Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
The Security Benchmark ReportCybersecurity News

Gary Gagnon: Unique-ness

By Mark McCourt
Gary Gagnon
November 1, 2014

Many organizations protect their cyber infrastructure by looking inward, focusing on their own networks and systems. They dedicate themselves to reducing the attack surface, assessing their vulnerabilities, and conducting system patching – all to continuously monitor their own networks.

To Gary Gagnon, senior vice president and chief security officer of the MITRE Corporation, this defense posture makes about as much sense as having Tuuka Rask turn his back on the opposing team during the Stanley Cup playoffs. Rask, the star goaltender for the Boston Bruins, doesn’t fend off slapshots by staring at his own goal’s crossbar or checking the durability of the net. He focuses on his opponents, watching as their playbook unfolds, identifying their weaknesses and signaling to his teammates for backup.

Gagnon thinks this strategy can be just as effective in protecting cyber assets. “Initially, we were like a hockey goalie facing the net instead of watching the threat. By turning around, we get to work on knowing the opponent, understanding their moves. We are able to balance security against threats. Our defenders become collectors of information and intelligence to build a defensive strategy and optimize response,” he explains. “Learning as much as possible about the adversary’s tactics and techniques gives us an edge in discovering and stopping attackers.”

As the director of cybersecurity at MITRE, Gagnon plays a key role in guiding the defense of some of the nation’s most critical cyber assets – those of the Federal Aviation Administration, the Department of Defense, and the Department of Homeland Security. He has unique insights into his client base, having held leadership positions in solving information security issues for the U.S. Army, U.S. Navy, and National Security Agency.

MITRE is a not-for-profit organization that operates federally funded research and development centers (FFRDCs). Government agencies establish FFRDCs to address specific, long-term needs that can’t be met by in-house staff or traditional contractor resources. In this capacity MITRE plays a unique role as a trusted adviser to both military and civilian government agencies.

For Gagnon, earning and preserving that trust means never recommending any cybersecurity capability or approach to a sponsor that hasn’t first been tested on MITRE’s own computer networks and systems.

“We realized that we needed to run our network security solutions here to understand and prove them out before taking them to our government sponsor customers,” says Gagnon. “That way, we practice what we preach and we preach, what we practice.”

MITRE’s approach to cyber defense is based on the “kill-chain” framework, originally developed by Lockheed Martin. The kill-chain depicts the phases of a cyber attack, comprised of a series of steps that an adversary might take to compromise, control and exploit a target. 

By better understanding adversaries – their tendencies, techniques, tools and intentions – organizations can bolster their threat-based defenses and improve their chances of preventing, detecting and mitigating cyber intrusions.

“MITRE adopted the ideas, practiced them, added to them, and started talking about them, and promoting them with our sponsors,” says Gagnon.

In fact, MITRE offers many ways to help sponsors adopt this more proactive stance. For instance, it helps diverse stakeholders create partnerships for sharing detailed cyber threat information, which can then be used to improve the defense capabilities of each individual member. Partnerships also give members tools and strategies they might not otherwise have access to.

In keeping with his commitment to “practice what we preach,” Gagnon test ran this integrated approach to intelligence- and resource-sharing at MITRE before bringing it to clients. One of his first moves as CSO was combining MITRE’s physical and information security divisions, a departure from industry standard. “These functions cannot and do not operate independently,” he says. “They’re all part of a security ecosystem.”

This security ecosystem consists of a highly capable and motivated team. MITRE relies on an all-inclusive approach, in which every security team member can manage, rather than just route, an issue or inquiry through to resolution. “We work as risk management advisers for the organization,” notes Gagnon. “Our value is rooted in continuous improvement, sharing what we learn and changing thinking about security to a threat-based defense model.”

To share information across an entire community, there needs to be a common language and Gagnon has led MITRE’s efforts to establish and communicate software industry security data standards to fortify vendor products against vulnerabilities.

To fully understand the critical needs of his sponsors, Gagnon focuses on customer engagement. “At MITRE, we view security as a team sport and operate as a team,” he says. “It’s the only way to gain adoption across our various organizational departments, understanding client issues and demonstrating due diligence to ensure success.”

 

Security Scorecard

  • Annual Revenue: $1.7 Billion
  • Security Budget: Confidential

 

 Critical Issues

  • Brand Protection/Intellectual Property/Product Protection/Counterfeiting/Fraud Protection
  • Business Expansion Support

 

Security Mission

  • Asset Protection/Theft
  • Enterprise Resilience        
  • Fraud/IP Theft: External, Partner and Insider Threats
  • Regulatory Compliance
  • Risk Management Planning
  • Supporting Business Growth
  • Supply Chain
  • Technology Integration and Management
  • Workplace Violence   

Read more thought-leading strategies and success stories from security frontrunners in more 2014 Security 500 Report profiles here. 

KEYWORDS: cyber security awareness cybersecurity preparedness Gary Gagnon MITRE security thought leaders

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mark McCourt was once the publisher of Security magazine.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • feat

    Developing Multi-Tasking Security for Unique Lobbies

    See More
  • Lynn Mattice

    Influence: Gaining Unique Insights

    See More
  • How to Research Your Enterprise's Unique Risks - Security Magazine

    How to Research Your Enterprise's Unique Risks

    See More

Related Products

See More Products
  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • highriseproductphoto

    High-Rise Security and Fire Life Safety, 3rd edition

See More Products

Events

View AllSubmit An Event
  • July 17, 2025

    Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

    What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.
  • May 14, 2012

    AXIS P5544 Network Camera

    In this webinar we will cover the new AXIS P5544 and its unique ability for one camera to incorporate two different lens types.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing