Odam Tong on AI Weaponization and Security

Critical Stats

LinkedIn: Check out his profile!

Started their cybersecurity journey in: 2008

Most passionate about (in cybersecurity): I am most passionate about security architecture and engineering.  It’s the challenge of developing resilient systems to adapt to evolving threats.

Favorite zero-day: AI-related zero-days

Favorite song: I want to keep it current, ”Nebula” by The Rose, and anything Demon Hunters because my daughter listens to them all the time, and she forces me to listen to them.  These were all recently introduced to me.  Can’t say “No” to my 13-year-old.

Introduction

Odam Tong is a highly respected and experienced professional in the technology and security domain, known for his attention to detail and "can-do" attitude. With a deep background in cybersecurity dating back to 2008, Odam possesses exceptional technical expertise across network security, systems architecture, application security, and vulnerability management.

Odam is a mover and shaker!

While Odam tends to maintain a low profile, his insights are highly valued; colleagues consistently describe him as a talented, committed, and knowledgeable leader whose foresight and organizational skills have been critical in driving major initiatives, particularly in complex areas like clinical EMR deployments. Beyond his technical prowess and superior communication skills, Odam is a great team player and an amazing father, demonstrating a balanced approach to his professional and personal life. He can be relied upon to deliver results and is truly an asset to any organization.

Without further ado, we asked Odam our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

As we mature as a society, we are facing one of the biggest challenges: the weaponization of AI. It has driven society into a frenzy of concerns with deepfakes and privacy violations. Companies have rushed to put in place best practices for AI use through policies that aim to curb it, but are unable to keep pace with the demand for AI. Here lies the problem: it is very challenging to defend against those who weaponize AI to spread misinformation and erode the truth. Weaponized AI has created an absolute crisis of trust: the digital tools we rely on can now instantly and effectively render all digital truth inherently questionable.

2. How can we effectively address the weaponization of AI?

Private companies and governments should take a multi-layered approach and develop policies that can govern the weaponization of AI without undermining its value. The current challenge isn't simply regulating technology; it's shifting from fragmented, knee-jerk policies that seek to curb innovation to a unified, multi-layered strategy for responsible enablement. When organizations struggle to balance stringent restrictions with the imperative for AI development, it demonstrates a failure in governance, not technology. To move forward, the discussion must be framed squarely as a risk-management question: specifically, how do we establish clear boundaries for use cases, understand the potential for societal harm (i.e., the weaponization of AI), and determine the appropriate level of regulation? Frameworks like the NIST AI Risk Management Framework (developed in collaboration with experts from the private and public sectors) serve as the critical blueprint for translating these complex risk management principles into scalable, executable, and balanced AI governance.

3. What are three actions a CEO can take to protect their company from cyberattacks?

What I’m seeing now is a fundamental shift in how CEOs talk about security. They're not just saying “We need a stronger cybersecurity program” anymore. They’re saying, “We need a stronger cybersecurity program by developing a resilience program.” That is the language of a leader who understands that you can't prevent every attack; your program's success is now defined by how fast you can recover, not how long you can hold them off. It’s a shift from defense to endurance. These CEOs tend to follow these practices:

1. Drive security culture and global awareness. Educate your workforce and embed security till it’s a norm across the entire organization.

2. Adopt a strong security-by-design and a layered approach. Put security architecture at the forefront, develop a threat model to detect anomalies, and establish a practice of semi-annual review of the entire technical architecture.

3. Align with the policies in place. Ensure your security practices are lockstep with your governance policies; if there aren't any, start building and implementing them.

4. What are the three best resources for learning more about cybersecurity?

There are many resources out there, such as:

1. The traditional discipline from colleges and trade schools is great. 

2. Then there are security-focused learning options such as Pluralsight, Coursera, and YouTube (The amount of videos can be overwhelming; one must be disciplined not to go down the rabbit hole).

3. I also like SANS's advanced teaching resources. Granted, they are very expensive but worth their weight in gold.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

One piece of advice I would give is that learning cybersecurity involves a layered approach. Cybersecurity skill sets build on one another. We all have to start somewhere; do not be afraid to take your time to learn. Cybersecurity is a very advanced field; you need to master each level before moving to the next challenge. But don’t rush through it; take your time to get some hands-on experience. Once you complete your mastery, move on to the next challenge.

If you want a challenge in life, you are in the right field. There is a saying in cybersecurity, “If the bad guys don’t sleep, why should you?”

I feel the need - the need for speed… and the need for you to share this article with all the mavericks out there!