Tutorials will take place on Monday, April 6th

Time

Tutorial Title Instructors

8:00-11:30

United States Air Force (USAF) System Security Engineering Process in support of Cyber Resiliency

Daniel Holtzman (USAF, USA), Francis Butcher (Applied Research Solutions (ARS), USA)

8:00-11:30

Too Many Chefs Stirring the Software Supply Chain Stew; Results are Looking Good for the Attackers 

Carol Woody (Carnegie Mellon University & Software Engineering Institute, USA)

8:00-11:30

Integrated Safety and Security Engineering for Cyber-Physical Systems using AADL

Jason Belt (SanTos Lab, Kansas State University, Manhattan, KS, USA) 
Sam Procter (Software Engineering Institute Carnegie Mellon University,
Pittsburgh, USA) 

8:00-17:00

Performing Systems Engineering to Address Cyber Security of Weapon Systems

Dr. Ben Calloni (Lockheed Martin, USA), Margee Herring (Lockheed Martin, USA)

13:00-17:00

Implementing Security Programs with Disrupted Priorities of Enterprise System

Dr. Igor Linkov (US Army Corps of Engineers), Dr. Benjamin Trump (US Army Corps of Engineers), Dr. Maksim Kitsak (Northeastern University & US Army Corps of Engineers), Professor James H. Lambert (University of Virginia, USA), Mr. Thomas L. Polmateer (University of Virginia & Commonwealth Center for Advanced Logistics Systems, USA), Dr. Zachary A. Collier (Collier Research Systems, USA)

13:00-17:00

Concepts of Loss-Driven Systems Engineering

Mark W. Winstead (The MITRE Corporation, USA)

United States Air Force (USAF) System Security Engineering (SSE) Process for Cyber Resiliency

8:00 - 11:30 — Daniel Holtzman (USAF, USA), Francis Butcher (Applied Research Solutions (ARS))

Abstract

The Air Force Cyber Campaign Plan is a holistic approach to addressing Cyber Resiliency of USAF weapon systems and missions. The Cyber Resiliency Office for Weapon Systems (CROWS) is an Air Force level, interdisciplinary organization established under the Assistant Secretary of the Air Force (Acquisition, Technology & Logistics) to ensure Air Force weapon systems can perform their missions in a cyber-contested environment. One area of focus for the CROWS is Education and Training of the Government workforce.

Summary of Learning Objectives 

At the conclusion, participants will be able to explain or describe:

  • Overview of courses and information taught to the Air Force as part of the cyber campaign plan.
  • Recognize the key process steps the USAF is institutionalizing for System Engineer (SE) and System Security Engineers (SSE) to engineer safe, secure and resilient Weapon Systems
  • Recognize the role System Integrator Team’s SE/SSE staff have during resilient Weapon System acquisition
  • Feedback to the USAF on how industry can inculcate the course contents into their SSE activities

Tutorial Outline

The tutorial offers highlights of the USAF Weapon System Program Protection and System Security Engineering Process Guidebook and how the Air Force Acquisition Centers:

  • Apply systems engineering principles in an effective and efficient manner to identify security Risk areas and requirements for mitigations and tradeoffs that can be employed to minimize risks.
  • Institutionalize enterprise-wide risk management activities in order to facilitate a more effective, efficient, and cost-effective SSE execution.
  • Integrate cybersecurity and cyber resiliency concepts early in the acquisition process.
  • Promote the development of trustworthy, secure software and weapon systems aligned with DoD and USAF processes, requirements and guidance.

Course Level

Intermediate

Instructor Details

Primary Contact

Mr. Daniel Holtzman

USAF Senior Leader, Cyber Security Engineering and Resiliency;

Technical Director, Cyber Resiliency Office for Weapon Systems

[email protected]

Instructor(s)

Mr. Daniel Holtzman

USAF Senior Leader, Cyber Security Engineering and Resiliency;

Technical Director, Cyber Resiliency Office for Weapon Systems

[email protected]

 

Mr. Francis D. Butcher

Applied Research Solutions (ARS)

Cyber Resiliency Office for Weapon Systems

[email protected]

Instructor Bios

Daniel C. Holtzman has been appointed as the Air Force Highly Qualified Expert, Cyber Technical Director, assigned to the Air Force Materiel Command Life Cycle Management Center at Hanscom Air Force Base, Massachusetts, where he serves as an internationally recognized authority in the areas of cyber security, program protection planning, security engineering, supply chain risk management, mission and system assurance and resiliency. As the Cyber Security Engineering and Resilience Senior Leader, Mr. Holtzman’s responsibilities include being the technical authority for security engineering, cyber resiliency and systems and mission assurance; engineering resilient systems; and defensive security engineering. Mr. Holtzman has also been appointed as the Authorizing Official for U.S. Air Force Command and Control Information Technology and Rapid Cyber Acquisition IT.

