An executive learner in multiple Duke Certificate Programs, Anthony T. Gitalado is the Cybersecurity Director of Acquisitions at the Internal Revenue Service, where he established the first Cybersecurity Center of Excellence and Cybersecurity Program Management Office. He started his cyber career inspired by his experience in the U.S. Army. In recent years, Anthony spearheaded cybersecurity initiatives at the Joint Chiefs of Staff, Defense Intelligence Agency, and the U.S Navy. He is also appointed by the Virginia Governor to the IT council and Stafford County School board as a technology advisor.

What cybersecurity issues do you manage in your current role?

In my current role at the Internal Revenue Service (IRS), I manage a wide range of cybersecurity and AI issues. My primary focus is on safeguarding sensitive taxpayer information and ensuring the integrity of our financial systems. I was selected as a key expert for a new IRS team responsible for verifying that our technological purchases meet federal security rules. In this capacity, I ensure compliance with robust cybersecurity frameworks, including the NIST Risk Management Framework. I’ve also spearheaded initiatives to enhance our acquisition compliance processes, significantly streamlining acquisitions across the IRS and the Treasury Department.

I also address significant cybersecurity and AI issues at the state and local levels. As an Appointed Citizen Council Member for the Virginia Information Technology Agency (VITA), I help shape statewide technology strategy, which includes cybersecurity initiatives and responsible AI deployment for the Commonwealth of Virginia. Furthermore, as a member of the Stafford County Public Schools Technology Advisory Committee, I played a key role in developing the policy that made Stafford County the first school district to have a policy on Generative AI in Virginia.

How have you decided to become a Cyber professional, and why?

After serving in the U.S. Army, I became a consultant for the intelligence community. My career trajectory evolved from intelligence, through IT project management, and then into cybersecurity leadership. I saw cybersecurity as a natural extension of my commitment to national security, and I embrace the constantly evolving landscape. It’s not just about technology; it’s about safeguarding trust, privacy, and economic stability. The intellectual stimulation of being in a continuous battle against unseen adversaries, coupled with the profound sense of moral duty to protect our national security, cemented my path in this field. 

 Is cybersecurity the only area of responsibility in your professional role? If not, what other areas are you responsible for?

I firmly believe that we cybersecurity professionals have a profound responsibility to build a legacy and actively engage in teaching our youth. This means cultivating a truly holistic understanding of our entire operational ecosystem, extending beyond just technical defenses. This comprehensive perspective is essential not only for effective risk management and ensuring organizational resilience today, but also for equipping the next generation with the knowledge and foresight to navigate tomorrow’s complex digital landscape.

My work actively extends into broader strategic IT governance and public policy at the state and local levels. I’ve recently been reappointed to Governor Youngkin’s IT Advisory Council (VITA), which is made up of citizen members, Virginia lawmakers, the CIO of Virginia, and two cabinet members from the Governor’s office. In this role, I contribute significantly to shaping statewide technology strategy and cybersecurity initiatives for the Commonwealth of Virginia. Virginia’s proximity to Capitol Hill often drives robust discussions within the council, ensuring our strategies are aligned with national implications.

What Certificate Programs have you attended at Duke, and why?

I’ve had the privilege of attending multiple programs at Duke, including the Executive Certificate in Cybersecurity Resilience for Leaders, the Executive Certificate in AI and Cybersecurity for Leaders, the CISO Executive Certificate, and the Cybersecurity Leadership Program. Learning directly from individuals who are actively navigating complex cybersecurity and AI challenges in real-world scenarios has been incredibly helpful and has provided invaluable practical insights.

What are some of the most important lessons you learned during the Duke Executive Certificate Programs?

The Duke Executive Certificate Programs reinforced the critical understanding that cybersecurity is fundamentally a business risk, not solely a technical problem. This shift in perspective is crucial for effective leadership and aligning security initiatives with organizational objectives. I gained profound insights into the interplay between AI and cybersecurity, specifically how AI can both introduce new vulnerabilities and serve as a powerful tool for defense.

Beyond the curriculum, the Duke alumni ecosystem has been incredibly friendly and welcoming, fostering a truly collaborative environment. The program’s remarkable trajectory, from its inception to its current growth, has been significantly guided by the leadership of the Executive Director Arthur ‘Art’ Ehuan, a respected veteran whose experience has proven invaluable.”

The opportunity to engage with fellow practitioners and experts through Duke’s annual Cybersecurity conference further enhances the learning experience. Finally, the emphasis on a holistic, interdisciplinary response, drawing from public policy, law, and engineering, provided a comprehensive understanding that’s essential in today’s complex threat environment.

What is one important goal you hoped to achieve by completing this certificate program?

I wanted to elevate my strategic leadership capabilities in the converged domains of cybersecurity and AI and apply them to real-world policy and governance challenges. I aimed to move beyond a purely technical understanding and develop the strategic acumen necessary to anticipate and navigate the complex, rapidly evolving threat landscape at an executive level. I wanted to be equipped to not only identify risks but also to proactively shape organizational policy, implement effective governance, drive innovation in our defensive posture, and set the standard for generations to come.

I look forward to fully utilizing these enhanced skills to significantly move an organization forward in addressing the critical cybersecurity and AI challenges we face, especially in today’s competitive job market.

Can you name 1-2 significant challenges in cybersecurity today and how an executive program like the one(s) you attended at Duke can help overcome them?

One is the rapidly evolving nature of AI-driven cyber threats and the critical need for proactive policy. Threat actors are increasingly leveraging AI for sophisticated deep-fake scams or ransomware attacks that evade traditional defenses. These incidents underscore the need for leaders who understand the strategic implications of AI and can develop proactive policies and governance to address these threats before widespread damage occurs.

A second persistent challenge is integrating cybersecurity as a core business function and fostering a pervasive security culture across an entire organization. Similarly, procuring a new AI system for public service without understanding its data privacy implications at the policy level shows a critical disconnect. Duke’s executive programs provide skills to bridge these technical and business/policy divides, translating complex cybersecurity needs into actionable strategies understood by all stakeholders.