MITRE's Aaron Lippold, principal applied cybersecurity engineer, recently appeared on the What's Spinnin'? podcast, where he discussed a range of topics, including Security Technical Implementation Guides (STIGs), artificial intelligence (AI), and the evolution of modern cyber defense. Throughout the conversation, Lippold emphasized MITRE's long-standing role in shaping the cybersecurity landscape and its unwavering commitment to serving the public good.
"When I joined MITRE in 2012, I worked to unify concepts into a security automation framework," said Lippold. "It's the result of over 20 years of research, now built into a set of applications, utilities, and services for the open community. The goal is to follow principles, promote collaboration, and make it easier for others to build on shared knowledge and experience."
That commitment to collaboration and shared learning, Lippold explained, is core to how MITRE operates across government and industry.
"We're designed to cross-collaborate. We call this 'reach-back.' We're expected to talk across agencies and services, to understand what each is doing and to identify where we can gain efficiencies," said Lippold. "We use our institutional knowledge, connections, and insight to help drive impact. We aim to partner with anyone who can contribute to our mission. Our stated purpose is to serve the public interest, and that interest extends beyond government agencies. Everyone is a stakeholder, and everyone has a role to play."
Looking back on MITRE's impact, Lippold shared how foundational the organization has been to many of the technologies people rely on today.
"We're the guys who built GPS. MITRE.org is the first .org domain on the internet. We've been able to touch everyday life. Our standards and specifications, like the ATT&CK framework, CVE, CWE, etc., we were integral to all of that," said Lippold. "We don't charge for it. Our mission hasn't changed. It's always been in the public interest, and always about building the technologies needed by everyone. It just evolves as technology and time evolve."
In addition to reflecting on the past, Lippold also looks toward the future, especially when it comes to AI. He sees his role as both a technologist and a connector, helping others adopt secure and efficient practices at scale.
“" get to explore the current state of artificial intelligence, specifically how it relates to paired programming and where we can gain efficiencies. At the same time, I look at how to secure and validate that these new technologies are safe," said Lippold. "I also work on increasing accessibility. I've been asked by many groups how to make the work we've done more usable and available to industry."
He described key cybersecurity tools like STIGs, which are central to government and industry compliance.
"A STIG is a Security Technical Implementation Guide. It's literally the most engineering name you'd ever type because it comes from SRGs, which are Security Requirements Guides," Lippold explained.
For Lippold, the evolution of cybersecurity isn't just about innovation. It's about remembering and building on lessons learned over time.
"There's nothing new under the sun a lot of times. Don't forget to look backward while you're trying to look forward," said Lippold.