Skip to main content
Leidos
Search
  • Suppliers
  • Employees
  • Newsroom
  • Investors
  • Global
  • Contact
  • Company
    • Our Business

      We embrace and solve some of the world's toughest challenges.

      • Civil
      • Defense
      • Health
      • Intelligence
      • Dynetics
      • Leidos Innovations Center (LInC)
      Gibbs & Cox-designed DDG-51 Arleigh Burke-class destroyer at sea

      Leidos completes Gibbs & Cox acquisition, expanding maritime undersea, autonomous and cybersecurity capabilities.

      Read Press Release

    • Mission, Vision, & Values

      Everything we do is built on a commitment to do the right thing for our customers, our people, and our community.

      • Mission
      • Vision
      • Values
      man sitting on bleachers holding soccer ball

      Let’s come together and talk about the changes that are needed.

      The Opioid Epidemic: A Call to Action

    • Leadership

      Meet the executive team responsible for leading our forward-thinking employees toward a shared success.

      • Roger Krone
      • Chris Cage
      • Maureen Waterston
      • Vicki Schmanske
      • Jerry Howe
      • Jim Carlini
      • Debbie Opiekun
      • Thomas Sanglier
      • Jim Moos
      • Gerry Fasano
      • Roy Stevens
      • Liz Porter
      • Steve Cook
      • Paul Engola
      • Board of Directors
      Roger Krone

      Meeting the challenges of an uncertain world.

      An Interview with CEO Roger Krone

    • History

      Leidos has a long history of innovative problem-solving and customer service, dating all the way back to 1969 when Dr. J. Robert Beyster founded his "crazy little company".

      • Explore our History
      • Dr. J. Robert Beyster
      • A Kaleidoscope of Innovation: The Story of Leidos
      Dr. Beyster

      Almost 50 years ago, visionary scientist J. Robert Beyster, Ph.D. founded the company that evolved into Leidos.

      Read More

    • Inclusion & Diversity

      Our commitment to inclusion and diversity is reflected in the way we engage our people, our customers, and our external partnerships through our innovative programs, sponsorships, and engagement.

      • Our Vision, Philosophy, and Approach
      • Strategic Diversity Outreach
      • Employee Resource Groups
      • Inclusion & Diversity in the UK
      Top Supporters HBCU badge for 2022

      Leidos was recently named to the 2022 Top Supporters of HBCU Engineering list published by Career Communications Group, Inc.

      Partnering with HBCUs

    • Responsibility & Sustainability

      We're equally committed to using our time and resources to support people, enrich communities, and protect the environment.

      • ESG Goals
      • CEO Message
      • Executive Summary
      • ESG Governance & Strategy
      • Environment
      • Community
      • People
      • Suppliers & Small Business Relationships
      • Political Activities
      • About our Reporting
      • GRI™ Standards
      NASA ground station

      Discover how we helped NASA develop a climate action plan

      Read Article

    • Ethics & Compliance

      We have a strong history of performance that rests on our foundation of integrity.

      • File a Report
      • History of Ethics
      • Ethics Program Structure
      • Code of Conduct
      Ethisphere award logo

      Leidos named one of the World’s Most Ethical Companies for fifth consecutive year.

      Read More

    • Rankings & Awards

      Our innovative approach and the services and solutions we deliver frequently earn Leidos recognition from our industry and the media.

      • Enterprise Awards
      • Defense Awards
      • Civil Awards
      • Health Awards
      A gold trophy on a light green background

      A frequent honoree on the corporate awards circuit, Leidos is proud of its many industry-specific and corporate-level achievements.

      Cue the Applause

    • Partners

      The Leidos Alliance Partner Network emphasizes connections through partnership and collaboration that drive innovation, advance technology, and build efficiency.

      • Corporate Strategic Partners
      • Technology Integration Partners
      • Emerging Technology Partners
      Bubba with helmet on

      We're teaming up with Bubba Wallace and 23XI Racing in 2022 advancing a culture of inclusion and diversity.

      Fueling a Better Tomorrow

    • Subsidiaries

      Our wholly owned and majority-owned subsidiaries attract and retain top talent motivated to deliver results for clients.

      • 1901 Group
      • Dynetics
      • Gibbs & Cox
      • Leidos Biomedical Research
      • Leidos Digital Solutions
      • BEONTRA
      • QTC
      • Leidos Engineering
      • Systems Made Simple
      • Varec
      Gibbs & Cox-designed DDG-51 Arleigh Burke-class destroyer at sea

      Leidos completes Gibbs & Cox acquisition, expanding maritime undersea, autonomous and cybersecurity capabilities.

      Read Press Release

    • Contract Vehicles

      Whether you’re a potential government customer or a prospective supplier, through this listing you can find our technical and professional services under pre-negotiated terms and conditions.

      • Governmentwide MACs & IDIQs
      • GSA Schedules
      • Agency Specific IDIQs
      • International
    • Global

      With more than 400 locations in 30 countries, we continue to expand our presence and strengthen our international relationships.

      • United Kingdom & Europe
      • Australia
      • Israel
      • Middle East
      • Canada
      plane flying over water

      Leidos has announced the completed acquisition of Cobham Aviation Services Australia’s Special Mission business.

      Hop Onboard to Learn More

    • Trust

      Cybersecurity and data privacy is central to what we do; protecting data, systems, and infrastructure that are critical to our employees, customers, communities, and stakeholders.

      • Commitment to Privacy & Cybersecurity
      • Cybersecurity
      • Data Privacy
      • Privacy Statement
      Citizens walking with data flowing around them

      Today, tomorrow, and every day is Data Privacy Day.

      Read the Article

  • Markets
    • Aviation

      From sidewalk to sky, we've got you covered.

      • Air Traffic Management
      • ANSP Professional Services
      • Security Solutions
      • Intelligent Approach
      • Scenario Planning & Forecasting
      • Passenger Flow Measurement
      • FODD & Fuels Management
      • Flight Management & Briefing
      Leidos Smartlane in use at an airport

      Safeguarding travel and trade at a global scale with fully-integrated security detection solutions.

