Embracing Military-Grade Cyber Defenses
Cybersecurity is no longer just an IT concern; it’s a critical component of organizational strategy, especially for regulated industries. On the latest episode of The Other Side of the Firewall, Ryan Williams Sr. and Daniel Acevedo explored why sectors such as finance, healthcare, and defense contracting are turning to military-grade cyber defenses. This trend isn’t about acquiring military hardware but adopting military tactics, techniques, and procedures (TTPs).
You can view the full podcast episode on our YouTube page:
The Shift to Military-Grade TTPs
As cyber threats become more sophisticated, regulated industries are leveraging military methodologies to bolster their defenses. “You’re not going to get your hands on a type one encryptor, those are controlled by the NSA,” I explained. Instead, these industries are integrating military strategies into their business continuity plans and cyber defense policies, often guided by veterans transitioning into cybersecurity roles.
Daniel Acevedo, my co-host, highlighted the increasing overlap between military strategies and private sector cybersecurity. “Developing their own and then going with strong models like defense in depth and zero trust, I think from a heavily regulated organization where you’re talking about either defense contracting or hospitals or those kinds of things where they have to adhere to strong policies and enforce those things,” he said. This approach ensures that these organizations are not just compliant but are genuinely secure.
Information Sharing and Zero Trust
One key takeaway from our discussion is the importance of information sharing. In the military, different branches work together, sharing critical information to protect each other. This collaborative approach is now being adopted by the private sector to counteract cyber threats more effectively. “You really have to band together. That’s what the military community does,” I emphasized.
The Zero Trust model, which originated in the Department of Defense (DoD), is also making significant inroads into the private sector. This model assumes that threats could be internal or external, necessitating stringent access controls and continuous verification. As Daniel pointed out, “sometimes the organization gets kind of hyper-focused on, hey, we need to protect whatever data that is classified as a secret or falls within those parameters for that compliance. But organizations forget that, hey, that’s one asset of it.”
The Role of GRC
Governance, Risk, and Compliance (GRC) play a foundational role in building a robust cybersecurity posture. Daniel highlighted that while compliance frameworks like NIST, HIPAA, and CMMC provide a baseline, true security requires going beyond these standards. “GRC is like the strong foundation and the beginning of how everything gets enforced,” he said, stressing the need for ongoing vigilance and adaptation. This foundational work is crucial, but as security professionals, we must recognize that it is just the beginning. True security involves continually enhancing our defenses and being proactive about emerging threats.
Looking Ahead
As we move forward, the lines between military and private sector cybersecurity strategies will continue to blur. The Cybersecurity Maturity Model Certification (CMMC) is poised to influence private sector practices, driving the adoption of comprehensive and rigorous cybersecurity frameworks. “I think a lot of that’s gonna start to bleed over too, just like Zero Trust,” I mentioned. These strategies, originally designed for military use, are increasingly relevant for private companies facing sophisticated threats.
The Bigger Picture
The integration of military-grade cyber defenses in regulated industries is a promising development. By adopting proven military strategies, fostering a culture of information sharing, and emphasizing Zero Trust, organizations can better protect their assets and ensure a secure digital future.
Our discussion also touched on the broader impact of these changes. With the rapid evolution of technology and the increasing prevalence of AI, the cybersecurity landscape is set to change dramatically in the next few years. “The next three to five years, it’s like huge changes that are coming down the line,” Daniel warned. This highlights the need for continuous education and adaptation to stay ahead of the curve.
Conclusion
In conclusion, adopting military-grade cyber defenses is not just a trend but a necessity for regulated industries. By leveraging military TTPs, enhancing information sharing, and implementing Zero Trust, these sectors can significantly improve their cybersecurity posture. As we face increasingly sophisticated threats, the collaboration between military and private sector strategies offers a robust defense mechanism to safeguard our digital future.
Thank you for reading and stay tuned for more episodes of The Other Side of the Firewall podcast on Monday, Tuesday, Wednesday, and Fridays, as well as, the Ask A CISSP podcast every Thursday. Please like, share, and, subscribe.
Stay safe, stay secure!
Ryan is a retired Air Force veteran who brings over 20 years of experience in network infrastructure, project management, and cybersecurity consulting to his current role at BuddoBot . At Buddobot, he is dedicated to supporting national security by helping organizations transition from costly, reactive, and automated IT and security practices to proactive and robust security solutions.
Shannon, also a retired Air Force veteran, has more than two decades of expertise in network security and vulnerability management. He now serves as an Information System Security Officer (ISSO) for the U.S. Space Force, where he continues to enhance national security protocols.
Daniel is an Air Force veteran with over 15 years of combined experience in IT, cybersecurity, information assurance, and government risk compliance. He has held various roles, including IT administrator, cybersecurity engineer, senior information system security manager, and currently serves as a senior security consultant for Booz Allen Hamilton. In this latest role, Daniel leverages his expertise to address unique and complex challenges in the cyber and IT domains, enhancing his customers’ capabilities.