Page 1

ais

ACCESS AIS NEWSLETTER | ISSUE 2 MAY 2018

President and CEO Chuck Green discusses our refreshed aisVALUES of how we live + Stories our values every day

PAGE 6

Your Benefits in Action: Scott Souva explains how AIS benefits and support helped him through his battle with cancer PAGE 14

Interview with SAE Project Manager Glen Roberts PAGE 5


•

AIS ACCESS

CONTENTS

MAY 2018

[2]

4

HIGHLIGHT

New Video Highlights UAS Security Capabilities PAGE 5 PROFILE ON SAE PROJECT MANAGER GLEN ROBERTS

6

FEATURE

Our AIS Values Debut with Stories PAGE 6 A LETTER FROM CEO CHUCK GREEN

14

H R U PDATE S

Your Benefits in Action PAGE 16 NEW CAREER SECTION ON AIS WEBSITE


ACCESS

Dan Kalil VP, Commercial & Marketing Erin Bushinger Manager, Marketing & Communications Chris Penree Senior Creative Jonathan Ziegler Webmaster & Designer Scott Murray Commercial Business Assistant AIS ACCESS is a publication of the Marketing & Communications Department of Assured Information Security (AIS). Founded in 2001 and headquartered in Rome, New York, AIS provides government and commercial entities with industry-leading capabilities in support of complex and ever-changing cyber security threats. AIS is committed to the advancement and application of cyber and information security through the offering of state-of-the-art technologies, research, development, testing and operational support. For more information, please visit ainfosec.com.

SECTIONS

ais

MAY 2018

4

HIGHLIGHT

5

PROF ILE

6

F E AT URE

AIS ACCESS

Our AIS Values with Stories of How We Live Them

13

IN T HE COMMUNIT Y

14

HR UPDAT E S Your Benefits in Action New Career Section on AIS Website

20

COMPANY INF O

21

GRE YCAST LE NE WS

22

ANNOUNC E ME NTS

23

E VE NTS

23

T E C H NE WS AIS Delivers SecureView® 3.0 Technical Council Provides Advisement

[3]

Zecora Initiative From IRAD to Success - IntroVirt® Artic Eagle Excercise

Thank you to this issue's contributors: Tom Blake, Nicole Capodiferro, Andrew Criscolo, Steve Flint, Jaime Giardino, Rick Gloo, Chuck Green, Tim Hanna, Reg Harnish, Cliff Hickok, Adam Hovak, Sean LaPlante, Pat McHarris, Tom Milley, Bobbie O’Brien, Jeremy Painter, Sal Paladino, Steven Pape, Rian Quinn, Glen Roberts, Marissa Salzone, Myron Schlueter, Scott Souva, Charles Spinelli, Rich Turner and Phil White.

AIS Rochester, NY Office


MAY 2018

AIS ACCESS

HIGHLIGHT

New Video Highlights UAS Security Capabilities

E [4]

arlier this month, Marketing debuted a video highlighting our Unmanned Aerial Systems (UAS) security capabilities featuring Project Manager Glen Roberts and members of the Systems Analysis and Exploitation (SAE) Group. Be sure to check it out at: http://bit.ly/2FYTkgj or on our social media pages. AIS provides our clients with industry-leading cybersecurity services at any stage of a product’s cycle, including the initial concept and design, research and development, rollout and sustainment. Our unique team, comprised of experts in cybersecurity, engineering and computer science will help ensure that a drone manufacturer’s UAS platform and associated command and control (C2) infrastructure are protected against cyber attacks.

Eric Thayer (right), Joe Reith (center) and Tiffany Mahoney (left) inspect a drone during the UAS video filming.


MAY 2018

AIS ACCESS

Hometown Fillmore, New York

Family I have a wife, Irene, and two boys, Andres and Alejandro (11 and 12).

PR O F I L E Glen Roberts Project Manager

Favorite food Pizza!

What do you do in your free time? In my free time, I like to read, listen to audio books, and learn how to play the guitar and violin.

Dream car 1961 Jaguar E-Type Roadster

Favorite sport team Philadelphia Phillies

Who inspires you? Humble people

Any pets? Just my two boys…

What is your dream job?

G

len Roberts is a Project Manager for the SAE Group, specializing in penetration testing, reverse engineering, embedded systems security and exploitation, drone security and professional cybersecurity education. Prior to joining AIS, Glen spent more than 16 years in law enforcement working in New Jersey. During his career in law enforcement, he earned his bachelor’s degree and master’s degree in Cybersecurity (Computer Forensics and Cyber Operations) from Utica College (UC), where he currently teaches graduate and undergraduate cybersecurity courses. Glen also holds the following certifications: • CISSP (ISC2)

“I taught Glen in both undergraduate and graduate cybersecurity courses and he was by far the most dedicated student I ever had,” said Kalil. “As I got to know him, I was so impressed with the drive he had to excel in the field of cybersecurity. He was a husband and father working full time as a cop and not only putting himself through school, but was also simultaneously attending numerous certification training courses. He was very creative in finding ways to fit his courses into his packed schedule. "The more I got to know Glen, I knew he would be a great fit at AIS. Even • OSCE (Offensive Security) though he didn’t necessarily match our typical technical hiring profile, I had con• OSCP (Offensive Security) fidence he would succeed at our com• Security+ (Comp-TIA) pany. What he lacked in experience was Dan Kalil was Glen’s professor at made up in his dedication and ability to UC and was extremely impressed with learn new things. Glen has been with Glen’s motivation and work ethic. us for a few years now and is an asset to AIS. Never have I seen anyone in his field with the drive that he has.”

Dictator of a small country

If you could be any animal, what would you be? Polar Bear, with fuzzy slippers

Favorite place in the world Wherever my family is.

Pet peeve Clowns

What is something you are bad at? Singing opera. Actually, singing in general.

What is the most memorable moment of your life? Riding across the United States on a sport bike, just to see a motorcycle race, in both 2005 and 2006.

Is there any advice you would give to a person who is starting out in your chosen career? Be curious. Keep learning. Keep improving. Be courageous.

If you won $1 million tomorrow, what would you do with the money? Pay off my debts and setup a trust fund for my kids.

In one word, describe yourself Epic

[5]


MAY 2018

AIS ACCESS

F E AT U R E

aisVALUES Exemplified By You, Our Most Valuable Asset

MAKE IT

To Our Employees,

[6]

Sometime ago I established values that I felt best reflected our company and us as individuals. While these values have and continue to remain guiding principles, it became apparent that most employees were not even aware of their existence! Simultaneously, the Marketing Department set out on a path to formally establish our brand identity and developed a working theme titled: A brand that reflects our core values as exemplified by you, our best asset. This theme made me reevaluate the values and I felt like something was missing; review and input from our employees…the heart and soul of this company. Thanks to your commitment and effort, our company has updated, official values. I cannot thank those who participated enough because it is a clear signal that you embrace the importance of values and realize the vital role they play in shaping and preserving our culture. These values aren’t just a list of fancy words or phrases picked out of a hat; they are the product of comprehensive and indepth introspection, deliberation, collaboration and ultimately, consensus amongst those who participated.

No matter which direction AIS takes in the future, our values remain fixed, steady and true. They define the way in which we as employees and humans strive to act. Our values exemplify our character and how we interact with and treat others and are the essence of our company’s identity. Moving forward, our values will be intertwined into everything we do. From internal and external communication to

"No matter which direction AIS takes in the future, our values remain fixed, steady and true."

Empower progress through trusting one another. Be practical, simple and realistic.

