Booz Allen EVP Brad Medairy on Nation’s Biggest Cyber Threats

The cyber threat landscape is complex and constantly evolving. For Brad Medairy, an executive vice president who leads Booz Allen’s national cyber business, this poses opportunities and threats alike. And now is the time for the United States to prepare for both.

In an Executive Spotlight interview, Medairy, who has been with Booz Allen for a total of nearly 30 years, mused on how artificial intelligence impacts cyber, the nation’s most urgent cyber threats and what can be done to thwart them.

ExecutiveBiz: To start, can you give us an overview of the cybersecurity landscape? What new trends or shifts are you seeing in cybersecurity?

Brad Medairy: We’re seeing drivers by both the threat, and by technology evolution. At the forefront is the People’s Republic of China. In recent years, it has expanded and globalized its use of destructive cyber operations against critical infrastructure, from its focused U.S. natural gas pipeline intrusions in the early 2010s to the still-evolving Volt Typhoon campaign, which has established footholds in ports, telecom networks, water systems and power utilities across the United States and allied nations. The PRC treats critical civilian and military systems as a single battlespace to prepare in advance of crisis. It has become faster, stealthier and more agile.  

We’re seeing today’s technology landscape enabling and accelerating threats. Adversaries are applying AI to reconnaissance, malware design and deception—giving them industrial-scale speed and scale. The tech landscape is also focused on post-quantum cryptography. Advances in quantum computing introduce new methods capable of breaking the complex mathematical problems underpinning widely deployed public-key cryptography, presenting significant threats to safeguarding warfighter operations.

This will have implications for national security, rapidly rendering current encryption and authentication standards vulnerable to exploitation. Because national security communications often need to remain secure for decades, it is important that these security credentials be updated to quantum-safe methods well in advance of cryptographically relevant quantum computers.

Another factor is the growing intersection of cyber and the physical world. Hyperconnectivity has driven this tight integration between cyber and physical systems, whether it’s industrial control systems that support the power grid, ship-to-shore cranes at strategic ports, manufacturing facilities, or autonomous vehicles in the future. This increasing integration of cyber in the physical world is driving this hyperconvergence and expanding the attack surface, and the U.S. needs to be prepared for that.

To give a recap of the macro trends, the threat actors are continually evolving, there are increasingly sophisticated tactics and techniques in the tech landscape, AI is gaining momentum, and we’re seeing cyber-physical convergence and the need for post-quantum cryptography. Meeting these challenges will require smart, targeted investments that buy speed, resilience and initiative. We must outpace and outmaneuver adversaries.

EBiz: Where are you seeing the biggest impact from AI on cybersecurity? Is the government well-positioned in this area?

Medairy: We see several main impact areas: threat detection, vulnerability discovery and securing AI models.

In the first area, if you look at security operations centers today, they’re staffed by humans performing different functions like enriching threat intelligence, triaging events, conducting incident response, or conducting threat hunting. We talked about the attack surface expanding and the growing speed of adversaries earlier, and I think the application of AI to advance threat detection is going to help address that. We’re seeing a tremendous amount of investment, and we’re seeing a lot of traction gained.

In the past, analysts would triage events one by one as they came in, and it was hard to sift through the noise. The security operations world has evolved, and now we have more analytic platforms that are more sophisticated, and we’ve also moved into much more proactive threat hunting. We’ve seen a huge evolution there. 

The second piece we’ll see AI focus on is accelerating vulnerability discovery. The faster you can discover vulnerabilities, the faster you can remediate them. There’s a lot of interesting work that we and others are doing in that space. 

Imagine being able to reduce a manual process that might take weeks down to mere minutes. That’s what we’re doing with Vellox Reverser™, Booz Allen’s new product. Vellox Reverser is an agentic AI-powered malware reverse engineering product designed to radically speed up threat response. By gaining speed and scale in understanding how such malware functions, you can more quickly adapt your security posture. 

AI is addressing fundamental tenets in cybersecurity around speed and scale. We have to be able to detect faster, protect a broader attack surface and scale into more complex environments. Our clients are adopting AI solutions at an accelerated pace. It’s important for industry to consider that AI offers great promise, but it also offers risk.

AI models and environments are becoming the new attack surfaces. In order to use AI for good, we have to establish a level of trust, and we also need to be able to defend against it. We’re focusing on securing AI systems and models so that they’re protected from malicious behavior. If you compromise the model, you compromise the mission. We’ve made investments in companies like HiddenLayer, a Gartner Recognized Cool Vendor in AI Security, through our corporate venture capital arm, Booz Allen Ventures, and we’re spending a lot of time in vulnerability research so that we can better defend those models. 

