Eric Brown returned recently to ManTech in the newly created role of vice president of strategic cyber solutions.
He brings with him over 20 years’ executive management and leadership experience, having served most recently as vice president of mission platform engineering at Microsoft. He was director of cyber operations at Raytheon, and executive for cyber and intelligence systems at CACI.
From 2018 to 2020, Brown served as ManTech’s vice president and division manager of advanced cyber solutions, leading the consolidation of three distinct advanced cyber portfolios into a single division.
In this new role, his charter is to help federal agencies address some of their most pressing cyber challenges.
“We want to help them simplify the problem set and raise the security bar so that ironclad cybersecurity is a top priority,” he said.
While government has many cyber solutions available, agencies have had difficulty in taking a holistic, systemic approach to the problem. Brown said he’d like to help them move in that direction.
“People need to look at things differently than they have historically,” he said. “Rather than just making sure that they are operating at the most basic security level, our goal is to help them advance to that next level of maturity.”
One area key to this objective is the authorization process, or Authority to Operate, which can be very time consuming if done repeatedly. Federal civilian agencies are well aware of this issue, and to resolve it, most are moving toward ongoing assessment and authorization, a goal ManTech can help drive.
Continuous authorization is a well-rooted concept that can help agencies deliver a higher level of security with greater efficiency through automation, Brown said, validating patches and other security relevant changes when they occur, without having to repeat the entire ATO process each time.
“There’s a lot of appetite for this,” he said. “The question comes down to how to adjust specific procedures and acquisition guidance. At ManTech, we have software capabilities and approaches that enable customers to collect evidence required to support ongoing, continuous evaluation.”
Just as important, he added, “we also have the expertise to help them shape or adjust policies. This is about fundamentally changing government’s approach from compliance-only to having truly advanced cyber capabilities for defenders and operators.”
At the same time, ManTech is looking to elevate cyber behaviors in general, in part by teaching defenders to think more like the attackers.
“We help bridge the gap between what an offensive-minded cyber engineer is thinking, and the defensive cyber operator,” he said. “That helps our threat hunters and our security defenders truly understand the advanced techniques that aggressors are trying to implement.”
Essentially, ManTech helps its customers look at cyber through the lens of the attacker.
“What better way to actually protect yourself than to know what that attacker has? Bridging that gap puts our customers in a position of better protection,” Brown added.
And as a proponent of strategic cyber solutions, he said, “I’m actually working across the different organizations to help them understand what is in the realm of the possible.”
ManTech has the thought leadership, resources and expertise to solve big cyber problems, Brown said, and his role is to bring all these things together in defense of the nation.
“We do that directly, on contract with federal agencies, and we do it through the implementation of specific technologies and training programs that change how they fundamentally operate,” he said.
But the biggest challenge is in working through some of the legacy policy.
“That means we need to work with acquisition officers and others to help them understand the flexibility that the existing guidance offers,” Brown said.
Say an organization wants to partner with the Five Eyes intelligence alliance for the sharing of threat intelligence. “Sometimes, these indicators of compromise are classified, and we’re not able to share that information as widely as necessary,” Brown said. That impedes the cyber response.
When policies and processes are out of step with the emerging need, there’s tailoring guidance ManTech can implement on some of its contracts to give agencies the freedom they need to operate more effectively.
Brown said focusing on practical, measurable results is the key to innovative security solutions. Providing value to the mission is the best way to overcome the “noise” of the industry.
“We’re raising the bar for defensive cyber operations, helping them to actually reduce the time bad actors spend in their networks,” he said. “Big agencies look to us to support them with both cybersecurity incident response and threat intelligence, because in cyber it’s all about outcomes.”
On a personal level, Brown said he is pleased to support the government mission and its profound human impacts.
In America, “we’ve got the ability to reliably communicate over the internet to our family and friends, we’ve got water, stable electricity, critical infrastructure and economic well-being,” he said. “This is the best country to be in, in the world, and this work is really about protecting our way of life.”