Dr. Tony Tether was the director of the Defense Advanced Research Projects Agency, DARPA, from 2001 till his retirement in 2009. DARPA is widely known for being the principle agency in DoD for research and development. DARPA is charged with investing in projects that aim for high-payoff. They fund innovative ideas, develop solutions, provide demonstrations of concepts and systems and take any other prudent action required to move the right ideas from concept to reality. In this OODAcast we examine some of Dr. Tether's formative experiences, including a very unique job he held while awaiting entry to Stanford. He was a door to door salesman and while doing that learned the importance of quickly assessing challenges that were not being addressed and then forming an ability to express what needs to be done and how to do it quickly. As we hear in the discussion, this type of approach, very consistent with the famous "Heilmeier Catechism", ended up producing a wide range of DARPA breakthroughs, including one that is now in every cell phone in the globe (next time you use your cell phone's mapping and location services, remember to thank the Fuller Brush company!). Dr. Tether also walks us through a brief history of DARPA and dives deeper into the questions Heilmeier is so famous for articulating as a requirement before funding advanced capabilities: What is the problem you want to solve? Articulate your objectives using absolutely no jargon. How is it done today, and what are the limits of current practice? What's new in your approach and why do you think it will be successful? Who cares? If you're successful, what difference will it make?(transition) What are the risks and the payoffs? How much will it cost? How long will it take? What are the midterm and final "exams" (go/no go criteria)to check for success? Other topics we discussed with Dr. Tether include: Recent proposals to double the funding of DARPA and why that may be a bad idea Concepts around cybersecurity and mitigating risks to enterprises and the nation of intellectual property theft Leadership in an age of converging technology Slides Dr. Tether Reviewed in this OODAcast are at this link: Dr. Tether Presentation Related Reading: Black Swans and Gray Rhinos Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking Corporate Sensemaking: Establishing an Intelligent Enterprise OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking COVID-19 Sensemaking: What is next for business and governments From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page. Space Sensemaking: What does your business need to know now A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking Quantum Computing Sensemaking OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking. The OODAcast Video and Podcast Series In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast

In this OODAcast, we talk with renowned counter-terrorism expert and career clandestine services professional Cofer Black. Cofer is best known for having been the Director of the CIA's Counterterrorism Center on 9/11 and having been part of the intelligence community warning about the near-term threat of terrorism in the United States prior to the attacks. However, his pedigree in counterterrorism issues was well established with a distinguished career in the field in high-risk areas and operations. During our discussion Cofer provides insight on a variety of issues including: How his childhood experiences traveling around Africa equipped him for the clandestine services. What it was like to be tracking al Qaeda prior to 9/11. How AQ planned to assassinate him during a high risk tour of duty overseas. How to speak truth to power and what he learned trying to provide early warning prior to 9/11. Lessons learned on leadership from a career in the intelligence community and private sector Cofer's Full Bio: Ambassador Black has had a distinguished 28-year career in the Directorate of Operations at the Central Intelligence Agency including serving as the Director of the CIA Counterterrorist Center during the 9/11 terrorist attacks. In this capacity he served as the CIA Director’s Special Assistant for Counterterrorism as well as the National Intelligence Officer for Counterterrorism. Ambassador Black was also appointed as the first State Department Coordinator for Counterterrorism with the designation of Ambassador at Large. During his CIA career, Ambassador Black served six foreign tours in field management positions. In 1995, Ambassador Black was named the Task Force Chief in the Near East and South Asia Division. From June 1998 through June 1999 he served as the Deputy Chief of the Latin America Division. After his government service, Ambassador Black transitioned to the private sector and served as Vice President for Global Operations at Blackbird Raytheon Technologies and as Vice Chairman of Blackwater Worldwide and as Chairman of Total Intelligence Solutions. In addition to numerous exceptional performance awards and meritorious citations, Ambassador Black received the Distinguished Intelligence Medal, the George H. Bush Medal for Excellence, and the Exceptional Collector Award for 1994.

Gaurav Banga is the Founder and CEO of Balbix, and serves on the boards of several companies. Before Balbix, Gaurav was the Co-founder & CEO of Bromium and led the company from inception for over 5 years. Earlier in his career, he served in various executive roles at Phoenix Technologies and Intellisync Corporation, and was Co-founder and CEO of PDAapps, acquired by Intellisync in 2005. Dr. Banga started his industry career at NetApp. Gaurav has a PhD in CS from Rice University, and a B.Tech. in CS from IIT Delhi. He is a prolific inventor with over 70 patents. In this OODAcast we talk to Gaurav about things his clients tell him are their most important priorities and gain insights modern technologists and business leaders can use to mitigate the growing cyber threats to businesses. We also examine Gaurav's views on the importance of mentors and get specific advice on how to find and leverage the right talent in a startup environment. As CEO of Balbix, Gaurav leads a team focused on providing organizations with comprehensive real-time views into breach risk. This is a daunting challenge but by applying an extensive array of well engineered AI and ML algorithms and well thought out architectures and visualizations (integrated into the workflow of decision-makers at all levels), they have met the challenge in new and very virtuous ways. For more on Balbix see: Balbix Related Reading: Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking Corporate Sensemaking: Establishing an Intelligent Enterprise OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking COVID-19 Sensemaking: What is next for business and governments From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page. Space Sensemaking: What does your business need to know now A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking Quantum Computing Sensemaking OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking. The OODAcast Video and Podcast Series In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast

This week's OODAcast is with Kim Zetter, an incredibly well respected journalist who has been covering cybersecurity related issues for two decades.  Matt Devost talks with Kim about a wide variety of cyber-related issues including a deep dive into Stuxnet and the implications for today's security environment. Kim also shares details as to how she got into the field and how she developed relationships with the hacker community via her longstanding attendance at Def Con. Kim is an award-winning investigative journalist and author who has covered cybersecurity and national security for more than a decade, most recently as a staff writer for WIRED. Her work has also appeared in the New York Times Magazine, Politico, Washington Post and others. She has broken numerous stories about NSA surveillance, WikiLeaks, and the hacker underground, including an award-winning series about security problems with electronic voting machines. She has four times been voted one of the top ten security journalists in the U.S. by her journalism peers. She’s considered one of the world’s experts on Stuxnet, a virus/worm used to sabotage Iran’s nuclear program, and wrote an acclaimed book on the topic – Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. Additional Resources: Countdown to Zero Day book Kim's Zero Day Substack Def Con hacker conference

In this OODAcast we provide insights into Zero Trust architectures from an experienced practitioner, Junaid Islam. Junaid is a senior partner at OODA. He has over 30 years of experience in secure communications and the design and operations of highly functional enterprise architectures. He founded Bivio Networks, maker of the first gigabyte speed general purpose networking device in history, and Vidder, a pioneer in the concept of Software Defined Networking. Vidder was acquired by Verizon to provide Zero Trust capability for their 5G network. Junaid has supported many US national security missions from Operation Desert Shield to investigating state-sponsored cyberattacks. He has also led the development of many network protocols including Multi-Level Precedence and Preemption (MLPP), MPLS priority queuing, Mobile IPv6 for Network Centric Warfare and Software Defined Perimeter for Zero Trust. Recently Junaid developed the first interference-aware routing algorithm for NASA’s upcoming Lunar mission. He writes frequently on national security topics for OODAloop.com. We discuss Junaid's approaches to zero trust networking. His approach is to always start with the needs of the business. From there he works with organizations to ensure a comprehensive assessment of the existing architecture is done, since every organization already has some elements of a zero trust approach in play. Junaid highlights that one of the biggest mistakes he sees organizations make is skipping this gap analysis and moving right to purchase of products or services. This frequently ends up being a negative to the project. Today's global businesses operate with many partners, providers and suppliers and zero trust designs must be established with this unique mix in mind to optimize the use of technology in support of core business needs. Junaid provides insights into many of the products he encounters in zero trust architecture work.   Related Reading: Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: OODA Cybersecurity Sensemaking From Solar Sunrise to Solar Winds: The Questionable Value of Two Decades of Cybersecurity Advice While the Ware Report of 1970 codified the foundations of the computer security discipline, it was the President’s Commission on Critical Infrastructure Protection report of 1997 that expanded those requirements into recommendations for both discrete entities as well as the nascent communities that were growing in and around the Internet. Subsequent events that were the result of ignoring that advice in turn led to the creation of more reports, assessments, and studies that reiterate what was said before. If everyone agrees on what we should do, why do we seem incapable of doing it? Alternately, if we are doing what we have been told to do, and have not reduced the risks we face, are we asking people to do the wrong things?  See: From Solar Sunrise to Solar Winds: The Questionable Value of Two Decades of Cybersecurity Advice If SolarWinds Is a Wake-Up Call, Who’s Really Listening? As the U.S. government parses through the Solar Winds software supply chain breach, many questions still remain as to the motive, the entities targeted, and length of time suspected nation state attackers remained intrenched unseen by the victims.  The attack stands at the apex of similar breaches in not only the breadth of organizations compromised (~18,000), but how the attack was executed. See: If SolarWinds Is a Wake-Up Call, Who’s Really Listening? Executive Level Action In Response to Ongoing Massive Attacks Leveraging Microsoft Vulnerabilities This post provides executive level context and some recommendations regarding a large attack exploiting Microsoft Exchange, a system many enterprises use for mail, contact management, calendar/scheduling and some basic identity management functions. This attack is so large and damaging it is almost pushing the recent Solar Winds attacks off the headlines. Keep in mind that till this point, the Solar Winds attack was being called the biggest hack in history. So this is a signal that the damage from this one will also be huge. See: Executive Level Action In Response to Ongoing Massive Attacks Leveraging Microsoft Vulnerabilities

