Cyber Security Employee Perspectives

 

Ben Calloni, Ph.D. is many things: a Texas Tech University Distinguished Engineer, an AIAA Associate Fellow, and a Lockheed Martin Fellow within Aeronautics. As an Embedded Cybersecurity Researcher, his research focuses on working with software modeling tools to develop new specifications and capabilities that are then expanded to secure systems and perform security assessments.

Ben’s Embedded Cybersecurity research and software expertise has led to Defensive Cybersecurity technologies that defend our products. Because Lockheed Martin’s products (think F-35 as one example) interconnect with Department of Defense (DoD) systems so closely, it is imperative that people like Ben help develop commercial tools in collaboration with our competitors and suppliers to ensure that all parts of a weapon system are properly secured.

Q: What does cybersecurity mean to you?
A: Cybersecurity is a broad domain that covers secure software, system security engineering, physical security, and disaster recovery procedures. No two programs are alike in their cybersecurity needs. It keeps the work exciting and always challenging.

Q: With technology evolving at such a high rate, how do we stay ahead of future cyber threats?
A: While specific threats require immediate attention, the best means of defense is building cybersecurity into products. The vast majority of cyber breaches are traceable to software. As an engineer in software, I can attest that unlike any other engineering domain, it requires individuals to have very rigorous training and experience. Yet what we see on the commercial side are individuals without training building and deploying software systems that are hackable. This suggests that as an industry, training of software developers is not as robust as other engineering disciplines.

Q: How can someone stay secure online?
A: Do some reading online on how to properly configure and lockdown your home computers, especially a child’s computer or account.  Check your credit card and financial institution accounts regularly and notify them when you find unauthorized activity. Change passwords regularly, don’t use the same one on multiple accounts, and make them strong.  Do not, do not, do not put a USB drive into your computer other than the ones you have bought from a retail store!  Don’t open emails or attachments from individuals you don’t know: simply delete them.  Don’t click on links on websites unless you are sure they will result in the outcome you expect.  Essentially, try to be just a little bit paranoid and think like a bad guy, figure out what they may do to exploit your home or computers, and take steps to reduce that risk.

Q: What’s been your most interesting cyber project so far?
A: You have just asked a question that is impossible to answer. You might have asked which of my 10 grandchildren I like best.  Every project is interesting and for different reasons and there is no way to narrow that down to one!

Q: What do you like to do when you’re not at work?
A: Play golf, wood working and working on projects around the house that require me to get my hands dirty. I love spending spend time with my wife (she is a great lady and my best friend) and I do have opportunities to be with grandchildren regularly which is wonderful. I did a complete restoration of a 1974 Camaro Type LT Z-28 and still enjoy driving it occasionally.  

 

Lockheed Martin wouldn’t be a leader in digital safety without talent like Cyber Security Engineer, Nick Jacobsen. What the average person may not realize is that Lockheed Martin is under constant threat from bad actors who want to steal our technology – i.e. the most advanced defense technology in the world. Nick and his hundreds of colleagues across Lockheed Martin are keeping that technology safe.

“If our products are not protected it could have devastating consequences for our servicemen and women, our country, and our allies,” says Nick. “We have to actively protect our networks, people and products to continue being a leader in digital safety.”

Q: What does digital safety mean to you?
A: To me, digital safety means understanding that in the digital world everything is being logged and watched by someone or something. It doesn’t mean privacy is gone, but that we all need to consider our actions and carefully consider every piece of information that we’re sharing.

Q: What’s your advice for how can someone stay safe online?
A: Ask yourself one thing before downloading an app or software: How is the creator of that product making money? They may make money because you’re paying for a service, they’re serving up ads, or they’re selling your information to other companies. If you can’t figure out how, then it’s probably not good news for you. There were several flashlight apps a few years ago that were full of malware. The apps seemed harmless so most people didn’t stop to ask why the app was free.

Q: How has digital safety progressed throughout your career?
A: I think we are starting to see that the average user is becoming more knowledgeable. They’re getting smarter and slowly moving away from the idea that security is someone else’s problem. We are all responsible.

