What's Up with Tech?
Tech Transformation with Evan Kirstel: A podcast exploring the latest trends and innovations in the tech industry, and how businesses can leverage them for growth, diving into the world of B2B, discussing strategies, trends, and sharing insights from industry leaders!
With over three decades in telecom and IT, I've mastered the art of transforming social media into a dynamic platform for audience engagement, community building, and establishing thought leadership. My approach isn't about personal brand promotion but about delivering educational and informative content to cultivate a sustainable, long-term business presence. I am the leading content creator in areas like Enterprise AI, UCaaS, CPaaS, CCaaS, Cloud, Telecom, 5G and more!
What's Up with Tech?
AI Security Only Works When It Matches Business Goals
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Interested in being a guest? Email us at admin@evankirstel.com
AI didn’t just change how enterprises innovate, it changed how they get breached. One month you’re racing to deploy new copilots and agentic workflows; the next you’re asking a harder question: did we build any of this to match our risk posture?
We talk with Chris Bonavita, Vice President of Strategy and Technology Adoption at GTT, about what he’s hearing from enterprise security leaders right now and why the mood has shifted from excitement to panic. We dig into the real-world convergence of CIO and CISO responsibilities, and how a unified data view across network operations and security operations can replace the “swivel chair” handoff between teams. When netflow, logs, identity, device posture, and edge behavior get correlated in one place, you can finally decide faster whether you’re looking at a performance issue, a resiliency gap, an optimization opportunity, or a malicious actor.
Chris also shares a sneak peek at GTT’s direction with AI factories, GPU-enabled capabilities, and AI-driven correlation that can shrink vulnerability and CVE matching from weeks to near real time. The bottom line is simple and practical: security wins on time to recognition, time to categorization, and time to action. We close with grounded advice for leaders who feel overwhelmed by the pace of change: stay curious, keep learning, and keep the human conversation alive alongside the machines.
If you found this useful, subscribe, share the episode with a colleague, and leave a review with the one security metric you’re trying to improve most.
More at https://linktr.ee/EvanKirstel
Welcome And What’s Ahead
SPEAKER_01Hey everybody. Super excited for this chat today. We're talking with the leading networking and security as a service vendor, GTT, about what's up and the future. Chris Bonavita, GTT's Vice President of Technology and Security Adoption. Chris, how are you?
SPEAKER_00Outstanding, Evan. It's a pleasure to be here and look forward to our chat.
Chris Bonavita Background And Role
SPEAKER_01Well, thanks so much for joining. Always excited by these updates. Before that, perhaps introduce yourself, your role at GTT, and a little bit about your journey and bio.
SPEAKER_00You bet. Evan, I have the pleasure of working as the vice president of strategy and technology adoption for GTT. I work into uh Fletcher Keister's organization, who is our chief product and technology officer. And I'm also peered with as a liaison to our CISO, uh James Karimi. And we get to talk about all kinds of interesting and dynamic security events on a daily, sometimes minute-by-minute basis. So uh prior to GTT, I spent some time in the military. I was in the United States Air Force. Oh, thank you. You're you're you're welcome. You're most welcome. Uh it it laid the groundwork for where I'm at today. And uh in the United States Air Force, I was also involved with several uh three-letter and four-letter agencies. Um, and that led me more and more into a security background. But I really applied that over the years in telecommunications and in other technologies, uh, did product development, um, some sales, some business development in uh all kinds of technologies, but always with a security bet. They uh saw my resume or we started talking about certain things, and they said, Well, you know a little bit about security, so why don't you uh why don't you participate in this with us? So that led me to, over the years, to bring that expertise, that experience, and a perspective into GTT. And I have the pleasure of being able to do that daily now.
What GTT Does Today
SPEAKER_01Fantastic. And how would you describe GTT today to those who may not be familiar?
