Ask a CEO how he or she rose to the top, and they’ll typically cite a litany of past upper level executive management roles, with a clear strategy to get there. But when you ask Al Grasso of The MITRE Corporation about his personal success, and what forces propelled him to the president and CEO role, he cites something very different.
In a conversation that I had with Grasso in August, he shared his modest approach to leadership and his career, which includes a strong commitment to hard work, a belief in the STEM field and mentoring and a purpose-driven, value-centered vision.
First, some background on The MITRE Corporation: it’s a not-for-profit organization that operates a number of federally funded research and development centers (FFRDCs) that assist the government with scientific research and analysis, development and acquisition, systems engineering and integration, identification and deployment of best practices, as well as providing agencies with independent unbiased advice. It also has an independent research program that explores new and expanded uses of technologies. MITRE has two principal locations in Bedford, Mass., and McLean, Va., and more than 60 sites globally, with 7,500 scientists, engineers and support specialists. Its 2015 revenue was $1.484 billion.
The company’s engineering focus is one of the reasons that Grasso was attracted to it. His parents pushed Grasso and his brother to earn engineering degrees: Grasso received his degree in electrical engineering from the University of Massachusetts Amherst, and then a master’s degree in computer science from Worcester Polytechnic Institute. He is also a graduate of the Program for Management Development at Harvard Business School.
He began his career at the Westinghouse Electronic Corporation, working on internal research and development activities that focused on advanced receiver technology using integrated acoust-optics as a means of signal transformation. Then, he moved on to MITRE’s Center for Air Force C2 Systems, where he entered as a technical staff member, working on satellite and terrestrial communication systems. He also served as Technical Director for the Battlefield Systems Division at MITRE’s Ft. Monmouth, N.J., site. He was responsible for directing an array of programs that are part of the U.S. Army’s Force XXI Battlefield Digitization Program. That role, he says, was most rewarding, as he helped develop the first tactical Intranet, changing the primary mode of command and control from voice to data communication. “It has become the heart of Army command and control,” he says. “It was an innovative response by MITRE.”
From 1999 to 2001, Grasso served as Vice President and Chief Information Officer for MITRE, then Senior Vice President and General Manager of MITRE’s Washington Command, Control and Communications (WC3) Center, before being named president and CEO in 2006.
Many CEOs plan their path to the C-suite, but Grasso’s approach was the opposite. “I didn’t necessarily plot my course,” he shares. “I’d like to think my course wasn’t unusual: work hard, drive for results, be open to new opportunities and give back.”
A first-generation Italian American, Grasso has worked to advance educational opportunities for young people, particularly in the science, technology, engineering and mathematics (STEM) fields. He is former president of the Board of the National GEM Consortium, a nonprofit that promotes the participation of under-represented groups in the STEM fields. “We scare people away from STEM at an early age,” he notes. “We have to connect kids to STEM in a way that they understand the relevance of it. When I grew up you ‘did math to do math,’ but what is the relevance of that? Making it fun is important, and getting kids to understand how they will apply it is vitally important. We also do not take advantage of the diversity that exists in our population. We could do better to help under-represented populations through STEM programs, by mentoring them at an early age.”
Mentoring also includes an understanding of the burden that many young professionals have with student loans. After a lunch discussion with young professionals about the topic, he created a program at MITRE that provides assistance with student loan repayment. The reason? Their purpose is strong, and he wants to facilitate it. “I am impressed with the talent that’s coming out of universities,” he says. “Those professionals are driven by purpose: they work for things they believe in.”
He is supportive of professional growth, he says, because of the mentors that he had in his career, including Victor A. DeMarines, who was MITRE’s CEO from 1996-2004. “Vic never stopped asking why, and he had a sense of entrepreneurship that was fun to watch,” he says. Grasso had other mentors who taught him about operational excellence, how to run a business, to get facts straight, to dig into detail and to understand the political and economic aspects of every business decision. He was also fortunate to build strong relationships with Army leaders such as LTG Bill Campbell (Ret.) and LTG Steve Boutelle (Ret.), who inspired him with their mission challenges and leadership.
MITRE’s Focus and FFRDCs
MITRE’s sole focus is to operate FFRDCs. As a not-for-profit, it has no commercial interests. There are no owners or shareholders, and it can’t compete for anything except the opportunity to operate FFRDCs. This lack of commercial conflicts of interest forms the basis for its objectivity. It also allows it to acquire sensitive and proprietary information from the government and industry to inform its work. These organizations are able and willing to share data because they know MITRE won’t use it for a competitive advantage.
“People are not here for stock options or equity,” Grasso explains. “They are here because of purpose and the mission of this organization. There is intellectual freedom here, and that freedom allows people to think broadly, and that is different. We can focus on the longer term by not answering to Wall Street or private investors.”
“The average tenure of a CEO is three years,” he adds. “It’s difficult to be a CEO who is constantly watched by Wall Street. Here at MITRE we are a purpose-driven, mission/value centered organization with the freedom to be solution oriented, to mentor talent and to reinvest in our mission.”
