Draper succeeds by helping customers and collaborators succeed. As a nonprofit engineering company, Draper can center its customers’ missions in designing and developing systems solutions.
With an objectivity that enables unbiased assessments of technology and designs, Draper takes a multidisciplinary approach to drive innovative engineering. The company looks forward to the challenge of solving the nation’s hard problems ⏤ and the satisfaction of making a difference by providing working technology solutions.
This nonprofit innovation company has made security a front-and-center priority.
“We provide a multifunctional security and IT approach that includes cybersecurity, classified information systems, corporate security and corporate IT support to the Draper community and our mission partners,” said Jennifer Doherty. “To do that effectively, we need to be a trusted partner.”
As chief security officer and chief information officer, Doherty is responsible for providing a safe and secure operating environment while protecting Draper’s people, information, networks, facilities and assets. That’s a crucial task today, as government agencies fret over potential vulnerabilities within the national security community.
As near-peer adversaries look to exploit the military supply chain, “the Defense Industrial Base is a target,” Doherty said.
At the same time, novel cyber risks complicate the task. Attacks driven by the speed and scale of artificial intelligence are changing the game, “and we need to pivot now to adapt to this new threat vector, so we’re prepared for the future,” she said.
Doherty is responsible for all aspects of security and IT at Draper: That encompasses industrial security, information security physical security as well as cybersecurity. She and her team safeguard the corporate network and the classified networks, and ensure the solutions Draper delivers to government are inherently secure.
To cover all those bases, Doherty works to ensure a security-first mindset and a risk management-based approach across the organization.
“This all starts with a shared responsibility to ensure everyone is educated and understands the threat landscape, in which we work on a daily basis. This promotes an environment of healthy self-reporting to our Threat Management team and provides a superior security organization, which is critical to our customers,” she said. “We also have a really healthy security-incident reporting program,” she said, as well as deep insight into supply chain cyber risk, and robust threat detection.
Doherty also keeps an eye on the evolving security environment beyond Draper.
“We partner with peers and government agencies continuously to review and implement best practices within the industry and government,” she said. When a promising strategy emerges, “we’ll assess, adjust and implement.”
It’s a rigorous process in general, and Doherty is taking it to an advanced level as she looks to address the current threat landscape, but also the future, especially when it comes to artificial intelligence.
While AI promises to deliver highly efficient engineering solutions, it also comes with potential cyber risks. AI could, for example, generate malicious codes. With that in mind, “anytime somebody wants to utilize an AI tool, we need to make sure to understand the critical details from a cybersecurity perspective,” she said.
To review these tools, Doherty has put rigorous processes in place.
“We have a cybersecurity and threat management team comprised of senior-level employees with extensive government counterintelligence and cybersecurity experience, many coming straight out of the government. They are critical to our organization and assess each threat in a comprehensive way,” she said.
“They’re looking at security incidents as well as patterns and repetitive behaviors,” she said, all with an eye toward ensuring internal processes and external products all meet the government’s highest expectations around security.
Of course, cybersecurity experts are in high demand these days. And people skilled in combatting AI-driven attacks are even harder to find.
“You’re not going to see a ton of people coming out of school who can do this,” Doherty said. “It’s a new space.”
To keep ahead of the curve, she’s working to build the talent pipeline. That means, in part, recruiting those who’ve served recently in government, and are familiar with the most recent defensive strategies. And it means building partnerships.
For the DIB community, there is a possible upside to the present, highly perilous, cybersecurity situation. The good news, Doherty said, is that a lot of this is within your control. An attack will likely happen, sooner or later. What matters is “how you prepare for it, and how you react to it,” she said. “It’s all about preparation, having the right team, policies and procedures.”
With more than 15 years’ experience in the industrial security space, Doherty served for two years as Draper’s security director before taking on her present role last December. She said she’s pleased to have a role that allows her to work in support of “the greater good.”
“I go to work every day understanding that we are doing our best to defend democracy,” she said. To do that, “the engineers at Draper need to be able to do their jobs in a secure and efficient way. That is what enables the business to be a trusted partner.”