Mr. Butcher is a retired Master Sergeant with the USAF and has over 20 years of systems security experience in information technology and weapon systems with the Air Force and in the private sector. He is currently a contractor with the Cyber Resiliency Office for Weapon Systems (CROWS) and is actively engaged in workforce development training for Cyber Focus Teams where he is inculcating cyber resiliency into the acquisition workforce.

Too Many Chefs Stirring the Software Supply Chain Stew; Results are Looking Good for the Attacker Tutorial

8:00 - 11:30 — Carol Woody (Carnegie Mellon University & Software Engineering Institute, USA)

Abstract

In the rush to save money and time, organizations have established extensive technology supply chains.  When the major elements of technology were hardware based, the various components could be evaluated and monitored as they were received just like other physical materials that came into the loading dock.  With the extensive shift to software, nothing shows up on the loading dock anymore but every part of the organization depends on the software that is assembled from many sources functioning as intended without vulnerabilities (i.e. software assurance).    Integrating sufficient software assurance into the supply chain includes an evaluation of the impact of suppliers on mission capabilities, identification of capabilities and gaps in desired vendor products, and integration of this knowledge into acquisition decision-making.  Reducing the software supply chain risk requires integrating new capabilities such as threat modeling & cyber risk analysis, cybersecurity assurance, software security & transparency, supply chain cyber risk standards, and certification programs & assessment instruments into all of the pipelines that bring software into the workings of an organization. The challenge are many: where to start, who needs to lead, and how can they build the momentum it takes to tackle this complex and seemingly endless problem space.

Summary of Learning Objectives 

At the conclusion, participants will be able to explain or describe:

  • How a software bill of materials can improve security and quality across the supply chain
  • Software supply chain overview and recent successful supply chain attacks
  • Pain points for software supply chain risk from the audience
  • Expert input on critical supply chain challenges and options for effectively addressing them
  • Organizational gaps that impact addressing software supply chain risk

Tutorial Outline

  • Overview of the Supply Chain Context
  • Software Supply Chain Concerns Data Collectio
  • Panel Discussion of Critical Challenges and Available Solutions
  • Audience Questions for the Panel

Course Level

Beginner

Instructor Details

Primary Contact

Carol Woody, Ph.D.
Software Engineering Institute                                                               
[email protected]

Panel Members

Celia Paulsen
Cybersecurity researcher from NIST
[email protected]

Don Davidson
Director, Cyber-SCRM Programs from Synopsis
[email protected]

Allan Friedman
Director Cybersecurity Initiatives from US Department of Commerce
[email protected]ov

Instructor Bios

Carol Woody

Dr. Carol Woody has been a senior member of the technical staff at the Software Engineering Institute since 2001. She is the technical manager of the CERT Cybersecurity Engineering team which ad dresses security and survivability throughout the acquisition and development lifecycles. Her research focuses on building capabilities and competencies for measuring, managing, and sustaining cybersecurity for highly complex networked systems and systems of systems. Dr. Woody has successfully implemented technology solutions for such diverse domains as banking, mining, manufacturing and finance. She has coauthored a book Cyber Security Engineering: A Practical Approach for Systems and Software Assurance published by Pearson Education as part of the SEI Series in Software Engineering.

Celia Paulsen

Celia Paulsen is a cybersecurity researcher at the National Institute of Standards and Technology (NIST). Her current research focuses on cyber-supply chain risk management and cybersecurity-related definitions. In the past, she has researched and published on topics such as cybersecurity best practices, metrics, the usefulness of blockchain and other technologies, password usability, and related topics. Prior to joining NIST, Celia was an analyst for the National Security Agency in the US Army. She has an MBA in information security from California State University, San Bernardino, and bachelor’s degrees in information technology and business management.

