Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.
This week, we were honored to have Alexis Bonnell, CIO and Director of Digital Capabilities Directorate for the Air Force Research Laboratory, sit down with us. The former Pepperdine professor shared her thoughts on the relationship between knowledge and AI, why empathy is so necessary in cybersecurity, and how to navigate the expansive data landscape.
Balancing security with synergy
Protecting sensitive data is one of the most crucial responsibilities of any Chief Information Officer. When that data happens to belong to the United States Air Force Research Laboratory, the obligation is magnified tenfold.
“When we think about security and cyber, there’s a lot of the usual elements of identity and Zero Trust,” said Alexis Bonnell, CIO of the U.S. Air Force Research Lab (USAFRL). “Security is paramount, but we always have to balance it with collaboration.”
A lot of times, people think that the amazing innovations and technologies that come out of a place like the lab are kind of like in the movies — some genius says, ‘Eureka!’ and discovers something, but really it’s a contact sport, with other experts and partners.
“So the question is, ‘How do we maintain security, but also how do we do that in a way that’s collaborative?’”
The USAFRL serves the Air Force and Space Force and comprises some of the “biggest and best brains,” Alexis said. It’s no wonder, then, that Alexis’s favorite part of her role is her colleagues.
“I work with incredible people,” she said. “I’ll walk down the hallway, and there is a rocket scientist; there’s someone who won a Nobel Prize — the culmination of all of those brains in one place is amazing.”
Change management in a rapidly expanding environment
And these brilliant leaders now face a paradigm that’s shifting quicker than ever, Alexis said.
“Many leaders across DOD are asking themselves, ‘How is it that we ask and answer what-if faster?’,” Alexis said. “We’re talking about a change paradigm that is faster than ever.”
“We used to have the luxury of maybe five to 15 years to figure it out, and we just don’t have that. We’re on a six-month — if we’re lucky — change horizon.”
“You compound that with the amount of knowledge available now — the amount of data, the amount of information… Ninety percent of the world’s data really came online in accessible format in the last few years, so as a leader, the question is how am I going to navigate all those changes with more information than ever?
From ELIZA to AI
Although today’s society is making great strides in AI and machine learning, Alexis pointed out that even the earliest automation was considered innovative for its time.
“If you go back, we can look at technology like ‘find and replace’ — control H as a way of not having to reinvent something,” Alexis said. “We can look at ‘Google it’ and being able to ask questions.”
The natural evolution from simple computing automation to generative AI-based technology using large data sets has led many people to wonder what’s next.
“This question about the limits that we’re reaching in our human capacity processing speed is really complemented by AI.”
There’s a part of me that wishes we thought about it as ‘augmented’ intelligence instead of ‘artificial’ because there’s nothing artificial about it.
“I think about it as kind of a wingman, right? Being able to augment all the incredible cyber professionals in preventing cyberattacks.”
“As we face the opportunity as far as the speed of our insights that we need, I think it’s absolutely understandable why AI is really hitting its stride right now.”
The humanity side of cybersecurity
The value artificial intelligence brings to the table is nullified, though, if the end result doesn’t benefit society, Alexis said.
For me, technology is all hype until it’s actually helping a human do something better, faster, or smarter.
“I ask my team, ‘How does this make someone’s life better or easier? How does this impact the warfighter?’”
“Otherwise, I think it’s easy to get caught in conversations about platforms or tools. A lot of times, it’s not unusual in an organization to focus on doing differently, but not to prioritize, ‘How do we want someone to think differently or feel differently about their role, about themselves?’ based on the technology.”
The empathetic side of technology is what motivated Alexis to begin building a new type of SaaS: security as a service.
“One of the things that excites me a lot about what we’re trying to look at on cyber is security as a service,” she said. “A lot of times when someone is navigating different security options or cyber issues, we forget that it can feel overwhelming for people who aren’t cyber professionals.”
So I’m working with the team to say, ‘What would it look like to change that experience? What would it look like to feel like you had a cyber ally?’
“We want to meet our customers where they are early on and be able to provide them that advice and guidance, instead of it being something that is a bit scary or dreaded or they feel like might keep them up at night.”
“Most importantly, how might we continue to build the Risk Management Framework process automatically into our tools and platforms, so the options my teams have at idea- and concept-generation are secure from the start?”
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.