BE

TRANSPARENT Practice responsible, open and honest communication.

ADAPT AND OVERCOME

Embrace challenges and the opportunities they present through collaboration and fearless innovation.

LIVE performance reviews, orientation, the interview process and our new brand, the values will constantly and consistently be present. They will assist in the decision-making processes, educate clients and potential customers about what our company truly stands for and will support recruitment and retention. We are all responsible and accountable for practicing and living our values every day. I hope you enjoy the following stories that represent our company values. Thank you!

Chuck Green Branding Progress Timeline

Prepare

HAPPEN

Discover

Analyze

Establish

Create

Publish

BOLDLY

Aspire to be exceptional in all aspects of life. Be willing to take risks, always striving to learn and grow.

DO THE

RIGHT THING Operate with integrity in a respectful, ethical and accountable manner.

AIS Brand Project Update Posters debuting our new aisValues are displayed in all AIS locations along with 2018 calendars, ASCII conversion tables and pocket cards being handed out to all employees. Defining our values is part of the initial steps in the Establish Phase of the Brand Project, which is now progressing into the development of our brand guidelines. This is a big milestone for our company that will not only guide our brand going forward, but will support our company's future as well. Keep an eye out for more information on the AIS Brand Project soon!


MAY 2018

MAKE IT

HAPPEN

M

embers of the Agile Cyber Solutions (ACS) Group – Sean LaPlante, Patrick McHarris and Stephen Pape – recently learned how working together and going above and beyond can leave a lasting impression. The team was subcontracted through Lockheed Martin to work with the National Cyber Range (NCR) on testing government technology, which was funded through the Test Resource Management Center (TRMC). The Army came to NCR and asked them to test a tablet and discuss speculatively how they would test a communications device. In a very quick turnaround time of two weeks, the team decided they could do better than speculate and with a little

hard work, go beyond what was asked and actually test the communications device. “We quickly ordered the parts we needed and got to work,” said Sean LaPlante, an E3 Engineer working with the ACS Group. “Hardware hacking of this type is not something we normally do at NCR, but we knew with some effort we could get it done. Our customer didn’t ask us to do it because they didn’t think there would be enough time. When we were able to demo our findings instead of discussing them, we knew they were impressed.” Sal Paladino, Program Manager of the ACS Group, was very proud of his team for feeling empowered to take on a project that would exceed their customer’s expectations.

RIGHT THING Myron Schlueter (right) presents Tom Milley (left) with an Excellence Award.

I

AIS ACCESS

Pat McHarris (left) and Sean LaPlante (right) experiment with a Raspberry Pi.

DO THE

n May 2017, Thomas Milley, a subject matter expert in Digital Forensics Lab Configuration Management working on site at the Defense Cyber Crime Center (DC3) in Linthicum, Maryland, received the AIS Customer Service Excellence Award as well as a DC3 Excellence Award from Lockheed Martin for helping the DC3 Forensics Lab recover data from Reagan-era Bernoulli drives and other media in support of a new classified program. His work as the Lab Configuration Manager and his technical expertise in obtaining this legacy equipment and data proved invaluable

in achieving the remarkable data recovery results. The Government Program Manager that received the rescued data stated that the information saved the government at least $300 million and three to five years of up-front program schedule. Lieutenant General Anthony J. Rock, the Inspector General of the Air Force, expressed his appreciation to Tom for the significant contributions he brings to the team as well as the entire DC3 Forensics team, whose innovative thinking, resourcefulness and specialized skills bring great credit to DC3, the US Air Force and the Department of Defense. Myron Schlueter, Program Manager for AIS and Tom’s supervisor, couldn’t agree more. “Tom has developed a very close and trusted relationship with the customer and his expertise in digital forensics and lab management are invaluable to

“There is a tremendous amount of planning that goes into these types of exercises and it begins months before the start date,” explained Paladino. “For our team to be able to handle a scope change in real-time and effectively test a piece of hardware when it was not part of the planning process, it really shows our ability to adapt as well as our commitment and determination to deliver great results for our customer.” The Army representative they were working with was also very pleased with the team’s effort. “At the end of the day, everyone was happy… our customer as well as their customers,” said LaPlante. “The Army representative made it clear to our client that he wanted to continue working with our team, which is a good feeling. It was a very successful event.”

the customer and the DC3 mission,” said Schlueter. “Tom is well respected by the entire DC3 team, government and contractor personnel. He is trustworthy, has a strong work ethic and friendly demeanor, making him a great team member.” Milley has been with AIS for two years and feels like he is where he is supposed to be. “I have really enjoyed my time with AIS and this customer,” said Milley. “I try and live by the servant leadership philosophy, meaning I do my job and serve and at the same time aspire to lead others. I strive to put other people first and make sure everyone’s needs are always met. It’s very important in my role with our client that I always do the right thing and I inspire others to want to do the same as well.”

[7]


MAY 2018

AIS ACCESS

LIVE

BOLDLY AIS Lives Boldly with the Open Source Bareflank Hypervisor and Exceptional Testing Practices

A

[8]

App

App

OS1

n AIS customer once said, “We could spend $500 to develop a piece of software in the lab and $500,000 to test it for readiness in real world conditions.” Bareflank Hypervisor is an example of an AIS product that has built the testing and evidence of functionality and reliability into the product from the ground-up. By incorporating testing into the design and development process, end-users considering the technology can save significant time and money in adopting and deploying new hypervisor technologies that are based on Bareflank. The Bareflank Hypervisor is a App App software development kit co-founded by Rian Quinn OS2 and Brendan Kerrigan in 2015.

Hypervisor

What is a hypervisor? Hardware A hypervisor is the basic underlying technology that enables cloud and Example of type-1 virtualization based technologies. Most hypervisor technology consumers don’t realize that they likely interact with many systems daily (banking, e-commerce, taxes, video streaming, etc.) that are hosted within virtual environments. Underneath all those apps and software is a hypervisor quietly chugging away and making it all happen. By definition, a hypervisor enables one physical computer system to appear as many virtual computer systems using software that multiplexes access to the underlying computer resources. In other

words, this architecturally low-level tech- • Bare Metal Hypervisors (also known nology needs to work well for long perias type 1, such as Xen) ods of time. • Late Launch Hypervisors (also known What sets Bareflank apart as type 2, such as VirtualBox) from other hypervisors? • Host-Only Hypervisors (no guests, When AIS employees decided to such as MoRE, SimpleVisor and undertake Bareflank, they were very HyperPlatform) well versed in hypervisor technologies Along with Bareflank’s lightweight, and fully understood the common voids modular design, the entire hypervisor and pitfalls within the technology space. The Bareflank Hypervisor is a bold un- has been written using test-driven dedertaking in that it is written in the C++ velopment. All Bareflank’s code comes programming language (not common complete with a set of unit tests to valfor low-level technologies) and comes idate that the provided code works as packaged with a highly automated and expected. These tests are validated robust testing suite. By using the C++ using Coveralls, and Travis CI has been programming language, software de- setup to test styling via Astyle, and static/ velopers are afforded the features of dynamic analysis via Clang Tidy, Codacy the C++ language (exceptions including and Google's Sanitizers. The team also the C++ Standard Template Library via has a strict adherence to the CII Best libc++, shared pointers and complex Practices, and the C++ Core Guidelines data structures such as hash tables, including support for the Guideline maps, lists, etc.) and are freed from the Support Library. “Because our hypervisor is so well more primitive and sometimes cumbersome programming constructs of C, the tested, companies that need their programming language more commonly equipment and tools accredited are very pleased with Bareflank from a reliability used in hypervisor development. Bareflank was also designed to al- perspective,” said Rian Quinn. “For cuslow software developers to easily ex- tomers in critical automation industries tend the product to rapidly prototype such as medical or transportation, their new hypervisor technologies of their goal is as precise accuracy as possible, own. Bareflank essentially lowers the as fast as possible. Their tools need to barriers of entry for developers to con- comply with an immense amount of regtribute to hypervisor advancement and ulations, part of which includes the testenables exciting new contributions from ing that AIS has done with Bareflank.” Among many projects at AIS that developers, ranging from academia to industry. To this end, Bareflank's primary live boldly, Bareflank is another great goal is to remain simple and minimalistic, example of taking a research and develproviding only the scaffolding needed to opment risk, that when accomplished, construct more complete/complicated provides a foundation that enables us to provide customized solutions to mulhypervisors including: tiple markets.