Bryson Bort is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy. He is widely known in the cybersecurity community for helping advance concepts of defense across multiple critical domains. He is the co-founder of the ICS Village, a non-profit advancing awareness of industrial control system security. Bryson is also a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute. In this OODAcast we examine approaches Bryson has seen make positive differences in evaluating and mitigating risks to enterprises, specifically in the domain of adversary emulation. The discussion covers: A practitioner's view of the state of cybersecurity The demise of the perimeter as a security control What leaders need to know to mitigate risk Attack, Detect and Response tools and how their automation can help continuously mitigate risks Mitre ATT&CK and how to use it to help frustrate adversaries Assisting Blue Teams, Purple Teams and Red Teams with tooling The use of cyber threat intelligence to inform automated adversary emulation   More on cybersecurity: Ransomware: An update on the nature of the threat The technology of ransomware has evolved in sophistication and the business models of the criminal groups behind it have as well. The result: The threat from ransomware has reached pandemic proportions. This post provides an executive level overview of the nature of this threat. It is designed to be read as an introduction to our accompanying post on how to mitigate the threat of ransomware to your organization. See: Ransomware, an update on the nature of the threat China’s Plan for Countering Weaponized Interdependence In an article entitled “The international environment and countermeasures of network governance during the “14th Five-Year Plan” period” by Xu Xiujun (徐秀军) in the February 27, 2021 edition of China Information Security, we see the continuation of China’s concerns over Weaponized Interdependence and China’s desire to shape a global technology and economic environment that is less influenced by Western power. Xiujun identifies concerns in several interconnected areas including cybersecurity, economic centralization, and advancement in technologies like AI, Quantum, and 5G. See: China’s Plan for Countering Weaponized Interdependence If SolarWinds Is a Wake-Up Call, Who’s Really Listening? As the U.S. government parses through the Solar Winds software supply chain breach, many questions still remain as to the motive, the entities targeted, and length of time suspected nation state attackers remained intrenched unseen by the victims.  The attack stands at the apex of similar breaches in not only the breadth of organizations compromised (~18,000), but how the attack was executed. See: If SolarWinds Is a Wake-Up Call, Who’s Really Listening? Russian Espionage Campaign: SolarWinds The SolarWinds hacks have been described in every media outlet and new source, making this incident perhaps the most widely reported cyber incident to date. This report provides context on this incident, including the “so-what” of the incident and actionable insights into what likely comes next. Russian Espionage Campaign: SolarWinds The Cyber Threat to NASA Artemis Program: NASA is enabling another giant leap for humanity. With the Artemis program, humans will return to the Moon in a way that will enable establishment of gateways to further exploration of not just the Moon but eventually the entire solar system. The initial expenses of the program will return significant advances for scientific understanding and tangible economic returns. As Artemis continues, the project will eventually deliver improvements for humanity that as of yet have only been dreamed of. But there are huge threats. For more see: The Cyber Threat To Artemis Security In Space and Security of Space: The last decade has seen an incredible increase in the commercial use of space. Businesses and individual consumers now leverage space solutions that are so integrated into our systems that they seem invisible. Some of these services include: Communications, including very high-speed low latency communications to distant and mobile users. Learn more at: OODA Research Report: What Business Needs To Know About Security In Space Also see: Is Space Critical Infrastructure, and the special report on Cyber Threats to Project Artemis, and Mitigating Threats To Commercial Space Satellites

