In its executive order on improving the nation’s cybersecurity, the White House calls on federal agencies to “develop a plan to implement Zero Trust Architecture” in support of more robust cybersecurity.
That’s easier said than done. To understand the challenges around zero trust, and the opportunities this presents for GovCons, we checked in with Dr. Allen Harper, executive vice president of cybersecurity at T-Rex Solutions.
How are agencies doing with their zero trust efforts?
In federal government, they’re just beginning that journey. Zero trust is an entirely different way of thinking about cybersecurity. It is not a new concept, but has gained a new focus after recent hacks.
Previous approaches would say, “Hey, if you ever see this bad thing, wake me up in the middle of the night because I want to know.” Zero trust is the opposite. It says, “This is the way I want it to work, this is the way I want people to communicate in my organization, and if anything else happens, let me know.” It requires an entire paradigm shift, approaching the problem by defining what “good” looks like, instead of the other way around.
That can be overwhelming. Agencies don’t know where to begin, and once they get started, then they have to wrestle with the gaps that they have in their compliance with these new directives ⏤ the executive order, as well as OMB mandates.
Agencies also struggle with the budgetary side of it, because the OMB mandates didn’t come with increased budget. As we talk to agencies, they tell us, “I get it, I have to be compliant with this. But I have no budget to do it.”
How does T-Rex Solutions aim to help?
We have developed something we call the T-Rex Zero Trust Accelerator. It’s a tool that helps agencies determine what their current capability maturity level is for zero trust. From there, we help them find their gaps with compliance around these federal mandates.
Once we understand that, we can help them develop a phased roadmap for improvement. And they can also use that to justify and phase in their budgeting, because these projects are going to take years to fully implement.
What’s your growth strategy? How do you bring this to market?
When we look at the federal space, we think both in terms of civilian agencies and national security agencies. CISA is the primary agency that’s responsible for protecting the civilian agencies, and NSA has the mission to protect national security. We are pursuing multiple opportunities both at CISA and at NSA. They set out the mandates, but then how do they measure the success of the overall program? We’re attempting to help with them on that.
Then, we think about all the other agencies that have these zero trust mandates. Our strategy is to embed ourselves in the cyber-related programs within an agency. We look to become their trusted advisor on a particular program, and that affords us the opportunity to then introduce our Zero Trust Accelerator and other offerings. So, we need not lead in with the T-Rex ZTA, we desire to establish a relationship with the client, then seek an opportunity to show them the way forward.
What’s the biggest challenge that you face?
Cyber is the No. 1 issue of government agencies right now, and they’re all working on it, and therefore the competition is fierce. The vertical curve of companies that are providing cyber services now is just incredible.
How do you get heard above the noise?
The clients have to trust the people that they’re doing work with. So we really focus on providing value to the government agency, on being a trusted advisor. When you earn that position, then you can talk about these bigger, loftier goals.
Part of that comes from our past performance, our work on the 2020 Census, our work in the Department of Defense and at DHS and the intelligence community. That is what gives us the opportunity to start the conversation. Ultimately, it’s about being that trusted advisor. You want to know that the company you’re hiring and the people behind it are credible and that they have the experience to show you the way.
Speaking of experience ⏤ you personally have been toiling in the cyber trenches for more than three decades. Why? What makes this work meaningful for you?
I’m a retired Marine officer, and I’ve worked on cyber in both the government and the private sector for 35 years. All that time we’ve been fighting this battle with our arms tied behind our back, due to zero days. Now, with zero trust, we may finally have the antidote. I’m really excited about that.
At a broader level, I like the adversarial nature of the work. There are bad guys out there trying to hurt us, trying to hurt our nation and our way of life. I like that I can be a part of the solution, stepping into that gap to help protect people.
I also like the technical challenge of keeping up with the latest technologies. I’ve written seven books in the field, including one of the most popular, “Gray Hat Hacking, the Ethical Hackers Handbook,” currently in sixth edition, of which I am the lead author. I really enjoy the constant pursuit of knowledge.