DefCon Cyber on alert in Prince William, protecting critical assets

The time from when a cyber attacker can access a company’s internal systems to the time the company responds is about 204 days or about seven months. Many agencies rely on email alerts to notify them of network intrusions, but they don’t always work.

Businesses large and small face the risk of cyber hackers and thieves, every single day. These days it’s not just the large big box stores and other major retailers who are the targets of cyber crime.

“I hear all of the time ‘I’m too small… no one is going to attack me.’ Wrong. If you have a computer connected to the internet you have something some adversary wants,” said David Leigh, president of Prince William County-based Rofori Corporation, who is leading work on a new cyber security tool.

In an effort to mitigate this issue, Rofori Corporation is developing DefCon Cyber, a software product to better help companies better identify and manage their cyber risks. Using a framework prepared by the National Institute of Standards and Technology, DefCon Cyber works with firms to identify a company’s critical data and then distinguish who could want to steal that information. The third and fourth steps in the process examines how much the company is willing to do to protect their information and creates a plan for the enterprise, so cybersecurity goals are named, measurable and attainable.

DefCon Cyber also aims to protect the entire supply chain of business, including any federal agencies a company might be contracted to work for. “Let’s say you just won a defense contract and your systems are vulnerable. Now the bad guys have a way to target your supply chain partners,” said Leigh.

“The companies usually leave it up to their IT departments, and then you can get hundreds of alerts a day. So, which one do you respond to? The one in red? Why? Because it was the last one that came in?” asked Leigh.

Leigh has always been a problem solver. Fresh out of college in 1991, he went to work on an ill-fated military program building the advanced tactical aircraft A12 Stealth Bomber. Plagued by cost overruns and delays, and then Secretary of Defense Dick Cheney canceled the program to construct the futuristic plane in the shape of a triangle.

“You couldn’t have asked for anything better to work on, which is brand new secret technology. You’re building the state of the art, and it was a very exciting time,” said Leigh. “It was supposed to be the beginning of major aircraft project with a 20 to 30-year program. This was going to be my career.”

He eventually resigned from the program and went on to manage other major projects for large companies included GTE, a company that later entered a merger and became Verizon.

“I became known as the ‘go-to-guy’ that if a project is failing, no one can save it better than David,” he quipped.

Today, DefCon Cyber uses a numbers system to identify a company’s Cyber Security Risk Posture on a scale from one to ten. The phrase “you can’t manage what you can’t measure” is one Leigh repeats often during conversations. The numbers are formulated based on critical factors to include the type of data, the kind of industry, where the data is stored, and how closely the agency is following its set plan to protect it.

Over the next 21 months, DefCon Cyber aims to get market validation, and has the potential to explode onto the marketplace as a credible, validated approach to risk security. To learn more about Rofori and the DefCon product visit: https://www.rofori.com

This promoted post is written by Potomac Local under an agreement with Prince William County Department of Economic Development to showcase business in the region.