Chris Christianson, CISO, Edgewater Federal Solutions

Chris Christianson is a trailblazing cybersecurity executive with over two decades of expertise spanning government, military, and private sectors. Chris cut his teeth in the renowned US Army Network Warfare Battalion leading high-stakes cyber operations and provided crucial support to the establishment of the US Cyber Command and Cyber National Mission Force. Chris has spearheaded transformative initiatives for leading social media companies as well as Fortune-100 organizations in the big tech, financial services, and defense markets. He has also advised global cybersecurity leaders through his work with the Gulf Cooperation Council, Three Seas Initiative, and the APAC telecom industry. Chris has given talks on cybersecurity tradecraft at US intelligence community conferences and has produced thought pieces for the FS-ISAC. As CISO of Edgewater Federal Solutions, he drives cybersecurity innovation, safeguards critical infrastructures, and leads business growth strategies, and was recognized as a 2024 Northern Virginia Technology Council Cyber50 honoree.

Recently, in an exclusive interview with Digital First Magazine, Chris shared his professional trajectory, insights on the evolution of the CISO role in the next 5-10 years, personal hobbies and interests, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.

Hi Chris. Can you walk us through your background and what you’re most passionate about in your work?

Sure, but the set the stage, you should first understand who I was as a kid. I grew up in the early 1990’s in the Washington D.C. area with too much time on my hands. DirectTV had just gone mainstream, personal computers were becoming household items, AOL chatrooms were how teenagers communicated, and the Chantilly, Virginia “Computer Show and Sale” television commercial with a clip from The Terminator was running all the time. It wasn’t long before I was buying parts at these questionable tradeshows and building my own 386 and 486 systems, running MS DOS, NT, and Windows 95, to play games like Jet Fighter II, Need for Speed, and Doom. As I finally got connected to my lightning fast 28.8K dial-up internet with my “1000 Hours Free!” AOL discs, I quickly discovered communities of hobbyists who were sharing tradecraft on how to build workarounds for pesky things like software licenses and tv subscription fees. Soon after, I was over-clocking machines, cracking conditional access modules, and reprogramming CAM cards with my own kit. In short, I started doing “cyber” long before the term became ubiquitous.

Fast forward several years, I enlisted the US Army after the 9/11 terrorist attacks and became a 35N Signals Intelligence Specialist, taking my passion for cyber to the big leagues. The Army quickly identified my cyber talents and shipped me to Fort Meade, MD and assigned me to the Army Network Warfare Battalion. In the ANWB, I certified in a few roles with my favorite being the Digital Network Exploitation Analyst, which allowed me to do what I love without getting in trouble – finding novel workarounds for pesky things like firewalls, antivirus software, and countless other security controls.

The rest is history. I took my passion, Army training, and experience working live cyber operations to defend organizations from an attacker’s perspective. I have had the distinct honor of working with some of the cyber industry’s best talent to protect Fortune-100 organizations, government agencies, and top social media companies. I have worked directly with TikTok’s Global CSO to orchestrate Project Texas – one of the greatest cybersecurity and data protection challenges ever undertaken. I have also been able to share my knowledge and experience with leaders in the GCC to defend their critical infrastructure against regional existential threats. Similarly, I have worked with industry and government leaders in Poland and Romania as a part of the Three Seas Initiative to develop robust cyber defense strategies against world-class cyber adversaries looking to reclaim territories once held by a long-gone regime. Now, I am the CISO for a large government contracting firm working to develop innovative cybersecurity solutions to defend large government agencies in various critical infrastructure sectors including Energy, Defense, and Health.

What aspects of your current role bring you the most joy and fulfillment?

The people and the challenge. In terms of people, I am enabled by an agile executive team and board that is open minded and willing to break long-held, antiquated government contracting paradigms, allowing me and our incredible cybersecurity team to innovate and deliver truly modern cybersecurity solutions to agencies who need them most.