SPEAKER_00So GTT has been on a long, strange, fun journey as well. So GTT is the accumulation of several different companies over the last 20 years, rolling up things from aggregated access to a global ASN, a global uh internet provider, connectivity provider, and managed services also on a global basis. So bringing in expertise in hosted services back in the day when we called it hosted and then managed and now cloud services, things along those lines. So, what GTT is today is a very simplified organization of all of those different capabilities across a unified strategy. We call it Envision, but it is connectivity, connect, secure, and simplify. So we connect people, applications, devices, data around the world to where they need to be connected, and we secure that. And then we simplify that entire process by the investments we have in systems, tools, processes. Of course, we have AI now to help us with that journey. But it's the combination of all of those things. We are a global managed connectivity and managed security services company. When I say managed, we build all of our products and services to be fully managed, co-managed, or just delivered and self-managed. So it's not a it's not all one thing, but it's uh it's an approach to the connectivity and the security, network-based security uh that served us well and is serving our customers well today.
AI Excitement Then AI Panic
SPEAKER_01Brilliant. What a great introduction. And you have a unique bird's eye view in the company, talking to enterprise customers every day. Uh, I'm sure you have some incredible interactions there. Any themes uh emerging from the many security challenge that your your customers are navigating So the themes uh are uh excitement and panic.
SPEAKER_00So, Evan, one of the things that uh that I get to do is I I present our strategy and present our technologies out into the market. But over 50% of what I do is listen and bring those insights and bring that feedback into our organization and development and engineering um across our operations and our senior leadership team. So let me let me uh give you more specifics on those two uh lead-in or heavy words that I used with uh enthusiasm and panic. Um over the last two years, uh most enterprises were in a rush to find out what is going on with AI. How can I deploy AI in my enterprise and extract value from it? And uh especially into some of the conferences, we just had RSA, we had several security conferences in the beginning of the year. Um, and now there's this panic. Oh, what did we do? We released all of this wonderful technology, but did we really align it into our overall risk posture, our security systems? Uh, do we recognize the difference between a human being and someone emulating or something emulating a human activity or taking the place of a human activity? And so there's that's the panic side saying, oh, we did a lot of wonderful things, but are we really secure in the way that we deployed them? And that seems to be the focus that I'm hearing probably since December and and echoing through today.
CIO And CISO Roles Converge
SPEAKER_01Really interesting. So, as a practitioner yourself, you know a lot about the relationship between technology and security leadership. You're seeing a lot of overlap and convergence of the CIO and CISO roles, uh, often for good. But but how are those roles redefining, you know, enterprise strategy for security?
SPEAKER_00That's a great question, Evan. Um, and it's it's one that's posed to the to the general market and specific enterprises around the world. Um, there are geopolitical things happening today. They're in addition to the artificial intelligence and other very rapid advances in technology. So there are so many different considerations, um, not all of them different, but at a higher pace, at a faster pace, and from multiple directions all at once, that are hitting an enterprise. And it used to be more along the lines of siloed efforts. So you had universal understanding across a C-suite of what the outcomes you wanted to be, and then you divvied up the responsibility. And a CIO would take care of infrastructure and IT and the technologies and the platforms that would support a service or support your business, and the CISA would secure it. And there was a back and forth in some cases well aligned. In many cases, as we all know, uh, there's a prioritization. Uh, we need we have a security incident, we need to secure the environment. Well, that breaks everything that I developed in the environment. So I have to patch and I have to update. And then when I do those updates, am I now secured? No, there's a new security situation that's happening. So what we found is that there's a unification, not even at the CISO and CIO level, but there's a unification into the types of data that are coming into these evaluation tools, these evaluation platforms. There's a unification of what we refer to as knock and SOC. So network operation and optimization information and security information. So if you talk about things like uh net flow information, or you talk about log files or IP transit information and match that or correlate that with core behaviors. So, what are you seeing in your independent environment or in your own environment, an operated environment? And how does that match up against overall market or global tendencies and global activities? So, what we are in a position to do is take a look at the edge activities, devices, identity, and behavior that's happening at the edge, match that with a company's individual connectivity needs, their connectivity across their global enterprise, and then again correlate that into what are we seeing in our network, in our global peered network, and bring all of those three things together? That starts with the data ingestion and the initial analysis of what are we talking about? What are we looking at? Bring all of that together and correlate it. The outputs become is this a network issue or opportunity? Is this an optimization issue? Is this a resiliency issue? Or is it something malicious? Is someone purposefully, someone or something purposefully affecting my environment? It all starts in the same place. And we've had this swivel chair mentality of, okay, identify which one of those it is and then pivot. To your point, what we're seeing is technologies are allowing us to bring that into a single view. So you're unifying the CIO responsibility and the CISO responsibility. You're unifying that from the data into analysis, categorization, and actionable activities. And that brings a whole lot of efficiency, uh a tremendous amount of um, I won't say comfort, but the ability to understand your environment and make sense out of all of the this disparate noise and the tremendous volume of data that's coming into your enterprise. So back to your point. The CISO and the CIO functions are being unified by the very tools that we're deploying now that bring all of that consideration together in one point.
