Foxtrot Division Capabilities Collection
-
Upload
jeff-hunter -
Category
Software
-
view
253 -
download
0
Transcript of Foxtrot Division Capabilities Collection
this is not business-as-usual
this is rock-and-roll
capabilities collection
what we do
CONTACT
US!
What’s yourMISSION?
SOFTWAREENGINEERING
CYBER SYSTEMSENGINEERING
CYBERSECURITY
DEVOPS
USEREXPERIENCE (UX)
DATA & INFORMATION VISUALIZATION
1.
2.
3.
5.
6.
4.
we create secure systems that deliver a brilliant user experience and help our clients be great at what they do.
softwareengineering
[email protected]://foxtrotdivision.us
�•��DevOps�Methodology��
•��Application�Assurance
•���User�Experience�(UX)
•��Defensive�Coding
•��Open�Source�Software�Support
STANDARDS EXPERTISE
• Software Assurance Maturity Model
(SAMM)
• Capability Maturity Model Integrated
(CMMI)
AUTOMATIONWe� provide� custom� software� to�automate�the�routine�and�streamline�workflows,� allowing� teams� to� spend�more�time�on�value-added�activities.
INTEROPERABILITYWe� create� the� “glue”� that� allows�multiple� heterogeneous� systems�to� communicate� with� each� other,�maximizing�IT�investment�value.
MISSION SUPPORTWe�create�custom�software�that�helps�our�clients�accomplish�their�mission,�from� cyber� defense� analytics� to�logistics�and�property�management.��
Writing code is our passion. Creating secure systems that function as intended and deliver a brilliant user experience is our purpose.
Delivering value Early and OftenOrganize requirements� into� functional�stories� with� short� development� times.� � Bake� in�security�along�the�way.
Refine concepts into�verifiable�requirements.�
Plan User Experience (UX) by�understanding� users,� workflows,� and�objectives.
Release functionality � incrementally,�as�it�is�developed,�tested�and�verified.
Validate functionality � by�obtaining� feedback� from� users� and�stakeholders.� � Is� it� really� what� the�users�want�and�need?
for (int i = today; i < endOfTime; i++) { goFurtherAndFaster(yesterday);}
CYBER SYSTEMS
[email protected]://foxtrotdivision.us
•���Systems�Engineering�&�Technical�
Assistance
�•��Agile/DevOps�Methodology��
•���Full�System�Development�Life�Cycle�
Support
STANDARDS EXPERTISE
• Software Assurance Maturity Model
(SAMM)
• Capability Maturity Model Integrated
(CMMI)
• Project Mgmt Body of Knowledge (PMBOK)
• International Council on Systems
Engineering (INCOSE)
• National Institute of Standards &
Technology (NIST)
ENGINEERING
Basic�to�advanced�technical�support�for�all�components�of�the�system.
SUPPORT
Establishing�systems��to�maintain�and�disseminate�project�knowledge�and�intel-ligence;�giving�stakeholders�info�they�need,�when�they�need�it.
KNOWLEDGE MGMT
Coordinating�system�deployments,�equipment�movements,�and�prop-erty�mgmt.
LOGISTICS
Analysis�and�management�of�requirements�through-out�the�life�cycle.
REQUIREMENTS MGMTStreamlined�change�and�version�control�for�rapid�integration�of�changes.
CONFIGURATION MGMT
Automated�verification�and�regression�testing.
TESTING & VERIFICATIONAgile�development/integration�of�system�components�focused�on�delivering�value�early�and�often.
ENGINEERING
Continuous�monitoring�of�risks�to�project�cost,�schedule,�scope,�and�
performance.
RISK MGMT
Application�of�regulatory,�statutory,�and�organiza-
tional�security�requirements;�automated,�continuous�
compliance�monitoring�and�assessments.
CYBER SECURITY
The project is itself a system, composed of many moving parts...hardware, software, people, processes, support systems.
Everything is connected. Everything matters.
REQUIREMENTS
MGMTCONFIGURATIONMGMT
CYBER SECURITYRISK MGMT
ENGINEERING
TESTING & VERIFICATION
LOGISTICS
SUPP
ORT
KNOW
LEDGE
MGMT
PROJECTMGMTDE
VOPS
deliver value early & often
QUALITY ASSURANCE verify delivered value meets standards
CYBERSECURITY
[email protected]://foxtrotdivision.us
DEFENDABLE by design
�•��Application�Assurance
•���Automated�Implementation,�
Assessment,�and�Monitoring�of�
Security�Controls
•��Risk�Management�Framework�(RMF)
•���Full�Security�Life�Cycle�Support
We don’t check boxes. We don’t shuffle paper.
We secure systemsand�that�includes�people,�processes,�and�nuts-and-bolts�engineering.
Our risk-based approach focuses on a thorough technical understanding of the system and its operating environment, its threats and vulnerabilities, and the
proper application of security controls based on risk tolerance.
MALICIOUS ACTORS
NATURAL DISASTERS
NON-MALICIOUS ACTORSIndividuals�may�inadvertently�cause�a�compromise�by�act�or�omission.
Hurricanes,�tornadoes,�lightning,�and�other�natural�events.
Malicious�actors�with�means,�motive,�and�opportunity.
Understand the SYSTEM.First,�we�must�understand�the�system�by�identifying the types of information�received,�processed,�stored,�and/or�transmitted�by�each�component.
