Skip to content
Don't miss

Get the daily Cyber Briefing in your inbox

SIGN UP
Podcast

The Army’s “No Fail” Cyber Mission with Brandon Pugh

Season 2 Episode 47 •

Show Notes

Note: This episode was re-published on June 30, 2026.

Army Principal Cyber Advisor Brandon Pugh joins Frank Cilluffo to address a stark reality: if critical infrastructure fails, the Army cannot mobilize. To meet this “no fail” mission, Pugh explains how the service is aggressively merging cyber with electronic warfare and cutting red tape to field new technology in days rather than years. They also discuss the Army’s unique edge in this digital fight—Reservists who bring high-level private sector expertise directly to the battlefield. The conversation also explores how AI and operational technology are reshaping the Army’s cyber battlefield and threat landscape.

Main Topics Covered
• How Congress created the principal cyber advisor role and defined its authorities.
• Army cyber’s four focus areas: AI, defense critical infrastructure, acquisition, and workforce.
• Integrating cyber, electronic warfare, RF, and information operations into Army warfighting doctrine.
• Defending defense critical infrastructure and preparing for Volt Typhoon-style cyber disruptions.
• Leveraging AI for continuous monitoring, faster detection, and protection of sensitive Army data.
• Reforming cyber acquisition through FUZE prototypes, VC-style partnerships, and Guard and Reserve expertise.

Key Quotes
“Cyber is not an isolated capability. It’s not something that just rests at Fort Gordon or Fort Meade.” – Brandon Pugh

“If an adversary goes after one of our military bases and we can’t mobilize people, tanks, equipment in a time of conflict, that is a major concern… we can’t accept the fact that cyber could be the barrier to our ability to do other military tasks.” – Brandon Pugh

“It’s a national security imperative to leverage AI. We know adversaries are going to leverage AI or exploit our AI regardless of what we do here. We could put barriers in terms of aggressive regulation which some have proposed in the past or seek to slow it down. All that’s going to do is help our adversaries.” – Brandon Pugh

“We have some individuals that show up their reserve weekend in $300,000-$400,000 vehicles because they are the experts in what they do as civilians. They have signed up and taken the oath because they want to serve this country. That is the talent we have in the Reserve and Guard that we need to continue to expand.” – Brandon Pugh

“We don’t have to go through a multi-year acquisition cycle, spend millions of dollars where we’ve seen 3D printed drones for mere dollars in some cases being leveraged [in Ukraine]… We need some of these capabilities in a matter of days or weeks, not years.” – Brandon Pugh

Relevant Links and Resources
Jack Voltaic: Critical infrastructure resiliency
Army’s FUZE Initiative

Guest Bio
Brandon Pugh is the Principal Cyber Advisor to the Secretary of the Army, advising the Secretary and Army Chief of Staff on cyber readiness, budget, capabilities, and strategy. He previously served as a director at the R Street Institute and continues to serve in the U.S. Army Reserve as a national security law professor, having earlier been a paratrooper and international law officer.

Transcript

Brandon Pugh [00:00:00]: You know, critical infrastructure and cyber, broadly speaking, is a concern. You know, we’ve seen that play out where it can disrupt their telecommunications or even disrupt the American way of life. Where it is a no fail mission is where if an adversary goes after one of our military bases and we can’t mobilize people, tanks, equipment in a time of conflict.

Frank Cilluffo [00:00:19]: Welcome to Cyber Focus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo, and this week I have the real privilege to sit down with Brandon Pugh. Brandon is the principal cyber advisor at US Army, where he advises the Secretary of the Army and also the Army’s Chief of Staff around issues on readiness and strategy and budget items. And the PCAs themselves, or principal cyber advisors are relatively new. But I can tell you Brandon’s been off and running, so pulled in electronic warfare for all US wonks out there, knows you we can’t look at cyber in isolation of that and has been rocking and rolling. Prior to this role, Brandon was at R Street, a think tank in Washington D.C. that is known for its cyber work and is also currently a reservist where he’s a JAG and previously he was a paratrooper. So, Brandon, real privilege to have you joining us today.

Frank Cilluffo [00:01:19]: Thank you.

4
00:00:03,000 –> 00:00:04,000
Brandon Pugh [00:01:20]: No, Frank, really glad to be here. And I hear I’m in your new studio.

5
00:00:04,000 –> 00:00:05,000
Frank Cilluffo [00:01:23]: First in the new studio. Exactly.

6
00:00:05,000 –> 00:00:06,000
Brandon Pugh [00:01:26]: It’s an incredible setup you have here.

7
00:00:06,000 –> 00:00:07,000
Frank Cilluffo [00:01:28]: Well, thank you for joining us and thank you for what you do every day. So I thought we’d start with, just because I think there’s not full awareness of what a principal cyber advisor actually is across the services. And what is the role?

8
00:00:07,000 –> 00:00:08,000
Brandon Pugh [00:01:45]: Exactly. Well, it’s interesting. So Congress actually created the position back in 2019 through the NDAA and it was first staffed in 2020. And the original point was, you know, Congress had thought there’s a lot of people within the services that do cyber. And I say that broadly speaking. And taking the army, we have a G3 who does cyber operations and planning. We have a three star commander in charge of army cyber. We have a CIO, we also have a G6. They all have important equities.