Basics: Outcomes First Then AI
SPEAKER_01Wow, that's a fascinating evolution. Uh, on the heels of RSA C, uh, we got a perspective on this, it's incredibly involving security environment. It was a little overwhelming, frankly, the announcements, the tools, the platforms, the threats. Um, so let's let's talk basics. What are what are some of the fundamental ways organizations can protect themselves, putting aside the vendors and the tools and and uh a lot of the noise that that's out there?
SPEAKER_00So let's not lose sight or let's keep in sight what our overall goals are as enterprises that work in the in this world. We're here to provide solutions and services into the market and extract value from that. And we have desired outcomes that include profitability, ongoing operational efficiency. Those goals are still there. Um, in fact, they may be even more dynamic or more aggressive than they were previously. But if we keep the outcomes in sight, if we keep the target that we're trying to hit in sight, then we won't get lost in all of the noise and the excitement and the thrills and the panic of what's going on with all these rapid changes. So, of course, we want to make sure that we deploy AI tools that help us keep up. So we really classify AI in two different areas. There's what we call uh the agentic tools and the insight tools, and then there's the operational and functional tools. So the the the maybe not the most um clear way of putting it, but the in our in our world, we have search for information, correlation of information, and education and enablement. And on the other side of the fence, in the operational AI, we have the extension of algorithms and machine learning that create efficiencies in all of the business processes and all of the activities. And so by keeping those somewhat separate, we are able to create human oversight, in some cases, even AI oversight over the functionality and keep up to date with what's going on in this ever-changing, dynamically changing world. And what that allows us to do is to make sure that whatever AI functions are happening, we use AI tools to educate us on what they're doing, what they're capable of doing, what the next thing is that's coming down the pipe, and then bridge between that and what our desired outcomes are. So long way around the tree saying, keep educated, keep in touch with what the capabilities are, don't rush to deploy them until you've made sure that they're in line with your desired business outcomes. And we found that if we change our desired outcomes based on the tooling, that gets our business out of whack. If we're restricted into something like everything needs to be in the cloud or everything needs to be in an AI tool today, or we have to deploy these latest technologies immediately because we like them and we anticipate benefit and we anticipate certain incremental increases and maybe decreases in cost or increases in operational efficiency, if they're not tied to the overall outcome of the business, if your CEO, your CFO, your CISO, and your CIO aren't all sitting down and nodding, yes, this is in line with our goals, you're going to be lost anyway. So without getting into the minutiae, please make sure that everything you do is aligned to your overall strategic goal and isn't simply a tactical benefit in and of its own right.
Sneak Peek At New Security
SPEAKER_01So well said. So I understand that later this year uh you'll be introducing pretty revolutionary advanced security solution. Can you give me a sneak peek or tell me a little more at the at this stage?
SPEAKER_00So so, Evan, I love the fact that you're asking for um information about a security product and asking, can we sneak a little peek at something that's a very globally secure product set and product development? Touche, yeah. Absolutely, though. You ask and I will answer. Um, so Evan, what we what we've put in place is it's a very interesting uh story in and of its own right. We entered into um embracing the AI factories. We have a partnership with with several global leading companies to deploy GPU functionality across our entire network. And we did this to increase network operational efficiency. And we saw the fact that we are a globally peered, we're the third soon to be hopefully the second largest peered network in the world. We continue to invest in that. And part of that was to deploy these AI factories across our global network to give us GPU functionality on top of all of our existing equipment and our existing processes to create efficiencies. When we did that, we entered into the realm of some software development and some AI-enabled development that lent us over into the secure side because we connect and secure. When we started looking at the efficiencies and security, we started encountering things like tool reduction. What we used to do with five different tools, we now do with one. What we also found is correlation of data, that edge data, things coming in from the connectivity point on the other side of your WAN. What's connected? What is it? What's its current state? What OS level, what firmware level, what software level, what versioning on all these different devices. Um, the host activities and their identity, the behaviors that are happening at the edge, match that with your transport, match that with your connectivity, and then match that against expectations in the entire in the entire world of connectivity. What we found is AI is enabling us to do that and to do it in real time. Things that used to take three weeks. Here's a sneak peek. The CVEs, the the risks that are known and that are published in libraries are extensive and they're dynamic. They change on a daily basis. Your environment is somewhat static. Excuse me, some of the behaviors may change and may be dynamic, but that piece of equipment that's sitting out there is the same piece of equipment. Well, not all the equipment's the same. You have multiple brands, you have multiple versions, you have multiple uh configurations that are out in the field. How do you associate those in real time with a library of dynamic risks, CVEs that are out there? What we were able to do is take three to four weeks of analysis on matching all of the different devices we have connected to our network, over 11,000 endpoints with tens to hundreds of devices behind that.