Even more than that though, I most enjoy working with the incredible cybersecurity talent we have been fortunate to attract and develop throughout the course of our growth journey. Not to nerd out, but for those familiar with the Star Wars universe, I have enjoyed developing cybersecurity talent through a “Jedi-Padawan” model. We invest heavily in a few really strong, seasoned cybersecurity experts with truly remarkable experience and “street-cred” and take calculated risks on pulling in fresh, hungry talent, like university graduates and transitioning military, to be mentored and developed into world-class talent. A great day for me is when the most junior member of our team approaches me and pitches a novel, elegant solution to a complex problem that has reveals the bits and pieces of mentorship they are receiving.

In terms of challenge, I have the most incredible opportunity every day to interact directly with CIO’s, CISO’s, and Directors of some of the most important government agencies in the US, to help them solve some of the most complex cybersecurity challenges faced in today’s ever more sophisticated threat landscape. I am a problem solver at heart, so a great day for me is being equally terrified and inspired by a federal executive who comes clean with an admission that they have a huge, legacy, and critical OT footprint and haven’t the first clue of how to defend it, for example.

What skills and expertise do you believe are essential for cyber professionals to develop in the next 2-3 years, and how are you investing in talent development within your organization?

Data science and analysis, coding skills, and the basics.

In terms of data science, everything – and I mean everything – is becoming influenced or affected by artificial intelligence and machine learning in some way. In cybersecurity this is no different. The sheer volume and types of data flowing through vast cybersecurity technology stacks is immense and growing every day. Having the ability to understand how supervised, unsupervised, statistical, and ensemble machine learning algorithms can be used to detect the use of Domain Generation Algorithm in an organizations DNS traffic, as an example, will increasingly be the key differentiator in cybersecurity talent.

Next, I would argue that coding skills are becoming paramount for the cybersecurity practitioner to possess. Similar to my argument for knowing data science concepts and applications, data is everywhere, increasing in volume and complexity, and becoming harder to analyze manually. While I feel like I am stating the obvious here, I am still surprised at how many candidates we interview do not have even basic scripting skills to automate routine tasks. For me, this is a must have for cybersecurity talent I recruit.  The industry needs people who are able to leverage code in common ways – it doesn’t even have to be particularly advanced or novel, just show the ability to remove as much manual work from your workflows as possible so the majority of time you are spending on analysis or incident response or threat hunting or whatever is on tasks that genuinely require human critical thinking.

Last, and perhaps the most important in my opinion, is the basics. In cybersecurity, there are so many new technologies, architectures, design principles, standards, etc. that seem to come out daily, that it can be very easy for cybersecurity talent to get distracted and neglect some core truths about malicious cyber behavior. For instance, every cyber security candidate we interview must be able to thoroughly explain how DNS works. While this seems like a simple concept, it is surprising how many cybersecurity applicants who are responsible for preventing, identifying, or responding to cybersecurity incidents that could be revealed by analyzing regular old DNS traffic, are not able to explain how it works. Fundamental concepts like how machines reach the internet (i.e. DNS), how windows network resources are managed (i.e. Active Directory), how activity is logged (i.e. SYSLOG), or how network admins use tools to work the network (i.e. PowerShell), to name a few, are critical to understanding how malicious cyber actors abuse native resources to “live-off-the-land” and evade detection.

How do you envision the role of the CISO evolving in the next 5-10 years?

I think the role of CISO will evolve fairly significantly over the next 5-10 years. CISO’ s today are a mixed bag in terms of background and talents. There are plenty of CISOs out there that came up in IT, risk management, business leadership, etc. that picked up cyber along the way. These types of CISOs are great in terms of classical business leadership but may not fundamentally understand the dynamics of cyber from a deep attack-defend perspective, forcing them to rely on the experts they employ. As time goes on, however, younger generations of talent who grew up within a well-defined cybersecurity industry will start taking on the role of CISO, bringing with them a genuine, deep understanding of how it all works. In fact, I think we are already starting to see that at a number of the large government agencies we serve. Several of the CISOs and Directors I work with on a regular basis have computer science degrees, legit SANS certifications, years of hands-on-keyboard cybersecurity experience, and well developed strategies for balancing resources in very effective ways to stop the majority of routine or commoditized malicious cyber activity and are well postured for the nuanced attacks.