Q: What’s it like working in the cyber field at Lockheed Martin?
A: I never dreamed I would work in this field, and with teams and technologies I didn’t know existed. Lockheed Martin’s scope allows me to interact with some of the brightest minds in the industry in topic areas that don’t exist elsewhere. Then, when the workday is over I get to walk outside every day and see the worlds most advanced fighter flying.

Q: What do you do when you’re not at work?
A: I like to play Rugby. And I build computers at home.


 

Roxanne Wood is the Program Manager for a Lockheed Martin Cyber Technology Services contract that provides highly skilled software developers, infrastructure support services, and 24/7 operations floor support for a U.S. intelligence community customer’s cyber defense mission.

"After having been in the cyber field for six years now," Roxanne says, "You will never be able to protect everything, so protect what matters."

Q: How did you get involved in cyber technology?
A: As a software engineer, I worked with SONAR, RADAR, satellites, and other technologies, on the B1 bomber, M1 tank, C5 cargo aircraft and other platforms, but I did not realize how vulnerable all of this was to cyber threats. It was when I came to Lockheed Martin 15 years ago as a software developer that I became fully aware of the devastation cyber attacks could cause. I witnessed how dedicated, vigilant, and committed Lockheed people were to protecting this country from a new order of threats that cannot be seen or heard, and I knew I had to be a part of it. Since then, it has been my pleasure to work with the people and technologies that protect the security of our nation! 

Q: Tell us about the latest cyber technologies.
A: Cyber technologies today focus on detection, response, and remediation through knowledge management; scanning and analysis of potential malicious objects embedded deep within files; and data analysis. But tomorrow’s cyber technologies will require new skills in data science and analytics. Behavior analytics and machine learning will focus more on deviations from the norm and predictive behavior – in other words, figuring out what will happen, and having solutions ready and waiting when it does.

Also development and operations teams will need stronger, constant alignment: “DevSecOps”, or DevOps with a focus on security. Threats emerge at lightning speed, and our time-to-market for solutions has to be short -- very short. It won’t matter what the technology is if it doesn’t get out there fast enough.

Q: How has technology to address cyber threats changed during your career?
A: Technologies have evolved from being reactive to being predictive -- from playing the cat-and-mouse game to thinking more like a hacker. Hackers are highly skilled and very intelligent risk-takers. Predictive and adaptive cyber technologies have helped us anticipate hackers’ intent and disrupt their next move.

Q: How does Lockheed Martin’s approach translate to innovative leadership in engineering a better cyber tomorrow?
A: Lockheed Martin leadership does not just provide what is contractually required, but also goes over and above the customer’s needs. We give our customers access to our full complement of capabilities to find industry best practices and solutions to their hard problems.

Q: What advice can you share for staying safe online?
A: You will never be 100 percent safe online, but here are my top safety tips:

  • Keep your software up-to-date, and download updates. I know it’s time-consuming, and seems to happen often, and then requires you to reboot. Just do it!
  • Your email is an open invitation for malicious activity. Don’t automatically download images. Use plain text emails if possible. Some email clients already do this, but check to make sure, and adjust your security settings if needed.
  • If you need to enter your credit card number, put it only in one place: Paypal, Amazon Pay, whatever.
  • If you have a LinkedIn profile, know that you are a prime target. 
 

Rob Noonan is the Deputy Program Manager for a Lockheed Martin Cyber Technology Services contract, providing highly confidential software development and infrastructure support services for a U.S. intelligence community customer’s cyber defense mission.

“As a former Air Force Safety Officer,” Rob says, “I learned that safety is all about identifying -- and taking steps to mitigate – the risk that’s all around us, all the time. Like physical safety, being safe online is all about knowing what can happen, and lessening the chance that any bad options occur. My team and I do all we can to think of the potential threats and contingencies so our customer’s networks are always safe, secure, and available to prevent ever-changing global threats from becoming reality.”

