Following his induction into the 2024 class of Cyber Defenders, we were delighted to catch up with Gregory Garrett, who is chief operating officer at government tech provider REI Systems, for his look at the promising future that artificial intelligence (AI) technologies can bring to improve cybersecurity, as well as the need to approach AI with a measure of caution for risks the technology can introduce. In the exclusive interview that follows, Garrett also explains the need to grow the U.S. cybersecurity workforce, create better supply chain risk management programs, and act quickly to get ready for the looming security impact of quantum computing.
MeriTalk: Gregg, congrats on your Cyber Defenders Award! Can you tell us a little bit about your job and what kind of security work you are doing?
Garrett: Thank you, it’s an honor to be selected! I’m the Chief Operating Officer at REI Systems, a technology service provider with 35 years of experience supporting the government. I’m responsible for helping lead and support our team of 850-plus employees in managing numerous, large multi-million-dollar digital transformation, IT modernization, and advisory services programs for a variety of U.S. government agencies.
These programs include information technology, cybersecurity by design, DevSecOps, the creation of zero trust architecture, and development of cyber defenses for artificial intelligence.
In my role, I also drive the strategic business planning and development for the company, continually expanding our cybersecurity and artificial intelligence capabilities to address demands from our customers. Our goal is to expand this practice by bringing in other top notch cybersecurity strategic solution architects and systems engineers along with building up our governance, risk and compliance experts to complement our internal IT and cybersecurity teams.
MeriTalk: In the bigger picture on security, what are some recent policy and tech trends you are seeing that are helping to improve security and that we should be doing more of?
Garrett: There are a handful of trends that are moving the industry forward and improving protection efforts, but at the top of the list is the intersection of artificial intelligence and cybersecurity. As the third generation of self-learning AI comes to fruition, it creates tremendous potential for technology enhancements and improvements in addition to assisting the cybersecurity process by automating threat detection, identification and mitigation.
Many organizations – such as USCYBERCOM, U.S. Army Cyber Command, the Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) – are leveraging AI/machine learning software to increase the speed of cyber incident detection, enhance cyber threat hunting, and automate cyber incident response.
I’m also seeing security analysts use it to assist with cybersecurity training, governance, risk management, and compliance documentation. While there are numerous potential benefits to utilizing AI, it also presents new vulnerabilities and risks that will need to be factored into every risk management framework across the government.
MeriTalk: Also in the bigger picture, what looms large for challenges in improving security?
Garrett: The biggest challenge we face is the cybersecurity workforce shortage, with about 3.5 million cybersecurity jobs open globally. AI and other forms of automation can help, but only incrementally. There needs to be fundamental changes to education, training, development and cross-training to develop the next generation of cybersecurity professionals.
Many organizations also desperately need to create a cybersecurity-supply chain risk management (C-SCRM) program. For many CISOs, the greatest risk factors are insider threats, which includes their supply chain partners/vendors. With the dependence on the cloud, rapid adoption of AI and easy access to internet-based software applications, more people have access to critical information. Additionally, the expansion of global supply chains increases the cyberattack surface area for nearly all organizations. The supply chain is so vast – it’s estimated that anywhere from 300,000 – 400,000 prime contractors and subcontractors are trying to adopt appropriate cybersecurity standards.
Finally, the growth of quantum computing technology poses a major threat to all current software encryption. Cyber attackers who possess quantum computer access can swiftly and easily break just about any encryption. The need for quantum-resistant technologies is recognized and quantum-resistant algorithms are being actively pursued by NIST’s Cybersecurity Center of Excellence and numerous companies worldwide. While this isn’t a big issue today, it will be in the future, so we need to start developing the right kinds of tools, technologies, and architectures to combat the threat.
MeriTalk: How did you find your way to the tech security field, was it something that always seemed like a natural path or was the path more complicated?
Garrett: I always say that I’m an “accidental cybersecurity guy” because I never planned to do this nor have the traditional background for it. I studied chemical engineering and engineering physics because I wanted to be a rocket scientist and an Air Force fighter pilot, which is what I ended up doing. I worked as a systems engineer at the Space Division, focusing on advanced satellite communications systems. One of my last Air Force assignments was working in the Pentagon, managing $15-20 billion of IT modernization programs.
During this time, I came to understand the intrinsic value of interconnected technologies, solutions and devices. Since then, I’ve spent the past 25-plus years immersed in IT, cybersecurity, and systems engineering. As a result, I’ve become very passionate about cybersecurity and the value it provides throughout the government landscape.
MeriTalk: Finally, what do you enjoy doing in “real life” that doesn’t have anything to do with technology and security?
Garrett: My favorite thing is spending time with my family. I have three adult children, a granddaughter, seven nieces and nephews and 11 great nieces and nephews. Also, I love traveling. I’ve been to 72 countries and have lived in five of them, partly because I grew up in a military family. My grandfather was a Marine, my father was Army, and I was an Air Force officer because I love planes and I love to fly.