Veterans in Cyber: AI as a Force Multiplier, Guiding Young Offenders, and the Correlation Between Data Science & OSINT Professionals

TechNadu is honored to speak with Charles Randolph, Senior Vice President at 360 Privacy. Randolph is a seasoned security and intelligence leader with over three decades of experience spanning military, corporate, and government sectors. 

A former U.S. Army Lieutenant Colonel and former Microsoft security leader, he shares perspective on how threat actors, protective intelligence, and veteran principles intersect in today’s era of digital exposure and converged risk.

Randolph emphasizes the growing need for integrated defense mindsets that combine human judgment with technological foresight. And highlights that analysts must learn protective context, and protectors must learn data literacy.

He outlines the importance of merging threat intelligence, digital privacy data, and behavioral analysis into one operational picture. Read on for insights from a distinguished veteran about cybersecurity, defenders, offenders, and more.

Vishwa: You’ve observed both physical and digital threat actors evolve over decades. From your perspective, how different are today’s online adversaries from traditional criminals in their intent, methods, and traceability?

Charles: Traditional criminals once needed proximity; they had to be near their targets to act. Today’s adversaries don’t. Digital proximity has replaced physical presence, allowing threat actors to study, influence, and exploit targets from anywhere. 

Their intent hasn’t changed; it’s still about access, control, and leverage, but their means have become industrialized.

The modern attacker operates through code, influence, and automation rather than crowbars and cash. Traceability has inverted: what once required a getaway car now hides behind data brokers, disposable infrastructure, and AI-generated identities. 

The distance between reconnaissance and action has collapsed, and that convergence is what keeps me up at night.

Vishwa: As a military veteran and long-time security strategist, what principles from command or mission planning do you still find most valuable when assessing digital threats and exposure today?

Charles: Two doctrines endure: mission command and situational awareness. Mission command teaches decentralized execution, empowering people closest to the problem to act on intent, not orders. In cybersecurity and privacy, that means your analysts, engineers, and even executives need authority to make protection decisions in real time.

Situational understanding goes beyond awareness... it’s about context. In the field, we never moved until we understood the environment, the adversary, and ourselves. 

The same holds true for digital exposure management: you can’t defend what you don’t understand, and you can’t know what you don’t measure.

Vishwa: As executive protection merges with cyber intelligence, what’s the most critical shift you’ve observed in threat detection or decision-making?

Charles: The decision point has moved upstream. Ten years ago, protection teams reacted to threats after they appeared. Now, the focus is on preempting the trigger; spotting digital signals before they become physical action. 

That requires merging threat intelligence, digital privacy data, and behavioral analysis into one operational picture. The modern protection professional isn’t just a physical presence; they’re also an analyst, communicator, and strategist. 

The best teams today fuse cyber telemetry with field tradecraft, understanding that a tweet, a data leak, or an online narrative can be the first step in an attack cycle.

Vishwa: Converged risk links cyber incidents with physical consequences. What ethical or operational risks arise when organizations rely on AI to predict or manage these connected threats?

Charles: AI can correlate signals humans would never see — but it can also reinforce bias, misclassify intent, or create false confidence. The ethical challenge lies in how we use predictive models to make decisions about people and risk. 

Automation without accountability becomes surveillance at scale. Operationally, the danger is overreliance. Machines may flag anomalies, but only human judgment can interpret intent. 

In converged risk management, AI should serve as a force multiplier, not an oracle. It must augment human discernment, not replace it.

Vishwa: With Cybersecurity Awareness Month focusing on education and responsibility, how do you view the growing number of young individuals drawn into cybercrime? Do you think corrective or preventive measures could help redirect their skills toward cybersecurity
instead?

Charles: Absolutely. Many young offenders aren’t hardened criminals; they’re explorers with a limited ethical compass or lack of mentorship. 

When I talk to cyber investigators and digital forensics teams, they often say the same thing: most first-time offenders could’ve been incredible defenders with the proper guidance. 

We should be investing in cyber apprenticeships, capture-the-flag programs, and ethical hacking pathways that make defense as exciting and rewarding as offense. The skills are the same; the purpose is different. Redirecting intent is far more effective than punishment alone.

Vishwa: We’re seeing more professionals from data science, open-source intelligence (OSINT), and analytics backgrounds join the security field. How can their skills complement traditional protective expertise rather than replace it?

Charles: They bring a new lens. Where protectors see behavior, analysts see patterns. Together, they complete the picture. Data science helps quantify intuition. It gives empirical weight to what experienced protectors sense. OSINT professionals, in turn, help teams understand how information about their principals, executives, or assets circulates online.

But the real opportunity lies in translation. Analysts must learn protective context, and protectors must learn data literacy. The best organizations pair those skillsets — turning disparate insights into a unified threat narrative.

Vishwa: You’ve spent years mentoring peers and veterans alike. What would you recommend to fellow veterans entering cybersecurity? What opportunities or entry points should they focus on when pursuing intelligence careers?

Charles: Veterans already understand risk, hierarchy, and mission. What they need most is translation — learning how those instincts apply in a corporate or cyber environment. 

First, start where your military experience intersects with digital operations: threat intelligence, risk analysis, or incident response. 

Second, find mentors who’ve made the transition.

The best advice I ever received after leaving uniform was simple:

Veterans thrive in cybersecurity because they’re comfortable with ambiguity and disciplined about learning. That combination is invaluable.

PS: This interview was conducted during Cybersecurity Awareness Month as part of our October special coverage.