Don Davidson

Don Davidson is Director, Cyber-SCRM Programs at Synopsys, where he is assisting in the stand-up of a new Chief Security Office (CSO) in the Office of the President.  He is focused on hardware assurance (HwA) and software assurance (SwA) to enable trusted technology components and capabilities.  He retired from the US Department of Defense (DoD) in January 2019 with over 44 years of Federal Service.  He previously served as Deputy Director for Cybersecurity (CS) Implementation & CS/Acquisition Integration, Chief, CS Lifecycle Risk Management / Supply Chain Risk Management (SCRM) and Chief, CS/SCRM Outreach, Science & Standards in the Office of the Deputy DoD Chief Information Officer for Cybersecurity (DCIO-CS), where he led / co-chaired Cyber-Supply Chain Risk Management (C-SCRM) efforts in international, public/private, interagency & DoD.  He served 11 years active duty military in the US Army Field Artillery.  He has a Bachelor of Science degree in Engineering from USMA at West Point NY and a Master of Science degree in National Security Strategy (and Information Resource Management) from the National War College at National Defense University.

Allan Friedman

Dr. Allan Friedman is Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA's multi-stakeholder processes on cybersecurity, focusing on addressing vulnerabilities in connected systems and across the software world. Prior to joining the Federal Government, Friedman spent over 15 years as a noted InfoSec and tech policy scholar at Harvard's Computer Science Department, the Brookings Institution and George Washington University's Engineering School. He is the co-author of the popular text 'Cybersecurity and Cyberwar: What Everyone Needs to Know,' has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University, and is quite friendly for a failed professor-turned-technocrat.

Integrated Safety and Security Engineering for Cyber-Physical Systems using AADL

8:00 - 11:30 — Jason Belt (SanTos Lab Kansas State University Manhattan, KS, USA), Sam Procter (Software Engineering Institute Carnegie Mellon University, Pittsburgh, USA) 

Abstract

This tutorial reports on several projects conducted by the speakers on behalf of several US funding agencies to better integrate safety and security in the design of Cyber-Physical Systems and address requirements engineering and system design through modeling leveraging formally-backed analysis, model audit and code generation.

This integration is supported by the AADL modeling framework. AADL is an architectural description language that captures key elements of an architecture. It is an international standard promoted by SAE International. AADL is equipped with a full set of analysis capabilities to evaluate the architecture relevant to various objectives: performance, safety and security.

In this tutorial, we provide an example-focused tour of AADL capabilities in three domains: 1) capturing and documenting key architectural patterns, 2) providing evidence an architecture meets its safety or security objectives and 3) deriving an implementation of the software part of the system, that reflects these objectives.

We will also sketch how AADL can be articulated with Model- Based Systems Engineering.

Summary of Learning Objectives 

At the conclusion, participants will be able to explain or describe:

  • Position architectural modeling of Cyber-Physical Systems w.r.t systems engineering and software engineering
  • Use SAE AADL modeling notation to model systems (basic level)
  • Know how to apply AADL to capture design patterns
  • Perform analysis of systems’ architecture using AADL toolchains

Tutorial Outline

 

Our tutorial would browse the three topics presented in the previous section in three parts:

  • Part 1: “introduction to AADLv2 core” (about 60 minutes). We present the AADL language, its toolchains and how to use AADL to capture specific safety and security patterns, and verify these are correctly used. We will introduce the OSATE toolchain, the reference implementation of AADL, by the SEI, and demonstrate how it support modeling systems and check they conform to desirable patterns.
  • Part 2: “Hazard Analysis with AADL” (about 60 minutes). We discuss how system safety and security can be modeled and assessed using AADL and OSATE, and demonstrate its use on an example system. We demonstrate the use of the AADL error modeling annex, various hazard analysis capabilities (fault trees, fault impact, functional hazards, etc.), and architecture-supported audit processor (ASAP).
  • Part 3: “simulation and code-generation framework for AADL” (about 60 minutes). In this part, we present HAMR (High-Assurance Modeling and Rapid engineering for embedded systems). Given an AADL model, HAMR generates code providing threading and communication infrastructure in Slang – a safety-critical subset of Scala. Developers can program the application logic for their system components in Slang and simulate, visualize, and debug the behavior of their integrated system in a JVM-based environment.

    The duration of each part might be adjusted in the final version to address audience interest.

Course Level

Intermediate

Instructor Details

Primary Contact

Jerome Hugues
Software Engineering Institute Carnegie Mellon University
Pittsburgh, USA
[email protected]

Instructors

Jason Belt
SanTos Lab Kansas State University
Manhattan, KS, USA 
[email protected]

Sam Procter
Software Engineering Institute Carnegie Mellon University
Pittsburgh, USA
[email protected]

Instructor Bios

Jason Belt:
Jason Belt is a Research Associate in the Laboratory on Specification, Analysis, and Transformation of Software (SAnToS Lab) at the Computer Science Department at Kansas State University.   He holds a MS and BS from Kansas State University.  He has been the lead software engineering on multiple Department of Defense and Department of Homeland Security (DHS) research projects related to safety and security.   Currently, he is the lead developer on the HAMR code generation framework which is being applied on the DARPA Cyber-Assured Systems Engineering (CASE) project and was originally developed under DHS’s Cyber Physical Systems Security (CPSSec) program.

