NEWS + ADVICE
TASC’s Cybersecurity Programs
A discussion with Jeremy Ross, Division Director of Information Dominance, TASC. Mr. Ross served in the U.S. Navy for 4 years where he was assigned to Naval Security Group Activity-Ft. Meade. As a Signals Acquisition Officer for a 24×7 joint watch that acquired, collected and maintained classified intelligence networks, he was responsible for mission management, process management and reporting to support worldwide intelligence operations activities.
How do you describe cybersecurity
At the highest level, cybersecurity is actively managing, maintaining and defending all aspects of a network. To me, it includes three distinct domains:
- Defensive operations, a term that most people associate with cybersecurity, which is activity to promote information assurance;
- Offensive operations, which is being proactive in defending your network; and
- Intelligence, which is knowing who and what is on your network and who is attempting to gain access to it.
At the highest level, cybersecurity is actively managing, maintaining and defending all aspects of a network.
What are the key components of TASC’s cybersecurity program
TASC’s cyber approach encompasses three components:
1) situational awareness;
2) systems engineering; and
3) strategic consulting, operations support and information assurance.
Situational awareness addresses evaluating threats and network operations at the enterprise level. Systems engineering involves integrating cybersecurity into the network architecture, knowing that every network must incorporate security before deployment. The final aspect of our cybersecurity strategy is offering strategic consulting, operations support and information assurance to include DoD Information Assurance Certification & Accreditation (DIACAP C&A).
TASC also offers engineering integration and operations analysis, which provides insight into the integration and interoperability of all components on your network. It indicates how the level of assurance within the architecture impacts interoperability, operations and security. TASC also evaluates network effectiveness.
One of the key components of TASC’s cybersecurity strategy is readiness. To a services company like TASC, readiness is having well-trained and well-equipped staff available to serve our clients and further their mission. So, we strive to hire the most qualified candidates. We are always looking to hire veterans with these skillsets. By hiring the best, TASC remains the best.
What are the typical positions you are hiring for
Although many positions focus on the technical components of cybersecurity, the policy component is absolutely critical as well. If you don’t have a comprehensive cybersecurity policy in place at the start, all of the tactics behind it are for naught. Consistency across the enterprise is essential.
In my TASC organization (the Defense and Civil Sector), we have folks working with the U.S. Navy to set information assurance policy around the way IT and systems interact. Within the U.S. Air Force, we have subject-matter experts in defensive operations who do everything from detecting and monitoring advanced persistent threats to engineering the gateways and proxies within a network that keep people out through automation.
We hire intelligence analysts to support multiple intelligence agencies around the beltway. They perform a variety of functions from monitoring what the adversary is doing on the network to protecting the intelligence community’s infrastructure from attack. We also perform operations planning, such as developing a responsive or defensive action, and we offer capabilities analysis to address the actions that can be taken from offensive and defensive perspectives. TASC also is involved in the development associated with offensive and defensive tactics, techniques and procedures (TTPs).
Why are veterans good at cybersecurity
Veterans are some of the most qualified cybersecurity applicants we see. Being both a veteran and a cyber veteran myself, I know the specialized training and experience active duty personnel in my job classification at NSA acquired. Simply put, active duty military personnel receive training that is second to none.
Some professionals looking to separate from active duty aren’t even aware of the opportunities available to them when the leave the service. I was fortunate. My colleagues and I were actively recruited by industry while still on active duty. Many, though, are not recruited because they work at remote duty stations. They have no idea how valuable their skills are. They need to learn that great demand exists for their talents not just in companies that support the defense and intelligence space, but also in private firms, especially within the banking and finance industries. They are always looking for cybersecurity experts.
Again, military training is second to none. Veterans separate from the military with valuable certifications due to the military’s emphasis on continuing education. I can assign these professionals to a contract or place them in a client space right away, knowing that within weeks they will be fully up to speed and able to support the mission completely.
What was your MOS and what other MOSs apply to cybersecurity
I was a cryptologist in the Navy. Today, however, the services have taken several MOSs and consolidated them into a new MOS and established TYCOMs to support readiness. A perfect example is the Information Dominance TYCOM. It coordinates the staff, train and equip functions to assure the total readiness of more effective Navy cyber warriors. The Air Force and Army have taken similar steps.
Job-specific titles are not important. After being assigned a duty station, what you actually do is often far different from the job description. For example, when I was in the service, yeomen and CTAs functioned on the administrative side of the classified world. Yet, many quickly become much more engaged in the operational and tactical sides because of the capabilities they demonstrated. So, career opportunities deal more with the experience possessed than a formal job classification or MOS.
Leadership abilities, drawn from a variety of skillsets and critical thinking capabilities, set veterans apart. Even without a cyber MOS, they are an asset to any company. Veterans need to set themselves up for success through additional certifications and training and on-the-job experience before separation. Companies like TASC want to hire people who can solve problems with little oversight, and such individuals can be found in any MOS.