As far as the government’s position on AI, the office of the chief digital and artificial intelligence officer, or CDAO, is driving a lot of thought leadership in the Pentagon around applying AI to different mission areas. Additionally, Army Cyber Command developed an AI monitoring tool called Panoptic Junction. This tool is designed to apply large language models and agentic AI to accelerate detection, pushing out to the edge of networks. I think there’s great promise in these architectures and approaches. 

EBiz: What do you think is the biggest cyber threat to U.S. national security today, and what can be done to protect against that threat?

Medairy: The People’s Republic of China, as well as Russia, Iran and North Korea are aggressively and persistently using cyber capabilities to gain strategic advantage over the U.S. and the nation’s allies, and they’re not going to stop. They have large offensive cyber programs, they have large investments and they are extremely focused. 

We talk a lot about separate domains. We talk about commercial critical infrastructure as a domain, or the defense industrial base, or the .mil domain. The U.S. is currently organized around defending those domains individually, but the nation’s adversaries don’t discriminate between military and civilian targets. Adversaries look at the United States as one target-rich environment, one attack surface, one battlespace, as we call it at Booz Allen. As a nation, we need to come together to address these adversaries and defend our country. 

We also have to look at securing the physical world and U.S. critical infrastructure. We saw what happened with Colonial Pipeline. That was a relatively small cyber impact that had a big impact on the physical world. And U.S. port infrastructure is another area where we’ve seen vulnerability, with things like Chinese-manufactured ship-to-shore cranes. We’re going to need continued focus and investment in operational technology security and applying advanced technology solutions to build resiliency.  

And of course, you can’t really have a cyber conversation without talking about zero trust. As a nation, we’re focused more and more on ongoing conflict in cyberspace. Cyber as a domain will be forever contested. Because of that, we need to assume that the adversaries are in our network. We need to assume breach and fundamentally change how we think about cyber defense. Our clients are moving to this zero trust environment—for both IT and OT—and fundamentally modernizing their infrastructure and cyber defenses. I’m happy to see as a nation, we’re starting to embrace this concept and aggressively move out.

EBiz: Do you think the United States’ cybersecurity efforts are keeping up with advanced threat actors? What needs to be done to accelerate the nation’s readiness for such pacing threats?

Medairy: This is not something we’re going to invest in once and solve the problem. Adversaries will continue to evolve their tactics and techniques as we do. We’re in this constant race to adapt and outmaneuver. 

From a cyber defense perspective, we want to make it as difficult and expensive as we can for adversaries to attack the nation. We are moving in the right direction, adopting AI and driving towards zero trust solutions. One of our strategic advantages as a nation is that we have a tremendous amount of venture capital firms and private equity firms heavily investing in Silicon Valley and cutting-edge tech. It’s not just the U.S. government investing in addressing this problem.

Our nation is doing many of the right things and we’re starting to adapt for speed. Speed is our greatest lever. Accelerating technical innovation and decision-making is essential to outpacing adversaries. At Booz Allen, as an advanced technology company, we drive outcomes for missions of national importance at speed by pairing deep mission understanding with proprietary and commercial technology. We have a robust portfolio of technology partners, spanning big data hyperscalers to Silicon Valley and other startups, to quickly create trusted solutions for unique mission requirements.

One way that we’re helping our customers accelerate their cyber readiness is investing in and delivering cybersecurity solutions enabled by AI. I mentioned one of those solutions—Vellox Reverser—which demonstrates how agentic AI is being proven to radically speed up threat response.

EBiz: In your opinion, what does zero trust success look like, and what is Booz Allen doing to help federal customers achieve that success?

Medairy: It’s important that we adopt a common vocabulary around zero trust. There are lots of good reference models out there that describe the pillars of zero trust. There’s a tremendous amount of investment being made by vendors and start-ups, but there’s not a singular product that is the silver bullet to implement zero trust. It’s important that our clients look at their biggest challenges — whether it’s modernizing their analytics or microsegmentation, or least privilege, or how to protect cloud workloads — and put together a roadmap based upon gaps and priorities to ensure efficient, effective adoption of zero trust.

We talk about the pillars in terms of identity, devices, networks, applications and workloads, data, visibility and analytics, automation — those are the foundational pillars of zero trust. But the reality is no one can afford to implement everything all at once. You really need to know your environment. You need to look at your mission and the threats and come up with an actionable roadmap based upon those priorities to help address it. At Booz Allen, we’ve been in the zero trust game for a long time.  We’ve been involved in a large federal civil continuous monitoring program for the past 10 years, so we were supporting early versions of zero trust, such as network access control, integrating commercial technologies to help drive efficiency and effectiveness.

We’ve also been involved in a program in the Department of Defense called Thunderdome, which was one of the first pathfinder programs to explore zero trust principles and use them to modernize the DOD’s architecture, infrastructure and cyber defense. It’s a transformational program, and we have successfully demonstrated the use of commercial technologies to help meet many of DOD’s zero-trust implementation goals and deliver the tenets of zero trust on both classified and unclassified networks.