Is there a particular person you are grateful for who helped get you to where you are?

That’s easy – my wife Bethany. She and I are high school sweethearts, and she has supported me through every step of my career journey. I think the biggest example of this is when she supported my decision to join the Army right after 9/11. This was perhaps the greatest pivot point in my career that put me on a path to perform some of the most critical cyber operations in support of US strategic objectives and gave me the experience and street cred that has carried my career ever since. This decision was not without huge sacrifice on Bethany’s part, though. We had two young children at the time and this decision meant we would have to move all around the country – and we did. We lived in five states in the seven years I was Enlisted. This meant we had to homeschool our children along the way, and she did an amazing job raising them into who they are today. Thanks to her selfless support of my career and dedication to our children, we have one child studying astrophysics and archaeology at Yale, the other studying uncrewed arial systems engineering at Embry Riddle, and I have been able to make it to CISO.

What does the term “authentic leadership” mean to you?

Throughout my career, I have been exposed to all kinds of leaders and leadership styles. Some of the leaders that have inspired me the most are the ones I have worked with who served in JSOC and the CIA’s Directorate of Operations. I was always amazed at their ability to identify the core actions that needed to be executed, and their ability to communicate them in a direct, non-dramatic way, no matter how impossible, dangerous, or risky the actions were. It as if they were able to fully separate their personal feelings and emotions from their professional responsibilities as a leader to the point that the actions they communicated were simple, matter of fact, and without hesitation or question. In other words, it conveyed a calm sense of confidence and was reassuring. The longer I worked with these individuals, I came to appreciate that these leaders stripped actions down to the absolute necessary and always followed through on their commitments to the mission and the people who were a part of their team. In this way you could always rely on them and their decision making without hesitation or concern. I also appreciated their adherence to standards and unwillingness to compromise on them. It was this commitment to excellence and always doing things the right way, no matter how much pressure they were under from a variety of sources higher and lower in the chain of command, that has motivated me to carry out my cybersecurity responsibilities to the same effect.

What are some of your passions outside of work? What do you like to do in your time off?

Outside of work I like to live a quiet, peaceful life out in the countryside with my wife Bethany. We have a small horse farm in south central Pennsylvania that we maintain together with our “tweenie” dachshund named Penelope. When we are not at home, we are typically travelling to visit our children at college in New Haven, CT or Daytona Beach, FL.

Which technology are you investing in now to prepare for the future?

I am heavily investing in LLM technologies and exploring how they can support the cybersecurity practitioner. I am specifically interested in developments around improving the logical reasoning of LLMs and agentic applications that can be developed and honed for supporting specific cybersecurity tasks. For example, would it be possible to develop an LLM agent, with strong logical reasoning or “chain-of-thought” prompting, that can automate the process of collecting cyber threat intelligence, extract IOCs, signatures, and TTPs, push the extracted data into a TIP, develop threat hunt hypotheses and analytics, and develop red/purple team engagement scenarios and emulations? I think the promise of LLMs is incredibly enticing, especially if it can be put to use to automate and streamline the leg work of multiple analysts and workflows necessary to perform complex cybersecurity operations.

What is your biggest goal? Where do you see yourself in 5 years from now?

My biggest professional goal is to ultimately start my own cybersecurity firm that specializes in providing world-class cybersecurity operations to clients in the critical manufacturing and defense industrial base critical infrastructure sectors. As an Army veteran, I would like for this company to pride itself on hiring fellow veterans of DoD cyberspace operations, not only to pay it forward, but to also draw in the unique talents and “think like an attacker” mindset that I believe is essential to building a truly hardened defensive posture. In five years, who knows, maybe the founder and CEO of a $500M cyber business?

What advice would you give to aspiring technology leaders who aim to make a positive impact in their organizations and the industry as a whole?

Stay curious and never compromise on security.

 

Content Disclaimer

Related Articles