in Artificial Intelligence, Cybersecurity, Executive Spotlights, News

Aperio Global CRO Damian Watkins Talks Reclaiming the Engineering Mindset & Where AI Is Headed Next

Damian Watkins / LinkedIn
Damian Watkins. The Aperio Global chief research officer spoke with EBiz about AI, zero trust, digital twins and more.
Damian Watkins, Chief Research Officer, Aperio

Damian Watkins has spent his career at the intersection of advanced engineering, cyber operations and national security missions. A graduate of Morgan State University, Watkins earned degrees in electrical and computer engineering before pivoting into cyber-focused research funded by the Army Research Laboratory. His early work spanned intrusion detection, unmanned systems and tactical mobile ad hoc networks, laying the foundation for a career rooted in applied innovation for government customers.

Watkins later founded CRW Innovations through an NSA-backed program, growing the company from a one-person operation into a nearly 20-person firm supporting classified missions. As the company scaled, his day-to-day role shifted away from hands-on engineering toward management, business development and P&L oversight. That chapter came to a close when CRW Innovations was acquired just ahead of the Covid-19 pandemic, eventually leading Watkins to his current role as chief research officer at Aperio Global.

Watkins spoke with ExecutiveBiz for his first Spotlight interview about returning to deeply technical work following the acquisition, Aperio Global’s mission-driven approach to national security challenges and his views on the future of artificial intelligence, digital twins and zero trust adoption across government.

ExecutiveBiz: You mentioned that as your company grew, your focus shifted more toward management and P&L work. After the acquisition by Aperio Global, has your role allowed you to re-engage with the engineering and technical work that originally drew you to the field?

Damian Watkins: Absolutely. One of the defining moments was receiving the patent. While the the concept had been discussed across the industry for years, formalizing it at that level validated the technical approach. I had been engaging with organizations like Leidos and SAIC on the concept for several years prior to the acquisition. As large language models began entering operational conversations, organizations recognized the need to understand whether their data foundations were actually fit for AI-enabled decision-making.

As those conversations accelerated, interest increased across multiple organizations. With Aperio, we had the resources to really go through that process, as opposed to me running a 20-person company and trying to do it on my own. We had access to additional expertise to walk through everything properly.

There was rigorous scrutiny during the review process, including questions about prior art, but the distinction of the approach ultimately led to approval. That was a big moment!

Our first sale was with the U.S. Secret Service. They’re using it for a lot of their cyber investigations, including money laundering and financial tracking. They use it to help adjudicate certain cases they’re working on. That legacy mission set remains highly relevant to modern cyber and financial investigations.

They’re using our software for that today, and we’re in discussions to expand it into a broader protection concept, as well as to outline the next steps for the tool I just described.

EBiz: What do you see as the most pressing national security threats today, and how is Aperio Global working to address them?

Watkins: Broadly speaking, we’re working across several areas. One is at Fort Meade, where we’re doing a lot of work around what we call enterprise discovery operations. That involves looking at what the technology roadmap looks like and how it’s changed, both on the adversarial side and on our side as we work to protect ourselves.

We have teams supporting that work, and some of that analysis supports senior-level situational awareness and strategic decision-making. We also have work at Space Command looking into emerging threats in space, which is really the last frontier in terms of where these issues are headed.

So we’re working on both the defensive operations side and the forward-looking technical side. That’s how we position ourselves. We see Aperio Global as being mission-oriented and mission-focused. We don’t typically try to sell enterprise software or a platform and then force customers into it. Instead, we meet with our customers, identify their pain points and jointly figure out how to deliver value, whether that’s through new technology, new tradecraft, new approaches or additional expertise.

EBiz: So it’s more consulting-focused than capabilities-focused?

Watkins: Historically, the CRW Innovations work often began as analytic and technical support, but Aperio has made a deliberate shift toward productized capabilities and scalable platforms. Following the acquisition, some of my work continued in level-of-effort roles, often as a subcontractor to larger system integrators, a typical practice in government environments. We still support customers in that capacity where appropriate, but we have strategically pivoted away from that model toward building durable products and mission-ready capabilities.

Shortly after the 2021 acquisition, we were awarded a patent for an AI-driven analytics capability that uses machine learning to automate enterprise discovery. The capability applies the same analytic rigor I described earlier, but at machine speed and scale—helping analysts understand their data, surface what matters most, and reduce the manual burden of spreadsheets, scripts, and ad hoc analysis. The result is meaningful productivity gains and more consistent, defensible insights for mission decision-making.

We’ve built on that patented capability and are developing additional offerings for the Space Force and other customers to help them transition safely into AI. That doesn’t just mean using tools like ChatGPT or Claude. It means using localized models that may be air-gapped and not connected to the internet, and being able to tune your data, your model or both.

The goal is to help organizations leverage their data in a strategic and productive way, while ensuring the outputs are trustworthy, mission-relevant and provide real insight into the mission they’re trying to support.

EBiz: Where do you think AI is headed next? You can take that broadly or point to one specific prediction.

Watkins: Let’s start broad. It’s difficult to discuss modern AI without acknowledging NVIDIA’s role in enabling advanced compute. We work closely with them—both strategically and technically—on areas such as Omniverse and advanced radiance field techniques.

The idea is that you can take a picture of a room, like the one I’m in now, and create a digital twin of it. On top of that digital twin, you can overlay things like metadata or cognitive knowledge. That’s where I see things going. Instead of having to physically model something, you can create a digital twin and get the same value when it comes to building models, strategies, policies or rules, because you already have an accurate representation of what that environment looks like in real life.