      Learn About Our Portfolio

    • Defense

      From our airborne work alerting warfighters to what's over the next hill to our autonomous maritime platforms protecting sea lanes and shores, our team is solving global critical challenges.

      • Airborne
      • Autonomy & Autonomous Solutions
      • Command & Control
      • Cyber
      • Digital Modernization
      • Operations & Logistics
      • Training
      Gibbs & Cox-designed DDG-51 Arleigh Burke-class destroyer at sea

      Leidos completes Gibbs & Cox acquisition, expanding maritime undersea, autonomous and cybersecurity capabilities.

      Read Press Release

    • Energy & Industry

      Leidos is uniquely equipped to support your important work in critical industries such as energy, transportation, and manufacturing.

      • Site Management & Operations
      • Power Delivery
      • Integrated Energy Management
      • Project Finance & Development
      • Digital Utilities
      • Manufacturing Systems
      • Transportation
      • Advanced Communications Solutions
      Electricity pylons in sunny field

      Leidos delivers a complex modeling project resulting in a clear view of bulk electric and sub-transmission systems for FirstEnergy.

      Read the Case Study

    • Government

      We support important programs that expedite identity theft recovery, protect electronic health records, streamline paper tax filings, enhance consumer fraud investigations, support census data collection, and enable scientific research.

      • Cybersecurity
      • Digital Modernization
      • Health IT
      • Forms Processing
      • Operations & Logistics
      • Mission Software Systems
      IT analysts in discussion over monitors

      Leidos completes acquisition of 1901 Group, expanding digital modernization capabilities.

      Read Press Release

    • Healthcare

      We draw on decades of success to deliver a range of solutions and services to meet the healthcare challenges of today.

      • Hospital Systems
      • Federal Health
      • Military & Veterans Health
      Healthcare professional using tablet

      Taking a strategic approach to experience true digital transformation in healthcare.

      Read White Paper

    • Homeland

      Integrating, applying, and advancing IT to tackle the ever-advancing challenges of protecting our borders.

      • Biometrics
      • Mission Cyber & Network Defense
      • Integrated Systems
      • Digital Modernization
      • Data Analytics
      • Intelligence & Linguistic Services
      • CBRN Defense
      • Human Capital Services
      • Complex Logistics
      • Ports & Borders
      • Critical Infrastructure
      Leidos Smartlane in use at an airport

      Safeguarding travel and trade at a global scale with fully-integrated security detection solutions.

      Learn About Our Portfolio

    • Intelligence

      With expertise in cloud-enabled automation and augmentation and a team adept at harnessing machine learning, we’re applying powerful analytic tools for superior performance and protection despite a staggering breadth of data.

      • Intelligence Community Engineering
      • Collection, Analysis, & Reporting
      • Operational Support & Training
      Woman looking at computer screen reflection in glasses

      Our DevOps Lab is an advanced, unclassified, state-of-the-art center dedicated to software and hardware development and engineering.

      Learn more about the Lab

    • Science

      Providing groundbreaking scientific research and environmental management best practices that make headways in the defense, civilian, and health markets.

      • Life Sciences
      • Autonomous Systems
      • Airborne & Ground ISR
      • Command & Control
      • Environmental Science
      • Modeling, Simulation, & Training
      • Sensors
      • Specialty Sciences
      Illustration representing health-focused scientific research

      NCI's Frederick National Laboratory has launched three initiatives focused on SARS-CoV-2.

      Read the Article

    • Space

      Speed, security, and scale for your most critical space missions

      • Mission Operations
      • Human Exploration
      • ISR
      • Payloads
      • Domain Awareness
      • Propulsion
      Female behind a transparent screen with text and graphs visible

      IT systems disappear into the background by providing an enhanced user experience

      Learn how IT Enables the Mission

  • Capabilities
    • Cyber Operations

      We use intelligent automation and AI/ML-driven analytics, combined with detection and mitigation, to protect and defend networks.

      • Zero Trust
      • Security Operations Center
      • Cyber Resiliency
      • Risk Management Framework
      • Cyber Analytics
      • Information Assurance
      • Insider Threat
      • Accredited Testing & Evaluation
      • EXCITE
      • Electronic Warfare
      binary code

      Outpacing adversaries through the application of IT, engineering, and science.

      From Castles to Cities with Zero Trust

    • Digital Modernization

      We deliver resilient IT solutions and managed services that leverage trusted AI and full-spectrum cyber to decrease vulnerabilities in complex IT operations.

      • Application Modernization
      • Cloud
      • Data Center Modernization
      • Digital Workplace
      • Mobility
      • SecDevOps
      • User Engagement
      IT analysts in discussion over monitors

      Leidos completes acquisition of 1901 Group, expanding digital modernization capabilities.

      Read Press Release

    • Integrated Systems

      We deliver high-performing hardware and software systems to solve challenges in an array of specializations.

      • Assured-Position Navigation & Timing
      • Autonomous & Unmanned Systems
      • Biometrics
      • Security Detection & Automation
      • Sensors, Signal Processing, & Analysis
      • Space
      • Strike Systems & Hypersonics
      • TRAPS
      Gibbs & Cox-designed DDG-51 Arleigh Burke-class destroyer at sea

      Leidos completes Gibbs & Cox acquisition, expanding maritime undersea, autonomous and cybersecurity capabilities.

      Read Press Release

    • Mission Operations

      In-depth domain knowledge and mission understanding to provide cost-effective tools and enhanced processes that are secure, resilient, and support our customer's critical missions.

      • Antarctic Support Contract
      • EngineeringEdge® NextGen
      • ISS Cargo Mission Contract
      • Leidos Performance Management
      • UK Logistics & Operations
      • StarTT®
      • Strategic National Stockpile
      Ice sheet in Antarctica

      Each year, Leidos moves more than six million pounds of cargo and coordinates 100 flight missions to and from Antarctica.

      About Our Role

    • Mission Software Systems

      Through disciplined processes, common tools, reusable frameworks, automation, collaboration, and domain expertise, our mission software systems are designed to deliver secure, mission quality software.

      • Command & Control
      • LEAF
      • SE Core
      • Tactical Data Links
      • AI/ML
      Software on a mission text on blue background

      Mission quality software. Silicon Valley speed.

      More on Building Better Software

    • Enabling Technologies

      Our enabling technologies are the backbone of our core capabilities, supporting our customer's important work from the front lines.

      • Secure, Rapid Software
      • Trusted AI/ML
      • Full-Spectrum Cyber
      • Rapid Prototyping & Manufacturing
      Military radar simulation with green display, showing a glowing grid with coordinates and positioning numbers

      How we are deploying AI to solve the world’s toughest problems.

      Artificial Intelligence in Action

    • Technology Certifications

      We partner with world-class technology providers to develop innovative solutions for our customer’s toughest challenges.

      • AWS
      • Cisco
      • Microsoft
      • Scaled Agile
      • ServiceNow
      group of coworkers looking at computer monitor

      We help our partners save money and improve performance.

      How the Cloud Saved Some Coin

  • Insights
    • Insights

      Expertise, industry leadership, unique perspectives, and more — directly from our employees and stakeholders.

      • Latest Insights
      • MindSET Podcast
      • Press Releases
      • Heroes of Leidos
      • Our Experts
      • Careers
      • Military & Veterans
      • Inclusion & Diversity
      • Community
      • Articles
      • Case Studies
      • Infographics
      • Q&As
      podcast microphone

      Listen to the stories behind the world's most important work in the MindSET podcast.

      Explore the MindSET Podcast

  • Careers
    • Latest Opportunities

      Keep up to date on the latest career opportunities at Leidos.

      • Military Veteran Program
      • External Referral Program
      • Intern & New Graduate Jobs
      • Careers with Leidos in the UK
      • Careers with Leidos in Australia
      • Opportunities for Leidos Employees
      People icons with gradient over

      At Leidos, we have a strong focus on our employees’ career, flexibility, and well-being.

      Learn more about Leidos Life

    • Life at Leidos

      A career at Leidos offers meaningful and engaging work, a collaborative culture, support for your career goals, while nurturing a healthy work-life balance.

      • Our Values
      • Our Culture
      • An Inclusive Workforce
      • Build a Career
      • Leidos Alumni Network
      People icons with gradient over

      At Leidos, we have a strong focus on our employees’ career, flexibility, and well-being.

      Learn more about Leidos Life

    • Pay & Benefits

      Pay and benefits are fundamental to any career decision, which is why our compensation packages reflect the importance of the work we do for our customers.

      • Compensation
      • Health & Wellness
      • Income Protection
      • Leave
      • Retirement
      • Family Benefits
      People icons with gradient over

      At Leidos, we have a strong focus on our employees’ career, flexibility, and well-being.

      Learn more about Leidos Life

    • Frequently Asked Questions

      Find answers to the most commonly asked questions related to securing a role at Leidos.

      • Searching for a Role
      • Applying for a Job
      • Determining Application Status
      • System Access
      • Job Eligibility Requirements
      • Receiving Job Notifications
      • Our Talent Community
      • Career Insights
      People icons with gradient over

      At Leidos, we have a strong focus on our employees’ career, flexibility, and well-being.

      Learn more about Leidos Life

  • Search Search
  • Company
  • Markets
  • Capabilities
  • Insights
  • Careers
Back to top

Breadcrumb

  1. Home
  2. Insights

Solving the cybersecurity puzzle with Arlette Hart and Meghan Good

Cybersecurity isn’t an issue that can be dealt with simply by using technology. It’s about working together to solve challenging puzzles, bringing together technology and people to solve complex problems. 

portrait of Arlette Hart

This week’s guest on MindSET, Arlette Hart, Senior Technologist for Cybersecurity at Leidos, believes cybersecurity sits at the intersection between technology and people. For Arlette, if you want to protect against cybersecurity threats and vulnerabilities, both technology and people have to work together. 

Of course technology is important, it creates an opportunity for us to better detect, sense and react to activities happening, and even predict them, but it also creates new challenges of having to then protect the things that you’ve just created. It’s a vicious cycle. 

Joining Arlette in this podcast is MindSET host, Meghan Good, Cyber Solutions Lead for the Intelligence Group at Leidos. And what makes the conversation so rich is that, while they both have cybersecurity as their focus, including its challenges and innovations, they’ve come at it along very different paths. 

On today’s podcast:

  • Cybersecurity sits at the intersection of people and technology
  • The various pathways to cybersecurity at Leidos
  • The biggest threat to cybersecurity today
  • The advancements in cybersecurity
  • The impact of COVID-19 on cybersecurity

 

Transcript

Arlette Hart: We really want you to be a part of the team that is securing the information. If you're a Leidos person, secure for Leidos. If you're for your other organization, secure your information. And if you see things that are going wrong, be a part of the team that is protecting the organization. It's important to everybody because attacks can bleed out to other organizations.

Bridget Bell: Welcome to MindSET, a Leidos podcast. I'm your host, Bridget Bell.

Meghan Good: And I'm your host, Meghan Good. Join us as we talk with pioneers in science, engineering, and technology, to understand their creative MindSET and share their stories of innovation.

Meghan Good: So today on MindSET, we're taking a different format. Our topic today is around cybersecurity. And as this is one of my areas of expertise, I joined the conversation along with our senior technologist for cybersecurity, Arlette Hart, one of my esteemed colleagues who in the past was the chief information security officer at the FBI.

Bridget Bell: So both you and Arlette discuss cybersecurity as not only a focus on technology, but the intersection between technology and people, and how working together you can really protect against those threats and vulnerabilities.

Meghan Good: Well, and certainly the technology is still important too. And it's ever changing, which creates both an opportunity for us to better detect and sense and react to activities happening, and even predict. But then there's also that challenge of then we have to protect the things that we just put in, creating this vicious cycle. We talked about the multifaceted challenge of how to keep on top of that.

Bridget Bell: So in the conversation, you and Arlette both describe cybersecurity as addressing a puzzle, and that it's not just technology but it's the pairing of technology and people to really solve complex problems and puzzles, which echoes a lot of what we've heard from other MindSET guests.

Meghan Good: One part of our conversation that I really liked was talking about the future of work as we're in this very remote kind of environment right now with the current pandemic. But how is that going to influence what we do in the future, what technologies we engage, what protections we need? We're already seeing it affect our new normal from a security baseline. And we need those cool technologies. We need AI and ML. We need better analytics, better automation, better orchestration in order to be proactive against the threats.

Bridget Bell: Well, let's get started with the conversation.

Bridget Bell: Welcome to MindSET. Today, we're talking cybersecurity. And since our cohost, Meghan Good, is the VP cyber solutions lead for our intelligence group, we're going to take a different format than our typical interview. Meghan is joined by Arlette Hart, who's our senior technologist for cybersecurity, and they're going to have a conversation digging into some of today's issues within cyber. So let's get started. You're both experts in cybersecurity but have had very different career journeys. Can you start with a little bit about your background and past roles?

Arlette Hart: Sure. Let me start first. First of all, let me also say what a privilege it is to be on with Meghan, who is clearly an expert in this field. She and I work together a bit, and it's always just a joy to work with her. But I had a relatively circuitous route to reaching cybersecurity. I actually started in politics. I had a history and political science major. And that is just not the first major you would think when you're saying what's your typical cyber security role. But it was really interesting because I came backwards into not just cybersecurity but technology. I started off on the Hill working in policy there. And with changes in people on the Hill, you end up looking for other jobs. And one of the ones I found was writing system development methodologies. And from writing methodologies, I started doing some system development that led to doing integration and rollout of some enterprise capabilities and developing and managing infrastructure, and then supporting procurement and those kinds of things.

Arlette Hart: And at one point, I was working for the Senate, actually at the Sergeant at Arms office, and said, "I really want to do something harder than this," because I was kind of getting bored. And I took a job, a random right in integration plan for cybersecurity capabilities at the FBI. I happened to have a security clearance that met their needs, and it was a six-month assignment that turned into a cybersecurity career. When I took that job, I was absolutely new to cybersecurity. I don't think I knew what an intrusion detection system was until I actually took that job. And I never looked back. It was really an interesting career progression. And from there, I went to manage program for cybersecurity and went on to become a senior technologist with the FBI, and went on to become CISO with the FBI, and then came to Leidos to be senior technologists for cyber security.

Meghan Good: That's certainly is a circuitous path. And I would say, for mine, it's a bit more straightforward. I started with Leidos as an intern while I was finishing up my bachelor's and my master's in computer science. So maybe not political science and history, a little bit more the expected route perhaps. But the team I joined supported information operations for the Department of Defense and our intelligence customers. So of course we can't say too much about that, but all in all this work eventually turned into what's known today as cyberspace operations and where, as a nation, we're striving to achieve information dominance in and through cyberspace.

Meghan Good: Over the years, I took on a number of technical leadership roles on key projects, including leading our consulting line of business for our commercial cybersecurity team at the time before focusing on applying data science and engineering to improve cyber operations, getting back to my roots. My focus area there has landed in how we translate cyber activity into terms that non-experts understand, and how to do that in a timely manner through smart automation and integration, as well as really cool graphics that tell a story and highlight where we can maneuver or fix next.

Meghan Good: As a Leidos technical fellow, I lead research projects in this area, in cybersecurity. And in my current role, I lead our cyber solutions development within the intelligence group, as well as direct our solution architect program for Leidos and host this MindSET podcast with Bridget. It's busy.

Bridget Bell: Yes. And as you can see, they're very two distinct journeys from the kind of circuitous, almost falling into a role that was supposed to be six-month assignment and turned into a career, to a more straightforward path and being with Leidos from your internship to now all of these leadership roles. So thinking back to the start, what got you interested in a career on cybersecurity?

Meghan Good: I think, for me, it certainly is a degree of hard work and luck. Because when I was at the time graduating, cybersecurity wasn't what it is today. But part of my coursework in college was in cryptography, and then following up with network security and data security. And I think I just got obsessed with the puzzle of it all. It's a matter of there's lots of moving parts. There's lots of pieces that are influenced by things you can control and things you can't control. And then there's the technology behind it, that no matter what it's always changing. And so you have to stay on top of technical fields and then you have to figure out the best way to secure it, which is really more about how you work with people, how you work kind of in these societal norms too. It's just fascinating to me.

Arlette Hart: I agree. And I take it a little bit from the other side of, also, I like a challenge just like Meghan on this one. And this one's a big one. It mixes technology and, believe it or not, a lot of social sciences, including political models and motivations and historical realities and real politic or whatever they call it now. And there's a lot of complexities. And it's hard. And I like things that are hard. The space is so multifaceted. And the range of disciplines, they mirror not just the realm of society, but they also mirror all of the IT world, from mobile to big data, to AI, ML and legacy versus innovative technology, and how to address all of those kinds of holistically. And protecting all of it is a big, big challenge.

Arlette Hart: It's easy to think of attacks being about technology, and they are, but there is a human being on either end of those attack vectors. And there's somebody trying to do something to somebody else at each side of it. And knowing why they're doing it or what they're doing and what their motivations are, there's a big part of that goes to what does that threat really look like. And on the victim end, it's not just the secure at all costs because their motivations are also different. They may want to protect things, but they want to protect things at a level where they're not losing more money in the protection than they are in the value of the product itself. So it's a really hard question. Because learning how to protect things properly, it's easy to say, "Oh no, we want to just be secure." Because a lot of times people don't just want to be secure. They mostly just want that security to have happened to them. So the whole multifaceted realm of this discipline is what's really interesting to me.