Personally�Identifiable�Information�(PII)
Other�Information�Requiring�Special�Protection
Sources�and�Methods��Information�(SAMI)
Health�Information
Financial�Information
SOFTWARE PEOPLE
HARDWAREEmissions,�HVAC/
power�limitations,�no�redundancy,�lack�of�
port�security...
Lack�of�training,�social�engineering,�human�error,�improper�use�of�removable�media...
Lack�of�input�validation,�code�
defects,�lack�of�error�handling...
PROCESSESImproper�change�control,�insufficient�testing,�lack�of�patch�mgmt...
Understand the THREATS. Understand the VULNERABILITIES.
Apply the SECURITY LIFE CYCLE.CATEGORIZE
SYSTEM
SELECT SECURITY CONTROLS
IMPLEMENT SECURITY CONTROLS
ASSESS SECURITY CONTROLS
AUTHORIZE SYSTEM
MONITOR SECURITY CONTROLS
We�leverage�custom�software�and�off-the-shelf�tools�to�rapidly�implement,�assess,�
and�monitor�security�controls.
[email protected]://foxtrotdivision.us
�•��Custom�Workflow�Automation��
•���Versatile�team�members�doing�more�
with�less
•���Using�tools�and�collaboration�to�build�
better�systems,�faster
DEVOPSthe revolution will be automated...
OPERATIONS
STAKEHOLDERS DEVELOPMENT
USERS
Fund it. Create it.
Use it.Maintain it.
PEOPLE PROCESSES
TOOLS
Our�DevOps�approach�seeks�to�seamlessly�integrate�PEOPLE,�PROCESSES,�and�TOOLS�to�reliably�deliver�high�quality�systems,�faster.
AUTOMATION SUPPORT SYSTEMS
AUTOMATED HARDENING
AUTOMATEDBUILD & INTEGRATION
HARDEN BUILD VERIFY DEPLOY
We�create�custom�software�to�provide�secure� system� configurations� in� a�repeatable� manner� (that� don’t� brick�the�box).
We� use� off-the-shelf� software� to�continuously� build� and� integrate�changes�into�the�system�baseline.
AUTOMATED VERIFICATIONWe� create� automated� test� cases� to�verify�new�builds�meet�requirements,�and�don’t�break�the�baseline.
AUTOMATED DEPLOYMENTWe� use� centralized� management�tools� to�push� changes� to�production�systems.
DEVELOP BUILD
TEST & VERIFYQADEPLOY
OPER
ATE real-time collaboration & awar
enes
s
Centr
alized DEVOPS tools
CONT
INUO
US FE
EDBA
CK
R
APID RESPONSE TO CHANGE
[email protected]://foxtrotdivision.us
�•���UX�Designed�for�All�Participants�in�the�
System��
•���Structured�Process�to�Implement�
Effective�UX
•���Continuous�Feedback�for�Effective�
Process�Improvement
UXuser experience
Users matter most.Period.
WHO WE ARE DESIGNING FOR
CONTENT NAVIGATION FUNCTION FORM
Will�it�help�me�do�my�
job?
Will�it�be�easy�to�use?
Will�it�be�available�when�I�need�it?
How�often�will�it�need�human�intervention?
Will�it�integrate�with�tools�I�already�
use?Will�patches�be�available�in�a�timely�manner?
Will�it�be�secure?
What�business�metrics�will�be�available?
Will�it�add�value�for�our�users?
The Elements of User Experience (UX)
One�of�our�first�objectives�is� to� understand� and�logically� organize� the�data� and� information�stakeholders� need� to�perform�their�mission.��
We� design� an� effective�navigation� structure� to�ensure� stakeholders� can�find�what�they�are�looking�for�quickly,�easily,� and� in�a�repeatable�manner.
What�must�the�system�do?�We� seek� to� understand�how�each�stakeholder�will�use�the�system,�and�what�actions�they�need�to�take�to�perform�their�mission.��
The� appearance� of� each�component� is� designed�to�be�intuitive,�add�value,�and�have�logical�meaning�with� the� context� of� the�larger�system.
When designing a UX, we consider the wants, needs, and concerns of all participants
MAINTAINERS OWNERSUSERS
[email protected]://foxtrotdivision.us
�•���Custom�Dashboards�for�Business�
Analytics
•��Cyber�Defense�Watch�Consoles
•���Real-time�Project�Status
•��Intelligence-Oriented�Reporting DATA & INFORMATION
VisualizationRevealing the intelligencebehind the data.
We use design to reveal the truth in data. The truth about what’s happening now, what’s happened in the past, and what’s likely to
happen in the future.
G NORMAL (G) +/-�15%�from�goal
Y CAUTION (Y) +/-�16-31%�from�goal
O WARNING (O) +/-�32-50%�from�goal
R CRITICAL>50%�from�goal
INTELLIGENCE-ORIENTED DESIGNOur� design� focuses�on� presenting� the�most� concise,� factual�data� to� facilitate� rapid�analysis� and� response�by�stakeholders.�
How�is�the�project�doing?
Botnet�ActivitySubnet�HRIP: 192.168.10.2>> ACTIONS
What’s�happening�on�the�
network?
Custom dashboards and visualizations designed to help our clients be great at what they do.
WARNING CRITICAL
REAL-TIME STATUS.BASED ON REAL DATA.
RISK MATRIXHighly�Likely
Likely
Somewhat�Likely
Unlikely
Highly�Unlikely
LOW MODERATE HIGH
What�are�the�risks?
ScheduleG
CostO
ScopeY
PerformanceG