9
00:00:08,000 –> 00:00:09,000
Brandon Pugh [00:02:09]: But who is the one person that can kind of consider all those equities and provide independent advice to the Secretary of the Army and the Chief of Staff? To your earlier point, and that’s why they created the PCA and it’s a very prescriptive statute. Congress went as far as laying out the specific things we have to do, who we have to meet with, and actually where we have to sit in the org chart realizing that cyber is such an important aspect. We have to be a direct report to the secretary. We’re one of five. And you have to be at least a three star general officer equivalent or a four star, depending on how they want to set it up. So it is truly a unique role of how it fits in.

10
00:00:09,000 –> 00:00:10,000
Frank Cilluffo [00:02:42]: And each service treats it a little differently. Right? And one thing I will say, maybe you can’t say it, but I can say it, as a service, Army has leaned forward on cyber and I think is integrating. They’ve integrated it into their Title 10 authorities. So a lot are still sort of in that intelligence title 50 world. But I think that that is a message that doesn’t always get recognized. So how do you fit in sort of between Arcyber or Army cyber and the CIO? What does that look like?

11
00:00:10,000 –> 00:00:11,000
Brandon Pugh [00:03:18]: But, and you are certainly right, every PCA is kind of created differently in terms of how the services utilize their PCA. In fact, we’re the first political appointee. So I was fortunate to be appointed by President Trump and start in June. So really terrific honor to serve in the administration. But I will say, like, really appreciate your words on how the army is leaning into cyber. It is something we take to heart. So if you look at what Secretary Hegseth directed Secretary Driscoll, two of the five priorities of investment deal with my portfolio.

12
00:00:11,000 –> 00:00:12,000
Brandon Pugh [00:03:46]: So cyber and electronic warfare are two of the five in our office.

13
00:00:12,000 –> 00:00:13,000
Frank Cilluffo [00:03:49]: And you merged them already.

14
00:00:13,000 –> 00:00:14,000
Brandon Pugh [00:03:51]: I think, you know, it’s one of those things, you know, some people see cyber in isolation, but it really is increasingly.

15
00:00:14,000 –> 00:00:15,000
Frank Cilluffo [00:03:57]: It’s not a black box. Right? And a black, it is that too, but it’s much more.

16
00:00:15,000 –> 00:00:16,000
Brandon Pugh [00:04:02]: Exactly. So our office is unique in where we sit, you know, to your question on the distinction between my office and Arcyber, Arcyber, think of them as the who is employing our forces and who is operationally leading them. Our office is there to provide oversight, guidance, help convey priorities on behalf of the Secretary. And the unique authority is the budget. I review and certify the entire spend when it comes to cyber. And that is a unique legal authority that Congress actually gave the role. And I think it was intentional because, you know, obviously things do revolve around money. So it’s a way to make sure.

17
00:00:16,000 –> 00:00:17,000
Frank Cilluffo [00:04:34]: Policy without resources is rhetoric.

18
00:00:17,000 –> 00:00:18,000
Brandon Pugh [00:04:36]: Exactly. And if the Secretary has priorities, we can make sure those priorities are met during the budgeting process and make the role actually beneficial.

19
00:00:18,000 –> 00:00:19,000
Frank Cilluffo [00:04:44]: Have you been around, so you’re five months into the job and I’m going to ask you about your goals in a minute. But have you been around sort of a budget process where you can potentially shape the Army’s future in this space?

20
00:00:19,000 –> 00:00:20,000
Brandon Pugh [00:04:58]: Yes. So our office is actually more, even over my predecessors, are leaning actively into the budget. So we have a full time budget staff actually in our team that is in the weeds with Arcyber. Those that own our training resources, those that own our traditional IT spend. It’s a daily conversation, I would say. And quite frankly it’s something I’m aware of every day or every other day I’m touching budget. That’s how important it is, I would say. And I think it’s also important my role is to champion cyber.

21
00:00:20,000 –> 00:00:21,000
Brandon Pugh [00:05:25]: So I want to make sure we have the right investments in cyber and if we have gaps or it could be better spent elsewhere, that’s where my role should come into. It’d be that independent voice saying we need more resources here to meet what the Secretary wants or we have some gaps here. And that’s going to be a, create vulnerabilities for us.

22
00:00:21,000 –> 00:00:22,000
Frank Cilluffo [00:05:39]: Awesome. Now, you’ve been spending a lot of time on Capitol Hill as well, and previously you’ve had a lot of experience in the policy world and on Capitol Hill. How has that sort of influenced and shaped your role?

23
00:00:22,000 –> 00:00:23,000
Brandon Pugh [00:05:52]: So engagement members of Congress is one of our priorities. Something I always say is, you know, my, who I report to are the Secretary, so Secretary Hegseth, the President, Secretary Driscoll, members of Congress and also media engagement. All three are important to get, yes, I want to champion what, we’re super proud of what the army is doing. When it comes to tech and cyber, getting that out there and getting partners I think is critically important. And members of Congress have been very supportive, I would say overall of our efforts and largely deeply care about cyber. And we see, you know, the city, the cyber subcommittees of both the HASC and the SASC, you know, good partners and I think are eager to continue to be a partner and identify ways that Congress can better support the military when it comes to cyber.

24
00:00:23,000 –> 00:00:24,000
Frank Cilluffo [00:06:33]: Well, that’s great to hear. And their oversight role is critical as well. So to be able to get all pieces moving in the same direction is I think, essential. So it’s hard enough, right? It’s hard.

25
00:00:24,000 –> 00:00:25,000
Brandon Pugh [00:06:45]: And you know, in the army, you know, we continue to need and want partners. And you know, Congress is a great partner. You know, I like to see cyber as being 100% of my focus. The reality is, you know, cyber is just one part of what the army is looking to do. It’s part of what we call continuous transformation. Think of that as how are we getting the army to prepare for that future battlefield and prepare for that future fight. Cyber is a critical component of that as well as just tech modernization overall. And that’s the reason that we are so active engagement is to kind of champion what the Secretary is looking to do.

