The world of corporate cybersecurity often feels like preparing for an inevitable storm, a constant state of vigilance against evolving threats. Now, a new framework inspired by the strategies of the U.S. Department of War is gaining traction, offering a potentially transformative approach to building cyber resilience. This shift emphasizes proactive validation of security controls, rather than simply reacting to breaches after they occur. The core concept, championed by experts like Ronan Lavelle, CEO of Validato, centers on understanding how adversaries operate and testing defenses against those specific behaviors. This approach to cybersecurity is gaining momentum as organizations grapple with increasingly sophisticated attacks.
Lavelle, recently accepted into the Forbes Technology Council as of September 19, 2025, has been a vocal advocate for this proactive stance. His selection to the Council recognizes his expertise and leadership in the cybersecurity space, based on a proven track record of business growth and industry recognition. The Forbes Technology Council is an invitation-only community for leading technology executives, providing a platform for thought leadership and collaboration.
From Reactive to Proactive: A New Cybersecurity Paradigm
Traditionally, cybersecurity has been largely reactive. Companies invest in firewalls, intrusion detection systems, and other security tools, then wait for an attack to happen before assessing the damage and patching vulnerabilities. This approach is akin to building a fortress and hoping it never gets besieged. The new framework, however, borrows from military strategy, specifically the concept of “red teaming” and adversarial emulation. Instead of simply building walls, organizations are now encouraged to simulate attacks – to think like the enemy – and identify weaknesses before they can be exploited.
This is where Adversarial Exposure Validation (AEV) comes into play. Validato, founded in 2022 by Lavelle, Andrew Brown, Miroslav Solodujev and Jan Zentek, is an emerging leader in the AEV market, offering a platform that validates the effectiveness of security controls by simulating real-world cyber threat actor behaviors. The company, headquartered in Cheltenham, United Kingdom, aims to make cyber resilience accessible to businesses of all sizes.
The Department of War Influence and Control Validation
The inspiration from the Department of War isn’t about literal military tactics, but rather a shift in mindset. Historically, military strategists haven’t just focused on building strong defenses; they’ve also rigorously tested those defenses through simulations and war games. This framework applies that same principle to cybersecurity. It’s about moving beyond simply checking boxes on a compliance list and actually proving that security controls are effective against realistic threats.
Lavelle emphasizes the importance of “educating the market and business leaders about the advantages of building cyber resilience through security control validation.” He believes that Validato’s platform empowers businesses to adopt these strategies and protect their operations from increasingly sophisticated cyber threats. The focus is on understanding not just *if* a security control is in place, but *how* it performs under pressure.
What Does This Mean for Businesses?
The implications of this shift are significant. Organizations need to move beyond a checklist mentality and embrace a continuous validation process. This involves:
- Identifying critical assets: What data and systems are most valuable and vulnerable?
- Understanding the threat landscape: What are the most likely attack vectors and who are the potential adversaries?
- Simulating attacks: Using AEV platforms or red teaming exercises to test security controls.
- Remediating vulnerabilities: Addressing weaknesses identified during validation.
- Continuous monitoring: Regularly re-evaluating security controls and adapting to new threats.
Ronan Lavelle’s LinkedIn profile shows over three years of experience as Co-Founder and CEO of Validato, leading a team focused on cybersecurity services.
Partnerships and the Future of Cyber Resilience
The move towards proactive cybersecurity is also being fueled by partnerships within the industry. Recently, e2e-assure and Validato announced a partnership to enhance cyber resilience, demonstrating a collaborative effort to provide more comprehensive security solutions. SecurityBrief UK reported on this collaboration, highlighting the growing need for integrated security approaches.
As cyber threats continue to evolve, the traditional reactive approach to cybersecurity is becoming increasingly inadequate. The framework inspired by the Department of War, with its emphasis on proactive validation and adversarial emulation, offers a promising path towards building more resilient and secure organizations. The next step will be wider adoption of AEV technologies and a fundamental shift in how businesses approach cybersecurity – from simply defending against attacks to actively testing and strengthening their defenses.
This evolving landscape demands continuous learning and adaptation. Share your thoughts on the future of cybersecurity in the comments below, and please share this article with your network.
