What does Leidos do? Part 8: Cyber

September 26, 2017 Brandon Buckner

What does Leidos do? Today’s interview explores cyber, a broad term that includes offensive cyber, defensive cyber, and regulatory compliance. To learn more, we spoke with Paul Butterfoss, who leads this technology area at Leidos. 

Here’s what he had to say.

How does Leidos define 'cyber' as a capability?

If you ask three people for a definition of cyber, you’ll get five different answers. Normally, cyber refers to cybersecurity, and consists of protecting information technology (IT) assets, either through defensive actions or regulatory compliance. At Leidos, however, our cyber capabilities span beyond that definition, because we are also involved in work that supports the U.S. government’s offensive cyber missions. I like to use the term “Full-Spectrum Cyber,” a term coined by the Department of Defense (DoD) to include both defensive and offensive cyber operations. This term describes our cyber capabilities and, to be honest, it’s a pretty appropriate term.

We support our DoD and intelligence community customers across the entirety of their cyber missions, and at an incredible scale. But our Full-Spectrum Cyber capabilities expand beyond the defense and intelligence communities. We also support the broader government and commercial sectors, from enterprise cyber and network defense, to cyber defense of military platforms and Industrial Control Systems (ICS). We support the entire cyber lifecycle, from providing network architecture design to operational, hands-on-keyboard analysts and cyber training and exercise support.

Paul ButterflossPaul Butterfoss, Cyber Lead —
"We understand how to defend against sophisticated threats. We've been implementing threat-based cyber methodologies for our customers longer than anyone else

Within cyber, what specific areas does Leidos specialize in?

Our bread and butter is advanced cyber missions, both on the defensive and offensive sides. We defend the most targeted networks in the world from the most sophisticated attacks, and we help our customers use cyber as another means to achieve their objectives. Everything we learn from our Full-Spectrum Cyber operations gets fed back into our other technical competency areas, so cybersecurity is embedded in our software development, systems engineering, and solution architecting as well. In fact, you might say cybersecurity is in our DNA.

We also leverage our rich signals intelligence (SIGINT) analytical history, and our commercial cyber expertise in the ICS/SCADA realm to address emerging cyber domains, including enterprise cyber analytics and Information Technology/Operational Technology (IT/OT) integration.

What is the company’s general approach to cyber?

We take a proactive approach to cyber. We focus on maximizing resources and ensuring the cyber resiliency of the mission. Our proactive approach to cyber defense uses a threat-based methodology, and a focus on leveraging knowledge and intelligence. The adversary is always evolving, and so we must as well. We go beyond fundamental cyber hygiene and information assurance, implementing our proven Defensive Cyber Operations tactics, techniques and procedures (TTP), and leveraging advanced cyber analytics to anticipate and prevent cyber threats, including Advanced Persistent Threats (APT) and insider threats.

Maximizing resources applies to both tools and people. From a tools perspective, we achieve this through a vendor-agnostic approach, and by advocating the use of open source tools where possible. We help our customers make the most of their current investments, as well as evaluate the effectiveness of their tools. Using our comprehensive cyber assessments and advanced metrics, we not only answer “What are we doing?” but also “How well are we doing it?”

In the end though, our primary focus is on enabling our people. Talent is the most expensive part of cyber operations, which often makes our experts targets for replacement.  However, when empowered and utilized correctly, our people are also the most critical part of cyber operations in their ability to prioritize and help identify indicators, behavioral trends, and even just things that look “weird.” Our approach is not to replace the analyst, but to empower them and maximize their effectiveness in accomplishing their cyber missions.

Is there one program you’re especially proud of?

Our work with the Defense Information Systems Agency (DISA) on the GSM-O contract is very impressive. On GSM-O, we support DISA in operating, maintaining, and defending the entire Department of Defense Information Network (DODIN). We defend one of the largest, most targeted networks in the world from the most sophisticated threats. We won that contract by leveraging the work we do defending our own networks.

We also do incredible work in cyber on the civil and commercial sides, supporting the Department of Homeland Security (DHS), the U.S. Mint, and others, as well as more than 80 of the Fortune 500 companies.

What gives Leidos an advantage over the competition?

First, we understand how to defend against sophisticated threats. We’ve been implementing threat-based cyber methodologies for our customers longer than anyone else, dating back to our Lockheed Martin IS&GS and Cyber Kill Chain® heritage. We also understand what it takes to defend a network because of the knowledge we gain in our work on offensive cyber missions. Offensive and defensive cyber are two sides of the same coin; understanding how an attacker thinks and acts enhances our ability to defend.

Secondly, we understand what it takes to do this at scale. Doing cyber defense for a 500-person organization is a lot different than it is for a 500,000-person organization.

Finally, our breadth. As I mentioned earlier, our Full-Spectrum Cyber portfolio spans almost every technology, customer, and market. This breadth gives us an advantage not only in providing a comprehensive cyber perspective to our customers, but it also gives us an advantage in recruiting, cultivating, and retaining the experts in this field that are in such high demand.

People in the cyber domain are constantly striving to learn and expand their skills; you have to in order to keep up with both technology and the adversary. At Leidos, we provide a collaborative culture, and a diverse set of opportunities to cross-train our people and expand their cyber aptitude so they can be ready for the next big cyber challenge.

To read this series in its entirety, please click below:

Image Credit: Icon adapted from thenounproject.com, under CC BY 3.0 US.


Brandon Buckner

Brandon is a writer and content marketer based in the Washington, D.C. area. He loves to cover emerging technology and its power to improve society.

Follow on Twitter More Content by Brandon Buckner
Previous Article
Securing Government against tomorrow’s threats: an interview with Leidos CIO, Steve Hull
Securing Government against tomorrow’s threats: an interview with Leidos CIO, Steve Hull

Steve speaks with Federal News Radio on how Leidos does its cybersecurity and then derives lessons that can...

Next Article
Dos and don’ts for building an effective ICS security program
Dos and don’ts for building an effective ICS security program

For security teams, monitoring the security status of an IT network is common practice, while the routers, ...