Rather than wasting resources and people to do that manually, you let the computer do it. You can think about use cases like museums, large buildings, concerts and sporting events, but also the defensive and adversarial environments we talked about earlier, including conflict scenarios.

Long story short, the next step is simulation environments and digital twin environments, and mapping AI onto those. That also leads naturally into robotics, which you’re seeing companies like Tesla and Boston Dynamics investing heavily in. A lot of that comes down to computationally intensive modeling of environments and training systems within them.

EBiz: What is a federal cyber vulnerability that’s under-discussed and needs more attention from industry partners and integrators?

Watkins: If you take any cybersecurity training, the point of failure is almost always the person. It’s usually someone not adhering to standards or best practices, or not having the right knowledge and inadvertently doing something that causes a system failure. You see this play out in a lot of high-profile breaches, where a senior person had an easy-to-crack password or made a simple mistake.

That’s where automation becomes critical. There are two main areas we’ve been looking at. Recently, with the Department of Homeland Security, we examined a protocol called the Open Security Controls Assessment Language, or OSCAL. NIST just put out a request for comments on it a couple of weeks ago, and I’m participating in that process.

There’s a policy side to cybersecurity where you have extensive documentation and defined controls, but the real challenge is how you maintain and enforce those controls at machine speed. OSCAL is designed to help by mapping controls across systems, software and access types, and then shifting enforcement from people to software agents that can operate continuously and at scale.

The second area is data pedigree and governance. When I ask a system a question, I need to know why it arrived at that answer and what data or evidence it used. As systems become more complex and abstracted away from raw data, that becomes harder to track. You have to build those controls in using frameworks like OSCAL.

In a lot of our space-related work, we also leverage OpenTelemetry, which allows us to generate objective metadata around events, nodes and system activity. More recently, we’ve implemented retrieval-augmented generation, or RAG, so that when an agent is queried, it’s clear which part of the knowledge graph the data is being pulled from.

EBiz: The Department of War has a department-wide zero trust implementation goal of 2027. How has Aperio Global supported that effort, and what are the major obstacles to achieving it?

Watkins: There are really two parts to that. One is the mission side. We conduct vulnerability assessments, essentially red team and blue team evaluations. That includes identifying things like zero-day vulnerabilities and understanding how systems are expected to respond.

At the zero trust level, we’ve helped customers like DHS implement tools such as Zscaler, while avoiding vendor lock-in. You can deploy Zscaler, CrowdStrike or Palo Alto, and each offers its own proprietary approach to zero trust. But achieving true zero trust effectiveness depends heavily on the application, the mission and who is supposed to access data at specific times.

For example, an entertainment organization like the NBA will approach this very differently than DHS or the Department of War, based on laws, mission requirements and operational needs. All of that has to be built into access policies.

Zero trust can frustrate people because it requires re-authentication or re-verification every time you attempt a new action. That can sometimes result in being locked out due to inactivity or session changes. The benefit, though, is that you gain the ability to track activity end-to-end, from login through operations, device locking, logout and reentry.

The downside is the volume of logs and alerts, which can get very noisy. When you’re flooded with alerts, people start ignoring them. Where we’ve fit in is helping customers identify which logs matter, how much alerting is appropriate and how to extract real value from that data.

EBiz: So what are the biggest things standing in the way of achieving zero trust? Is alert fatigue one of them?

Watkins: Alert fatigue is definitely one. Another big obstacle is education, understanding the tradeoff between usability and security. People will cut corners because they don’t have the patience or the bandwidth to implement controls correctly.

There’s also vendor dependency. If something breaks at a major provider, the impact can be widespread. You saw that with the airport disruptions tied to CrowdStrike a little over a year ago. That incident stemmed from a Windows kernel update and had little to do with CrowdStrike directly, but because CrowdStrike was leveraging something deep in Windows that very few people understood, it was hard to identify the problem before significant collateral damage occurred.

Another challenge is the sheer number of vendors and disparate technologies involved. When organizations decide to pursue zero trust, one of the first questions is where to start. Which vendor do you choose? Which platform do you commit to? Those decisions are not trivial, and they can have long-term implications for flexibility and resilience.

Who Is Damian Watkins?

Damian Watkins is the chief research officer at Aperio Global, where he leads technical strategy across AI, cyber and emerging mission capabilities. He previously founded CRW Innovations and holds advanced degrees in electrical engineering, with research experience supported by the Army Research Laboratory and work tied to national security systems.

What Does Aperio Global Do?

Aperio Global supports defense, intelligence and federal customers with mission-focused solutions spanning cyber operations, AI and machine learning, data analytics, cloud and software development. The company specializes in helping organizations move from fragmented data and tools to trusted, interoperable decision environments enabling safe AI adoption, operational clarity and mission-resilient outcomes.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Artificial Intelligence

mm

Written by Charles Lyons-Burt

Charles Lyons-Burt is senior content specialist at Executive Mosaic, a media and events company serving the U.S. federal contracting community. A passionate lover of language, the arts, aesthetics and fitness, he also writes film and music criticism for outlets such as Slant Magazine and Spectrum Culture.

Photo: Deloitte
Deloitte logo. Deloitte launched TrueServe for Government and GovConnect on AWS Marketplace.
Deloitte Rolls Out TrueServe for Government, GovConnect on AWS Marketplace to Streamline Federal Modernization