MITRE currently operates seven FFRDCs: the National Security Engineering Center, Center for Advanced Aviation System Development, Center for Enterprise Modernization, Homeland Security Systems Engineering and Development Institute, Judiciary Engineering and Modernization Center, CMS Alliance to Modernize Healthcare, and the National Cybersecurity FFRDC. Grasso says not every technology that is developed from the FFRDCs are commercialized. Grasso notes: “We will license technologies or sell a patent to create sustainable solutions. We seek the best mode of technology transition that make solutions most available. In all cases, we ensure government use rights so that they don’t pay twice for development. Last year as a result of MITRE technology, six companies benefitted. But our model is not always to transition to commercial.”
MITRE’s work is meaningful: for example, MITRE researchers worked on a team to find cyber vulnerabilities on Virginia State Police vehicles. Another project – a public contest – sought outside input on detecting and interdicting unauthorized drones weighing less than five pounds in urban environments. And more recent research included development of a set of digital capabilities, compatible with iPads or other tablets, which aim to act as a “second set of eyes” for solo general aviation pilots. A lab in the FAA-sponsored Center for Advanced Aviation System Development FFRDC simulates the National Airspace so as to experiment with new technologies and procedures. “We are in it for the long term, and our mission reflects the mission of this country,” Grasso says, “which includes national security and safety.”
MITRE has a physical presence in eight international countries, including an R&D center in Singapore to help Asia-Pacific nations with air traffic harmonization. Grasso says the company is open to additional international expansion but not necessarily heavily focused on it. International work is aligned with the missions of the government agencies MITRE supports. “We don’t grow fast,” he says. “We are more focused on developing talent. In fact, there are constraints on FFRDCs that prevent us from growing too fast. So that imposes a regimen on the work we do, but that also attracts high-quality talent. We’ve been around for nearly 60 years, and I’d like to think that we’ll be around for 60 more. I believe that our greatest national threat is being adaptable: the most adaptable will survive, and our ability to adapt quickly is critical.”
All CEOs and board members today must understand their company’s security risks. Without this knowledge funneling down from the top, risk analyses and resulting decisions may be flawed, leading organizations to take on greater risk than intended.
MITRE’s cybersecurity risk program is always shooting ahead of the target. “We became strongly invested in cybersecurity in the 1980s,” Grasso says, “because we were part of a data breach. Our awareness immediately increased, and we have been on it ever since.”
“We spend much time on researching insider threats,” Grasso notes. “Many organizations try to keep insider threats out, and that’s a strategy, but we realize you can’t patch everything in. At MITRE, we spend $70 million on research with $10 million solely focused on cybersecurity research.”
That research has resulted in the launch of the Northeast Ohio CyberConsortium, which includes participation by Case Western University, Cleveland Clinic, the Federal Reserve Bank of Cleveland, the U.S. Attorney’s Office and others. MITRE, in its support of the Department of Homeland Security, also co-created two standards for threat information sharing with the cyber community: STIX™ (Structured Threat Information Expression), a standardized language to express cyber information; and TAXII™ (Trusted Automated Exchange of Indicator Information), a protocol used to securely transmit cyber information. Both have been adopted by both industry and the government.
Grasso also strongly invests in its enterprise corporate security program. MITRE’s Global Security Services (GSS) function is headed by Tom Mahlik, who joined MITRE from Raytheon, where he was the Director of Security for its Intelligence and Information Systems business unit. Mahlik’s private sector entrée was preceded by 25 years of domestic, international and multi-disciplined field and agency-level leadership positions as a Deputy Assistant Director with the Naval Criminal Investigative Service (NCIS), and while detailed to the FBI, he served as a Section Chief in both the Counterintelligence Division and the Intelligence Division. Mahlik is also a past Most Influential in Security honoree by Security magazine.
The GSS has since aligned a number of service delivery areas and departments that report to Mahlik: Enterprise Special Projects, Security Mission Assurance, Physical Security & Safety, Industrial Security Programs, Personnel Security, Strategic Program Protection & Threat Management, Information Systems Security, and International Security & Response.
Mahlik has worked to focus the GSS mission and vision on a Protect, Partner and Inform (P2I) value proposition. As Mahlik explains it: “Protect: We protect our people, property, and information; and help to reduce risk – 24/7/365. Partner: We partner and build enduring relationships both internally and externally to advance the business. Inform: We inform constituents ahead of plans, threats and activities.”
MITRE has more than 60 sites, and previously, enterprise security was not a cohesive machine. Mahlik has reorganized enterprise security to standardize key processes and capabilities, executed one security budget, reduced duplicated efforts, created a career pipeline and success planning and more, all with Grasso’s support.
The GSS is now focused on assisting the enterprise at taking intelligent risks, addressing inconsistencies and challenges head on, and producing solutions that are factually supported, thoughtfully derived and communicated with a balanced sense of urgency. Mahlik and his team cultivate and leverage its networks in the intelligence, counterintelligence, cybersecurity, law enforcement, peer and sponsor communities to advance the business. The GSS shares and imports good practices and lessons learned broadly across the company and with external partners. And it benchmarks competencies against the best in the industry.
While there is always more work to be done, the result to date is that the GSS is aligned to MITRE values of respect for independent and interdependent attributes, qualities and behaviors that constitute its collective security brand, all with Grasso’s support.
In a world of CEOs who still don’t understand enterprise security, and how a breach of data security and compliance could be more dangerous to an organization than a recession, Grasso clearly does. “Enterprise cyber and physical security is critical to our purpose,” Grasso stresses. “I view security as an integral part of operations, providing seamless protection for people, assets and continuity in everything that we do.”