Bridget Bell: I find it really interesting that you both describe your interest in cybersecurity by saying it's that intersection of technology and people. Because I think you're right, when you think cyber security you're thinking hackers and attacks and vulnerabilities and not necessarily the social and people side of it. So I really enjoyed that's what brought both of you into these careers. And I also want to go more into your past experiences. So with Meghan, here at Leidos, and Arlette, with your more indirect path and being the CISO at FBI, what would you both consider the biggest threat to cybersecurity today?

Arlette Hart: For me, it is, I'm just going to broad brush one, unevenness and unknowns. When you look at cybersecurity, to me it looks like a fractal. At the top level, it's uneven and jagged. And as you go down into each and every organization, it's uneven and jagged. And the interest in it is uneven and jagged at different places in different organizations. So this is caused by a couple of factors, of course. One, obviously the people. Some people take it seriously and some people don't. And when they do take it seriously, they take it seriously in this area, but then they're like, "Oh, but not that." And so there's an amount of that. And some organizations are very diligent, and organizations that those organizations rely on may or may not be diligent. So that's the whole supply chain question, which you've probably heard of.

Arlette Hart: There's also the legacy versus new technology question. It's really hard to retire old systems in any organization. It just gets challenging to say, "Yeah, I don't need that anymore," because there's that one last little piece of it that some other critical capability is depending on, no matter how much you want to get rid of that. So then you end up, from a cybersecurity perspective, still protecting a legacy system that is barely able to function at all. And new technology is either delayed because it isn't protected, so then the organization can fall behind, or it's deployed without adequate protection so you have too much risk. Or it's deployed without anyone knowing about it so you have the shadow IT piece of it. So having that balance among those pieces is also hard. And the other piece is the cost of protecting versus the operational needs of the business.

Arlette Hart: All of these factors feed into your decision making about how much you're putting into cybersecurity. And both business and government have the same challenges with this. Government has its mission. Nobody in government has unlimited funds to devote to cybersecurity. When they start getting more money, the first thing they think of is not, "Wait, I should just beef up my cyber security." They think, "Oh, this is another cool thing that I can do", which just turns into the whole legacy versus new technology thing. To me, those two, the unevenness and the unknowns are the biggest challenges in cybersecurity.

Meghan Good: I wholeheartedly agree. And I love the way that you say that about things being uneven and jagged. Because really, when I think about this, it's the large attack services, but they're not even large, they're quite small. And the fact of the matter is that a vulnerability in one spot, there's such an asymmetric effect, an impact, that you can have on that, on a larger network, just by one unique vulnerability. And then you can propagate that further, from an attacker's perspective. And from a defender side, how are you ever going to figure out what that one thing was? It's almost impossible to see all those jagged edges that Arlette describes, unless you really are very honest with yourself, unless you can keep up with this with tons of sensor data, if you can store all of that information over time. I mean the cards just stack against you very quickly of what capability you would have to have to have that insight and that visibility and that knowledge, and then be able to act on it as well.

Meghan Good: We're at this limit. As Arlette said, there's a limit of how much you can spend on this, but there's a limit of how much that's physically possible for you to know and to action. And I think we're hitting to where we have newer technology in time to help us address that, but it actually makes it harder because there's newer technology to look after. And so it's this problem that feels like it keeps building on itself. And you can very quickly become overwhelmed by the threat there. And I think being overwhelmed is probably the third thing that I would add in to the unevenness and the unknowns as Arlette said. It's just the fact of the matter is there's just so much. But I think that we're at a pivotal time where we can go forward smartly and start to address those areas that we can control and bring it into some semblance of really knowing what we do know and protecting against even those things that we don't.

Bridget Bell: And that's a good segue into my next question. Because I know, with cybersecurity, you talk a lot about threats and vulnerabilities. But trying to look at the more positive side, what are those technologies, those advancements in cybersecurity that you're really the most excited, whether that's coming in the next year or more longer term, in the next five years?

Meghan Good: Right. And I would say in the recent past, as I just discussed, it's a lot about automation. And it's been workflow automation and how to get these use cases done so we're not wasting people's time. We can leverage machines. As we move forward, I think taking the next step, the one that I'm most excited about seeing mature is deception technologies. How can we mimic that uneven and jagged-looking network to a potential attacker so that they think they're handling one type of environment, but in reality we are more protected within some sort of a fortified wall and we're deceiving them of what they think they're going to be able to accomplish. To me, that's taking it to this next level. It's a bit sci-fi, but it's really one of those things that's emerging. And from the vantage point of cyberspace operations, it's a very powerful technology.

Bridget Bell: And I have to jump in because when you mentioned it's a bit sci-fi, I think a lot of the topics that we go into on MindSET do have that a little bit sci-fi feel. So Arlette, what are you most excited about?

Arlette Hart: So I don't know that they're the cutting edge technology, but I think we have under-leveraged them at this point in time for cyber in particular, so AI, ML of course. I think it can really make a difference. I think we're at the edge of being able to make a difference with it. I've been thinking about coining the term detect in depth and protect in depth, so we talk about recursive detection and protection capabilities. So it's like we don't look at things once, we look at things for their first level of, "Okay, that's a problem," but then we start looking at when we look at more of those logs, looking longitudinally, looking at patterns of behavior that you couldn't necessarily see just by looking at things at a point in time.

Arlette Hart: And one of the things, one of the capabilities that enables that of course is cloud capabilities, which just make it much easier to store your logs. Now, you have to store them correctly and safely so that you're not putting them at risk because that's sort of an important component of your world. But if you can put your logs in a place where you can store not just a day of your packet capture but do some serious amount of packet capture and then run big data solutions against your packet capture and looking at different kinds of ways that people will be taking your information out, then you can do low and slow and start doing detection at different levels than you were able to before. And I think those are the places where we really can make a difference in what the threat vectors look like.