26
00:00:25,000 –> 00:00:26,000
Frank Cilluffo [00:07:16]: So five months in, what are your goals? Have you, have you laid those out? Have they been codified in any sort of way?

27
00:00:26,000 –> 00:00:27,000
Brandon Pugh [00:07:23]: They have. So high level is, you know, Congress gave us eight responsibilities in statute. They’re at, on a yearly basis making sure we carry out those eight responsibilities. And just for those who are not as familiar, think of that as that’s our man trained equip function. How are we defending army networks? How are we supporting a culture of offensive war fighting, supply chain security and so on? Eight total. But then we’ve kind of pulled out four critical areas of focus and that way we can kind of direct resources to them and direct time and attention while not ignoring those core eight. And at a high level, that’s how are we leveraging AI for cyber, specifically for cyber defense and offense. A true passion of mine. DCI or Defense Critical Infrastructures.

28
00:00:27,000 –> 00:00:28,000
Brandon Pugh [00:08:02]: I’ll do slash OT if you will.

29
00:00:28,000 –> 00:00:29,000
Frank Cilluffo [00:08:05]: Thank you. You would get it here with OT too.

30
00:00:29,000 –> 00:00:30,000
Brandon Pugh [00:08:07]: Exactly. You have to important, like, definitely related, also different. The third is around acquisition. How are we acquiring capabilities in cyber quickly and getting tech in the hands of the war fighter quickly and more efficiently? And the fourth is our people and structures. How, what does that relationship between the services and U.S. Cyber Command look like? How are we fine tuning that? And a lot that my passion for the guard and reserve falls under. So I like to think of as four overall objectives. But then each one has almost three or four key results nested under them too.

31
00:00:30,000 –> 00:00:31,000
Brandon Pugh [00:08:38]: So we can make sure and hold ourselves accountable. Are we actually achieving these objectives? I don’t need lofty objectives that say do XYZ and it’s incomprehensible. What are the concrete steps under what timeline? So we can look back in a year and say we’ve met these or we didn’t meet these. Then why?

32
00:00:31,000 –> 00:00:32,000
Frank Cilluffo [00:08:54]: And you’re getting the commander’s intent. So you’ve got sort of the leadership supporting this effort, right?

33
00:00:32,000 –> 00:00:33,000
Brandon Pugh [00:09:00]: 100%. I have full faith and confidence in Secretary Driscoll. I’d say really unparalleled and like no boss I’ve had, he really is, and it’s not just me, because he’s my boss, empowers those he’s hiring. His belief is, look, I’m hiring experts. I expect you to go out and carry, carry out the mission on behalf of the army, on behalf of every soldier and ultimately the American public. He’s not, you know, he wouldn’t need me if he wanted to be in the weeds and be the cyber leader himself. He’s running an army in conjunction with our chief of staff.

34
00:00:33,000 –> 00:00:34,000
Brandon Pugh [00:09:27]: They need people that they can trust. And I like to think, you know, we’re at least doing that when it comes to cyber.

35
00:00:34,000 –> 00:00:35,000
Frank Cilluffo [00:09:32]: So with that sort of in mind, big picture, how does army envision cyber in, especially because I think we all know the ability to prosecute and win wars is the, is the bottom line here. And we need to ensure that have the capacity and capability to do that. But where do you see army fitting in big, cyber fitting in big picture for one army, one fight.

36
00:00:35,000 –> 00:00:36,000
Brandon Pugh [00:09:55]: Sure. I think there’s recognition that cyber is not an isolated capability. It’s not something that just rests at Fort Gordon or Fort Meade, while that’s where a lot of our actions happen. You know, cyber is a consideration for that combatant commander. It might not be the be all, end all. Perhaps they want to consider kinetic options, perhaps cyber options, a range of options. Cyber is one aspect and we shouldn’t see this as an opportunity of last resort or something we just say, well, we don’t understand it so we’re not going to consider it.

37
00:00:36,000 –> 00:00:37,000
Brandon Pugh [00:10:20]: That’s just not where we are now. I’d say it’s the opposite. How can an infantry unit commander or, leverage cyber in conjunction with their traditional goals? And then more importantly to our earlier point, how is cyber blending with other areas? How is cyber…

38
00:00:37,000 –> 00:00:38,000
Frank Cilluffo [00:10:33]: As a multiplier, as an integrator? Yeah, yeah.

39
00:00:38,000 –> 00:00:39,000
Brandon Pugh [00:10:36]: Yep. Like, cyber EW, it shouldn’t be, well, that’s the EW soldier. That’s the cyber soldier. How can they complement one another and start merging some of these? And that’s the reason, you see, like our cyber has electronic warfare, information operations and cyber all under one three star command, paired with our office as a civilian oversight.

40
00:00:39,000 –> 00:00:40,000
Frank Cilluffo [00:10:54]: And RF is in there?

41
00:00:40,000 –> 00:00:41,000
Brandon Pugh [00:10:56]: It is, yep. So I’d say RF and some of other, like narrow or I hate to say narrow, but elements what I would put under cyber. When I say cyber, I’m always the first to say, like, what do you mean when it comes to cyber? That is really for our office, that’s defense, offense, I’d even put EW. It is full spectrum I would say.