MAY 2018

AIS ACCESS

ADAPT AND OVERCOME A Bronx Tale… of Death Threats and Wireless Geolocation Told from the perspective of Rick Gloo, Senior Advising Engineer for AIS

A

s we walked up the stairs from Penn Station in New York City, our contact Izzy, whom we had never met, called Dan Kalil on his cell phone and said, “Walk to the curb, I will be there in five minutes. I am driving a grey vehicle.” Five minutes later, a grey vehicle quickly pulled over to the curb and Dan and I hopped in with our new

A rendezvous location under a bridge in Manhattan where Dan and Rick met law enforcement officers Mike and Chubby.

friend Izzy, a 25-year New York Police Department (NYPD) street cop who at the time was employed by the NYS Attorney General (AG) and appeared in street clothes. Izzy began driving through the NYC streets with a degree of grace and speed like no other to take us to our rendezvous location under a Manhattan bridge next to the Hudson River. I did not know it was possible to

move throughout one of the country’s largest cities so quickly. While driving through the streets, Izzy yelled at pedestrians, flashed his badge at traffic cops to go against their direction and maintained a calm conversation with Dan and myself throughout all the chaos. How it All Began A few weeks prior in September of 2009, Dan and I were in Buffalo, New York, briefing the Wifi Investigator technology, which had been under development for about two years, to a group of law enforcement officers. Wifi Investigator was a technology developed in the early days of 802.11 Wifi, when commodity access points were being sold to consumers without security protections like the early pre-cracked WEP and now WPA. Criminals became aware of this new free, semi-anonymous internet access, and would park outside the residence of an unsuspecting access point owner, conduct their dirty deeds and then leave. Law enforcement would ultimately trace the illegal activity back to the residence of an innocent family or grandmother, with the wrong-doer long gone and no means to track the original offender. Local New York State law enforcement contacted AIS for a technology solution to this growing problem and we began working on the technology under Internal Research and Development (IRAD). In the case of the Bronx Tale, law enforcement was dealing with a case of death threats made against politicians from an open access point. While the domestic law enforcement threat remained, the original technology was matured under the Joint Improvised Explosive Device Defeat Organization (JIEDDO) contract as the threat of terrorists using wireless detonation methods was growing significantly.

another local NYS AG law enforcement officer by the name of “Chubby”. Chubby looked like something straight out of the Sopranos. He had slicked back hair, a nice button up shirt, fanny pack and a fancy gold watch. Apparently Chubby was involved in the investigations that led to the downfall of a large NYC crime family, but all he seemed to do on this trip was eat cannolis and read the paper when he was supposed to be making sure we didn’t get shot. Lilliput LCD touch screen

Tough book laptop

[9]

Black and Decker "Start It" Battery for LCD

802.11 directional antenna

While under the bridge, Mike provided a rough game plan. We were going to head up to the Bronx and eat lunch at a BBQ joint Chubby had seen on “Diners, Drive-ins, and Dives,” then we were going to swing by the local precinct and let them know we were going to be in the neighborhood in the event there was a “sweep and we got picked up”. Next, we were going to do a test run to the local hospital so everyone knew the evacuaWhich Way to the Nearest Hospital? tion route, just “in case something hapWhen we reached our destination pens”. At this point, I knew I was in well under the bridge, we met our contact over my head. Mike, whom we had met weeks prior in Buffalo and invited us on this trip, and continued on next page


MAY 2018

AIS ACCESS

ADAPT AND OVERCOME

CONTINUED

[10]

The Power of Cardboard and Duct Tape Weeks prior after Dan signed us up for this “adventure”, the technology was nowhere near ready. In a corn field in West Winfield, New York, it worked most of the time, usually with three to four engineers carrying a laptop and large directional antenna. That setup was not going to fly in an urban environment. The team needed to get that entire package of random duct taped parts down to a backpack-size system or less. In preparation, the team ran around the office scavenging parts from other teams. Munki (Eric Thayer) and team provided a small USB touch screen LCD that could be used to extend the display from the laptop. Random connectors and wires were gathered from other teams. We could get the system into a backpack and semi-concealed using a hiking rain-cover. The key component was a piece of cardboard that would

The BBQ joint location with “Diners, Drive-ins and Dives” fame.

the investigation. Unfortunately, at the end of the four data collection sessions, we had not observed activity from the suspect’s wireless devices. As the non-technical Izzy commented, “I am Long Gone sure your technology is great, but that Once we completed all our prepara- dude is long gone.” tory test drives and emergency hospital route drives we went into data collec- Lessons Learned The lessons learned from this expetion mode. We were dressed as Radio Frequency (RF) Technicians looking for rience significantly shaped rethinking a new place to install a radio antenna, the design after returning to AIS headfully equipped with fluorescent vests quarters. It was extremely valuable as a and hard-hats. Once on the street, it was technical team member to put ourselves clear the local community was not falling in the role of the end users and figure for our disguise and they began throw- out what we had to adapt and overcome ing random items from the roof-tops to make the technology work. A lot of when we were leaving after the first data design assumptions quickly went flat collection. Over the course of two days, within a representative environment. we conducted four one-hour data col- Specifically, we had never considered lections. While collecting we would walk in the design, using the technology in three separate buildings looking for live a potentially unwelcoming environment activity from a set of 15 wireless device where the time to conduct a data collecaddresses that were identified earlier in tion and geolocation is very short. “This is a perfect example of how we are always moving things forward at AIS,” said Kalil. “The request to assist law enforcement got us out of our comfort zone and pushed us to overcome the challenges we were facing with the technology. It also provided us with a new use-case scenario that allowed us to take what we learned and improve our product.” While this engagement did not result in a successful apprehension or resolution of a wireless threat, the Wifi Investigator technology later went out to be used by security operations teams supporting critical missions and by local law enforcement. From a local law enforcement perspective, AIS and the team was extremely proud to learn that the Wifi Investigator technology had been used as a tool in the investigation against perpetrators of crimes against children. Wifi Investigator is a great example of how AIS has contributed to supporting and continues to support law enforcement and security operators. This work would not be possible without the efforts of all of those at AIS and our relationships with industry partners. keep the laptop lid open and prevent it from turning off (yes, we checked the BIOS, nothing worked to keep the laptop powered-on).