Arlette Hart: I agree with Meghan about the automation and the orchestration. Let's get rid of some of these commodity problems. We shouldn't be spending a lot of time on those things, but we do need to make them actionable accurately with the the SOAR capabilities and getting the commodity threats completely out of the way. And the advantage of that also, we really want to make it more costly to the attacker to attack and make us hard targets. We don't want to be the easy thing that, as Meghan was talking about, the threat can just expand over time. We want it to be a hard target that is easily able to patch and manage the infrastructure and not have those vulnerabilities just exposing us all the time.

Bridget Bell: So two things stood out, Meghan describing it as that fortified wall that you're talking about, Arlette, making you stronger. But I also really loved the detect in depth and protect in depth. Because as you describe it as these jagged edges, that the farther deeper you go the more jagged edges there are in those unevenness and unknowns and overwhelming, but if you can detect those in depth and protect those in depth, you're going to build up that fortified wall. So we talked about what long term you're excited about. Let's bring it back and talk about what's happening in the more near term. So as we see more and more people working from home and having to access various networks remotely, have you all seen an increase in threats or attempted cyber attacks?

Arlette Hart: Kind of. There's more activity, but the more activity can just be because there's more activity because people are doing things differently than they did before. It's hard to really attribute it to because they're working from home. The traffic itself looks different than it did before. And whether it is because it's the time of year or because people are working from home or because there's an increased attack vector, it's hard to say, because causality is very difficult in cybersecurity. That said, we pay a lot of attention to that and we make sure that we are tracking aggressively what's going on. And when environments change, which is a thing that happens in cybersecurity all the time, we adjust fire and make sure that we do understand what that change in environment means from a threat perspective. This is just another new capability to a cybersecurity perspective. Working from home is just the same as mobility in some ways. You have a different way you are reaching your critical data.

Arlette Hart: One of the things that I think is true though is that "security is a team sport". I'm using air quotes. You just can't see them. And I think it's more true right now when people are socially distant than when we're all in the office together. Responsibility for reporting anomalous activities, this really is something that we would ask people to do all the time. We really want you to be a part of the team that is securing the information. If you're a Leidos person, secure it for Leidos. If you're for your other organization, secure your information. And if you see things that are going wrong, be a part of the team that is protecting the organization. It's important to everybody because attacks can bleed out to other organizations.

Meghan Good: I definitely think with that, I, first of all, cannot believe I said the word fortified wall before. But Bridget, you're so good to remind me of that because really it's one of those that there isn't a wall. It doesn't exist anymore. There isn't an edge to a network. And as Arlette says, right now people working from home, that's mobility, that's the way things have been. I think for us, we're experiencing that at a larger scale right now to keep our employees safe. However, our home networks just aren't the same as enterprise networks. The level of investment in security devices, and even our own practices, just isn't the same when you're at your house, in your yoga pants, versus at the office. I think you have a different level of decorum to that people side of what you would do and what you expect is normal than maybe what you do at your home, where some of your leisurely activities can take place at the same time as work ones.

Meghan Good: And that mixing of that traffic I'm sure is something that Arlette and the team are seeing, and that it just looks different. And we really need those good analytics. We need that good automation to help us figure out, "Is that really somebody coming in from an IP in Colorado or are they coming from some other country? And does that even matter?" It's just really different between home and the enterprise. But I think what is kind of interesting and, with the team of experts that I work with here, what I'm blown away by is there at-home labs that can rival enterprise labs and enterprise networks, so where they have way better security than some enterprises are willing to do, because they have the ultimate visibility on their house. And so I think we're seeing what are some kind of cool ways that you can implement some of these new technologies on a really small scale. I think if they weren't home, they wouldn't have the chance to really play with that. So that's a one silver lining to this situation that we're in today.

Bridget Bell: That's a fun perspective. I am curious now for both of your home networks, what kind of security you have in place being two of our most cybersecurity experts in the company.

Meghan Good: I knew you were going to ask that. And I just have to say that sometimes the best security is obscurity. No comment.

Arlette Hart: I'd rather not give away my security posture.

Bridget Bell: All right, we won't reveal any secrets here. So if you were able to solve one cybersecurity challenge right now, I know it's going to be hard to narrow it down, but what would that be?

Meghan Good: I think, for me, it's information sharing. It's a concept that is talked about a lot between the government and commercial industries, and particularly for us within the defense industrial base of where we want to share when we discover a new attack vector, we want to share indicators of threat activity. But the challenge just becomes that there's so much and that some of the parts are valuable, some of the parts aren't, but all of that really changes over time and it's value changes over time, and it's hard to crack the nut. And I really think that cybersecurity isn't the only field with this challenge. I mean we're finding that right now with the news about COVID. When you know something about COVID-19 versus what you heard weeks ago, it's all different. But it still is one of those things that we're trying to figure out how we can share that information without breaking the internet and without making it so diluted that it doesn't matter anymore. I want that solved.

Arlette Hart: That's a good one. That's not the one I chose, but that's a good one. I like that.

Meghan Good: Well, thanks. I figured you'd pick something different.

Arlette Hart: I would wave my magic wand and make it easier to, well, do everything in cybersecurity because most of it's hard. But, to me, the most important would be to know what risk looks like so people can really apply the right resources and to balance their operational needs against the risk of loss. And the result would be something close to the right answer. There's been a lot of work in this area, but it's still just really, really challenging to do this. I mean back to the fractal problem, every edge is another place where you have another problem with this. Other disciplines like fires and automobile accidents and things like that, there's enough information to allow actuaries to understand what the risk means.

Arlette Hart: But with cybersecurity, we're really not there. And it's even harder, in part, because the victim still has everything that they had before the crime. So it's not like they lost their car or their house. They still have the data that they had, not always with the same level of integrity, but they still have it. But they don't know whether they are the only ones who have it. So they don't know, "Am I sharing it?" And what is it worth to them to share? So that's the piece that I would really like to crack because then you could make real decisions around what should my cybersecurity investment be and make it so that you have a real risk appetite related to it.

Bridget Bell: So in this conversation, we've talked about both of your really unique career journeys, and then also some of the technologies that you're seeing and are excited about for the next one to five years. So I'm curious, if we look back to when you first got into cybersecurity, is there a technology that we have now that you wish we had back then?

