Five Questions With Mark Orlando of Raytheon Intelligence, Information and Services
Jul 30, 2019 Jessica Bettencourt
With Black Hat Las Vegas right around the corner, the InkHouse security practice and its clients are gearing up for the marquee cybersecurity event. As part of our special “Black Hat: Under the Hood” content series, today we’re pleased to feature Mark Orlando, Chief Technology Officer of Cyber Protection Solutions at our client, Raytheon Intelligence, Information and Services.
Mark began his security career in 2001 as a security analyst. Since then, he has built, assessed, and managed security teams at the Pentagon, the White House, the Department of Energy, global Managed Security Service Providers and numerous financial sector and Fortune 500 clients. While serving as Director of Operations at Foreground Security, he designed and launched a Managed Detection and Response (MDR) service offering and helped to invent an automated cyber threat hunting technology, both of which were later acquired. He enjoys teaching and learning from others, and we look forward to his presence at Black Hat and DEF CON this year.
While in Las Vegas next week, Mark will be speaking at DEF CON’s Blue Team Village on Saturday, August 10 at 4:30 p.m. PT in a session titled, “When a Plan Comes Together: Building a SOC A-Team.” The talk will cover the challenges of finding security talent, honing it to meet your specific mission, and retaining it for modern operations teams. He’ll also discuss creative ways to find, train, and equip a security operations “A-Team.” You don’t want to miss it!
We sat down with Mark to learn his insider perspective and what he’s most looking forward to at this year’s Black Hat and DEF CON conferences. Here’s what we learned:
Q: What are you most looking forward to this year? What gets you most excited about Black Hat?
[Mark Orlando]: Many attendees use Black Hat/DEF CON as an opportunity to network and catch up with colleagues they don’t often see, and I’m certainly looking forward to doing that. Some of the briefings I’m interested in are the DevOps and Security talk by Kelly Shortridge and Nicole Forsgren, the Infighting Among Russian Security Services talk by Kimberly Zenz, and Frameworks to Measure Persistent Engagement and Deterrence by Jason Healy and Neil Jenkins. Ultimately, this week is all about gaining new perspectives on old problems in security – especially in areas like critical infrastructure and aviation, which are very relevant to the work we’re doing at Raytheon.
Q: What are your thoughts on the evolution of the conference and where it’s grown to today?
[Mark Orlando]: There’s no question that the conference has grown exponentially over its lifetime in terms of attendance and content, and there has been a lot of debate in the community about whether that’s a good or bad thing. Some of the changes that have come with that growth, like an increase in vendor and marketing content, seem to be at odds with the conference’s roots in security research and training. That being said, there are still lots of brilliant people sharing great technical knowledge there – you just have to be ready to plan your attendance to get what you want out of it. Personally, I like more content and more choices of topics and events. Diversity of thought is critical to solving a wider range of problems and developing better, faster solutions, and I think overall the conference has done a good job expanding its horizons.
Q: What are some trending topics you expect to take center stage this year?
[Mark Orlando]: There has been more of a focus in recent years on defensive security and non-technical topics like policy and human factors, and I think we’ll see those kinds of briefings getting more coverage and attendance this year. Hopefully this trend will continue so we can bring in more diverse viewpoints and expand the event in 2019 and beyond.
Q: Any tips you’d like to share with our readers who may be attending Black Hat for the first time?
[Mark Orlando]: Plan ahead. The time flies and the events can be overwhelming, so try to set some goals for what you want to get out of it and make a plan before you get there. For people working in public policy, government and other friends new to the conferences, I recommend checking out the Lost Policymaker's Guide to Hacker Summer Camp. It is a great resource to help non-traditional attendees understand the conference and identify the areas where they will gain the most insight. Don’t be afraid to take breaks to recharge. Drink lots of water.
Mark, thank you for taking the time to share your expertise with us. We learn so much more by sitting down and hearing from industry experts like yourself.
Watch for more “Black Hat: Under the Hood” Q&As coming soon, where we continue to hear from thought leaders in the infosec community ahead of the big event. If you’re in Las Vegas next week and want to schedule a meeting, please email firstname.lastname@example.org today!