MAY 2018

AIS ACCESS

BE

TRANSPARENT Transparency Breeds Loyalty “There is always room for improvement when it comes to being transparent,” said Andrew Criscolo, Senior Engineer for AIS. “But it’s not a one-way street – transparency needs to come from all directions.” Criscolo has been an engineer at AIS for nearly 12 years and is part of the SecureView® team. He has worked at the company since it’s early inception and has watched it grow into what it is today. One of the things he likes about working at AIS is the transparency from the top down, but he also knows that it is part of his job to be open and honest as well. “Obviously when the company was small, it was much easier to be transparent,” said Criscolo. “But even with the growth that we have experienced, our leadership team has good intentions to tell us like it is, and I really appreciate that – they share what they can.” There was a time several years ago when AIS was struggling through the government budget sequestration, which meant that until told otherwise, government payments would stop, new starts wouldn’t be funded and funding could potentially even be pulled back. The company had no choice but to make some very difficult decisions regarding its staffing. There simply wasn’t enough money to pay everyone’s salaries without the funding coming in, so changes were made to help not only ensure the future of the company, but to protect its current employees, their families and customers as best as possible. The sequestration impacted all defense contractors and to handle the funding cut, many employees at large contractors were laid off. Knowing that at some point the funding would start back up again and the company would need to be properly staffed to address its customers’ needs, AIS avoided an extensive layoff and developed a comprehensive plan that would have the least impact possible on its employees including the leadership team taking voluntary pay cuts, a hold on raises and some employees either being furloughed, working four-day work weeks or at last resort, being laid off. After the sequestration was over, the company experienced exponential growth due to winning most of the work that was bid on during that time and employees were ready and available to come back to work full force. “I will never forget the day that our CEO Chuck Green sat us all down in a room and told us step by step exactly what was going to happen,” said Criscolo. “None of what he was

[11]

saying was good news, but he explained to us how the circumstances were going to be handled. There were some very Chuck Green, CEO of tough moments throughout, and probably not everyone feels AIS talks to employthe way I do about the situation, but I feel that in the end, he did ees about the new what he said he was going to do and that really helped me feel aisValues. like I could trust the overall compass of AIS. It’s hard because when being transparent, you aren’t always telling people what they want to hear, but at the end of the day, it’s the right thing to do and it made me grow in respect for Chuck. Ultimately, AIS worked through this difficult situation together, with "I will never forget the day that our few, if any, surprises and came out CEO Chuck Green sat us all down stronger. I think it says a lot about in a room and told us step by step our culture.” exactly what was going to happen," There are many benefits to achieving and sustaining transparency in the workplace. Honesty and empathy help build solid workplace relationships, generate employee alignment with the company’s vision, assist in solving problems faster because employees understand the issues at hand, and enable employees to be engaged in the company and its culture. Transparency breeds loyalty, but loyalty goes both ways when it comes to the workplace. continued on next page


MAY 2018

AIS ACCESS

BE

TRANSPARENT CONTINUED

[12]

Transparency is a Two-Way Street Anyone who has worked with Criscolo knows that he can be an open book. In Criscolo’s mind, it is the transparent culture at AIS that has enabled him to communicate comfortably. “As an employee, I rely on my supervisors to provide feedback about my performance and let me know what my role and value is relative to the organization,” said Criscolo. “Because AIS enforces the fact that each employee is a valued member of his or her team, I feel it is my duty to speak openly and honestly because I know my opinion is valued. That doesn’t mean it’s wise to speak without thinking first, as it’s important to know your audience, as well as to gauge what someone is capable of taking in. Not everyone can handle direct criticism or can hear the unfiltered truth, so you have to reach those people through other means. But at the end of the day, it is all of our jobs to try and be the change we want to see within our company. This is ingrained in our AIS culture.” And Criscolo’s transparency hasn’t gone unnoticed. “All of our employees should feel comfortable expressing their thoughts, and I know that I can always look to Criscolo to give me his honest opinion,” said Chuck Green. “Our company is built on ideas from the talented, intelligent people we have working for us and it is employees like him that are driving us in the direction we are headed. I hope all our employees are as comfortable as he is in telling it like it is in appropriate situations. It really is a good trait to have and one we value and encourage at AIS.” There is a long list of things Criscolo likes about working at AIS but one of the top things is how much working with his team feels like a family. His team allows one another to be themselves and be real with each other, which helps build the great rapport they have. “Everyone on my team knows I am a bit of a germaphobe, and while they do

ridicule me a little for it, no harm is ever intended,” said Criscolo with a smile on his face. “We all really do try to be accepting and accommodating of each other’s quirks and appreciate one another for who we are. Everyone wants to feel secure in their position within the company and on their team, and the best way to facilitate that, in my eyes, is by being honest and building trust with one another. It is very easy to get absorbed in your work and lose scope of the fact that it’s our interaction as a team,

"Our company is built on ideas from the talented, intelligent people we have working for us." the unified front we attack each problem with, that produces the world-class results we’ve come to expect at AIS. It’s intensely empowering to be surrounded by intelligent, hardworking peers, and to know that they are as much a resource to me as I am to them. I’ve seen that if I trust in and communicate transparently with my coworkers, we can succeed in even the most difficult endeavors.”


MAY 2018

AIS ACCESS

IN THE COMMUNITY

Helping Those In Need

Employees were busy this past fall and winter collecting toys, food and monetary donations to support our communities.

United Way

We surpassed our $10,000 goal and raised $12,488! Your donations truly make a difference for those who need assistance through the multiple community agencies the United Way funds.

[13]

Things of My Very Own, Inc. Three trips were made by Toys for Tots volunteers to collect the toys and gifts employees donated to local children who otherwise may have not received a Christmas gift.

Rome Rescue Mission – Holiday Food Drive More than 1,075 pounds of food was contributed to feed those less fortunate during the holidays. Special thanks went out to Team SecureView®, who donated everything on the Mission's ‘need’ list for a total of 700 pounds of food!

GrayCastle Security employees raised $5,000 to support a non-profit called Things of My Very Own, Inc. in Schenectady, New York. This organization provides crisis intervention services to children impacted by extensive abuse or neglect. With the money, items such as clothing, blankets, hygiene products and food were purchased to support 17 children!

RTGX Food Drive

The original goal of collecting food to feed three families during the holidays was quickly surpassed by RTGX employees, who collected enough food and monetary donations to feed eight families for six months.

Thank you to everyone who donated to or coordinated these important community events!


MAY 2018

AIS ACCESS

H R U P DAT E S

Your Benefits in Action

[14]

Scott Souva discusses upcoming business development pursuits with colleagues.

D

uring a time when many people are concerned about rising healthcare costs and saving for retirement, AIS has taken those worries away for its employees. Offering robust benefits is all part of the company’s culture, which focuses on its best asset – its employees. “Our employees are our priority, and we know if we take care of them, they will in turn provide the same care to our valued customers,” said Chuck Green, CEO of AIS. “We have some of the smartest men and women in the industry working for us, so we do all that is possible to reduce any worries they may have

so they can have a great life at work and hometown to receive his treatments and routine checkups. at home.” “My biggest advocates were my Support Beyond Benefits wife, children and the AIS team,” said Scott Souva has worked at AIS for 12 Souva. “AIS allowed me to work around years, currently serving as the Director my doctor appointments, treatments of Corporate Development. Souva says and sickness from chemotherapy. They he will stay with AIS until he retires, es- recognized the side effects of my treatpecially after experiencing firsthand ments and provided outstanding suphow rare it is to work for a company that port throughout the entire process. And is so supportive in more ways than just because of the extensive time off benegood benefits. fits offered by the company, I remained In May of 2012, Souva was diagnosed employed full-time throughout the entire with Stage IV cancer. Five months follow- treatment process.” ing his diagnosis, he began chemotherSouva says he could not have won apy treatments in Syracuse, New York. his battle with cancer without AIS’s His treatment regimen included chemo support. “Each chemo treatment cost treatments for 6 months followed by upwards of ten thousand dollars, and 24 months of antibody therapy, during if it wasn’t for AIS, I would have likely which he faced hour long trips from his faced bankruptcy,” said Souva. “I quickly learned the value of the AIS health insurance offerings, as as the flexibility the compa“My biggest advocates well ny provides to its employees. I were my wife, children could not have done this without the support I received from and the AIS team.” my co-workers, supervisors and the leadership team.”


