Today’s cyber threats come in many varieties. Unfortunately, there is no “one-size-fits-all” solution to combating them. Of course, hardware and programs are essential in the fight against cyber attacks, but one tool is more important than any other: vigilant, well-trained employees.
Leidos has taken a unique approach in how it addresses these threats for its customers. ClearanceJobs spoke with Paul Levesque, CTO of Homeland Security Solutions at Leidos, about the challenges facing contractors today. He explained how his company is offering solutions that can turn the tables on hackers and other cyber threats.
ClearanceJobs: It seems like most of today’s threats are less of violence and are more geared towards disrupting the electrical grid or other automated infrastructure. Would you say we’ve switched from a physical battlefield to a cyber battlefield?
Paul Levesque: Switched may be a strong word. What we have is a battle on many fronts – and cyber tends to be the first level of engagement we see. In the future, it could facilitate an actual physical assault; as you disrupt the infrastructure, that opens up potential for actual physical attacks, as well. We can’t discount one or the other for potential threats.
In recent years, we’ve seen how insider threats – Snowden, Alexis, Manning – can be as damaging as external ones. Tell me about the tools that Leidos is using to help neutralize these threats.
Our insider risk management program takes a holistic approach to counter the cyber threats, and the organizational silos and pitfalls that so often surround them. We do this by encouraging information sharing and having internal checks and balances that protect our employees’ privacy.
But to protect from insider threats, you need more than just a defensive posture. We have the Arena Insider Threat Identification (ITI), a web-based tool that leverages big data analytics to proactively monitor for patterns in threat activities. This includes looking at employees’ cyber footprint, as well as their non-IT behaviors, on a single platform. You can look at what they are doing on social media and other personal information you have around them. All of those factors can be looked at to ask “Is this individual at risk of doing internal damage?”
Regarding the Arena ITI, data collection and machine learning are on the tip of everyone’s tongue these days. How do analysts and machine learning work together on your team?
One of the biggest challenges today is the volume of information that analysts have to review in order to detect a threat. Machine learning and AI can be applied to that problem and go through the volume of information and quickly identify things that are out of the norm. Yes, you have to train the tools, but it takes a lot less time for the analyst to get down to the real investigation, as opposed to finding and collecting the potential clues. But at the end of the day, only an analyst can assess whether those clues amount to a real threat.
What are the biggest concerns that are you seeing at Leidos right now? What are your customers coming to you to address?
There is an increasing volume and complexity of attacks, and these are around the various infrastructures that we’re charged to protect. In an evolutionary model, our adversaries are bringing new techniques, new technologies, new tools, and new approaches. And we have to be one step ahead of them.
When looking through Leidos’ offerings, the name “Intrusion Defense Chain” jumps off the screen. Can you explain what that is?
The Intrusion Defense Chain (IDC) has been recognized by industry as a very powerful analytic framework. It is based on understanding the steps or links in a chain that an adversary might go through to achieve their objective.
So if you understand the steps your adversary follows, and you can break the link of the chain earlier in the process, the more effective you are at defeating the threat. But it also makes stopping the threat less resource-intensive, because you’ve caught it before it can do the most damage. You can train your people to be curious and do more than just plug a leak – they can look at what caused the leak and how to solve the problem for the future.
What other tools does Leidos bring to the table that keep you ahead of the game?
Our best tool is our people. They are our key investment. We focus on overall solutions that look at the problem from an optimized “people, process, technology” point of view. It isn’t so much a product, but a program that looks from a holistic view of cyber threats. It is more than just processes and more than just a tool; it is a combination of them.
It’s also about identifying threats in a creative way, like through Arena ITI. We also have a tool called PACKIT™ (Proven, Analytic-Centric Kill Chain Implementation and Transformation). PACKIT™ takes this analysis methodology and implements it in our overall approach to conduct intelligence-based cyber defense, creating a mature and adaptive cybersecurity organization.
Another program we have is called EXCITE: Experiential Cyber Immersion Training and Exercises – a set of realistic hands-on exercises. They’re designed to plug the student into a full attack scenario in a lab environment. We have three variations of that, including two in-depth courses. We offer these to our customers as a service, and in fact we are doing that across DHS right now.
You are CTO of Homeland Security Solutions at Leidos, which is a big deal. Tell us how you got to where you are.
I have a military background, so the evolution to national security was a natural fit. My education was in electrical engineering, but I have spent much of my career in systems engineering. That evolved to being a team lead, chief engineer, then program manager on a variety of programs for defense, corporate IT, civil, and international projects.
When the opportunity came to take on a CTO challenge, it was a chance to use my experiences gained across multiple programs, all focused on various large and important departments of the U.S. government, and apply them to the need of Homeland Security.
What advice would you have for those aspiring to similar success in the cybersecurity field?
From my experience, it’s less about the technology – which is always evolving – but having a very solid understanding of the underlying principles of what the tools are trying to achieve. If someone understands how networks work, how data storage works, how some processing works, that sets you up for success.
The fact is, the cybersecurity market is very competitive right now. Leidos is looking at investing in training and trying to grow those individuals that we need. Some employees come out of college cybersecurity programs. Some studied Liberal Arts and then got more interested in technology and learned online. Some come from military backgrounds and were intelligence operators or cyber operators. But the key trait for success is a willingness to learn partnered with a healthy curiosity.
Leidos offers the opportunity to work on challenging projects with the most cutting-edge technology. We’re growing very rapidly and are eager to build out our team. We have many opportunities for those coming from the technical, engineering side of it, but more than anything, we stress character and a willingness to learn.
Learn more about cyber careers at Leidos here.
SPONSORED CONTENT: This article is written by or on behalf of our Sponsor and not by ClearanceJobs editorial staff.