unknownWow.
SPEAKER_00And match that against CVEs on a daily basis in in near real time. What we found is this this suite of services, the types of things that we're doing in blending knock and sock operations saves time. Time is what's the most important thing in security, time to recognition, time to correlation, time to categorization and score, and then time to action. Remediation, um, mitigation and remediation activities. And we've been able to take time from days and weeks into minutes and seconds across several different very interesting things in the network and security operations in our own network. And what we're doing now is we're talking to customers and folks in the market and saying, how valuable is this to you? What does this mean for your environment? And so a few months from now, our CEO and our entire company would like to do this in weeks, not months. Um, but in a few months from now, what you'll be seeing from us are these capabilities enabled for the market to take the same benefits that we have intrinsically and to customize those for their environments and to reduce time that allows you to build trust and to either save money and or make more money in your business. And that's what we're bringing to market in a few months. So there's a little sneak peek. Hopefully that's of interest. And we'll we'll keep in touch over the next few months on how developments arise and how our customers are telling us what they actually need and then how we bring that to market.
Bottom Line: Time To Action
SPEAKER_01Wow, sounds really intriguing. So, bottom line, uh, with all the AI messaging and hype out there, what's the bottom line? How would this matter to enterprises today, this year?
SPEAKER_00Again, I'll I'll go back to the bottom line is time. So consolidating the amount of time and effort it takes to understand your environment, understand precisely what is going on in real time in your environment, and then act on it to make sure that everything in your environment, everything in your technology uh stack, everything in your connectivity that we can see from our perspective is in alignment with what your risk profile is, what your operational profile is, and what your desired business outcomes are for your profitability. And we manage that on that network connectivity plane and make sure that you have assurances and you understand at a level that you weren't previously able to do.
Wisdom: Stay Curious Stay Human
SPEAKER_01Brilliant. Well, that's quite a mic drop moment. I can't wait to hear more, more to come. Um, I guess final note, uh thought, any sage words of wisdom for enterprises facing these threats today, maybe feeling overwhelmed and um yeah, uh frankly uh nervous about their uh enterprise.
SPEAKER_00So artificial intelligence, um, AI is it still remains a very exciting tool. It remains uh it remains something that will advance us all and is advancing us all. So embrace the learning, constantly be curious, and constantly be learning. And don't don't get satisfied with what you think you know in the moment. Make sure that tomorrow you're you're reinvestigating what's happening. The changes are happening rapidly. But the good news is that all of your peers and all of us are in this together. And so we are constantly looking at what's available. Speak to the other human beings in your the same way you are now, but talk to them about what their experience is in AI. What are they learning? What are they applying? What are they not applying? Make sure that we as human beings don't get sucked into where we're only talking to our AI, our agentic AI, and letting it talk to us. Let's make sure that we maintain the human experience and the human interaction while we're all developing and using these tools. And then we're going to have a much more of a sense of calm, of unity, and a shared experience with our AI tool partners.
Wrap Up And Thanks
SPEAKER_01Awesome. I can feel my blood pressure lowering already. Thanks so much for the insight as always in the analysis. And uh good luck on next steps onwards and upwards.
SPEAKER_00That's been always a pleasure. Thank you very much. And look forward to speaking with you again and seeing you soon.
SPEAKER_01Yes, see you soon. Thanks everyone for listening, watching, sharing this episode. And until then, take care.