Employees at A-LIGN take many different paths throughout their journey – that’s why we sat down with Tony Bai, Federal Practice Lead at A-LIGN, to talk about how he uses his cybersecurity and military expertise as a thought leader and his advice to veterans considering a career in cybersecurity.
How did you get involved in cybersecurity?
I became a federal contractor after retiring from the US Air Force. One of my first jobs was developing the cybersecurity program for all Air Force medical systems at the Defense Health Agency. I later learned about FedRAMP with my prior company running their 3PAO practice before going back to the Pentagon revamping the Air Force cybersecurity program for the Air Force CISO.
Tell me about your time in the US Air Force.
I am a 20-year Air Force retiree. I first got involved with cybersecurity when I was selected to attend the Air Force Institute of Technology, setting me on my path of cyber defense and security. After graduating with my master’s degree in cyber operations, I was assigned to the Pentagon where I was the cyber defense subject matter expert for Air Force HQ. I was responsible for helping develop cyber policy and guidance, and helped stand up the Air Force cyber warfare career fields.
How long have you been at A-LIGN? What has changed during your tenure?
I joined A-LIGN this past June, and the most noticeable change I’ve witnessed is the development of the practice lead position and how our thought leadership has evolved. The roles of the practice leads were just being established when I was hired. Tracking how the concept and position has matured, and helping frame the responsibilities of thought leaders vs. managers has been great.
Tell me about your role as A-LIGN’s Federal Practice Lead.
As our Federal Practice Lead, I help determine the strategic direction of my team and our Federal practice. My job is to help develop the team professionally while examining our current business processes and identifying how we can improve them. It’s important to keep an eye on the future as well, considering where we can go – such as CMMC – and building additional services.
Why do you think cybersecurity and security assessments are important?
With A-LIGN’s role as a cybersecurity and compliance firm, you encounter opposing viewpoints on whether auditing and compliance is useful. The important thing to understand is that you shouldn’t be doing compliance for the sake of compliance, because compliance is not synonymous with security. Rather, it’s a tool to document and ensure that your organization is meeting a minimum standard.
Ask questions like, “How can we improve these processes to best protect relevant data and information?” Compliance should provide a comprehensive look at an organization’s security and risk posture to best enable key decision-makers to perform their jobs at the highest standards.
If you could describe A-LIGN in one word, what would it be?
I don’t wake up and think, “I don’t want to go to work, but I have to, or I don’t want to deal with these people.” I truly enjoy the people I interact with and the challenges of the work we do.
What do you do for fun outside of A-LIGN?
Even outside of work, I tend to live and breathe IT. My other hobbies include reading, preferably science fiction and fantasy. My family and I also go to comic book conventions, play online MMORPGs, and play various board games. What can I say? I’m an old school nerd. I’m also very involved in my kids’ Boy Scouts and Girl Scouts troops. Family is very important to me.
What is your motto/personal mantra?
Do the best you can day by day. It’s all about finding balance at work and at home.
What attracted you to A-LIGN?
The corporate culture. Everyone at the leadership level is concerned about taking care of their people, ensuring everyone has a good work-life balance. It’s the family atmosphere, making sure everyone is content in their role and providing growth opportunities. A-LIGN also gave me the opportunity to stretch beyond my previous roles while still building on my experience and skills.
These are things hard to find when job searching, but A-LIGN has it in spades.
What advice would you share with veterans considering a career in cybersecurity?
Set realistic expectations and understand what a unique experience the military gives you. Military experience tends to combine a strong technical skillset with managerial and supervisory experience you don’t usually see in the civilian world. I’ve found in the civilian sector people tend to only have one or the other. Veterans normally have a good blend of both skillsets.