Carlos Fernandes joined Salient Federal Solutions in January to serve as director of its Cyber Security Center of Excellence and develop and implement the Fairfax, Va.-based IT, training and engineering services contractor’s cybersecurity strategy.
The former U.S. Air Force Intelligence Applications Officer had previously served as an adviser to Salient and brings more-than-21-years of information security, information assurance and cybersecurity leadership to his role.
ExecutiveBiz recently caught up with Fernandes to learn more about his holistic approach to cyber and national security, his and Salient’s work in predictive and ‘precognitive’ cyber capabilities, and how he is helping position the firm for the Internet of Things and IPv6 era.
Carlos Fernandes: My cyber career began more than 23 years ago as an Air Force intelligence officer. I served during the first Gulf War back in 1991. I have expertise in preparing in“‘depth studies and analyses, with an emphasis on what the industry is now calling “edgy“ technologies. These are technologies that are viewed as radical and disruptive in nature.
I have maintained affiliations with national and international organizations throughout my career and I have provided leadership to complex security“‘related engagements, including computer network operations. I’ve worked in close partnership with senior cyber clients and have focused my attention on bringing solid technical skills to diagnose problems and to engineer creative solutions.
I have more than 12 years of experience in international project management and have supported U.S. government clients in the DoD and intelligence communities, along with a long list of international commercial clients, including General Motors, Siemens, and Alcatel Lucent.
Prior to joining Salient, I served as the founder and managing principal of Agile Cybersecurity Solutions LLC, a small business providing cyber security consulting services to state, local, DoD/intelligence communities, and to commercial clients.
ExecutiveBiz: What do you do in that role and at the Cyber Security Center of Excellence?
Carlos Fernandes: I’m responsible for developing and implementing Salient's cyber security strategy and expanding the distinctions and innovations of the Cyber Security Center of Excellence to include a full range of cyber security solutions.
Salient is already well positioned in the cyber security market place with distinctions and solutions to defend against persuasive threats.
My Center of Excellence team and I are building on this capability and a concept that I have been working on for at least 10 years now, called “precognitive capabilities“ for predicting, preventing, and persisting against cyber incidents, instead of just responding after they occur.
We must discipline ourselves to outthink and outsmart our adversaries.
Carlos Fernandes: A lot of these new realities often start as science fiction and I am quoted as being a science fiction writer.
One day, as I was having this conversation with a colleague, she mentioned that this was more like precognition.
I started pondering the reference and realized that it more accurately depicted my vision, and that's what stuck. The real focus of the precognitive capabilities is taking a holistic approach to solving this very serious problem in cyber security.
It pairs both artificially intelligent technologies with deep subject matter expertise.
Carlos Fernandes: Since we cannot simply turn off IPv4 and turn on IPv6, which is the next generation Internet, a lot of the new technologies that are being introduced with “The Internet of Things“ are not possible to accommodate all of those capabilities on the existing IPv4 network.
It’s inevitable that we’ll have to transition to IPv6, but the biggest concern is that, during this transition period, IPv4 and IPv6 will co-exist on the legacy networks. In most cases, these new technologies have introduced vulnerabilities that are not detectable by typical cyber security measures and that’s creating what we at Salient refer to as a hidden network within an organization’s existing IPv4 network.
There are several things that should be done to mitigate these vulnerabilities. First, IT departments must be trained to understand how to correctly transition from IPv4 to IPv6. There’s a lot of conversation about the transition period, but a lot of folks, especially the system administrators and network administrators, haven’t received the necessary training on how to make that transition.
Public and private organizations should also press the issue with their security vendor relationships to develop and build technical solutions that will detect and block rogue actors on these existing IPv6 networks.
Assure6â„¢ is a very powerful and effective cyber security policy manager that combats cyber security breaches at the network level.
The Assure6 product suite protects networks against IPv6 security threats using a deep packet inspection capability to protect IPv6 security threats that are currently undetectable with any existing security tools that are on most networks today.
ExecutiveBiz: How can a predictive cyber posture be implemented?
Carlos Fernandes: Predicting to prevent anything is not a new idea. We all agree on the merits of predicting to prevent, versus responding after an incident has occurred.
We as a nation are really good at responding to incidents, and we need to take that same inspiration and use it to motivate and discipline ourselves to always stay one step ahead of the adversaries.
That’s really a mindset, a paradigm shift. We are not there and we probably never fully will be.
The second we convince ourselves that we have arrived, that will be our demise. Cyber security is a journey not a destination “¦ it never ends.
Carlos Fernandes: I recently had a conversation with what would be considered in the industry to be an ethical hacker, and he put it this way: when he goes after a target, he’s always looking for the path of least resistance.
Every single target that he has attempted to penetrate, he’s always found a vulnerability that he can breach, and he’s always been able to get through and look at things that he shouldn’t be allowed to look at.
So, if he can do it, others can do it too, and it's common knowledge that we are very vulnerable in this area. The solution would be to understand that the problem is less technical and much more political, philosophical, and cultural.
When I have conversations with folks, I always encourage them to not grow weary from the fight and continue to look for ways to find common ground for reaching collaboration between the public, private, and international communities.
ExecutiveBiz: What are you most excited about moving forward?
Carlos Fernandes: What I've been excited about for a long time is providing our clients with solutions that really matter. One thing that really annoys me is when a security vendor tries to convince a client that the answer is to add another piece of technology to the problem.
I often engage in these conversations and challenge that perspective by saying “What about performing a security risk assessment to get a handle on the current security posture? Why not understand what the current security posture is?“
Once you do that, then maximize the existing security tools versus further complicating the network by adding yet another tool. But really, at the end of the day, it’s always my goal to look back and tell myself that I’ve done my part to contribute in a meaningful way.