Securing a company’s operation against outside threats and ensuring employees work safely is paramount to most organizations. At Draper, Jennifer Doherty, vice president, chief security officer and chief information officer for an innovative engineering company, says these are some of the unique challenges she faces.
Doherty’s team of about 190 security and IT experts work hand in hand with the company’s roughly 2,600 employees to align security with the company’s business goals.
“We partner within the functions and the business areas to determine what they need to be successful,” she said. “This includes looking across the organization from a tool, network and facility perspective.”
Engineers at Draper require secure classified spaces and networks to execute on their programs. As such, security is “integral to our businesses, in order for them to operate,” Doherty said. For example, the company is currently expanding its footprint nationwide with multiple new campuses for highly classified work, and the security team is supporting that effort.
“We are providing expertise on how to design and ensure flexibility both with the network and classified areas, to ensure that we have future growth opportunities,” Doherty said.
As part of her role, Doherty also is working to develop AI governance, putting in place the high-level controls that will safeguard engineers’ use of AI supports. Even as she manages internal risks, Doherty has to remain vigilant in the face of the increasingly adversarial cyber activity that challenges virtually every government and GovCon organization.
“We have a nationally recognized threat-management program,” she said. “Drawing insights from a team that includes former employees of the FBI, NCIS and other federal law enforcement agencies, we leverage our connections and relationships to ensure we have the understanding to manage or avert risks.”
To drive security awareness and provide day-to-day program support throughout Draper, Doherty takes a structural approach.
“As a best practice that provides integral support to the organization, we also infuse the businesses with program security managers that has led to solid success,” she said. “Everything security or IT-related goes to that individual, and that individual is able to get the right people involved within our organization, to provide that business area with threat information relevant to their business and their technology,.“
“That structural approach is really a differentiator for us,” she added.
Between securing internal processes and fighting external threats, Doherty has a full plate. Still, she sees her biggest challenge as keeping up with changing security requirements in government.
She points to the Cybersecurity Maturity Model Certification 2.0, the government’s cybersecurity framework for federal contractors, as an example. The requirements continue to evolve to protect against threats, and the landscape is constantly changing.
To keep pace with that evolution, Doherty tries to embed her team within industry and within the government to keep a pulse on what’s coming down the pipeline.
“We go to conferences and take part in working groups,” she said. “We lead conversations within industry and meet with our government peers often.”
Looking ahead, Doherty is putting the finishing touches on a newly revised formal security and IT 5-year strategy to ensure security efforts are aligned with mission outcomes.
“We’re aligning the IT and security strategy to the Draper corporate strategy,” she said.
With over 15 years’ experience in the GovCon space, Doherty said she takes personal pride in the work.
“At the end of the day, we’re driving innovation and technology to the warfighter,” she said. “That gives me a sense of purpose, something bigger than myself. That’s really what keeps me engaged.”