MITRE Internship Launches Cyber Career

April 2014
Steve DiCato
Steve DiCato

As a veteran of two summer internships at MITRE, cybersecurity researcher Steve DiCato used the opportunities to put his academic studies into practice. He interned at MITRE after both his sophomore and junior years at Rensselaer Polytechnic Institute. After graduating in 2009, he joined the company full-time.

DiCato works at our Bedford, Mass., campus where he focuses on providing defensive cyber capabilities for the National Security Engineering Center, the federally funded research and development center MITRE operates for the Department of Defense.

Solving Immediate Problems

During his first internship at MITRE, he was greeted on the first day with a clearly defined task.

"Many of MITRE's sponsors have a global presence, which often means they also have distributed and disparate networks," DiCato says. "For one sponsor, each of these networks had a set of security devices, such as firewalls and proxies. The configuration of these devices was validated manually, line-by-line, and then reported among the various locations. By the end of the summer, I had created tools to validate and share these configurations in minutes versus hours; it was a rudimentary but much needed configuration management system.

"It was a great summer project because it highlighted a real problem, was well scoped, and introduced me to a slew of different security concepts and technologies."

When he came back for his second internship, he took on a task for the U.S. Air Force. "The second summer project was much more open-ended. The Air Force was rapidly virtualizing much of their infrastructure to save space, power, network resources, and of course, money. My task was to create a completely virtualized mini-enterprise and conduct security testing against it.

"By the end of the summer, I had a couple of different proof-of-concept exploits that focused on different pieces of the virtualized architecture."

As a full-time employee, DiCato continues to be active in both research and operations. "Much of my career has involved bridging the gap between research and day-to-day computer network defense. I've built tools for malware analysts and security operations staff. I also co-lead a MITRE research project called STRONGARM that improves the way network defenders respond to cyber threats. STRONGARM is currently undergoing Technology Transfer; the intent being a sustainable solution for our sponsors and the commercial world to use."

Research Environment Promotes Opportunities

For DiCato, MITRE's emphasis on developing solutions to problems of national importance is a big draw. "I love the fact that we're not just building the next product in a product life cycle.

"Plus, MITRE offers a level of flexibility and diversity in work—it's part of our culture—that I don't think you'd find everywhere. One week you can be working on a sponsor problem that's operationally focused, and then a week later you're doing something research oriented. Two weeks after that you might be working in an advisory capacity."

He also appreciates the option to explore new ideas and technologies. "You have the ability to make a significant impact in a lot of different areas. From an engineering perspective, you get to do a lot of technical work in a short amount of time. You're only bored if you're the type of person that doesn't seek out opportunities. I've never been bored."

Recruit Turned Adviser

Over the past year, DiCato has also worked with nearby Middlesex Community College in restructuring its computer science and information technology degree programs.

"I'm on the Middlesex Community College IT advisory board, which has been tasked with helping the STEM [Science, Technology, Engineering and Math] division restructure the school's computer science and information technology degree programs. The college is working towards becoming a Department of Homeland Security and National Security Agency designated Center for Academic Excellence in information assurance."

For him, it's just another great example of working in the public interest. "Getting good talent is probably the biggest problem in the technical industry. I've done a fair amount of recruiting for MITRE, so I know how important it is for schools to have strong, technically focused, curriculums. Few put any emphasis on cybersecurity, and that's a problem. We desperately need more well-rounded engineers and scientists who are interested in applying their skills to the toughest security focused problems."

—by Kay M. Upham

Recent Conversations