SRA's Dusty Rhoads and Jim McClave: How to strengthen your company’s cybersecurity

When it comes to cyber attacks, the time for collective resolve is now. Because of low barriers to entry “” a group can perpetrate a malware attack without deep expertise or much money “” the nature of the threat has invalidated or reduced the effectiveness of current signature-based cyber security protections. The consequences can be devastating. “Industry is starting to realize they're very much a target of these organized crime elements and group-based threats,“ says Jim McClave, vice president and director of SRA's products and offerings strategic business unit. Recently McClave and Dusty Rhoads, a senior member of SRA’s information assurance and privacy solutions division for the national security sector, shared what their company is doing to strengthen the  cyber security posture of its clients “” and how your organization can do the same.

What you can do

  1. SRA's Jim McClave
    SRA's Jim McClave

    Be proactive, not reactive. Here's a typical scenario: An organization is breached, data is exfiltrated, and everybody scrambles to mitigate the problem. “We're trying to become more proactive versus reactive,“ says McClave. “Our view is that a lot of the current cyber security protective technology has holes in it because it basically detects what is already known,“ he adds. SRA, by contrast, is repurposing a lot of its internal research and development activity to do anomaly detection. SRA is incorporating that work, as well as other intellectual property such as NetOwl (SRA's Natural Language Understanding product), into cyber wecurity adaptive network defense reference architectures that are being offered to clients.

  2. Participate with US-CERT. “It's very important for our industry counterparts to report cyber security-significant events to US-CERT so that a body of knowledge can be built up and exchanged throughout industry,“ says McClave. Participation in IT Industry Security Advisory Council is also key, he adds. Such reporting fosters a holistic understanding of cyber security.  Anything less can be disastrous. “You can improve your cyber security posture but create vulnerabilities in other areas,“ says McClave, about clinging to a piecemeal approach. “You may make it more difficult for your network to be penetrated but if you have inadequate physical security controls, background checks, etc., a person may still be able to get into your organization,“ he adds.  McClave recommends a routine exchange of best practices with US-CERT, the IT Industry Security Advisory Council, and with its Government Security Operations Center engagements.
  3. SRA's Dusty Rhoads
    Dusty Rhoads

    Invest in your people. “The weakest link in any computer system is the individual sitting in front of the keyboard,“ says Rhoads. “I would suggest spending a lot more money on training individuals on what the threats are, how to recognize them, what not to do, what is safe and what is not,“ he adds. Simple reminders on a regular basis, training that is based on specific and personal examples to bring home, and training focused on the younger employees who live on cyber devices, are key. At a company or department/agency level, training could include entry-level cyber security training courses for all personnel. For administrators, “boot camps“ focused on the latest IT and IA certifications required by government can be very useful. Such training would acquaint participants with best practices, certifications such as CISSP and ethical hacking. A company should also consider an exchange program where employees focused on one client site go to another for a half day exchange of ideas about strengthening security operations centers. At the government level these exchanges could be for six months or more.

What are you doing to strengthen your organization's internal cyber security efforts? Share your comments here.

You may also be interested in...

Eric Malawer Managing Director

Executive Spotlight: Eric Malawer, Managing Director and CEO of BluVector, A Comcast Company

Eric Malawer, managing director and CEO of BluVector, a cybersecurity technology company, recently spoke with ExecutiveBiz regarding the company's work with Comcast Government Services, LLC, as well as how artificial intelligence and machine learning have shaped the marketplace. Malawer also discussed the shortage of talent in the cybersecurity field in addition to the ways BluVector addresses and solves challenges for its customers. 

PV Puvvada CEO NetImpact Strategies

Executive Spotlight: Venkatapathi ‘PV’ Puvvada, NetImpact Strategies CEO & Former President of Unisys Federal

PV Puvvada, a more than three-decade Unisys veteran and six-time Wash100 Award winner, recently discussed his appointment as chief executive officer of the information technology and management consulting company, NetImpact Strategies. “My passion has been to help government organizations take advantage of digital technologies to improve their mission performance significantly," said Puvvada. 

Dave Dacquino and Tom Watson

Executive Spotlight: Serco Chairman, CEO Dave Dacquino & Defense Services Business Group SVP Tom Watson

Dave Dacquino, chairman and chief executive officer of Serco and a 2021 Wash100 Award recipient, and Tom Watson, senior vice president of the company's Defense Services Business Group, recently spoke with ExecutiveBiz regarding Serco's acquisition of Whitney, Bradley & Brown, Inc. (WBB) from an affiliate of H.I.G. Capital for $295 million.