Shauli Zacks
When it comes to protecting national security interests in cyberspace, few organizations face higher stakes—or more complex challenges—than Nightwing. At the helm of its cybersecurity strategy is Dylan Owen, Chief Information Security Officer and veteran of the intelligence and defense sectors. With nearly three decades of experience at RTX and its predecessor companies, Owen has built and led Security Operations Centers, developed incident response capabilities, and driven threat intelligence programs for some of the most security-conscious entities in the world. In this interview with SafetyDetectives, Dylan shares how Nightwing tackles today’s most sophisticated threats, the role of AI in cyber defense, and the future of supply chain and offensive security—all while building resilience in a constantly evolving threat landscape.
Can you share a bit about your background and what led you to your current role as CISO at Nightwing?
I was with RTX and its predecessor companies for 28 years and spent a little more than half of my career primarily on the defensive side of cyber, helping protect our customers. I helped set up Security Operations Centers and Incident Response capabilities at several Intelligence Community agencies before spending several years as the Global Incident Response and Threat Intelligence lead at Raytheon Corporate Security. I returned to the company’s business side to run a commercial managed security service provider serving about 30 commercial customers and securing and monitoring their networks.
I also worked several years with a customer leading their Governance, Risk, and Compliance program, where I helped lead a team to accredit one of the first Infrastructure as a Service offerings in the Intelligence Community. As we were planning the divestiture of Nightwing, our CEO at the time asked me to take on the role of CISO for the company, which presented me with the exciting challenge of building a cybersecurity program from the ground up in a greenfield environment.
Nightwing operates in highly specialized intelligence and cybersecurity domains. What are the biggest cybersecurity challenges you face in protecting such sensitive operations?
At Nightwing, our mission places us at the intersection of cybersecurity, intelligence, and national security—domains that demand precision, speed, and trust. The biggest challenge we face is the sheer complexity and scale of the threat landscape. We defend highly sensitive operations and infrastructure against adversaries who are well-funded, highly capable, and evolving at machine speed. The convergence of technologies means our attackers are increasingly multi-modal, so our defenses must be, too.
With AI and automation now augmenting attacker capabilities—whether through more sophisticated spear phishing campaigns, polymorphic malware, or generative tooling—the pace and variety of attacks is only increasing.
To meet that challenge, we rely on a combination of predictive analytics, automation, and differentiated technology—but also on people. AI can help identify anomalous behavior and reduce dwell time, but human analysts make mission-critical decisions. Our focus is empowering those analysts with the tools, data, and context they need to act quickly and decisively. Ultimately, cybersecurity is about resilience. It’s about minimizing exposure, adapting quickly, and ensuring that no matter the threat, we stay mission-ready.
Offensive cybersecurity has been a growing focus for governments and private entities. How does Nightwing approach the balance between offensive and defensive security strategies?
We don’t see offense and defense as opposing forces—they’re deeply interdependent. Nightwing brings a unique capability set in that we operate across both domains. That dual perspective allows us to be more effective defenders because we understand how real-world attackers think, behave, and evolve.
Our offensive cyber work is highly tailored and mission-driven. The insights we gain from those operations—how adversaries construct their tools, pivot within networks, and obfuscate their presence—those insights directly inform our defensive strategies. It’s a continuous feedback loop: our threat hunt teams are constantly ingesting what we learn and applying it to our detection and mitigation frameworks.
In short, we believe the best defense is one informed by deep offensive understanding. This allows us to move from reactive to proactive—to shape the threat environment rather than just respond to it.
With the rise of AI-driven cyber threats, how is Nightwing leveraging AI and machine learning to enhance cybersecurity defenses and threat intelligence?
AI and Machine Learning are really starting to make an impact in defensive cyber and threat intelligence. Whether it be flagging unusual patterns in user behavior, login times, access patterns, or data transfers that may indicate potential insider threats or compromised accounts to enriching the information provided to an analyst who is doing an investigation, the tools have provided a huge benefit in time savings for analysts and helping to make linkages to data that may have been harder for an analyst to discover manually. For threat intelligence, the enrichment of incident information to help determine who the adversary might be is helpful because it can help an analyst discover other tactics, techniques, and protocols they might use and help highlight those to investigate.
Supply chain security has become a critical issue in cybersecurity. How does Nightwing ensure the security of its technology stack and protect its partners and clients from third-party vulnerabilities?
This is a really important topic and one that we take very seriously given our customer base and the nature of our business. The first thing is we collaborate very closely with our Supply Chain Management team whenever we are negotiating the purchase of hardware or software.
We do a detailed analysis of the vendor and what we are buying, the company profile, any security documentation they can provide, and certifications that we review. This includes a Software Bill of Material (SBOM). As part of contracts, where possible, we negotiate the right to do penetration testing or other vulnerability analysis of the hardware or software to make our own determination on the security posture and attack surface of the product.
We aggregate the company profile with our security review and tier vendors in our Third-Party Risk Management process for review. For SaaS vendors, we have also developed our series of reviews to ensure that both we and the company can meet our obligations as part of the shared responsibilities model.
Looking ahead, what are the biggest cybersecurity trends and threats you anticipate in 2025, and how should organizations prepare for them?
I don’t think threats have changed much in the last several years. With ransomware, insider threats, etc., the adversary has just gotten better at executing them. I think some threats that have been more experimental or niche could become much more mainstream with more significant impacts.
AI is one of those, and I think AI-generated malware or scripts will continue to get much better, which will allow them to be deployed faster. There will still need to be a human in the loop when developing these attacks because AI isn’t at the point of writing 100% functional code independently. There is still a dependency on the quality of the prompts used to generate the code. It is still a partially manual process, but the development time will greatly decrease as AI increases its coding accuracy and efficacy.
Deepfakes will also become more mainstream and cause more damage than before. One way is that more realistic deepfakes will become more successful at tricking companies into sending funds to third parties. There are reports of a CFO being tricked by a deepfake CEO on a video call and sending money to what they thought was a legitimate party but ended up being a criminal element.
Supply chain breaches are also a significant concern and will continue to increase, especially as more companies rely on third parties and SaaS vendors for their operations.
One different threat that I see for the defense industry is the implementation of the Cybersecurity Maturity Model Certification (CMMC), which is intended to protect government information shared with defense contractors and subcontractors. After a long wait, it is finally a reality, and it could force some companies to stop pursuing work with the DOD because they can’t meet the requirements, which could threaten their existence. I also believe it could be the major impetus for the next wave of consolidation in the Defense Industrial Base as companies that have successfully attained CMMC certification acquire companies that either can’t or don’t want to become certified.