Jerome Hugues
Jerome Hugues is Senior Researcher at the Software Enigneering Institute on the Assuring Cyber-Physical Systems team. He holds a PhD (2005) and an engineering degree (2002) from Telecom ParisTech.  His research interests focus on design of software-based real- time and embedded systems and tools to support it. He is a member of the SAE AS-2C committee working on the AADL since 2005.  Prior to joining the CMU/SEI, he was professor at the Department of Engineering of Complex Systems of the Institute for Space and Aeronautics Engineering (ISAE), in charge of teaching curriculum on systems engineering, safety-critical systems and real-time systems. He contributes to the OSATE, Ocarina and TASTE projects AADL toolchains.

Sam Procter
Sam Procter is a Senior Architecture Researcher at the Software Engineering Institute on the Assuring Cyber-Physical Systems team. He holds a PhD (2016) and MS (2011) from Kansas State University and a bachelors from University of Nebraska – Lincoln. His research interests include using system architecture, safety, security, and model- based engineering.

Implementing Risk, Resilience, and Security Analysis for Enterprise and Infrastructure Systems

13:00-17:00 —  Dr. Igor Linkov (US Army Corps of Engineers), Dr. Benjamin Trump (US Army Corps of Engineers), Dr. Maksim Kitsak (Northeastern University & US Army Corps of Engineers), Professor James H. Lambert (University of Virginia, USA), Mr. Thomas L. Polmateer (University of Virginia & Commonwealth Center for Advanced Logistics Systems), Dr. Zachary A. Collier (Collier Research Systems)

Abstract

This tutorial will review methods of resilience of enterprise and infrastructure systems to a variety of security threats. Systems of interest include but are not limited to coastal installations and communities, traditional and alternative energy systems, transportation and freight systems, financial and management systems, water and food supply chains, disaster response and recovery, and others. The topics to be addressed include system optimization, mathematical modeling and simulation, probabilistic and non-probabilistic methods, standards, scenario and impact analysis, and others. The tutorial will review principles of risk/safety/security programs and introduce software workbooks for tracking disruptions of priorities by a variety of emergent and future conditions. Such conditions include technology innovations, obsolescence, environment, markets, missions, regulations, organizations, workforce, etc. The priorities involve products, services, projects, geographic locations, policies, assets, etc. Cases to be described includes developing regions, advanced charging technologies for fleet electric vehicles, airport runway operations, national wireless broadband network for public safety and security, sheltering and evacuation from radiological dirty bomb attack, major sporting events, electromagnetic pulse attack, telemedicine systems, and others. The presenters have led projects with the US DoD, DARPA, US Department of Homeland Security, US Federal Aviation Administration, Defense Threat Reduction Agency, President's Commission on Critical Infrastructure Protection, Virginia Department of Corrections, and others. Participants of this tutorial will gain experience to lead programs for security, safety, and resilience of high-technology enterprises of industry, government, and the military.

Summary of Learning Objectives 

At the conclusion, participants will be able to explain or describe:

  • Review principles of systems security and resilience analysis
  • Gain experience in the topic through case studies
  • Identify opportunities for careers of the tutorial participants through discussion
  • Explore software and reference materials for the methods of the tutorial

Tutorial Outline

  • Introduction and welcome
  • Theory and foundations of risk, resilience, security
  • Review of methodology
  • Case studies from US DHS, US DoD

Course Level

Advanced

Instructor Details

Primary Contact

James H. Lambert

University of Virginia

[email protected]

Instructor(s)

Dr. Igor Linkov
US Army Corps of Engineers
[email protected]

Dr. Benjamin Trump
US Army Corps of Engineers
[email protected]

Dr. Maksim Kitsak
Northeastern University and Consultant
US Army Corps of Engineers
[email protected]

Professor James H. Lambert
F.IEEE
University of Virginia
[email protected]

Mr. Thomas L. Polmateer
University of Virginia and Commonwealth Center for Advanced Logistics Systems [email protected]

Dr. Zachary A. Collier
Collier Research Systems
[email protected]

Instructor Bios

Dr. Igor Linkov is the lead scientist for Risk and Decision Science of the US Army Corps of Engineers. He is a Fellow of the AAAS and the Society for Risk Analysis. He organized more than three dozen international workshops for NATO and the US DoD. He is an author of several books and more than 200 other publications on risk analysis and decision making.