42
00:00:41,000 –> 00:00:42,000
Frank Cilluffo [00:11:13]: I would agree with that. And that’s the way it actually works in the real world. So I’m glad that we’re actually recognizing that and acting upon it as such. Cause, I mean, I still think there’s some that think it’s a black magic. And this is option X after you’ve gone through all the other options. And the reality is it’s part of any other option left of that, Right?

43
00:00:42,000 –> 00:00:43,000
Brandon Pugh [00:11:34]: Totally. And that’s where effective advisors come in. Not just myself. We have tremendous leaders with our G6, General Ray, our CIO. We need to be educating those that might not be that cyber technical expert. That way they’re not shying away from this just because they don’t understand it. The burden’s on us. And I also think there is a learning gap.

44
00:00:43,000 –> 00:00:44,000
Brandon Pugh [00:11:51]: I think sometimes you go two ways. Some people think that cyber is magical. We want to do something against an adversary or protect ourselves. We can just go log onto a keyboard and instantly make it happen. Not realizing oftentimes a lot of prep, a lot of manpower that goes into some of this work. So I think that’s the learning curve is this isn’t something that just happens overnight, per se.

45
00:00:44,000 –> 00:00:45,000
Frank Cilluffo [00:12:11]: Exactly. And it’s integrating cyber into broader war fighting strategy and doctrine. And that’s where I think army has led on the title 10 side and I think is well positioned to take it the next mile.

46
00:00:45,000 –> 00:00:46,000
Brandon Pugh [00:12:26]: Exactly.

47
00:00:46,000 –> 00:00:47,000
Frank Cilluffo [00:12:27]: And just out of curiosity, how do you interact with your other PCAs?

48
00:00:47,000 –> 00:00:48,000
Brandon Pugh [00:12:33]: So our interaction with the other PCAs and as well as the ASW or the Assistant Secretary of War for Cyber Policy. We love acronyms.

49
00:00:48,000 –> 00:00:49,000
Frank Cilluffo [00:12:40]: And I’m sorry, Principal Cyber Advisor.

50
00:00:49,000 –> 00:00:50,000
Brandon Pugh [00:12:42]: Exactly.

51
00:00:50,000 –> 00:00:51,000
Frank Cilluffo [00:12:43]: Yeah.

52
00:00:51,000 –> 00:00:52,000
Brandon Pugh [00:12:43]: No, it’s okay. I, I was very anti acronym. But now coming to the military

53
00:00:52,000 –> 00:00:53,000
Frank Cilluffo [00:12:46]: You’re in the military. You have no choice.

54
00:00:53,000 –> 00:00:54,000
Brandon Pugh [00:12:48]: Now I love acronyms.

55
00:00:54,000 –> 00:00:55,000
Frank Cilluffo [00:12:49]: Because it takes so long to say everything.

56
00:00:55,000 –> 00:00:56,000
Brandon Pugh [00:12:51]: It’s funny because, you know, you know you overuse acronyms when like there is an appendix to a document that is the acronym listing. That is, that’s how you know we love acronyms.

57
00:00:56,000 –> 00:00:57,000
Frank Cilluffo [00:12:59]: And it’s longer than the document.

58
00:00:57,000 –> 00:00:58,000
Brandon Pugh [00:13:01]: Not actually, that’s actually very true in some cases.

59
00:00:58,000 –> 00:00:59,000
Frank Cilluffo [00:13:03]: You know, when I worked at the White House, no joke, not to go awry, I had a jar and I had a number of, at that time O-6s working as part of our post 9/11. They have to put a dollar in the jar anytime they used an acronym. And we would go for a happy hour once a month. Something to think about. So you just can’t use it for yourself. You got to give it back, but lots of acronyms.

60
00:00:59,000 –> 00:01:00,000
Brandon Pugh [00:13:27]: Totally. Sorry. No, I got, I got you off topic.

61
00:01:00,000 –> 00:01:01,000
Frank Cilluffo [00:13:30]: I divert. Yeah.

62
00:01:01,000 –> 00:01:02,000
Brandon Pugh [00:13:31]: But no, your answer is like I like to think of like obviously I represent army and cyber, but this really is a team effort. It’s everybody across the Pentagon in terms of Navy, Air Force, how are they doing? Like they’re facing many of the same issues. Yes, we have uniqueness in the army and I’m supposed to be the advocate for the army, but it is a team effort. How are we also working with Ms. Sutton as the new ASW for CP? And I’d even take it a step farther. One of the reasons that we actually engage in the interagency and value many of our partnerships, many of these aren’t purely army issues, especially when it comes to like DCI as an example. We need to be aware of what CISA is doing, NCD. We want to be mindful of the chain of command, the building.

63
00:01:02,000 –> 00:01:03,000
Brandon Pugh [00:14:09]: But it’s totally important for us to kind of being aware of the broader ecosystem and being team players. It doesn’t make sense for us to run off in our own direction in isolation.

64
00:01:03,000 –> 00:01:04,000
Frank Cilluffo [00:14:18]: And DCI, Defense Critical Infrastructure. You use your acronym. But in very simple terms, this is the inability to project power, deploy forces, move material, personnel, everything else. Basically, once you get across the baseline, it’s all dependent upon civilian critical infrastructure to be the backbone of us to be able to win wars. Right?

65
00:01:04,000 –> 00:01:05,000
Brandon Pugh [00:14:46]: Exactly. You know, critical infrastructure and cyber, broadly speaking, is a concern. We’ve seen that play out where it can disrupt their telecommunications or even disrupt the American way of life. Where it is a no fail mission is where if an adversary goes after one of our military bases and we can’t mobilize people, tanks, equipment in a time of conflict, that is a major concern. And think of it, you know, we have 288 camps, post and stations, depending on how you count it. Some people say we have more or less, but let’s go with 280, 288. All different levels of sophistication. And obviously some are, you know, are more prominent in force projection than others. But the way I see it is, and the reason it’s a priority for us is we can’t accept the fact that cyber could be the barrier to our ability to do other military tasks.

