The finalists for WashingtonExec’s Pinnacle Awards were announced Oct. 8, and we’ll be highlighting some of them until the event takes place virtually Nov. 12.
Next up is Cybersecurity Industry Executive of the Year (Public Company) finalist Brad Medairy, who’s executive vice president at Booz Allen Hamilton. Here, he talks success, future focus areas and rule-breaking as an industry leader.
What has made you successful in your current role?
There are two areas that I have focused on over the years that are critically important to my success: concentrate on mission and empower great people.
In the nearly 25 years that I have been with Booz Allen, I have supported clients across every market we serve — from Defense Department clients and those in the intelligence community to private sector companies and civilian agencies. The constants across these moves are that the toughest challenges are only solved by understanding the context in which they exist and bringing together the best people and technology to solve them.
No one person has all the answers. But if you build the right team and stay relentlessly focused on challenges our clients must solve, we can find and create powerful solutions that help protect and further their missions.
What are you most proud of having been a part of in your current organization?
At Booz Allen, clients trust us to support some of the nation’s most critical missions — the same missions that sophisticated threat actors want to disrupt. I am proud that our team has earned this trust over decades and continues to deliver results with dedication and excellence every day.
We have helped clients evolve to meet the shifting threat landscape, applying new technologies like machine learning and sophisticated tradecraft. Our mission impact means clients invite us back — the highest mark of a successful engagement.
What are your primary focuses areas going forward, and why are those so important to the future of the nation?
Looking ahead, we continue to be laser-focused on the fast-evolving threat landscape. Cyberattacks were, at one time, mostly digital events with little real-world impact. Today, we’re seeing a much greater intersection between the physical and cyber realms as the internet of things and coming 5G technology connects devices in ways not possible before.
While this connectivity has potential to drive a wide range of positive impacts, it also expands the attack surface into the physical world. For example, the recent TrickBot botnet — a reported network of more than 1 million computers that have been used to launch disruptive attacks — was pre-emptively disrupted by U.S. Cyber Command, in part, over concerns about the syndicate’s ability to impact the upcoming U.S. elections.
Against this backdrop, there continues to be immense pressure to do more with less. We’re working alongside clients to help them be more efficient and effective by modernizing their cyber defense and getting ahead of attacks. This means embracing proactive strategies like continuous monitoring and purple teaming, as well as new technologies like artificial intelligence-enabled threat detection and response.
Cyber missions are critical to our nation’s security and economy as the stakes continue to rise. Years ago, breaches like those at the Office of Personnel Management and Target were significant but primarily limited to the unauthorized access to information — bits and bytes. Today, as we’ve seen with TrickBot, Maze and other actors, a cyberattack could mean manufacturing operations are taken offline, elections are impacted and a range of other real-world results.
In a world of highly sophisticated and highly motivated threat actors, it’s critical that we not just keep pace but outinnovate and use our collective ingenuity to address the evolving cyberthreat.
Which rules do you think you should break more as a government/industry leader?
As a leader, I’m often expected to have the answer. The truth is individual leaders rarely come up with the right answer alone. It’s about fostering a team that deeply understands the problem and is empowered to be creative in their approach.
Centrally important to the ability to solve challenging problems is to leave your title at the door and be prepared to get in the trenches. When we’re defending against sophisticated actors, it doesn’t matter whether you’re an executive vice president in industry or a client-side analyst. We’re in the fight together and must relentlessly focus on the mission and threat at hand.
It’s also important to speak truth to power. Bad news, like unflattering results of a cyber assessment, must be delivered so they can be acted upon. Bad news does not get easier to deliver over time, so it’s OK to break the norm and ask for help.
What’s the biggest professional risk you’ve ever taken?
During the dot-com boom in 2000, I left my position at Booz Allen to work with a startup specializing in e-marketplace implementation for commercial clients. While the work was familiar, the industry was a radical departure from the government clients I had been supporting. The environment was fast-paced and fully focused on the private sector. I had to learn how to be effective in this startup environment.
The experience taught me to be comfortable being uncomfortable. That time learning to work at a new velocity, for example, is an experience that I carry with me to this day. Our cyber adversaries are relentless, and we must match and outpace their tenacity and ingenuity. We won’t accomplish this without being agile and adapting.
I brought this startup approach to solutions development back to Booz Allen and used it most recently to create DarkLabs. This elite technical group blends cyber offense and defense tradecraft into cutting-edge solutions.
What’s your best career advice for those who want to follow in your footsteps?
As I take stock of my career, there are a few critical mantras that have helped me be successful that I would encourage all developing leaders to consider, regardless of industry:
Get comfortable being uncomfortable. The moment you think you’ve learned everything, it’s time to change — change assignments, shift roles, support a different mission. We’re not learning if we’re always comfortable. In the cyber context, when you’re comfortable is usually about the time you learn of a breach.
Seek diversity in assignments. It’s equally important as a cyber practitioner and as a leader to have perspective. My own experience in different markets and industries has helped me understand challenges more holistically. Especially in today’s threat landscape, it’s critically important to be able to spot threats and trends across sectors. Threat actors do not silo their attacks, so we must not silo how we approach the world.
Build up those around you. Leadership is not about individual success; it’s about building successful teams and supporting people. This may mean getting your hands-on-keyboards to defend against attacks or working alongside engineers in labs. And think beyond your organization. For example, I mentor tech startups with Dcode, coach middle school Science Olympiad and elementary and middle school youth soccer and basketball programs.