Kathryn Wang, Public Sector Channel Sales Lead at SandboxAQ; CEO of Ctrl Alt Defeat.io; Former Google Global Leader and VP at Goldman Sachs Portfolio Company

Q: You’ve had a long run at Google, joining when the organization was in its infancy. How did your multiple roles there shape your interest in cybersecurity?

Google will always be my home. I’m lucky to have grown up at, and with a company that not only redefined the possibilities of innovation and technology in the wake of the dot-com collapse, but also set a gold standard for corporate culture—one that countless others aspire to replicate.

Over 16 years and 4 pivotal roles, I’ve gained a lifetime of insights. But three lessons stand out, forming the bedrock of my passion for cybersecurity:

1. “Scarcity Breeds Clarity” – Eric Schmidt:  When resources are tight, fluff disappears, and focus sharpens. Limited resources force teams to prioritize the most critical threats, fortify foundational defenses, and refine processes with ruthless efficiency. In cybersecurity, lean and lethal beats bloated and blind every time.

2. Embrace the Growth Mindset: The threat landscape isn’t static, so strategy can’t afford to be either. Staying adaptable isn’t optional; it’s survival. Failures? They’re just stepping stones. Whether it’s implementing Zero Trust architectures or preparing for post-quantum cryptography, every challenge is a catalyst for cyber evolution and endurance.

3. Mission Matters: At Google, I discovered my passion for purpose. A clear mission does more than guide strategy—it galvanizes teams, aligning every defense, tool, and decision with what truly matters: safeguarding your people, protecting your data, and fortifying your operations. With the mission, every action becomes deliberate, impactful, and fully aligned

Q: Your past work at HUMAN, as part of the Night Dragon portfolio, put you on center stage at a federal level when dealing with cyber and national security. What is the top takeaway from that experience as you moved into building your own company?

A: My work at HUMAN placed me at the critical intersection of cybersecurity and national security, providing an intense front-row seat to the systemic vulnerabilities threatening even our most vital systems.

One of the most profound takeaways from that experience was uncovering the deeply interconnected nature of modern cyber threats—how vulnerabilities in seemingly ordinary systems, from IoT devices and supply chain components to aging critical infrastructure and even Federal, Government, and Defense platforms, can cascade into disruptions at a national scale.

This realization made everything I’d done up until that point feel like preparation for this pivotal moment. I couldn’t imagine a mission more critical than taking proactive steps to confront these challenges head-on. That’s why I founded CTRL ALT DEFEAT—to fortify supply chain defenses and deliver actionable strategies for the DoD, critical infrastructure, and national security. At its core, my

company is about far more than cybersecurity; it’s about building national resilience, safeguarding our standing as a global superpower, and ensuring that technology continues to be the bedrock of progress and innovation on the world stage.

Q: As an advisor to the nonprofit organization, Building Cyber Security, much of your focus is on critical infrastructure consulting. What particular concerns do you have, specifically around IT and OT, that are of most importance as we move into 2025?

A: As we approach 2025, my concerns around IT and OT security in critical infrastructure revolve around the growing convergence of these systems and the vulnerabilities that come with it. Operational Technology (OT) environments, historically siloed and insulated, are now increasingly integrated with IT networks to enable efficiencies, automation, and real-time analytics. But while this integration offers undeniable benefits, it also expands the attack surface.

Here’s what keeps me up at night:

· Aging Infrastructure Meets Modern Threats: Our critical infrastructure—think energy grids, water systems, and transportation networks—relies on legacy OT systems never designed with cybersecurity in mind. Connecting these outdated systems to IT networks makes them a target for exploitation.

· Supply Chain Breaches with a Ripple Effect: Malicious actors embedding compromised code or hardware into OT components can disrupt entire systems. These attacks not only undermine trust but create cascading impacts that cripple critical services.

· Ransomware: Holding the Nation Hostage Cybercriminals increasingly target OT environments with ransomware because the stakes are high. Downtime in critical infrastructure doesn’t just cause inconvenience—it risks lives, disrupts national security, and shakes public confidence.