Dr. James H. Lambert is a Professor of Engineering Systems and Environment at the University of Virginia. He is a Fellow of the IEEE, ASCE, and Society for Risk Analysis. He has led more than fifty projects with federal and state agencies and industry. He was Chair of the Fifth World Congress on Risk in Cape Town in 2019.

Dr. Benjamin Trump is a scientist with the US Army Corps of Engineers. He is the Treasurer of the Society for Risk Analysis.

Mr. Thomas L. Polmateer had a 20-year career as a logistician and nuclear security specialist with the US Army (Lt. Col, Ret.). He is a research program director at the University of Virginia and a board member of the Commonwealth Center for Advanced Logistics Systems.

Dr. Zachary A. Collier is a adjunct professor at James Madison University and the principal of Collier Research Systems.

Dr. Maksim Kitsak is a consultant to the US Army Corps of Engineers for projects with DARPA, US DOE, et al.

Performing Systems Engineering to Address Cyber Security of Weapon Systems

08:00 - 17:00 —  Dr. Ben Calloni (Lockheed Martin, USA), Margee Herring (Lockheed Martin, USA)

Abstract

Lockheed Martin Aeronautics was actively involved in the USAF Open Mission Systems Cybersecurity standardization effort 2014 to 2016.  Partnered with other DoD Aircraft Primes and sub-system suppliers, the OMS Cybersecurity Subgroup devised a System Security Engineering methodology to derive Security Functional Requirements for the OMS Standard that would also provide traceability to the DoD Risk Management Framework assessment process. 

The Lockheed Martin Aeronautics Cybersecurity Engineering team incorporated the lessons learned from the OMS CSE methodology in our internal engineering processes.  This eight-hour tutorial is based on the LM Aero internal training course, “Secure System / Software Engineering Process” given to all System and Cybersecurity Engineers.

Attendees will be broken into teams to work through Cybersecurity Engineering examples for each of the phases.  Example systems will include various aircraft platforms from UNCLASS to Multilevel Secure Architectures.  Laptops required.

Summary of Learning Objectives 

At the conclusion, participants will be able to explain or describe:

  • Understand the differences between general Information Technology Architectures and Weapon System Architectures
  • Understand the differences between the basic Cybersecurity Architectures
  • Remember the differences between NIST Controls and Security Engineering Requirements
  • Comprehend the process to derive Security Functional Requirements traceable to NIST Controls
  • Recognize the significant number of artifacts necessary to create evidence for Assessment and Authorization

Tutorial Outline

  • The Protection Needs Assessment as integrated with the standard ISO/IEC/IEEE 15288:2015 Systems and software engineering -- System life cycle processes
  • A review of the DoDI 8510.01 Risk Management Framework
  • A review of the NIST SP800-160 System Security Engineering
  • An Overview of System Assurance techniques and evidence

Course Level

Intermediate

Instructor Details

Primary Contact

Dr. Ben Calloni, P.E., CISSP, CEH, OCRES-AP

Lockheed Martin Fellow, Embedded Cybersecurity

[email protected]

Instructor(s)

Margee Herring

Cyber System Security Engineer

[email protected]

Instructor Bios

Lockheed Martin Fellow: Embedded Cybersecurity. He is a Texas Tech University Distinguished Engineer, a Certified Information Systems Security Professional (CISSP), an AIAA Associate Fellow, and is a Licensed Professional Engineer in Software Engineering, the 7th individual so licensed in the United States. He is a senior research program manager, formerly with Skunk Works, now in Aeronautics Engineering and Technology Cybersecurity Directorate.  Research interests in Security and Safety Assurance for Systems and Software.  Ben is an Adjunct Professor at Southern Methodist University and University of Texas Arlington teaching graduate courses in System and Software Security Engineering.  A former Vietnam Era USAF F-4 Phantom fighter pilot with 2000 flight hours. A grandfather of 10, great grandfather of two.