Q: How did you get involved in digital safety? 
A: Like many veterans transitioning into civilian careers, I searched far and wide for career possibilities for my new life. The more I looked, the more I realized that digital safety, or “cyber security,” was an area where I could still contribute to the defense of our great nation, except now I could do it in civilian clothes! 

Q: Why do you think Lockheed Martin is a leader in digital safety?
A: It has to be; our nation’s security depends on it. From F-35 airplanes, to Littoral combat ships, to malware analytics for an intelligence community customer, we have to be at the cutting-edge every day, protecting against known threats and anticipating and defending against future threats. When customers need expertise, innovations, and trained and cleared professionals, they know where to go!

Q: Why is Lockheed Martin a great place to work?
A: Like the United States Air Force, Lockheed Martin values mission, it values people, and it fosters a culture of creativity and opportunity. I’ve grown so much and learned a ton in the 2.5 years I’ve been here, and look forward to continuing my journey with the company!

Q: What do you do when you’re not at work?
A: I enjoy spending time with my family. I also like doing things outdoors. We live near the Potomac River, the Appalachian Trail, and the Chesapeake & Ohio Canal, so there’s never a dull moment!

Q: What’s your advice for how people can stay safe online?
A: Mitigating online risks can be summarized in three words: good digital “hygiene.” For example:

  • Get a virus scanner and keep it up-to-date. 
  • That pesky software update notice that means you need to shut everything down, install, and reboot? Do it! The latest software versions not only give you new functionality, but also close newly discovered code vulnerabilities. 
  • When you purchase something online, especially if it’s not one of the common sites such as Amazon, check the payment site web address: Does it have a “lock” symbol (meaning a secure connection)? Does it have the letters “.ru” on the end (meaning the site is porting you to a Russian hacker)? Did you check the vendor’s reviews online first on Yelp or a similar site? You’ll be well served by thinking, then acting. If something doesn’t seem right, it probably isn’t. 
 


As the software Chief Architect supporting the Department of Defense Cyber Crime Center (DC3), Gary Katz is the contractor lead for research and development providing capabilities in cyber analytics, cyber information sharing, digital forensics, and malware analysis.

“Our mission focuses on tracking and stopping individuals in other countries who wake up and spend their day attempting to steal valuable information from our government, or from defense contractors supporting our government,” Gary says. “I listen to our cyber analysts and reverse engineers explaining their challenges, then research what technology is available – or could be developed – to make it easier for them to track our cyber adversaries and protect our government’s technology assets. My team and I look at what could be, then we make it happen.”

Q: Tell us about the latest cyber technologies.
A: In cyber analytics, many advances have been focused on better organizing data, making it more easily available and providing new datasets. When information is well-organized and easily accessible, analysts can spend more time leveraging information and understanding changes to an adversary’s tactics, techniques, and procedures. That’s why we have spent a lot of effort on the STIX and TAXII standards for sharing cyber analytic data to provide structured cyber intelligence data in a common format.

Q: What’s next in technology?
A: Artificial intelligence and machine learning are important, but it’s about supporting people, not replacing them. We’re always going to need subject matter experts. People talk about a shortage of cyber expertise, but I believe we need to make technology more efficient and organize data better, automating or reducing the time to complete basic tasks so the analysts we have can focus more closely on the hard problems of detecting and preventing badness.

Q: What’s it like working in the cyber field at Lockheed Martin?
A: I enjoy my team, not just internally, but also across and upward in the organization. Lockheed Martin is a trailblazer in taking an intelligence-driven approach to cyber security and understanding the adversaries to protect networks. We have an extraordinary level of expertise; you can walk into any Lockheed Martin facility and find top exerts in their field. And working for a large organization, it’s easy to move throughout to continue learning to develop and maintain your career -- and your passion for your career.

Q: What do you do when you’re not at work? 
A: I’m currently developing a mobile app. I enjoy swing dancing, but I don’t get to do it often. I usually spend time with friends, play beach volleyball in Baltimore's Inner Harbor, paddleboard, snowboard, and cheer on the Eagles. (The only one I do well is root for the Eagles!)

