our adversaries will have quantum supremacy, but we need to be ready. There’s going to be a flurry of investment and activity around that over the horizon.

Those are all areas that will define our future. It’s something we spend a lot of time thinking about. And I think it’s something that our clients are working through as well. It’s going to define investment and activity over the next couple of years.

El Koubi: Brad, thank you so much for this fascinating, insightful conversation, for everything you and your team are doing to enrich and build Virginia’s incredible cybersecurity ecosystem and industry — and most importantly, for keeping our country safe, along with many partners now and in the future in this evolving domain.

Medairy: It was a great chat. Thank you.

Full the full interview, visit www.vedp.org/Podcasts