Margee Herring is a Sr. Cybersecurity Engineer for Lockheed Martin Aeronautics, Advanced Development Program (ADP) in Fort Worth, Texas responsible for system level implementation of the DoD Risk Management Framework (RMF) and other engineering standards across many aeronautical platform types. She is a respected cybersecurity subject matter expert and technical instructor available to cybersecurity professionals at Lockheed Martin. She has been a cybersecurity professional for space-based platforms and many other projects across Lockheed Martin. For fun, she enjoys mentoring the next generation of cybersecurity engineers, as well as participating in STEM projects through LM. She has driven NASCAR and Indy cars at Las Vegas Motor Speedway and Indianapolis.  Mrs. Herring and her husband are the proud pet-parents of two very active Westie’s.

Concepts of Loss-Driven Systems Engineering

13:00 - 17:00 — Mark W. Winstead (The MITRE Corporation, USA)

Abstract

Systems engineering focuses on the optimized delivery of desired capability, an optimization that must consider unintended effects of the system including the negative.  The systems engineer must consider the types and effects of losses that can be experienced by stakeholders due to the development and use of the system within its operational environment and the environment’s adversities.  Loss-driven systems engineering seeks to formalize an approach to address the potential for loss and associated effects that can occur as a result of developing and employing an engineered system.

Currently, the potential for loss associated with a system is typically addressed independently by specialty engineering areas (e.g., safety, security, reliability, availability, maintainability).  Also, emerging specialty areas (e.g., resilience, critical infrastructure protection) have the common objective of explicitly addressing the potential for loss and associated effects. Emerging thinking and insights reveal that benefit from both the systems engineering and specialty engineering perspectives to leverage the many commonalities and synergies around how loss and associated effects are addressed through requirements, architecture, design, analytics, modeling, simulation, and verification.

This half-day tutorial will explore the early observations of commonalities in thought and analysis methods that capture systems thinking and control theory. A loss-driven systems engineering framework for a process will be presented using safety, security, and resilience as a basis. The framework is a top-down one that treats the system as composed of elements that delivers capability as an emergent property of the system. Explicit attention will be given to addressing loss that results from unintended and undesirable effects of the system.  This will be done at multiple levels of aggregation: at the component level, at the level of the composed end-to-end system, and at the system of systems level.

Summary of Learning Objectives 

At the conclusion, participants will be able to explain or describe:

  • Systems security parallels in safety and similar emergent system properties that deal with loss
  • A means to reason about loss and assets
  • An exemplar approach to loss-driven SSE
  • Role of assurance and loss

Tutorial Outline

  • Background and some theory
  • Avoiding, minimizing and recovering from loss
  • An introduction to a framework for loss-driven systems engineering
  • Identify Hazards and needed constraints
  • Modeling and analyzing the control structure
  • Identifying loss scenarios
  • Assets and loss: Reasoning basis for explicit focus on loss
  • Asset of interest
  • Context of loss
  • Significance of loss
  • Cause of loss
  • Addressing loss
  • Confidence in Addressing loss
  • Role of Assurance
  • Controlling behavior, interactions and outcomes

Course Level

Beginner

Instructor Details

Primary Contact

Mark Winstead

MITRE, [email protected]

Instructor(s)

Mark Winstead
MITRE
[email protected]

Daryl Hild
MITRE
[email protected]

Instructor Bios

Mark, The MITRE Corporation’s Systems Security Engineering Department Chief Engineer, had over twenty-five years’ STEM experience before joining MITRE in 2014, including stints as a crypto-mathematician, software engineer, systems engineer, systems architect and systems engineer as well as systems security engineer. He has worked for several defense contractors, an Environmental Protection Agency contractor, a Facebook-like start up, a fabless semi-conductor manufacturer of commercial security protocol acceleration solutions, and a network performance management solutions company.

In addition to serving as a chief engineer, Mark works with various MITRE sponsors, helping programs with security engineering as well as teaming with others on integrating SSE into the acquisition systems engineering process. He has also worked with the MITRE Institute on developing materials for training in SSE.

Mark is a graduate of the University of Virginia (PhD, Mathematics) and Florida State University (BS & MS, Mathematics). He resides in Colorado Springs, CO.

Daryl's career spans 3 decades consulting on systems engineering solutions that span US Army tactical communications networks, IT networks and systems management solutions; NORAD / NORTHCOM air warning and missile warning systems, the US Air Force global positioning system, space systems, and cyberspace security. He is currently the Department Head for the Systems Security Engineering department within the MITRE Systems Engineering Tech Center. Prior to MITRE, Daryl was an Army Signal Officer. He received his BS in Electrical Engineering from Washington University, St. Louis, MO; and his MS and PhD in Electrical and Computer Engineering from the University of Arizona, Tucson, AZ.