MAY 2018

AIS ACCESS

A Doctor Visit in One Easy Call

W

hile recently traveling to Florida for work, AIS employee Tom Blake learned how valuable the telemedicine service was at saving him time, money and the headache of trying to reach his physician back home. “I was on travel for AIS and came down with a very painful ailment,” said Blake. “I thought I had two choices – Urgent Care (where I knew I would be stuck in a crowded waiting room with sick people), or try calling my doctor back in Rome. I called my doctor at 8:30am, and a nurse called me back at 11am to tell me she would talk to the doctor and get

back to me later. Then I remembered the Excellus Blue Cross Blue Shield (BCBS) telemedicine service. I logged in and set up an appointment for 20 minutes from then. The doctor video called my laptop exactly on time and talked to me for about 10 minutes. He called in a prescription to a local pharmacy and I picked it up within the hour. It was a quick, easy experience and I would highly recommend it to anyone in a similar situation.”

"The doctor video called my laptop exactly on time and talked to me for about 10 minutes."

Tom Blake recounts his experience using Telemedicine while away for travel.

Did you know

[15]

Did you know that nine out of 10 visits to Emergency Departments (ED) in New York State are considered “potentially preventable”? This means that a condition could have been treated somewhere other than the ED, which is the most expensive treatment option. On average, a trip to the ED costs eight times the cost of seeing a primary care physician, or fifteen times the cost of using telemedicine. Through Excellus BCBS, all AIS employees have the telemedicine

option, allowing you to visit with a US board-certified doctor by video conference or phone for non-emergency medical conditions. The cost is no more than $40 and you can pick your physician and setup your appointment within minutes! For more information about telemedicine, visit excellusbcbs.com/wps/portal/ xl/telemedicine-facts/

Conditions Treated Via Telemedicine: • Allergies • Asthma • Bronchitis • Cold • Constipation • Diarrhea • Ear Infections • Fever • Flu • Gout • Headache • Infections

• Insect Bites • Joint Aches • Nausea • Pink Eye • Rashes • Respiratory Infections • Sinus Infections • Skin Infections • Sore Throat • Urinary Tract Infections


MAY 2018

•

AIS ACCESS

New Career Section on AIS Website If you haven't had a chance yet, visit the updated Career section on the AIS website at ainfosec.com/careers. The career, benefit and culture pages have been revamped to help support recruitment. Be sure to check out our employee testimonials!

[16]

2018 Hires to Date

2018

January

February

March

April

May

June

YTD

AIS

7

5

1

0

1

2

16

RTGX

1

1

0

0

0

0

2

Total

8

6

1

0

1

2

18


MAY 2018

AIS ACCESS

Anne Hartman

has been named Program Manager of the Advanced Research Concepts (ARC) Group. In this position, Hartman is responsible for ensuring the creation of revolutionary cyber concepts in machine learning and behavioral sciences as well as customer satisfaction with AIS efforts in support of the United States (US) Department of Defense (DoD) cyber-security strategy. Prior to joining AIS, Hartman was an Adjunct Faculty Member in Information Systems and Security at Villanova University. Before teaching at Villanova, she was Director of Central Services for Oneida County in New York, and previously the Director of Operations at NYSTEC. Hartman holds a bachelor’s degree in Business and Public Management from SUNY Polytechnic Institute of Utica/ Rome in Marcy, New York. She is located at AIS headquarters in Rome.

Jeri Hessman

has been named Program Manager for the Systems Analysis and Exploitation (SAE) Group. Prior to joining AIS, she has held legislative support positions on Capitol Hill, and has worked in support of science and technology research, development and transition at the Department of Justice National Institute of Justice (NIJ), the Potomac Institute for Policy Studies, the DoD (Office of the Secretary of Defense), the Department of Homeland Security (DHS) Science & Technology Directorate and the National Protection and Programs Directorate and most recently at the Defense Advanced Research Projects Agency (DARPA). She is also a volunteer with Capital Caring and is a member of the Junior League of Washington. Hessman received her bachelor’s degree from Seton Hill University in Greensburg, Pennsylvania and her master’s degree in Comparative Foreign Policy from American University in Washington, DC. Hessman is located at the AIS office in Lorton, Virginia.

[17]


MAY 2018

AIS ACCESS

A Journey to Excelle Leadership team attends Disney Institute of Leadership Excellence

B

[18]

eing a leader isn’t just a title. Leadership is about taking actions to create sustained, positive transformations within oneself, his or her team, as well as an organization. In late October of 2017, it was announced to our company’s leadership team that they would be participating in the Disney Institute’s Leadership Excellence course. Who better than Walt Disney’s successors to teach the ins and outs of being a great leader? But this wasn’t any ordinary corporate leadership course… this was about personal leadership and empowering yourself and those around you. On Tuesday, January 30, 2018, twenty members of AIS’s leadership team embarked on a personal journey that they will never forget. They spent four intensive days in Orlando, Florida, developing leadership skills that allowed

them to establish their personal values and vision while developing a plan to support implementation into our work environment. Real-world examples from within The Walt Disney Company provided the opportunity for the team to learn by seeing success in action. AIS leadership went behind the scenes at the theme parks, participated in cooking and communications challenges, and spent time interacting directly with company’s leaders and employees to witness how they lead by example and instill Disney’s mission in every single employee, no matter what his or her role is in the company. “One moment that stood out to me was when we shadowed a college intern working in the busiest of all parks, Magic Kingdom,” said Dan Kalil, VP of Commercial Operations for AIS. “At first, the objectives of this seemingly simple assignment were not clear to me but

Leadership in Action Here are a few things leaders at AIS are doing to incorporate what they learned into their every day practices.

then it clicked. This young student was empowered and expected to be a leader, properly addressing a wide range of needs and questions and with limited support, just like every other employee of Disney. Disney expects each employee to be a leader and embrace that their interaction with a guest can make or break a family’s Disney experience. Some people save for a lifetime to go to Disney and one negative interaction can ruin their entire trip. This, along with the company’s mission and values, is engrained into every Disney employee’s mind as soon as they step foot onto Disney property.” Through a lot of critical thinking and “ah-ha” moments, the AIS leadership team worked diligently to get the most out of the sessions they attended. This was truly a personal journey that provided the opportunity to identify what drives them to be a leader and understand how

Cliff Hickok

Security Manager/CPSO Cliff took away two very important points from the training – intentional communication and the value of feedback. Cliff has been making it a point to meet with the managers of each Business Unit to find out more about what they do and how the Security Department can support their goals and needs. “It’s a simple concept, but has been great meeting with managers face to face and discussing how we can work together to support the company,” said Hickok. “By intentionally communicating with one another, it limits the guess work and saves time in the end.”


MAY 2018

AIS ACCESS

ence their role at AIS is infused with our company’s culture.

