What’s the weakest link in internet security? This is one of many questions that Mark Testoni tackles in his role as President and Chief Executive of SAP National Security Services (SAP NS2®), a provider of software and support services for U.S. national security and critical infrastructure customers. “The internet doesn’t serve itself or other machines, it serves us … yet we are the biggest and weakest link in security,” says Testoni. “The time is now to focus on how humans, from a national security perspective, can leverage the internet while also protecting it better; since we are the weakest link in that protection, we need to become vigilant on that side.”
Learn what may be next in the evolution of that security, and how SAP NS2 is grooming a next-generation workforce to meet those needs through its veterans training and employment initiative, NS2 Serves.
WashingtonExec: What is your definition of the Internet of Things?
Mark Testoni: The Internet of Things to me is the next generation of connectivity, that next step in the internet. If you look at the internet’s beginnings, it was a communication protocol where you mainly transmitted, then began to interact. From interaction we stepped into connecting. Now we are going into what I consider to be hyper-connect. We will be connecting things to the net that we never would have envisioned.
We can manage our homes even beginning today. I can open my garage door through the internet. I can set the thermostat in my home. This capability is only going to accelerate. Virtually every piece of equipment or device that we have in our house will potentially be connected to the net. The same applies to business. We will be managing inventory and supply chains much better because we’ll have direct visibility into them.
WashingtonExec: What are your customers saying around the Internet of Things?
Mark Testoni: There is a conversation about it but there isn’t a lot of action inside government … yet. The commercial side of business sees it more than government, although we are beginning to scratch the surface. What sets us up in government is the migration of the cloud and this is happening now; we actually put the first major ERP application in a secure cloud environment for a customer. As we move things to the cloud we can consolidate, then the ability to take advantage of that step to reach the next level will happen.
WashingtonExec: What are some cyber trends you are seeing that will impact both government and consumers?
Mark Testoni: Our customers have spent years in the cyber world – just in general, using an attritional security model to build the strongest perimeter that we can — we need to continue to do that. But the reality is that people are going to get in. Security has always been about risk mitigation – there is no 100% lockdown secure scenario. We are going to have to adapt to people being in our networks and systems and learn how to mitigate that.
We have to be able to have defense in depth. We need to understand what’s going on in our systems and make our networks more robust than they are today. That’s where the next level solution will come in the cyber world. We will see solutions that evolve. We will be looking inside for anomalies, rapidly detecting any sort of intrusion. We are working with companies right now that are using some of our capabilities to be able to do that anomaly detection, what they call UBA (user behavior analytics) or in some cases called Pattern of Life. We will be seeing much more of this in the next couple of years.
WashingtonExec: What collaborative efforts do you have underway with your partner community around data?
Mark Testoni: We’re working with a couple of interesting companies. One is SS8 that does some really interesting things with network analytics. The other one is Babel Street, they help customers look at patterns in the deep, dark web for any outward-reaching threats.
There are many potential applications for big data in not only cyberspace but in the national security space. How do we get to that level of predictive inference? How do we shift the odds? If we can bring open-source information in with our traditional HUMINT and SIGINT, and all of those “NT’s” that we collect, we can shift the odds of knowing what’s going on from 50% to 70% because we have better information. That’s the promise that big data offers.
WashingtonExec: What role do veterans returning to the workforce play in these efforts?
Mark Testoni: When we started this little company about four years ago we were trying to figure out how we were going to give back. We decided that we would put together a training program to employ vets.
We bring 20 of them in at a time, and we spend 11 weeks training them very deeply. In the backend out comes a basic certified consultant. In this group it will be in big data analytics. We then get them employed with our partners – it is called NS2 Serves. We’ve got a number of companies [and agencies] involved; CSC, USDA – over the course of the last year and a half we’ve placed over 70 in jobs. Everyone who has come through the program has acquired a job.