66
00:01:05,000 –> 00:01:06,000
Frank Cilluffo [00:15:26]: And I think that’s what made the consequences of Volt Typhoon so blatant and apparent. Right?

67
00:01:06,000 –> 00:01:07,000
Brandon Pugh [00:15:34]: Yes. And we’ve known, you know, unfortunately we’ve known about this issue. So I, in one of my past roles, I was with the Army Cyber Institute and they’ve been studying these critical infrastructure threats for a long time. I mean, the last iteration they did, it’s called Jack Voltaic. Essentially, we look at Charleston and Savannah and said, if there is a series of cyber attacks against these two cities, how does that impact the military? And the results were startling. Eliminated much of what we’re saying now. But now what can the army, what can the Pentagon, what can our interagency do quickly to move forward and continue to address these threats?

68
00:01:07,000 –> 00:01:08,000
Frank Cilluffo [00:16:06]: Absolutely. And I’m not going to put words in your mouth, but we almost have to assume we’re partially owned. Right? So we have to find other ways to project, deploy, and continue to be ahead.

69
00:01:08,000 –> 00:01:09,000
Brandon Pugh [00:16:18]: Exactly.

70
00:01:09,000 –> 00:01:10,000
Frank Cilluffo [00:16:19]: And I’d be curious, sort of, we touched on defense critical infrastructure. You also touch on offense, defense. So the PCA in terms of helping the service. Let’s talk with, start with the blue side on the defense side. What does that look like? What are you seeing now and what are you hoping to see?

71
00:01:10,000 –> 00:01:11,000
Brandon Pugh [00:16:37]: Yeah, I’m glad you teed it up because both missions to us are incredibly important. How are we, how are we defending our networks? How are we defending our weapon systems? How are we considering defense from the very outset? So when we’re going through the acquisition pathway, how is cyber a consideration from the very start? Much like secure by design or secured by default? How are we doing that similar concept for the military? We shouldn’t go through the acquisition pathway and then say, well, now let’s consider cyber. Or the flip side is we’ve identified a vulnerability, now let’s address it. It should be from the very outset, and that’s how we see defense. And in the same time, I don’t want to see cyber or some of these vulnerabilities be the barrier to what the chief and the secretary have. If their vision is to acquire something quickly, cyber can’t be the barrier. So we need to work in lockstep with that and make sure we’re enabling what they want to do.

72
00:01:11,000 –> 00:01:12,000
Brandon Pugh [00:17:24]: So that way speed continues. So that’s how we kind of see defense. The flip side is offense. You know, realizing that the Arcyber commander wears two hats. They have an army hat reporting the chief of staff, and they have a Cybercom hat reporting to the commander of Cybercom. How does my office play into it? You know, ultimately we’re responsible for man trained and equipped function. How are we making sure the soldiers we’re sending the US Cybercom to do our offensive missions on behalf of this country are the highest trained, have the resources they need, both equipment and finances, to carry that out? I don’t want to see a scenario where the army is not sending the very best and the most trained individuals up there.

73
00:01:12,000 –> 00:01:13,000
Brandon Pugh [00:18:00]: We need them. They’re really facing threats, I’d say, on a minute by minute basis. And I think that’s the novelty of entering cyber as a soldier is, you know you’re going to be protecting this country, really probably your first day on the job, which is very unique.

74
00:01:13,000 –> 00:01:14,000
Frank Cilluffo [00:18:13]: And the concept of defend forward is still in play. Right? Because I mean, it’s like any other. You can’t win any game if all you have is offense or all you have is defense. You need both. Right? So whether it’s football, you need, you need quarterbacks, running backs, wide receivers, but you also need a good line to be able to block and tackle, and you need linebackers that can blitz the opposing team. Right?

75
00:01:14,000 –> 00:01:15,000
Frank Cilluffo [00:18:39]: I mean, it’s all of the above. And it seems that it becomes this zero sum. It’s not. It’s both.

76
00:01:15,000 –> 00:01:16,000
Brandon Pugh [00:18:44]: Exactly.

77
00:01:16,000 –> 00:01:17,000
Frank Cilluffo [00:18:45]: And more.

78
00:01:17,000 –> 00:01:18,000
Brandon Pugh [00:18:45]: Yep. And that, that really underscores the value of partnerships. How are we working with allies around the world when it comes to cyber? I think that’s key. We have many relationships. You’ve seen that with like, you know, our hunt forward missions where, you know, we’ll be in, you know, select countries to assist, like that, all that is important. Some of our state partnerships, where our National Guards form partnerships with select countries around the world, some of those contain cyber elements also very important. We’re not doing this in isolation, like we like to think of, you know, a lot of these threats are facing the U.S. Many of our partners and allies around the world are seeing very similar threats.

79
00:01:18,000 –> 00:01:19,000
Frank Cilluffo [00:19:17]: You know, you bring up a good point. So, in fact, I think you publicly discussed how what we’re seeing play out in Ukraine from a UAS or drone and counter UAS, counter Unmanned Aerial Systems, but maybe the future of conflict or part of. What do we need? So it’s not only, is it in our best interest directly, but a lot of what we’re seeing play out are movies that are coming to theaters near you, right?

80
00:01:19,000 –> 00:01:20,000
Brandon Pugh [00:19:44]: Yes. So our secretary has actually been very vocal on the drone front, and the army is the interagency lead when it comes to counter UAS.

