Detect and Defend Against Cyber Bad Guys and BotsMarch 2017
In today's world of massive email breaches and other sinister cyber crimes, the bad guys constantly come up with new ways of stealing things. Staying one step ahead of cyber criminals is a growing challenge. And the stakes are even higher when it comes to safeguarding massive federal data networks.
That's where MITRE's Erik Northrop comes in.
Northrop is a cybersecurity engineer whose work supports two different MITRE-operated FFRDCs. One, the National Security Engineering Center, is sponsored by the Department of Defense. The other, the National Cybersecurity Federally Funded Research and Development Center, is sponsored by the National Institute of Standards and Technology (NIST). The FFRDC supports NIST's National Cybersecurity Center of Excellence's goal of accelerating the adoption of secure technologies to address today's most pressing cybersecurity challenges. Both FFRDCs are deeply involved in computer and network security.
Northrop and his colleagues apply academic rigor, engineering muscle, and the latest security knowledge to identify and thwart threats to large federal networks. He helps our sponsors assess and neutralize cybersecurity risks on federal networks covering everything from healthcare to energy.
Never a Dull Day in the Cyber World
With the Internet of Things expanding and more people using social media platforms like Facebook to access personal information, there is no shortage of potential cyber threats. That threat is multiplied when it comes to federal networks. They handle millions of pieces of information on everything from healthcare to Social Security data.
"I have a cool job," says the one-year MITRE employee. "I help federal agencies get a clearer picture of the cybersecurity environment so they can make informed research-based decisions. That means staying on top of the latest cyber threats and analyzing the human behavior behind those threats. It's never dull. There's always a new challenge."
Right now, Northrop is working to provide his sponsors with a "near real time" view of their complex networks. That helps them quickly assess and fix security issues before any damage is done.
"These government networks are as large and complex as those at any multinational company. That's what makes my job so challenging. Hackers are not just looking for personal financial data. They're after any information that they can use to their advantage."
Even though hacking methods are getting much more technically sophisticated with a broader scope, they've also become easier to use.
"It's a new challenge," Northrop says. "Hacking sophistication is increasing at the same time the technical skills needed to use these tools is decreasing. Now almost anyone can use some of these new tools. Hackers are even creating automated hacking web robots to overload systems and lure people into giving out information."
People are Still the Key
In addition to his technical skills, Northrop also needs something else in his job—some good old-fashioned Sherlock Holmes-like assessment of human behavior.
There is no common description of a hacker, other than someone intent on doing harm. That means understanding what drives people to hack. Northrop and his team look at the "MO" of hackers—the people involved, their behavior, what information they want, and where they're coming from.
The team also looks at how people legitimately use systems, what skills are needed, how easy it is to make a mistake, and the impact of mistakes.
"We know that when users are inundated with too many objects on a screen they are more likely to make errors. So we advise federal clients on how to make systems less susceptible to these types of issues."
An Abiding Interest in "Things That Plug In"
Northrop was always interested in "things that plug in," but he didn't have a clear vision of his career path until he won a National Science Foundation scholarship at the University of North Carolina. After seeing the potential of helping the federal government solve large-scale cybersecurity problems, he earned a master's degree and is working toward a Ph.D. in computing and information systems. His career path has taken him to a company he loves—one that works with the federal government to stay a step ahead of cyber criminals.
"I'm having an impact on national issues that affect millions of people," he says. "I'm also working with some of the smartest people I've ever met, true experts in their fields. Plus, MITRE has an incredibly collaborative team environment."
MITRE's commitment to continuing education also helps. "It's not uncommon for us to already know about the latest cyber threat thanks to the company's belief in staying on top of the latest cybersecurity trends."
—by Andrew J. Porter
Are you a good fit for MITRE, too? Explore our current Job Openings.