Trond Undheim is a futurist, investor, consultant, executive, speaker, entrepreneur and podcaster. He produces widely impactful podcasts: Futurized, which tracks the underlying forces of disruption in tech, policy, business models, social dynamics and the environment, and Augmented, which reveals stories behind the new era of industrial operations. Trond is trained as a social scientist with a career in technology and innovation, and is the author of a string of books helping make sense of the dynamics at the nexus of multiple technology and societal trends, his most recent book, Future Tech, was just released. Future Tech provides a framework designed to help all of us understand and capture value from disruptive industry trends. The book explains how four sources of technology, policy, business models and social dynamics work together and how they are shaped by complex interactive environments. More importantly, the book provides recommendations and concepts for how to apply understanding of these disruptive forces to analysis. In the discussion we gain insights on how to apply Trond's framework to inform decisions being made today. Additional Resources Futurized Augmented Future Tech

Jeremy King is a trusted advisor to corporate boards and some of the nation’s most elite business leaders. He is also a serial connector helping move business information on opportunities at the intersection of talent, capital, entrepreneurs and business development. Jeremy is an entrepreneur himself, creating successful executive search firms and also a game-changing non-profit we will talk a bit about later called MissionLink. Today Jeremy is the founder and President of Benchmark Executive Search. For more than 20 years, Jeremy has played a strategic role in building the leadership organizations for more than 400 growth companies, including noteworthy publicly-traded success stories. Jeremy has helped transition and guide hundreds of top federal executives and flag-officers into private sector, consulting, and board roles. In this OODAcast we discuss: A succinct articulation of the difference in leadership and management Jeremy's view on what makes a great leader How Jeremy sets about to find a leader for placement in high caliber organizations Ways we can all become better leaders Reasons to study leadership in history, including some of Jeremy's favorite historical leaders Cybersecurity and leadership, including what high performing companies are asking Jeremy to help them with in this domain The growing need for board members with cybersecurity leadership skills The non-profit MissionLink organization Jeremy co-founded The best books on Leadership An exemplar of one of the great leaders Related Resources: Benchmark Executive Search

Ben Ford is the founder of Commando Development, a firm which leverages his deep background and experience in enterprise IT as well as his years in service as a Royal Marine to the benefit of technology teams in startups and large enterprises. In this OODAcast we discuss Ben's views on the history of Commando's, from the experiences that inspired Winston Churchill prior to his forming then in World War II up to today, capturing a surprising number of lessons for business and IT leaders today. Some discussion topics: How can Winston Churchill's decisions regarding Commando Unit reporting structure inform your decision on how your enterprise AI initiatives or cybersecurity actions are organized and led? How can the metrics of legendary Commando (and trainer of OSS) William Fairbairn inform the metrics of enterprise cybersecurity? We also examine Ben's use of the OODA Loop approach in his methodologies. He calls the OODA Loop the Algorithm of Adaptation, considering it the best mental model for thinking about how we shape and are shaped by our environments. Additional Resources: Commando Dev Algorithms of Leadership

OODA CEO Matt Devost has a track record of executing on innovation via entrepreneurship. He has extensive past performance in cybersecurity, counterterrorism, critical infrastructure protection, intelligence, and risk management issues, and deep experience in delivering value in those domains via entrepreneurship. In this OODAcast, Jen Hoar extracts lessons and insights from Matt's journey that will be relevant to creators, innovators and entrepreneurs at any stage of their journey. Some topic covered: - How will you know when it is the right time to start your business? - How should you evaluate risks of the new business endeavor? - How do you establish credibility with potential investors? What about potential clients? - How do you sell? - What is the best way to listen to potential clients? - What is your story and how do you articulate it? - What doesn't work? What common mistakes have you seen or experienced yourself? Currently, Matt is the CEO & Co-Founder of OODA LLC. Prior to OODA, Matt was the EVP for Strategy and Operations at Tulco Holdings. Previously, Mr. Devost was a Managing Director at Accenture where he led the Global Cyber Defense practice responsible for Accenture’s cloud, mobile, infrastructure, network, endpoint, incident response, threat intelligence, threat hunting, vulnerability management, IOT/IIOT, and red teaming offerings. Mr. Devost joined Accenture following their 2015 acquisition of the global cybersecurity consultancy FusionX LLC where he had served as President & CEO since 2010. As a Founder of FusionX, Mr. Devost helped an international clientele identify and manage dynamic threats in complex operational environments. Additional Links: Matt's writing at OODA Loop Follow Matt on Twitter Connect with Matt on LinkedIn Subscribe to Matt's Global Frequency List Matt's Book Recommendations