Arlette Hart: So I would go with big data analytics, being able to look and link critical elements together so that they can really see what is the vulnerability picture, especially when the attackers were much less sophisticated. Then we could have tied a lot of things and saved a lot of time and money and become much more sophisticated earlier if we'd had much, much better data analytics early on. I think that would have been a game changer 10 years ago. And we could have just changed the vector of how things are done. I think it also probably would have informed a lot of vulnerability management and helped get patching where it needs to be and had people focusing much earlier on closing the cyber coding or the coding gaps with some secure dev ops, instead of just dev ops, and really helped us push what the cyber narrative is.

Meghan Good: So Arlette, since you took the good one, I'm going to say SOAR tools, security, orchestration, and automated response. And, for me, for those of you who don't know, that's a capability that takes in inputs from different kinds of security sensors and detection systems that we have, it does things that a person would normally do and then starts to actually affect some of the other systems that are doing protection. So it's one of those that things come in and it takes action and then it makes magic happen for us. And it's all set to these different playbooks. And I think about the first set of automated tools that I coded up for our group way back when, and I just wish that I had them as playbooks. I wish we could have put them in. We would have been so much further ahead. We would have been tackling the more sophisticated challenges sooner. And I just think it's one of those classes of capabilities that are becoming a defacto standard across lots of enterprises thanks to a number of different vendors in this space.

Arlette Hart: I don't think I win on that. I thought SOAR was also a really good one.

Meghan Good: I think they work together though. I mean that's the best part is one tool alone doesn't do it. It's a bigger solution that we need. And it's finding the way that you're getting the right combination of inputs that give you the kind of insight and visibility that you need through those analytics, that you're actually actioning it in a way that really is protective.

Arlette Hart: And it's funny because both of them assume that you have the right information in there.

Meghan Good: Oh, that's so true. That you shared it, to my point before, but that you're also generating it yourself within the bounds of your enterprise, that you know what those devices are, you know what kind of software they're running, you know what you have out there to detect it. I mean it's a lot of those critical security controls, which I think sometimes we can feel like is a compliance checklist. But without it, we really can't do any of the good stuff. We can't do the good threat analysis. We can't do the good kind of protection that is absolutely necessary.

Arlette Hart: And that the sensors are working and working properly and giving you the right telemetry and the information that you need, and that you're getting it in all the time when you're supposed to be getting it in, and all those little heartbeat kind of things that are also truly critical to this.

Meghan Good: Right. And even beyond that, if you think about the kinds of deployed networks that we work with, they're in these remote locations sometimes, right? Where the network extends, that, even as we talked before about mobility, there might not be great bandwidth to bring all of that information back. So it's a matter of how you're choosing the right kind of data that is really going to inform those risk-based decisions that you talked about, Arlette.

Arlette Hart: Absolutely. Yeah. Yeah. Did we say something about hard problems before? Yeah.

Meghan Good: And multifaceted and interconnected.

Arlette Hart: Exactly.

Meghan Good: We could talk about this forever probably, Bridget, and hopefully we haven't lost you in our conversation.

Bridget Bell: Not at all. I love it. I just want to sit back and listen to you. So is there any other topics that you all want to dig into or talk through?

Meghan Good: I think the question I always have is what's the transition like to go from being with the government to really trying to ensure the security of a very mission-oriented agency to coming to a company like Leidos and looking at our networks, our reach, our data, what lessons did you apply in that transition?

Arlette Hart: It's so very different. The perspective from government is you're protecting the critical data for... Leidos has that same idea. We protect government's critical data also. So there's an element of commonality with that. But looking at it from the being in government and being the one responsible for making sure that data is protected, you are on the front line in that place. And you're the one who is the reactor to that. When I left government, it was the, "Oh, okay. I'm leaving that piece," and there was no taking it back. It was the, "Okay. I now sleep nights instead of staying up all night." It was a big weight because it's very heavy doing that from the government perspective and making sure that the protections are in place and working with the people and making sure all of the elements are doing what they need to be doing 24 by seven.

Arlette Hart: I'm not saying it's not heavy here too, because I think it is. I think it is the same kind of weight, but the ultimate responsibility question is a little bit different. But when you come here, you still need to do that same level of diligence. It just looks a little different. And the mission turns into a different animal. From the government perspective, you do that from a, "This is what the mission is. We accomplish the mission." There's still a balance. There's still the, "Here is the balance. Here's the money that you have to do this thing. Here's the mission that you have to do within that type, that amount of money," but you don't have the financial incentive.

Arlette Hart: So one of the risk questions, when I talk about risk, when you do that from the private sector perspective, there's a financial cost to what the risk is on both sides. So it is, "This is what your cybersecurity budget is. This is what your risk costs, how you're monetizing your risk." When you do that from the government perspective, you can't really monetize risk that way. Yeah, they have budgets and things like that, but when they lose something, they don't lose money like that. They lose PII lives, things that have non-monetary value but are extremely highly valuable. So it sort of looks a lot different. Does that make sense?

Meghan Good: That does. And I bet the calculations there are completely different when you're talking about risk. It's not just the very rote or almost counting like look at risk. There's another nuance. There's a lot of shades in there.

Arlette Hart: Exactly. Okay. So me to you, what's kept you at Leidos this whole time.? What's kept you engaged all the way through?

Meghan Good: I think one has always been finding the next challenge and having advocates who support me in finding those challenges. So when I joined as an intern, the group that I worked for was ready to offer me a full-time position. Right? And it was one of those where I knew what I was getting into, but I knew that there was a lot of growth and room to grow with that group. And then, from there, I would say, as I look back on the course of my career, every 12 months to 18 months I've taken on a new challenge. Now, that usually means that I haven't let something go, hence lots of hats and roles. But I really like that I think at every turn I've been able to see what's the latest in technology and explore through different research areas, which peaks my interest and keeps the challenge going.