Now What? When attendees returned from the conference, they were given a few days to put together a presentation regarding their main takeaways from the experience, what their personal goals are as a leader and how they were going to implement those goals into their team. “A major takeaway I learned from Disney is the core values are the foundation of a company and they don’t change over time,” said Chuck Green, CEO of AIS and an attendee of the Leadership Excellence course. “This leadership training was so valuable because it gave us the tools necessary to look at the decisions we make and ask ourselves why we are making them. Having a strong

Erin Bushinger

foundation will benefit not only our employees, but our customers as well. If we work well as a team, are all on the same page and are able to trust each other, there really is no limit on how far we can go.” After each leader’s presentation, the takeaways, focuses and goals were compiled by the team into the following categories so they can be tracked and measured: • Values • Actions • Trust • Ownership/Accountability • Effective Communication • Empowerment/Leadership at all Levels

way to find out what each team member believes is important and it is a good Manager of Marketing and way to hold each other accountable. I Communications have them up on my wall so I remember Two of the top themes Erin took away to keep them in mind every day.” from the conference was setting clear expectations and the importance of enabling constructive conflict. Erin has re- Reg Harnish viewed her values with team members CEO of GreyCastle Security and had them identify what their values The major takeaways Reg got from are based on their role within the team. “Being a new department, it was dif- the sessions were corporate values ficult to set expectations for employees are the company’s compass and effecwhen I, myself, was new to the compa- tive CEOs lead from the front. Reg has ny,” said Bushinger. “Now that I have my been working tirelessly on a mission and feet wet and we have dove into support- values for his company and was proud ing marketing efforts for AIS, reviewing to introduce them to his employees at our values together has been a great

“Based on the information presented, each leader is being held accountable for incorporating the tools and methods they learned into their departments and business units,” said Green. “This was an important investment in our leadership team and it is not something we are taking lightly or will fall off the radar. It is vital to our company’s success that we follow through on what we learned and experienced.”

a company-wide meeting on Friday, March 23, 2018. “Infusing our values into our people, processes and culture is a critical next step for us,” said Harnish. “GreyCastle has experienced significant growth and I don’t think there is an end in sight. Now more than ever, I felt it was important to set the compass for where we are heading.”

The leadership team poses for a photo with Mickey Mouse at Disney Institute of Leadership Excellence.

[19]


MAY 2018

AIS ACCESS

C O M PA N Y I N F O

Safety & Security 101 Whether at work, home or on vacation, there is no such thing as being too secure. Below are some tips from AIS’s Security and IT Department on how to keep your information, as well as yourself, safe:

01

Report any suspicious contacts/loiterers to your Security Department and manager.

your audience and surroundings 02 Know when talking about proprietary information. you are going on vacation, check travel 03 Ifadvisories/warnings at the Department [20]

of State (DOS) website: travel.state.gov/ content/travel/en/traveladvisories/

ACT 2 Agile Cyber Technology 2

AIS has been awarded the Agile Cyber Technology 2 (ACT 2) contract, a multi-million-dollar, five-year, Indefinite Delivery/Indefinite Quantity (IDIQ) contract. AIS is one of five companies that received this award from the Air Force Research Laboratory (AFRL). The IDIQ contract provides a funding mechanism for any federal government department or agency to award a contract to AIS in a simple, expedited manner, with a ceiling totaling $950 million. ACT 2 allows AFRL, its product centers and the operational community to support rapid research, development, prototyping, demonstration, evaluation and transition of cyber capabilities. This award is the result of a competitive acquisition and 22 offers were received. Congratulations to all the employees who worked tirelessly to make this happen!

wary of unsolicited attachments, even 04 Be from people you know. the amount of personal 05 Limit information you post.

06 Be wary of third-party applications. software, particularly your web 07 Keep browser, up to date.

2018 Contracts Information to Date

3

Prime Contract Awards $48.8 million in contract ceiling (ACT 2 has additional $950 million ceiling)

4

Subcontract Awards

10

Subcontracts Issued or Task Orders


MAY 2018

AIS ACCESS

GREYCASTLE NEWS

GreyCastle Security Staff Earn Cybersecurity Excellence Awards

G

GreyCastle Security employees (left to right) Francesca LoPortoBrandow, Reg Harnish and Marissa Salzone.

reyCastle Security CEO Reg Harnish has been named Cybersecurity Consultant of the Year in North America by the Cybersecurity Excellence Awards for the second straight year. Additionally, Marketing Director Marissa Salzone was named 2018 Marketer of the Year for North America and Director of People and Culture Francesca LoPortoBrandow was named 2018 Recruiter of the Year. GreyCastle Security was also named a finalist in the Cybersecurity Company of the Year (Between 10-48 Employees) category for the second consecutive year. The highly competitive independent awards competition, produced in partnership with the 350,000-member Information Security Community on LinkedIn, honors the world’s best cybersecurity products, professionals and organizations that demonstrate excellence, innovation and leadership in information security. “It’s a great honor to even be mentioned as a finalist for this award by my peers, but to win it two years in a row is a testament to the hard work we put in for our clients all day, every day,” said Harnish. “I share this honor with my GreyCastle Team – they are the reason I love walking through these doors every day. And, that connection is one of the things that makes us so successful.” Salzone, who joined GreyCastle Security in 2016, was recognized as Marketer of the Year, in part, for her ability to elevate the firm’s reputation as one of the top cybersecurity services

providers in the nation. “It is so fulfilling to have a job in which my main objective is to spread awareness about the need for cybersecurity and how an effective, defensive strategy can help businesses thrive,” said Salzone. “With the support of GreyCastle Security, Marketing’s messaging not only is educational, but has the flexibility to be fun and entertaining. My team is allowed to take mainstream topics and equate them to cybersecurity.” Meanwhile, LoPorto-Brandow, who joined GreyCastle Security shortly after Salzone, in 2017, is credited with having a keen eye for talent. She has been able to secure some of cybersecurity’s most sought-after professionals, despite working in an industry that has experienced an unprecedented skills gap. “GreyCastle would not have experienced as much growth as we did in 2017 without the support of our team of existing talent, whose high standards for skills and, most importantly, cultural fit, lead our recruiting efforts,” said LoPorto-Brandow. Since LoPortoBrandow joined the team 18 months ago, GreyCastle’s staff has nearly tripled in size, growing from 20 employees to nearly 60. Under the leadership of Harnish, GreyCastle Security has experienced four consecutive years of triple-digit growth, and is currently working with organizations in nearly every state in the United States, including Fortune 5000 and Global 100 organizations. Visit www.greycastlesecurity.com for more information.

[21]


MAY 2018

AIS ACCESS

ANNOUNCEMENTS

Expanding Our Footprint Rochester, New York AIS recently put finishing touches on its new operating location in Rochester, New York. Sharing the same floor as GreyCastle Security, four employees currently occupy the office with plans to continue to expand, with space for 10 employees. “We are very pleased with the new office space,” said Tim Hanna, Software Engineer for AIS. “We believe the many office amenities including the downtown Rochester location, local security community, the modern office design and rooftop deck will help attract quality employees to AIS.” The new office is located at 85 Allen Street, Rochester, New York.

[22]

Lorton, Virginia Strategically located in proximity to the DC area and Reagan National Airport, the new AIS office located in Lorton, Virginia, is beginning to take shape. The office features numerous private offices, a break room and a spacious lab and conference room. “Our Lorton location will not only help with recruitment, but will make it very convenient for client meetings,” said Steve Flint, Chief Operating Officer for AIS. “We currently have multiple open positions at this office and it will also provide AIS employees traveling to the DC area a nice place to work.” The Lorton office is located at 10430 Furnace Road, Suite 130, Lorton, Virginia.