81
00:01:20,000 –> 00:01:21,000
Frank Cilluffo [00:19:50]: Which is huge.

82
00:01:21,000 –> 00:01:22,000
Brandon Pugh [00:19:52]: It is. Tremendous opportunity, I think, for the service and underscores kind of our sophistication. And the Secretary has conveyed how real world a threat this is. But there’s been a lot of, to your point, specifically in Ukraine, a lot of lessons learned, I think there’s a couple that have kind of stood out to me. One being is how cheap some of these tech advances are and how easy they are to make. You know, we don’t have to go through a multi year acquisition cycle, spend millions of dollars where we’ve seen, you know, 3D printed drones for, you know, mere dollars in some cases being leveraged. So the response to us is, you know, how do we replicate that? How are we getting things quicker in the hands of soldiers? Not using bureaucracy as a barrier. That’s just unacceptable to where we are.

83
00:01:22,000 –> 00:01:23,000
Brandon Pugh [00:20:29]: We need some of these capabilities in a matter of days or weeks, not years.

84
00:01:23,000 –> 00:01:24,000
Frank Cilluffo [00:20:33]: And when we think of UAS, you can’t look at that in isolation of cyber either. Right? Because it’s running on spec. At the end of the day, it’s all converging and we can’t be so cute and try to split it out in different sorts of ways. So what about defending the homeland there? Where do you think army can, in terms of before it comes over into the United States? Where can army help there?

85
00:01:24,000 –> 00:01:25,000
Brandon Pugh [00:20:58]: Yeah, well, we’ve seen defending the homeland as one of the White House’s key priorities. So therefore, you know, we share that, but independently we believe it. You know, kind of going back to my earlier point, it’s just the footprint of army bases around the country. So how do we protect those? But then also, what resources does the army have? One of the key ones is our National Guard and reservists. You know, these are, and this is me being biased being a reservist.

86
00:01:25,000 –> 00:01:26,000
Frank Cilluffo [00:21:21]: Honestly, it’s great.

87
00:01:26,000 –> 00:01:27,000
Brandon Pugh [00:21:21]: Yeah. You know, these are individuals that live in their local communities, often hold cyber jobs. Matter of fact, some of our, it’s extraordinary. This isn’t an exaggeration. We have some individuals that show up their reserve weekend in 3, $400,000 vehicles because they are the experts in what they do as civilians. They have signed up and taken the oath because they want to serve this country. That is the talent we have in the Reserve and Guard that we need to continue to expand.

88
00:01:27,000 –> 00:01:28,000
Brandon Pugh [00:21:44]: You know, who is better to address some of these OT and critical infrastructure concerns than those who already are working in the power companies, the electric providers? Have the expertise and have the training. They’re already in uniform.

89
00:01:28,000 –> 00:01:29,000
Frank Cilluffo [00:21:55]: And scar tissue and experience, right? So, yeah. No, I hear you on that and loud and clear. You know, where does AI fit in? So making sure that we are not just looking through rear view mirrors and winning and fighting yesterday’s wars. I think we need to be able to peer over the horizon and I think there’s some hype, but there’s some real significant change also coming with AI. How can you help shape that? Because again, you can’t separate AI from cyber. Right? And protecting the AI is essential.

90
00:01:29,000 –> 00:01:30,000
Brandon Pugh [00:22:29]: Exactly. I mean, this could be its own segment in itself.

91
00:01:30,000 –> 00:01:31,000
Frank Cilluffo [00:22:32]: And it will be.

92
00:01:31,000 –> 00:01:32,000
Brandon Pugh [00:22:33]: Yeah. What I like to say is one of the narratives I’ve shared is AI has tremendous value just for the enterprise and how we perform in a day to day basis. And that’s great. Leaders around the army are doing excellent work there. That is not really the role of our office. Our role is specifically how are we leveraging AI for cyber defense and cyber offense.

93
00:01:32,000 –> 00:01:33,000
Brandon Pugh [00:22:51]: Where should we go with it? And I think that’s the key and not me just being biased. I’d say really the army is probably at the forefront among the services when it comes to AI for cyber. US Cybercom is doing a great job. They have a task force. But where we’ve spent army dollars on some unique capabilities, some of which we’ve seen in industry already and we’ve applied them for army specific functions. Some are unique to the army given our mission set. And we’ve already seen like tremendous success. You know, something a lot of private sector listeners might hear is we developed a continuous monitoring system, essentially a little more detail than that, but a high level for the Army.

94
00:01:33,000 –> 00:01:34,000
Brandon Pugh [00:23:27]: We’ve seen it have roughly a 90% success rate. And I know some are quick to say, well, what about that 10%? It’s helpful to reminder like this is an adjunct. This shouldn’t replace your human operators, but what it did, it was able to find unique threats that a human operator might have missed. And I think that’s the value add AI offers specifically for defense. Not only helping us triage some of these, but perhaps even better detection.

95
00:01:34,000 –> 00:01:35,000
Frank Cilluffo [00:23:49]: And when you think about it, I mean, history is filled with examples. It’s not just the technology, but it’s the application of that technology. And basically you got to be using it to know. Right? I mean, whether it’s gunpowder, whether it’s bow and arrow when you didn’t have, when you had higher plane in terms of how it’s applied and used. I think that can’t get lost in this. So people think it’s this magic button you press, but it’s really in how you apply it.