Q: What’s your advice for how people can stay safe online?
A: Be smart and put in the effort before you open files, click on links, or give out information. If you’re not sure, Google it to see what people have said about the source – and if you can’t find anything, it probably means the organization doesn’t even exist. If everyone did that, cyber defenders would be much happier. 

 


Victoria “Tori” Miralda, Senior Manager, Cyber Solutions, is the Program Manager leading Lockheed Martin’s work on Gladiator – a contract that is bringing new cyber capabilities to the U.S. Missile Defense Agency. She joined Lockheed Martin after having held electronic warfare and cyber roles while serving as a Colonel in the U.S. Army.

“I see myself as a bridge,” Tori says, “taking the remarkable things our engineers do, and adding a ‘so what’ so our customers can really benefit from that cyber technology.”

Q: What do you love about your job?
A: I love how my job blends the mission-focus I had when I was serving in uniform with the innovation, technologies and persistence Lockheed Martin brings to face every challenge. As the Department of Defense advances, Lockheed Martin is a part of that, and the best thing is knowing that we’re providing technical capabilities to the warfighters. As a retired soldier, the ability to continue to provide that operational value is exciting.

Q: How did you get involved in cybersecurity?
A: I was commissioned by the U.S. Army in 1990 as a Signal Corps Officer. So instantly, provisioning, defending, and securing radios, networks, communications and cyber were all critical to my job. As my career path evolved, it grew to include cyber defense for the Army Signal Corps. I had a memorable experience working at Fort Huachuca, Arizona, serving as the first operations officer standing up the network protection organization. There we had major responsibilities to set up the technologies and infrastructure for network defense, as well as developing policies and practices for sharing threat intelligence across the globe. I expanded my work to include network defense in space as well, thinking about cybersecurity through satellite communications. Those military experiences led me to Lockheed Martin, where I am proud to work today.

Q: Who has been your mentor on your cyber journey, and how are you mentoring others?
A: I believe we are all the product of those who have come before us. I was remarkably blessed with mentors such as Lt. General Carroll Pollett, the former commanding general of Defense Information Security Agency, who cared enough to be tough on me, to push me, and to drive me to accomplish more. Today, I try to pay it forward. Recently, for example, I met with a young space officer who is doing a rotation training with Lockheed Martin. I’m not only introducing him to the community here, but I’m also helping make him aware of the capabilities and technologies we bring.

Q: What role do diversity and inclusion have in cybersecurity?
A:
Every mission needs a diverse workforce. Having served as a Hispanic woman in a predominantly male environment in the U.S. Army, I have always believed that your performance is what speaks. Capability is what counts. If you’re in a foxhole, the background of the person next to you doesn’t matter. You care if the person is an expert in his field, and knows what he is doing. Leaders need to make sure that people who are different aren’t isolated. They may be exactly what the mission requires.

Q: Why is Lockheed Martin a great place to work?
A: Lockheed Martin is a great place to work because of the opportunities to make an impact for our national defense, its company ethics, and its extraordinary engineers.

Q: What do you like to do when you’re not at work?
A: I like kayaking, scuba diving, sailing, hiking, and being in the mountains. I love to be outdoors.

Q: What advice can you share for staying safe online?
A: Think before you click. Before you click a link or open a file, ask yourself: does this make sense? Is it from someone I know? Was I expecting this? Taking a pause is really important for online safety.


 

Derek Maxey supports applied research and technology development initiatives as a software architect, security researcher, and principal investigator. He is a subject matter expert in embedded systems and software security for contracts, proposals, and defense product development.

Q: How did you get involved in cyber technology?
A:
I started to think about some of the threats and opportunities associated with increased reliance upon commercial technology for our defense products.  That led me toward formal training and research opportunities in cyber security.

Q: Tell us about the latest cyber technologies.
A: Cyber technologies change rapidly – it’s a back and forth innovation race between cyber defenders and cyber attackers.  Cryptocurrency technology like Bitcoin is being looked at as a way to secure product supply chains.  Machine learning algorithms used for voice activated digital assistants like Apple’s Siri are being used to detect covert stealthy cyber intrusions.

