A Coffee With…Elliott Wilkes, CTO, ACDS

With over 15 years of expertise in spearheading digital transformation for governments, the military, and the United Nations, Elliott Wilkes brings a wealth of knowledge to his role as co-founder of Advanced Cyber Defence Systems (ACDS).

From his time in Africa building cutting-edge systems to tackling the intricate challenge of securing military and government communications without compromising usability, Elliott’s career has been defined by navigating complexity and innovation.

In this conversation, we explore the evolving threat landscape, unpack the inner workings of ransomware gangs, and discover how ACDS is pioneering solutions to combat the rising threat of deepfakes to businesses.

Tell us about some of your interesting work in Africa

I worked with an NGO in East Africa during Kenya’s post-election violence, applying skills I gained as a data analyst on the 2008 Obama campaign. I helped young people build resilience, administer microgrants, and use technology to manage a large grant platform—a rewarding experience, though very different from my current work.

I also worked with the UN in Libya, Tripoli, following Gaddafi’s removal from power, helping build the nation’s election systems for the country’s first-ever elections, and moving to the cloud. This was during the days of the Snowden disclosures, so I had to have conversations with senior government and the UN about what assurances you can have in cloud computing.

After Libya, where did you head next?

I joined the White House as part of the US Digital Service, which was created to bring in technical expertise to help modernise government systems and to communicate the associated risks and opportunities to senior stakeholders.

This body was created after the tech failure of HealthCare.gov. A classic example of a technology project gone wrong—no effective management layer, conflicting contractors, poor communication, and an arbitrary deadline.

How did your work there evolve?

After a few years at the White House, I moved to the Department of Defense (DoD), where I worked on rebuilding legacy systems. One of my main projects was Move.mil, a $4 billion-a-year operation to relocate military families. The system had crashed, and senior military officials couldn’t relocate. My team stabilised it, and then began the transition to the cloud.

We took a user-centred approach, involving military families in the research process and conducting design sprints. Shifting from hardware-centric systems to cloud services was a challenge, especially for the military, which is accustomed to on-prem tech—such as a server that could go on an aircraft carrier.

We harnessed cloud-service best practices we learned from the private sector to build it up from the ground.

Tell us more about your current role…

It’s an advisory role, focusing on cybersecurity and technology transfer programs. I work with ministries of defence on radar technology and cybersecurity best practices. For example, I helped the UK and US share radar tech to respond to drone threats at airports like Gatwick. I also collaborate with the Pentagon and the UK’s National Cybersecurity Centre to tackle emerging challenges in the cybersecurity space.

What are the challenges involved in digitally transforming security systems?

Digital transformation is about applying the right technology in the right way. Often, organisations think their problems are unique, but many of the same tools and strategies can be applied across different sectors. The challenge is breaking down barriers—whether bureaucratic, technical, or even ego-driven—and ensuring technology is used securely and effectively.

Have you always found your approach to technology to be more human-led?

Absolutely. Technology is just the means to an end, right? The key is understanding the human element.  One of the things I talk about a lot is how infrequently users are consulted when building cybersecurity tools and systems.

One of the challenges we faced in the White House and later in UK government organisations is setting up highly secure communication systems that are virtually impossible to tamper with or eavesdrop on. The issue is these systems are so complex and difficult to use that the high-level users often refuse to use them.

Instead, they resort to using personal electronics, which opens up huge security risks. And of course, these individuals are under constant threat of surveillance, given their positions.

The point is, if the technology is not usable, people will find ways around it. People will always find workarounds, and this is known in the tech world as “shadow IT.”

Users will create their own systems, separate Slack channels, WhatsApp groups, Signal chats—whatever they need to do to get the job done.

How do you see cybersecurity today?

No one is immune to cyberattacks—not even my own family, despite my work in cybersecurity. Ransomware attacks are increasingly sophisticated, with organised groups targeting smaller businesses and even offering “customer support” to victims.

This highlights the urgent need for stronger security measures and better education. Big tech must prioritise secure defaults, like passkeys over traditional passwords, while users must stay informed about creating secure passwords and spotting scams. Cybersecurity is essential for every organisation, regardless of size.

How are businesses tackling modern threats like deepfakes and AI?

One of the things we work on at the cybersecurity company is preventing someone from impersonating someone else via email, or ‘email spoofing’. It’s about digital attestation and cryptographic proof that you are who you say you are. Think of it like the green check mark you see on websites, it’s a similar idea, but over email.

But the next phase of that is how to protect people from using those techniques in conjunction with AI tools. You can take enough of someone’s voice, then use AI to create a voice facsimile. Imagine a fake voicemail from your CEO, telling your accounts person to pay an invoice. Social engineering like this is where I think we’re heading.

That said, it’s still surprising that even the basic stuff is tripping people up.  We saw this in the military when doing security audits. In one case, we used social engineering—taking advantage of small vulnerabilities to impersonate someone at a high rank. In the military, the chain of command is so ingrained that people didn’t question anything that came from a high-ranking officer. That’s something we need to address—providing training and technical safeguards so people can spot these scams.

How do you switch off, working in cybersecurity, or does it consume you?

It does. I get news alerts all the time on my phone, so it’s easy to get sucked into a subject and lose track of time. I’ve got ADHD, so I can dive really deep into something and forget about everything else. But my main way of unplugging is playing the piano, and writing music.