96
00:01:35,000 –> 00:01:36,000
Brandon Pugh [00:24:18]: I actually would say it’s a national security imperative to leverage AI. We know adversaries are going to leverage AI or exploit our AI regardless of what we do here. We could put barriers in terms of aggressive regulation which some have proposed in the past or seek to slow it down. All that’s going to do is help our adversaries. Not saying there’s not a room for a healthy balance. I wouldn’t want to see a scenario where a nation state actor uses our inability to leverage AI here. Meanwhile, they’re flourishing with it.

97
00:01:36,000 –> 00:01:37,000
Frank Cilluffo [00:24:44]: Absolutely. And some are applying it. And the one thing that I would add, ethical, sort of the guardrails.

98
00:01:37,000 –> 00:01:38,000
Brandon Pugh [00:24:52]: Yes.

99
00:01:38,000 –> 00:01:39,000
Frank Cilluffo [00:24:52]: One thing I do worry about, and that’s looking ahead and I’m not going to put together a dystopian kind of, but there’s certain things I want someone who’s sworn to the US Constitution to always make decisions on. That’s going to get hard though, isn’t it? Where things are happening so fast. What is that right balance? What are your thoughts there?

100
00:01:39,000 –> 00:01:40,000
Brandon Pugh [00:25:12]: Well, you know, I think we have a great team between those at the Pentagon leading AI as well as the White House. So I am very confident in them. I’d say where one area that traditionally forgot is how are we protecting AI? I think so many people are rushed to implement and use AI. We forget about the protection side and the desire among bad, yeah. How are we going after data? How are we going after the underlying infrastructure? That is a concern that I have and that we’re wrestling with.

101
00:01:40,000 –> 00:01:41,000
Frank Cilluffo [00:25:37]: You know, and I think that gets lost on a lot of people, the vacuum cleaner approach that the Communist Party of China takes. And so it’s not always just the, it’s all of the data to enhance their learning models.

102
00:01:41,000 –> 00:01:42,000
Brandon Pugh [00:25:50]: You’re right. And that’s been, I think, the concern. You know, I came into this, into this current role leaning heavily on data privacy and data security. And I think that’s been the concern. We’ve seen adversaries around the world collect as much data on Americans and are high value individuals for many years. Now, how are they leveraging AI to go through that data quickly, gain insights that might have taken a long, lengthy process before. And I think that’s the reason we should be concerned on some of the defense side.

103
00:01:42,000 –> 00:01:43,000
Frank Cilluffo [00:26:13]: Absolutely. Now let’s talk a little bit. So I learned something very new before we got on camera that army is, a lot of the civilian if not all of the civilian employees at U.S. Cyber Command are Army. Let’s talk, talk through a little bit about some of the workforce opportunities and challenges there.

104
00:01:43,000 –> 00:01:44,000
Brandon Pugh [00:26:33]: So at a high level it’s good for listeners to realize, like, US Cyber Command, the four star commander, they rely on all the services to support them in many ways. One of them is people. So the army is the executive agent for all the civilians, meaning every single civilian that rests at US Cybercom is actually an army civilian. And then all the services also send uniform individuals up there. And that’s the key, is like making sure what the Navy sends is equal to what the army is sending. Because that would be the nightmare of having, you know, same rank, but perhaps different levels, expertise and training. That’s not allowing us to fully leverage our forces. And I think that dynamic between the services and US Cybercom is critical.

105
00:01:44,000 –> 00:01:45,000
Brandon Pugh [00:27:11]: Any gaps there or any bureaucratic hurdles, that’s just helping an adversary. That’s, that’s all that’s doing.

106
00:01:45,000 –> 00:01:46,000
Frank Cilluffo [00:27:17]: Yeah. And other incentives that you’re putting in place for the workforce.

107
00:01:46,000 –> 00:01:47,000
Brandon Pugh [00:27:22]: So workforce is, is really, is key for us. One of the things we did was develop a, the name escapes me, but essentially we have a basic senior and master cyber operator to encourage individuals to not only stay in, but achieve the next level of proficiency, which is based on training, expertise, and time and rank.

108
00:01:47,000 –> 00:01:48,000
Frank Cilluffo [00:27:39]: So it’s retention as well.

109
00:01:48,000 –> 00:01:49,000
Brandon Pugh [00:27:40]: It is. And also tying our incentive pay to that. So if you want to become a master operator, here’s a financial incentive. And yes, some would quickly say, well, yeah, that’s trivial if they go to the private sector, but ultimately, a lot of the people that are in the army and doing cyber are here for the mission, realizing that they are protecting this country on a daily basis. Not to say our industry partners aren’t doing that, but it is a much different application of what you would face working for Army Cyber or US Cyber Command than in some of our corporate partners.

110
00:01:49,000 –> 00:01:50,000
Frank Cilluffo [00:28:07]: Good recruiting, too.

111
00:01:50,000 –> 00:01:51,000
Brandon Pugh [00:28:08]: Exactly.

112
00:01:51,000 –> 00:01:52,000
Frank Cilluffo [00:28:08]: Yes. Yeah. That’s the truth, though. It is the truth. You always have to be a recruiter. You know, we’re getting near the end of our time, but one of the things I think you’ve said, we have a once in a generation opportunity in terms of how army buys and field cyber technology. You want to expand on that?

113
00:01:52,000 –> 00:01:53,000
Brandon Pugh [00:28:26]: Yes. So you know how I mentioned a continuous transformation earlier by the Secretary? One of the big elements of that is how are we reforming acquisition or acquisition reform. Secretary Hegseth unveiled a version of that this month, and the Secretary Driscoll, in conjunction with our ASA(ALT) Executive, or the Assistant Secretary of the Army for Acquisition, Sustain and Logistics. Sorry, Brent, if I’m messing your title up, but essentially the premise is…

114
00:01:53,000 –> 00:01:54,000
Frank Cilluffo [00:28:50]: ATL, not ALT, right? I’m always used to saying it the other way AT&L, but yeah, yeah, yeah.