· The OT Cybersecurity Talent Gap: There’s a glaring shortage of professionals who truly understand both IT and OT. Protecting critical infrastructure requires more than just technical know-how—it demands a nuanced understanding of operational workflows and safety-critical systems.

As an advisor, my focus is on helping organizations adopt a cyber security framework ensuring that every system, user, and device is continuously verified. I push for proactive measures like secure-by-design principles for OT hardware, supply chain intrusion detection and continuous monitoring, cryptographic inventorying, and the integration of post-quantum cryptography to future-proof systems against emerging threats.

In the last four months alone, I’ve spoken on four panels at leading cybersecurity conferences across the U.S., and one message has been clear: OT cybersecurity resilience in critical infrastructure is no longer optional—it’s a matter of national security.

Cyber adversaries no longer need to kidnap people to hold them hostage; they attack the lifelines of our civilization instead. By disrupting critical infrastructure, they strike at society’s core, proving that the frontlines of modern warfare are digital.

Q: You have recently joined SandboxAQ. Tell us more about why this role and organization intrigued you?

A: Joining SandboxAQ felt like stepping into the future—a space where the brightest minds tackle today’s most urgent challenges while boldly redefining what’s possible for tomorrow. It’s not just a proving ground for cutting-edge technology—it’s a mission-driven organization with human authenticity and national security at its core.

What drew me in most was SandboxAQ’s ability to take quantum and AI advancements and seamlessly apply them across disciplines to solve some of the world’s most intricate problems. This isn’t innovation for innovation’s sake—it’s about delivering real-world solutions with far-reaching impacts across industries like navigation, bio-simulation, and cybersecurity.

I’ve always been drawn to companies of consequence but in all my research, SandboxAQ is poised to do the most global good though its cross-disciplinary relevance. Whether it’s securing federal platforms with post-quantum cryptography, enabling quantum navigation in GPS-deprived environments, or driving materials discovery to revolutionize energy, industrialization, and medicine, the company is addressing challenges that shape modern conflict and societal progress alike. This level of cross-industry impact isn’t just rare—it’s transformative.

For me, this role is about far more than joining a tech company; it’s about contributing to a mission to redefine what’s possible at the intersection of AI and quantum technology. SandboxAQ isn’t waiting for the future to arrive—it’s building it, one groundbreaking solution at a time. I couldn’t be more pumped to be part of this incredible journey.

Q: You are a huge proponent of encouraging the next generation in learning more about cybersecurity. How did you get into this work, what inspires you, and how are you shaping the future of cyber from your perspective?

A: “You bear the burden of competence.” That’s a piece of advice I received from a mentor early in my career, and it’s stayed with me every time I feel the weight of a daunting challenge. It’s a reminder that those with the ability to make a difference have a responsibility to step up.

Two pivotal figures helped guide me into this world: Ernie Bio, an Air Force veteran and Managing Director at Forgepoint Capital, introduced me to the world of cybersecurity, knowing the industry needed mission-driven cyber warriors to join the fight. And Jim Jansen, a prior manager and professional coach, opened the door to HUMAN, where I first ventured into the cyber and public sector domain. It took me all of 8 hours in this field to know: this was what I was meant to do. Cybersecurity is about protecting the vulnerable and building a safer, more resilient world.

What I love most about this field is how limitless it is. It thrives on diversity—not just in people but in perspectives and skillsets. Whether you’re a coder, a communicator, or a strategist, there’s a place for you here. I love working with the next generation of rising professionals, watching them take these skills and run circles around us in every way. Their creativity, drive, and fresh perspectives are exactly what we need to face the challenges ahead.

If there’s one thing I hope to leave them, it’s the gift of knowledge. Every failure or lesson I’ve encountered, I share, so others can start where I left off—not back at the starting line. Even my

knowledge isn’t just mine—it’s the collective wisdom of everyone who’s shaped this industry. Turning one person’s experience into the baseline of an army of cyber warriors is how we build resilience, adapt to evolving threats, and create a future where no one stands alone.

The future of cybersecurity belongs to them. People like me are just here to light the path.