AIS Assists Local Law Enforcement in Utica College Threat Arrest

O

n Monday, March 5, 2018, Utica College was locked down for hours after violent threats were phoned into the school. Students and staff huddled under desks until the campus was evacuated, as law enforcement agencies searched buildings and cleared areas. In support of our community and on behalf of AIS, employees Dan Kalil and Rick Gloo provided law enforcement with cyber forensics assistance. Specifically, Dan and Rick gave technical insight into the anonymizing technology that was thought to be used by the suspect and helped with the interrogation of a wireless (WiFi) access point, also believed to be accessed by the suspect during the course of the threatening calls. On Tuesday, March 6, Utica Police arrested Fahrudin Omerovic, 23, an online student at the college, and charged him with four counts of making a terroristic threat, which is a felony. Due to the fact that the case is still under investigation, findings specific to the wireless router are not available at this time. AIS has received many praises in the media and from local officials for assisting our law enforcement and helping to keep our community safe. Nice work Dan and Rick!


MAY 2018

UPCOMING EVENTS

AIS ACCESS

TECH NEWS

AIS Delivers SecureView® 3.0 17th Annual Leading MAY 22 EDGE Awards Networking 11 AM, event 12 PM @ 2018 SUNY Poly Fieldhouse, Utica, NY TU ESDAY

AIS is being honored at the Leading EDGE Awards luncheon; an annual event hosted by Mohawk Valley EDGE to recognize companies and individuals responsible for the economic growth of the Mohawk Valley. For more information visit: www.mvedge.org/2018/04/27/ leading-edge-awards-may-22/

FRIDAY

JUNE 6 2018

J.P. Morgan Chase Corporate Challenge @ Onondaga Lake Park, Liverpool, NY

Come cheer on Team AIS in the 3.5 mile run! For more details visit www.jpmorganchasecc.com/city/syracuse

T

he SecureView® team is pleased to announce the delivery of SecureView® 3.0, the latest cyber platform for the DoD and coalition partners. SecureView® 3.0 is built on the principles of security, usability, enterprise scalability and a foundation of next generation technologies. “This release is years of expertise and effort culminated by the SecureView® Team, resulting in more than 50 new features and capabilities now available to the warfighter,” said Richard Turner, Program Manager for SecureView®. SecureView® 3.0 is currently undergoing certified accreditation for both Secret and Below Interoperability (SABI) and Top Secret and Below Interoperability (TSABI) deployments. “I’ve only recently began working with the Cross Domain and Virtualization Solutions (CDVS) Group, but it wasn’t hard to see the effort put forth by the SecureView® Team

[23]

to make this release a success,” said Adam Hovak, Operation Manager of the CDVS Group. “We know this is our best release yet and we’re as excited as our AFRL customer to get this out to the operators.”

About SecureView®

W ED NESDAY

SEP. 26 2018

6th Annual GreyCastle Security Cybersecurity Symposium

7:30AM - 3:30PM @ Albany Capital Center Keynote Speaker: Brian Krebs, Globally recognized cybersecurity journalist and investigative reporter

SecureView® software transforms ordinary, commercial PCs and workstations into cyber-hardened, trusted platforms, secure enough to protect access to the US Government’s most sensitive and classified information, and national security systems. SecureView® is a hardened, client-hosted virtualization solution that enables independent and concurrent access to multiple security domains, providing performance independent of network bandwidth and server contention issues, giving analysts

consistent responsiveness for visually intensive analysis and collaboration. SecureView® provides state-of-the-art security while maintaining cost effectiveness and ease of use. The platform can handle a wide variety of applications, from general office to performance-intensive 3D graphic applications, from different security environments, all running on a single virtualized platform.


MAY 2018

AIS ACCESS

Technical Council Provides Advisement

A

[24]

next generation of leaders. To accomplish this, a company needs a well-defined path to leadership that is accessible to those who are interested. It is important for the company to also allow those who are not interested in being on a leadership path to continue doing their best work without impediments. Historically at AIS, an engineer at the E4/E5 level would be given the Principal Investigator (PI) role, which has come to mean multiple things in a variety of contexts. As AIS grows and evolves, the duties and scope of the PI must be re-evaluated to reflect the way the company does business both now and in the future, and the Tech Council has been working to envision the future of this role. This leadership path conversation emerged organically at the last senior technical leadership off-site and after internal discussions with Human Resources (HR) and leadership, the Tech Council was charged with establishing a process for soliciting feedback from various stakeholders including technical staff and management to formally define the future of the PI position. To accomplish this task, a smaller work group was formed including six members from the Tech Council (Andrew Criscolo, Brandon Haines, Chris Hall, Chris Patterson, Mike Wileczka and Rob Dora), Program Managers Anne Hartman and Phil White, and Jeremy Painter and Cheryl Valenti from HR. Using a formulated plan and derived data, the group’s goal is to arrive at one or more accurate job descriptions for those interested in senior technical leadership roles, without gaps or unintended overlaps with other roles. The Tech Council’s Role in process they are currently following has provided granularity that will assist Building a Leadership also in determining individuals who may be occupying more than one position and Path may need additional support to help It is critical to the success of any grow- them excel. It will also ensure continuity ing company to foster and inspire the should any of those individuals resign or

IS recently revived the Technical Council, comprised predominately of senior technical staff. The purpose of this council is to provide corporate-level advisement and support on issues and initiatives with regards to technical information flows, research integrity, product quality, enabling vision and fostering culture and an enjoyable work environment. The council provides support and guidance for tasks such as reviewing proposals/business development, promoting communication between upper management and engineers, and maintaining the AIS software development process. "The Tech Council helps eliminate the echo chamber that often exists within teams, at the corporate level, between engineers and in ourselves,” said Andrew Criscolo, Senior Engineer and Tech Council member. “When engaging the council, one is exposed to a variety of voices, all equal, and the feedback received will often challenge his or her point of view, which apart from building consensus, is one of the major values of having this group. I love that it exists not because we were told to exist, but because we are uniformly passionate about continually improving our company and creating the best work environment and most successful business we can. At AIS, we are being empowered and encouraged to tackle these issues, which is amazing, and speaks volumes about the kind of company we are and aspire to be."

become unable to perform their job. This enables AIS to plan for success by staffing teams appropriately and both broadens (by allowing non-lead engineering career progression) and sharpens (by clearly defining engineering leadership growth) career opportunities for AIS engineers. “The work the Tech Council has accomplished on the leadership roles project has yielded an in-depth method to analyze how different leadership and management roles overlap,” said Jeremy Painter, HR Business Partner. “This is very beneficial for HR because it gives us a benchmarking tool to compare future jobs against. The council’s perspective has been invaluable.”

Get Involved The council, which meets monthly, has already seen positive outcomes such as advocating for training on how to handle unclassified sensitive documentation, increased collaboration amongst program groups and senior engineers, and contributions to the continued fostering of the R&D core.


MAY 2018

AIS ACCESS

Zecora Initiative AIS Developing New Products

A

IS has made significant product development commitments under the internal code-name “Zecora”. The project’s goal is to build three distinct commercial products, Median, and internally code-named High Winds and Fire Streak.. This major internal investment by AIS illustrates the company’s commitment to reinvestment in the work of its employees. “Zecora is a multi-year project, with checkpoints and milestones at each stage,” said Phillip White, Program Manager for the Zecora project. “Our success will open the doors for other similar projects for other AIS teams.” Rian Quinn serves as the Principal Investigator to Zecora and has high hopes for the project. “We have been working diligently to make sure a solid business plan is in place for Zecora,” said Quinn. “With this type of investment from AIS, it is important that we have a supported business model. Each quarter, we are validating the market for the products we are developing through customer input. We are also holding ourselves accountable to execute on market development goals, not just technology development goals.”