Q: What’s next for cyber defense?
A: On today’s cyber battlefield cyber attackers have a strategic advantage against cyber defenders.  Attackers only need to find one small flaw to be successful while defenders have to plan for every potential attack.  It is also much easier for attackers to upgrade to new tools and methods than it is upgrade a product’s defenses.  One potential way forward is to even the playing field with designs that self-evolve over time, and repurposing attack tools for defensive purposes.

Q: How does Lockheed Martin’s approach translate to innovative leadership in the cyber industry?
A: We understand our products need to work reliably in harsh conditions – it takes a systems thinking approach to develop mission critical products. When we consider factors such as extreme temperatures and humidity we are in the best position to create resilient, robust and reliable products.

Q:  How has cyber technology changed during your career?
A: Early on cyber security primarily focused on preventing cyber attacks.  However prevention alone is a static solution and its effectiveness decays over time as attackers continue to innovate.  Today cyber security focuses more on detecting cyber attacks.  The assumption is that preventive defenses will eventually fail, so the best approach is to detect cyber intrusions as quickly as possible to limit damage.

Q: Tell us about your most memorable/interesting technology project (so far).
A: The most memorable projects are operational threat analyses.  There are table top versions based solely on technical data and documents, then there are live wargame versions that involve realistic offensive and defensive teams.

Q: What’s it like working at Lockheed Martin?
A: I enjoy working at Lockheed Martin because our products can have a global impact.  I also appreciate the company’s commitment to work/life balance and ensuring employees have time to focus on their families and what matters most to them. 


 

Mike Workman is the Chief Engineer for the Cyber Solutions UK Avon Programme and leads technology development to provide cyber solutions to the UK government.

“Most of us aren’t aware of how much information is available publicly about each of us,” Mike says. “Developments in advanced analytics and machine learning are linking data that we previously assumed were unconnected. These technologies are already being used, for example, to identify what we may be doing or even planning, and to offer information that may be relevant. We are increasingly trading our personal data for the added convenience these technologies offer.” 

Q: What’s next?
A:
The amount and types of data being collected continue to increase, along with the ability to analyze and store the data. Companies will continue to seek more innovative ways to combine and use the data to provide services that customers will wish to pay for. I expect the world will start to appear ever more intelligent and responsive, and the ways in which we engage with the world will become ever easier and more intuitive.

Q: How has technology to address cyber threats changed during your career?
A: At the start of my career, probably the closest topic to cyber threats were in the field of electronic warfare, using electromagnetic signals such as radio, infrared, or radar. Recently, cyber and electromagnetic activities are converging and, as a consequence, some electronic warfare approaches are seeing a resurgence.

Q: Tell us about your most memorable technology project (so far).
A: Developing a counter-drone system has been fascinating. Success will mean the development and integration of technologies such as software-designed radios, radar, data processing, machine learning, and data fusion, and drawing upon the capabilities being developed. The technologies are exciting, and it’s interesting to work to overcome the challenges of bringing US capabilities across the Atlantic to give us a competitive advantage in the UK.

Q: Why is Lockheed Martin a great place to work?
A: Firstly, the ethos and culture that arise from the corporate values of “Do what’s right, respect others and perform with excellence”, together with the professionalism and friendliness of our staff, give us an outstanding environment in which to work. Secondly, we offer an amazing range of technologies. I love helping identify the opportunities to apply our diverse technologies for our customers.

Q: What do you like to do when you’re not at work?
A: I enjoy taking our dogs out walking on the local hills, occasionally flying as a private pilot, and undertaking home DIY projects.

Q: What’s your advice for how people can stay safe online?
A: Staying safe online doesn’t have to be all-consuming, but it does require awareness of risks and how to mitigate them. Just reading an article or two about cyber security can help. Taking basic precautions goes a long way. Don’t make yourself a soft target!

I always keep a couple of questions in mind when sharing information: Who will be able to see my data? Would it cause a problem if the data were either made public or deleted? If you aren’t comfortable with the answers, take further security measures or seek advice. Ultimately, you control where the data you generate goes. if you don’t want it shared, don’t share it.