115
00:01:54,000 –> 00:01:55,000
Brandon Pugh [00:28:56]: At the end of the day, it revolves around how are we getting what the soldier needs in their hands quicker, realizing that multi year cycles is not sustainable, that’s not helping the war fighter. It’s also not good for industry. Industry doesn’t want to get through these long delays. And you know, equally important…

116
00:01:55,000 –> 00:01:56,000
Frank Cilluffo [00:29:10]: It also allows new players into the mix. Right? That have innovative technologies and ideas.

117
00:01:56,000 –> 00:01:57,000
Brandon Pugh [00:29:14]: It’s not just a talking point that the army has adopted a VC-like mindset. How are we allowing industry partners of all sizes? If you’re a four person company backed by VC dollars, you have a home in the Army if you have a product that’s a fit. And then how do we get that here quicker? So the Secretary’s path through something we call the Fuze initiative, to have a prototype in the hands of a soldier within 30 to 45 days. There’s a couple caveats to that, but largely speaking, that’s the goal.

118
00:01:57,000 –> 00:01:58,000
Frank Cilluffo [00:29:39]: Fuze, F-U-Z-E. Right?

119
00:01:58,000 –> 00:01:59,000
Brandon Pugh [00:29:40]: Exactly. Not an acronym. That was one of my, one of my questions. But then part of that is how are we getting these capabilities and prototypes to a unit to see if they actually work? Sometimes in the past we’ve gone through acquisition pathways and you find out at the end this isn’t actually working for that soldier. We need to do that quickly. We’ll actually get a prototype in a real soldier, in a real unit’s hands to see if it works. If it’s not working, how can we fine tune that now during the early stages? That way when it actually reaches full maturity, it is exactly what that service needs.

120
00:01:59,000 –> 00:02:00,000
Frank Cilluffo [00:30:12]: That really is a Silicon Valley thought. If you’re going to fail, fail fast. And whatever you do, do it in the moment. Right? And then tweak and improve and get better.

121
00:02:00,000 –> 00:02:01,000
Brandon Pugh [00:30:22]: Exactly. And some of that has come with large structural changes. You know, we’ve condensed a lot of our program offices.

122
00:02:01,000 –> 00:02:02,000
Frank Cilluffo [00:30:28]: Which I’m not sure everyone appreciate. Acquisition’s hard, it’s slow, it’s bureaucratic, but you’re actually breaking the China in some of this.

123
00:02:02,000 –> 00:02:03,000
Brandon Pugh [00:30:36]: And it’s a 360 degree view. You know, you can’t address contracting reform or acquisition reform just in the context of, of contracts or just in the context of decision. It is all facets of acquisition need to come together. And that’s exactly what Army’s acquisition reform has done. Brought every element together and streamlined it. You know, taking it from 12 offices, you know, to having that and then empowering the leaders or what we’re calling PAEs or program acquisition executives to actually have decision making authority and having a direct line to army leaders. That way they’re not three or four rungs down, having to run up the chain with decisions.

124
00:02:03,000 –> 00:02:04,000
Frank Cilluffo [00:31:10]: Sort of like where cyber was. It’s not the IT guy. It’s actually integrated into everything, in the DNA.

125
00:02:04,000 –> 00:02:05,000
Brandon Pugh [00:31:15]: Fully, fully agree. And I’d say it’s no more important. Acquisition reform is really timely for cyber, you know, really. You know, we need a capability in the hands of a soldier, sometimes in a period of days.

126
00:02:05,000 –> 00:02:06,000
Frank Cilluffo [00:31:26]: It really is. And Brandon, what questions didn’t I ask that I should have?

127
00:02:06,000 –> 00:02:07,000
Brandon Pugh [00:31:30]: Well, no, Frank, this is, I mean, this has really been terrific. I mean, hopefully in a few years, we’ll take a retrospective look and see how the job has gone. I hope, I’m looking back, that we’ve made a positive difference on the Army. The army overall is going to continue to transform under the Secretary’s guidance. I see cyber as being a critical component of that. We need to continue to improve and strengthen our capabilities when it comes to Cyber.

128
00:02:07,000 –> 00:02:08,000
Frank Cilluffo [00:31:55]: Well, at the end of the day, technology changes, human nature doesn’t. It’s so essential that we have good people in those roles. Thank you for your leadership. Thank, thank you for joining us today, but also for what you do every day for the women and men in our armed services and army and ultimately the American people. So, Brandon, thank you.

129
00:02:08,000 –> 00:02:09,000
Brandon Pugh [00:32:16]: Thank you, Frank.

130
00:02:09,000 –> 00:02:10,000
Frank Cilluffo [00:32:16]: Let me leave you with the token, figuratively and literally, our challenge coin.

131
00:02:10,000 –> 00:02:11,000
Brandon Pugh [00:32:21]: No, well, thank you.

132
00:02:11,000 –> 00:02:12,000
Frank Cilluffo [00:32:21]: Thank you.

133
00:02:12,000 –> 00:02:13,000
Brandon Pugh [00:32:22]: Well, I appreciate it. Thank you.

134
00:02:13,000 –> 00:02:14,000
Frank Cilluffo [00:32:24]: Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes, or individuals you’d like for us to host. Until next time, stay safe, stay informed, and stay curious.

Related Content