Median Of the three products, Median (originally Spitfire) is the closest to completion. Based upon OpenXT, Median is designed to serve as a supported commercial replacement for XenClient XT. Product development is being done at AIS’s Chelmsford, Massachusetts location. A pilot customer for this product has been identified and the software is currently operational on hardware provided by the prospective customer.

High Winds High Winds will enable authorized users to efficiently establish secure communications paths that can safely relay classified information across unclassified networks and/or facilities. This represents a significant cost savings to users. The product is currently under development, with much of the work being done at AIS corporate headquarters in Rome, New York.

Fire Streak Fire Streak is a supported commercial hypervisor built on the Bareflank hypervisor toolkit. The product is targeted towards multiple use cases, including isolating automated control systems from monitoring systems, ultra-low-latency processing needs, life critical or life sustaining systems. Bareflank provides best-in-class product testing and validation to reduce customers’ deployment costs. There is strong interest in Fire Streak from industry, which the team hopes to capitalize upon to ensure a successful launch.

Naming and Branding for Median The Marketing Department worked directly with the Median team to gather background information on the product and continuous feedback throughout the naming and branding process. Naming begins with a brainstorming session to think of as many options as possible and leads to the generation of ideas that are unique and memorable – the objective of any good logo and brand. After refining the options, the logo design process begins. From there, many different ideas were created and further refined to four different designs. Following the selection of the final design, color options were developed and the team decided on the unique mark that you see below. The Median logo differentiates itself from competing products through clever use of negative space and unique color choice. The final step in the project was to develop a product information sheet to explain to potential customers the reasons Median is their best choice for a secure multi-network access solution.

[25]


MAY 2018

AIS ACCESS

From IRAD to Success Introspective Virtualization (IntroVirt®)

E [26]

mployees who work at AIS know that their company is committed to reinvestment – and that’s exactly how AIS’s IntroVirt® was launched. IntroVirt® is a customized Xen and KVM hypervisor and library that provides a robust virtual machine introspection (VMI) application programming interface (API). VMI is the process of looking at the memory contents of a VM during runtime. By applying knowledge of the guest operating system, introspection can be used for a variety of applications, including reverse engineering, debugging software and securing guest VMs by limiting access to files or limiting an executing application’s functionality. Stephen Pape, a Senior Engineer who has been with AIS since 2010, submitted an Internal Research and Development (IRAD) proposal to the

App

App

App

OS1

App

OS2 IntroVirt® Hypervisor Hardware

Leadership Team at AIS in 2012 proposing to build this VMI tool. After consideration, the IRAD was approved and funded by AIS, and IntroVirt® was born. Since then, IntroVirt® has proved to be a huge success, paving the way for more than $10 million in government funded contracts since its inception. “Oftentimes AIS is able to leverage IntroVirt® when bidding proposals,” said Pape. “Since we already have this technology, we are able to tell prospective customers that we plan on leveraging IntroVirt® to solve whatever problem they might have.” Presently, AIS has multiple proposals out totaling $5.5 million that if awarded, will utilize IntroVirt®. AIS was awarded a US Patent on IntroVirt® in April 2015, naming Stephen Pape as the inventor. Chuck Green, CEO of AIS says that ideas like IntroVirt® are what set AIS apart from the competition. “We encourage and foster a culture of innovation at AIS. We are always looking to invest in our employees and the technology they develop.”

IntroVirt® • Supports 32 and 64-bit Windows guests, with Linux guest support under development. • Provides an API for event-based introspection. • Developers can hook events like system calls, context switches and software breakpoints. • Is capable of parsing operating system specific context from memory/registers. • Wrapper classes handle system calls and data structures transparently. • Its wrappers abstract away the specific details, allowing a developer to write code that targets multiple versions of Windows.


MAY 2018

AIS ACCESS

"...we are able to directly see the results of our technical work done in the lab and how it will benefit the national security personnel tasked with protecting our country.”

Arctic Eagle Exercise The Agile Cyber Solutions (ACS) Group Participates in Alaska National Guard’s Arctic Eagle Exercise

A

n electronic sensor on the more than 800-mile stretch of the Trans-Alaska Pipeline System was just triggered. A potential leak is happening, so you send a team out to respond. When the team shows up, it was a false alarm, but then another alarm goes off, then another, and before you know it every sensor is chiming. This scenario is very real, and all it takes is one malicious cyber attacker to make it happen. As part of Arctic Eagle 2018, Alaska National Guardsmen trained on how to identify a potential cyber threat with help of the of ACS Team. The ACS Group gave a demonstration called “Introduction to Agentless Threat Hunting” at the exercise held at Joint Base Elmendorf-Richardson in Anchorage, Alaska, in February 2018. The purpose of this training was to ensure service members can proficiently identify cyber threats in real-life scenarios, and can operate in a joint, interagency, intergovernmental environment in artic conditions. Multiple cyber-based scenarios were part of the exercise, the first being a satellite crash followed by exercises on cyber security and cyber protection. The statewide exercise involved national, state and local agencies

including National Guard members from Alaska, Colorado, Connecticut, Indiana, South Dakota, Utah and Washington. “Providing training and field readiness support to National Guard users lends context to how our technologies will actually be used within real-world conditions and constraints,” said Rick Gloo, a Senior Advising Engineer for AIS and a presenter for the ACS Team. “Another great aspect of these events is that we are able to directly see the results of our technical work done in the lab and how it will benefit the national security personnel tasked with protecting our country.” Members of the ACS Group that supported this event include: Austin Benincasa, Brodie Davis, Nate Flower, Rick Gloo, Patrick McHarris, Adam Meily and Jason Nashold.

[27]


Assured Information Security 153 Brooks Road Rome, NY 13441

S G N I N E P O B O J D E R U FEAT Malware Analyst/ Reverse Engineer Linthicum, MD Engineering AIS is currently looking for a Malware Reverse Engineer. Candidates should have an in-depth understanding of low level programming in C, C++, or Assembly (x86). Solid experience performing static analysis of malware using IDA Pro to determine functionality. Must possess the ability to work both independently and as a team to support existing malware analysis infrastructure to meet mission deadlines. Candidates should be highly motivated with an interest in continuously learning and improving their skills.

System Engineer

Software Engineer III

Rome, NY

Rome, Rochester, and Syracuse, NY, Lorton, VA

Computers/Software Help us develop and maintain the quality of supported open source solutions for SecureViewÂŽ. The AIS SecureViewÂŽ Government team is looking for a System Engineer to join us in Rome, NY. In this role, you will be a member of a team consisting of software developers, test engineers, and project leads. You will work with a highly integrated product to automate testing scenarios, and work closely with the development team and the rest of the test team to provide best practice testing strategies.

Find out more at

ainfosec.com/careers

Computers/Software AIS is looking for software engineers with skills in C and Python in a Linux development environment. Experience with Web development (Flask, Tornado, Bootstrap, JavaScript, HTML5) is a bonus. Experience with Docker, Make/LLVM/Cmake/Clang, C++ are also valuable, but not a requirement. Our team focuses on research and development of cutting edge, highly-integrated and customizable tools for cyber operations. From embedded systems to servers, drivers to distributed backend services - and all points in between - we help the cyber warfighter be adaptive, efficient and effective.

AIS ACCESS May 2018  
AIS ACCESS May 2018  
Advertisement