Meghan Good: But then at the same time, take on leadership roles where I feel like I'm giving back and supporting other really smart and bright people. I love connecting up different technical ideas. And I feel like as a tech fellow and as a solution architect, that's our calling here is to connect the dots, to solve these bigger problems, and realize that it takes multifaceted thinking that we all learn through different cyber operations kind of work. But it also takes figuring out where you need the mix of depth as well as breadth. And I see that a lot across Leidos. I find it really energizing and there's a lot of job satisfaction here. It's a lot about the people I work with and it's a lot about the opportunities that were given to really make a difference.

Arlette Hart: Yeah, I agree. There are a lot of opportunities at Leidos and there's some seriously smart people here, and it's just been really interesting to work with the people here. I agree.

Meghan Good: Sometimes it feels like a really long time, but other times it goes by so quickly. And I think, right now, we're really seeing this big evolution in how work is changing. And I can only imagine how much more we're going to be able to do virtually to really pull in our international team and our team with our customers, our vendor partners, as well as the technologists that we have here. It's an exciting time.

Arlette Hart: It really is. This has been a forcing function for how to really work remotely. And I think we're going to learn a lot from it. And I think it's got some serious up sides. So it'll be really interesting, yeah.

Bridget Bell: So let's wrap up with one final question. What guidance or advice do you have for our listeners as we close this conversation?

Meghan Good: Well, I would say, as a problem solver myself, what I would recommend is that you have to work through the fear that I think has come with cybersecurity and with the threats and the challenges that we've talked about and really start to identify what are the problems that you can address, and prioritize what's the order that you can do it. And I know that sounds very simple to say. We've talked a lot about technology. We've talked about people. That's probably the process element of it. But taking it step by step, you'd be amazed how far you come. And I think really having a plan, having some actions, being consistent about what you're doing when you bring in new technology, when you incorporate new security procedures and controls, all of that helps the greater good, as long as you can get through that process and make sure that you're reaching the goal that you want to get to. So take your time, work through it, and identify the problems you can solve.

Arlette Hart: Well, those were good. I also have three. And the first one is work and play well together. This is, again, a team sport. Remember the railroads early on, they didn't have standards for how far apart the ties should be or the rails should be. Eventually they got to the place where they had standards. What we need a lot is for industry to work together and establish standard bases for building so that we can all win. All of these boats can float higher. The rising tide raises all boats. No one wins as long as there's large swaths of the country or the world that are losing. It's kind of like a prisoner's dilemma. And it's like if one person just does all of their pieces but doesn't bring everybody along, we all lose. We all have to be together on this game to win this game.

Arlette Hart: For the big players, I would really like to ask them to consider eliminating a lot of those simple problems, patching and updates, make more things backward compatible, make it so that people can really support legacy. The objective is for them to be able to be secure more than for them to be able to upgrade, enabling people to really secure their infrastructure even if it's not what you want their infrastructure to be. I know it's easier said than done, but it really is important. It is a lot easier said than done. And I understand the backward compatibility and there's limits to it and all those kinds of things. But somehow we need to get past the place where a patch can break your entire infrastructure. And that's kind of where we are. So better attention to how to patch and what it means to update and making sure that we have better cybersecurity.

Arlette Hart: Finally, keep pushing the front edge. I think there's a lot of room for thought leadership in here, and we need to think in new ways and do things differently and we have to really make everybody a hard target. That's my input.

Bridget Bell: Yes. Thank you. Both Meghan and Arlette. This was a wonderful conversation. To all our listeners, as always, please, if you enjoy this podcast, share it with your colleagues. And to learn more, visit leidos.com/MindSET.

Related Insights
View More
  • Robert Franceschini on MindSET podcast
    Bringing it all together: The Leidos ecosystem now and into the future
  • Liz Porter and Kristin Gowers on MindSET podcast
    Why diversity in health tech is so crucial
  • A man on a poster advertising his podcast
    MHS Video Connect Telehealth Re-Envisioned
Author
Meghan Good
Meghan Good Cyber Solutions Lead

Meghan is the Cyber Solutions Lead for the Intelligence Group. She is also a Technical Fellow and Solutions Architect who focuses on designing and delivering innovative solutions for Leidos’ customer challenges. In her spare time, she enjoys exploring the outdoors with her two young children, cooking with her husband, swimming competitively, and podcasting.

Share
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
  • Share via Mail
  • Print Insight

Posted

June 16, 2020

Estimated Read Time

Author
Meghan Good

Tags

Podcast
Cyber

Sign up for our newsletters

Stay up to date on our expertise, industry leadership, unique perspectives, and more by subscribing to our newsletters.

  • Company
    • Our Business
    • Mission, Vision, & Values
    • Leadership
    • History
    • Inclusion & Diversity
    • Responsibility & Sustainability
    • Ethics & Compliance
    • Rankings & Awards
    • Partners
    • Subsidiaries
    • Contract Vehicles
    • Global
    • Trust
  • Markets
    • Aviation
    • Defense
    • Energy & Industry
    • Government
    • Healthcare
    • Homeland
    • Intelligence
    • Science
    • Space
  • Capabilities
    • Cyber Operations
    • Digital Modernization
    • Integrated Systems
    • Mission Operations
    • Mission Software Systems
    • Enabling Technologies
    • Technology Certifications
  • Insights
    • Newsroom
  • Careers
    • Life at Leidos
    • Pay & Benefits
    • Alumni
    • FAQs

Want to know more?

Contact us about product information and pricing, customer feedback, stockholder services, or just to voice a concern.

Get started

  • © 2023 Leidos

  • Trust
  • Ad Choices

  • Privacy Statement
  • Email Preferences
  • Do Not Sell My Personal Information
  • © 2021 Leidos
  • Australian Privacy Statement
  • Australian Whistleblower Policy
  • Ad Choices
  • Email Preferences
  • Do Not Sell My Personal Information

Utility Footer Navigation

  • Products
  • Customers
  • Suppliers
  • Investors
  • Employees
  • Accessibility
  • Twitter
  • Facebook
  • Instagram
  • Linkedin
  • YouTube