John Zangardi

**Interviewer:** Welcome, John Zangardi, director of Qualys, Symetrica, and ZeroFox. At The Character of the Corporation 2025 event on November 18, you'll be discussing with Nina Henderson and Maria Fernanda Mejia how international companies operate during unstable periods. Could you give us a glimpse into the evolution of global corporations and their operating environments over the past few decades?

**John Zangardi:** Absolutely. The narrative of corporate tactics and state influence is closely linked, especially today. As we trace this developmentthe end of the Cold War to the current age of artificial intelligence, on warfare, and international rivalryfact stands out: Corporate boards now occupy the crossroads of worldwide threats and organizational durability. Managing cybersecurity and AI is no longer merely a technical matter; it represents essential stewardship duties.

**Interviewer:** Let's start with the historical context. How did the fall of the Berlin Wall shape the global business landscape?

**John Zangardi:** The fall of the Berlin Wall in 1989 appeared to signal the victory of open democracy and market-driven economics. The Cold War concluded, the Soviet Union disintegrated, and the Western world experienced a profound wave of hope. Francis Fukuyama described it as"the end of history"that democratic systems and capitalism had decisively prevailed in the battle of ideas. A spirit of positivity prevailed. The United States emerged as the dominant force on the global stageterms of military strength, economic power, and cultural impact. However, supremacy brings vulnerabilities. Operating without opposition generated bitterness, and hidden beneath the hope were the foundations of upcoming turmoilas extremism, China's ascent, financial upheaval, and a revived, dictatorial Russia.

**Interviewer:** How has the world shifted from that unipolar moment to today's multipolar landscape?

**John Zangardi:** By the start of the 2000s, that era of single-power dominance had faded. The U.S. was exhausted from extended conflicts in Iraq and Afghanistan, and by 2025, it holds over $38 trillion in national debt. The 2008 economic downturn further weakened faith in Western financial systems. At the same time, global dynamics started to form around opposing governance structuresversus autocratic rule. Partnerships evolved: Russia and China strengthened ties, while emerging regional influencers gained prominence in Asia. China, once primarily a manufacturing hub, advanced to become a formidable rival. It initially acquired technology through unauthorized means but now creates its own innovations. The nation has fortified the South China Sea militarily, diminished Hong Kong's independence, and contested the U.S. in vital sectorstelecom and chip production to artificial intelligence. This leads us into a fresh stage, characterized not only by rivalries between countries but also by contests among computational systems and independent entities.

**Interviewer:** Looking ahead to 2025 and beyond, what defines this era of strategic competition and digital risks?

**John Zangardi:** Projecting into the future, 2027 signifies the centennial of the Chinese Communist Partypivotal point in Beijing's vision of"national revival."By then, China plans to completely update the People's Liberation Army, potentially bold enough to pursue compulsory integration with Taiwan. China's armed forces can now rival those of the U.S. For instance, China possesses a larger naval fleet and constructs vessels in half the duration required by the U.S. While America may boast superior training, China benefits from geographical closenessin its own regional waters. Should China advance on Taiwan, numerous analysts predict the initial actions won't involve physical force. They will be virtual. I concur. Artificial intelligence and cyber operations will lead the chargemethods enabling China to exceed its conventional capabilities. Expect propaganda campaigns, financial pressure, and possible quarantines disguised as"aid missions."We're already observing pre atory moves in the digital realm. Groups like Volt Typhoon from China are installing harmful software within U.S. essential systemsas electrical networks, energy conduits, telecom infrastructures, and logistics chainsat causing chaos and hindering reactions during emergencies. This isn't guesswork. It's strategic setup.

**Interviewer:** How do AI entities add a new dimension to corporate risks in this context?

**John Zangardi:** Introduce yet another level of intricacy: AI entities. These self-operating mechanisms can handle assignments, decide outcomes, and engage with other platforms at speeds beyond human capacity, frequently without constant supervision. They serve as robust instruments for efficiency and creativity, yet they also bring novel hazards. Inactive or"dormant"entities might linger unnoticed in networks, poised to engage upon activationor accidentally. This represents a risk pathway that numerous entities aren't equipped to address yet. For corporate boards, safeguarding against these dangers involves expanding cyber management to include AI supervision.

**Interviewer:** What specific steps should boards take to manage AI-related risks?

**John Zangardi:** Boards ought to focus on four key areas: Maintain a record of entities. Management requires awareness. All AI entities in operationinternal or via suppliersbe documented and evaluated for threats. Test entities adversarially. Confirm they function correctly and resist tampering, takeover, or external activation. Implement authentication and permission controls. AI entities need credentials and access rights similar to staff, adhering to zero-trust and minimal-access guide s. Evaluate external AI applications. Suppliers and collaborators employing generative or self-operating AI expand your vulnerability footprint. These measures elevate AI management from an emerging trend to a critical requirement.

**Interviewer:** What are the broader implications for board oversight in this evolving landscape?

**John Zangardi:** Primarily, stewardship responsibilities have advanced. They now encompass international political, cyber, and AI readiness. Board members can't dismiss these as specialized or regulatory matters. They constitute fundamental organizational threats impacting activities, reputation, and investor interests. Next, cybersecuritycurrently AI managementnot information technology concerns. They are pivotal board-level matters. Operational sustainability, credibility, and robustness rely on them. Additionally, your suppliers represent your vulnerabilities. External networks form today's primary entry points for attacks, and accountability can't be delegated. Lastly, the Taiwan scenario is tangible. A political upheaval there would trigger enormous consequenceselectronics components and distribution networks to financial exchanges. Boards must incorporate this into business planning.

**Interviewer:** Practically speaking, what actions should boards take right now to pre e?

**John Zangardi:** Begin by setting up robust cyber and AI management structures. Embed both within the overall threat framework, with specified responsibilities, reporting channels, and routine updates. Next, secure expertise at the board level. All boards should feature members knowledgeable in cybersecurity, AI, and technological shifts. Then, provide the Chief Information Security Officer with board access. Consistent updates from the CISO and CIO are vital. Cyber dialogues should emphasize organizational effects, not just adherence lists. Inquire how cyber and AI durability connect to your capacity to function, provide services, and rebound. Additionally, transition from avoidance to durability. Presume intrusions will occur. Evaluate restoration capabilities and encompass cloud services, external applications, and overlooked resources in your assessments. Moreover, view cybersecurity and AI management as key allocations, not expenses. This involves forward-thinking protection, adversarial testing, intelligence on threats, and employee pre ation. Utilize established models like those from the National Institute of Standards and Technology, International Organization for Standardization, or Cybersecurity Maturity Model Certification to track advancements. Lastly, embrace a proactive stance informed by threats. Incorporate international political and AI threats into long-term planning. Conduct simulation drills. Model situationsTaiwan conflict, significant cyber assault, or AI-related interruptionquestion,"How would our organization react?"Since the upcoming crisis won't originate in news reports. It will emerge in your system records, your vendors, your AI entities, and your information streams.

**Interviewer:** In closing, what final thought do you have on the character of corporations in these times?

**John Zangardi:** The essence of a corporationlike that of countriesdemonstrated in its readiness for upheaval. Boards that grasp this eralink international threats, AI management, cyber durability, and operational continuity't merely endure the coming years. They will shape them.