Fresh off his induction into the 2024 class of Cyber Defenders, we spoke with Nat Bongiovanni, who is chief technology officer at NTT DATA Federal Services, for a forward look at both challenges and encouraging trends in cybersecurity, with the double-edged sword of artificial intelligence (AI) taking a prominent view in his outlook.
MeriTalk: Nat, congrats on the 2024 Cyber Defenders award! Tell us a little bit about your job and what security work you are doing.
Bongiovanni: NTT DATA is one of the ten largest systems integrators and IT service providers in the world, and we assist our clients in reinventing themselves responsibly in an ever-changing world. I work in the Federal Division within NTT DATA, and we hold the security clearances to do business in the U.S. I wear multiple hats – I’m the chief technology officer, the chief information officer, and the technology control officer. A lot of my work is outwardly focused, so helping clients with problems, and with my team the work involves pre-sales, proposal writing, and some pretty cool research and development.
MeriTalk: How about work specific to the security side of things?
Bongiovanni: I started doing cybersecurity work when I became CIO at NTT DATA Federal Services, and I took to it and have become an expert over the last decade. All of the cyber things that I recommend to clients are things that I’m doing myself – I really believe in drinking my own champagne.
One of the things we’ve recently produced is a webinar on the very basics of cyber hygiene that we turned into an e-book, it’s called “An A.P.P.L.E. a Day Keeps Ransomware at Bay,” with the acronym translating to Authenticate, Patch, Protect Resources, Limit privilege and Enable anti-malware. I’m really passionate about getting organizations to do cybersecurity and making them cyber-safe.
MeriTalk: In the bigger picture on security, what are some recent policy and tech trends you are seeing that are helping to improve security and that we should be doing more of?
Bongiovanni: What makes me hopeful is that there is a realization in the marketplace that no cybersecurity is going to be perfect, and that you have to have a plan for what you do when things fail. I really think that cybersecurity has kind of an actuarial problem – a probability and risk assessment problem. I’m hopeful because what I’m seeing is that people are beginning to realize that they can’t have 100 percent protection without turning everything off, so how can they have as much protection as possible and then deal with things when they go wrong? That makes me very hopeful that we’re going to dig ourselves out of the hole of constantly reacting to what the bad guys are doing.
MeriTalk: And thus developing more resilience?
Bongiovanni: Exactly – so that we don’t end up having disasters and having to pay somebody a huge ransom.
MeriTalk: Also looking out at the bigger picture, who looms large for challenges in improving security?
Bongiovanni: I think that artificial intelligence is going to become a big challenge, but realistically, artificial intelligence also will probably be part of the solution.
The issue is that artificial intelligence gives people the ability to make much more sophisticated attacks that are convincing – whether they are phishing attacks and emails, whether they’re actual voices that are using an AI-generated voice that replicates somebody else’s voice to get things done. Those are things that I think are going to be a big challenge that’s coming at us.
On the flip side, AI is probably going to be used for us to help figure out when an attack is being assisted by AI, and how to prevent bad things from happening. Which one happens first, I couldn’t tell you right now, but my concern is that the bad guys are going to get the jump on us with this one.
Ultimately, I think AI will be more beneficial to the defenders than the attackers, because the attack surface that we as defenders have to manage right now is enormous, and figuring out how to do it is difficult, and AI is going to help us a lot. It’s just that there’s going to be a period where the attackers are going to become much more sophisticated before we figure out how to do better on the defense.
MeriTalk: How did you find your way to the tech security field? Was it something that always seemed like a natural path or was the journey more complicated?
Bongiovanni: I got into this field because I was really good at solving problems. Initially, I had an eclectic career – I fixed air conditioners for a living, I’ve worked in management, in application development. When I got into application development and data warehousing in particular, then I hit my stride, and went into consulting. Consulting was great because I never got bored, and every time I got a client to the place where they needed to be then I could go to another client and help them. What that gave me is really broad experience with a lot of industries, but always solving some kind of problem, and all of them were technology problems or things related to technology.
MeriTalk: Final question – what do you enjoy doing in “real life” that doesn’t have anything to do with technology and security?
Bongiovanni: Besides enjoying family, friends, and traveling? My hobbies are what I call “maker” activities – I like woodworking, I have a 3D printer, I like to build things, I like to use computer-aided design software to design things. I really like to work with my hands.