Meet the Team:
Jessica Eason
Cybersecurity Engineering Lead at Archon Secure
Welcome to our latest episode of the Meet The Team series, where each month we will showcase the talent and expertise of a team member within our Archon Secure division. Today we are excited to introduce you to Jessica Eason, Cybersecurity Engineering Lead.
Jessica is an integral part of the Archon Secure cybersecurity and compliance team, and we sat down with her to ask a few questions about her role at Archon and why she loves what she does.
What is your role at Archon?
I am the cybersecurity engineering lead, here at ID Technologies. I do all of our cybersecurity and compliance work as it relates to getting our Archon systems on government networks.
How long have you been at Archon? How about in the industry as a whole?
I've been with Archon for about a year and a half. I started in August 2021, so a year and some change. And I've been in the industry for almost five years.
What is the best part about working at Archon?
I really enjoy working with the people at Archon. That's to me, one of the best parts. But I'll expand a little on that. What I think is really unique about working with the people at Archon is, one, between our services team, our development team, and our sales staff, you’re surrounded by very creative, very talented people that I get to learn a lot from. I'm a big believer that if you're the smartest person in the room, you're in the wrong room. And I rarely feel like I'm the smartest person in the room at ID tech, which is really great and with Archon particularly.
Additionally, not just getting to work with our very talented staff, but I get to work with government security and IT professionals from the Department of Defense, the Department of Energy, NSA, just a lot of unique backgrounds and different organizations, and get to learn from their best business practices. It really expands my understanding of how government IT works as a whole.
What led you to pursue this career?
I was born in Huntsville, Alabama, which for those who aren't aware, has a very large tech community. Huntsville, Alabama has the second-largest research park in the US. Additionally, that's where the FBI is moving its headquarters. That's also where a big part of NASA is located. I really grew up in a community that valued STEM and gave me a lot of exposure to computers, cybersecurity, and a variety of things.
From there, I went to college and got my masters in Huntsville, only furthering that exposure into the technical community in Huntsville. But on a personal level, my grandfather actually worked on Apollo 11 at NASA, particularly the command module, and was a GS15 in charge of the Jet Propulsion Lab for NASA when he retired. I had a lot of STEM exposure from a very young age and a lot of government STEM exposure in particular.
When I was in college, I had a lot of mentors who were majoring in information systems, cybersecurity and I got a lot of exposure from them in those particular fields and found it very interesting. I was recruited by the Department of Defense to go work for Army after I graduated. And so I was very lucky and fortunate that the Department of Defense paid for my education and then set me up with a job afterward. And so I went and worked with the Army for a couple years doing similar work to what I do for Archon.
What is something that has surprised you about your chosen career path?
I think one of the most surprising things when I first entered the industry is how it's truly a different language. I was fortunate to have had a really great cybersecurity education through my master's program and I worked for a couple of private companies that weren't really involved in government while I was in that program. Once I started working in government, I learned there is cybersecurity and tech speak, and then there's government cybersecurity and tech speak.
with that, you're dealing with so many different types of compliance frameworks, executive orders, and policies that were written in 2002, but may still be applicable. You have to be able to apply it to today's technology, which is challenging and very unique. And so getting into that environment, learning, where do I even find all of these policies to gain knowledge in them? And then how do I make them fit together? Because frequently, a lot of the rules in many different compliance frameworks, will contradict one another.
Just this week, we got an emergency directive from a government organization stating, you have to perform all of these actions to ensure your system is secure. Well, some of the things they're recommending we do is also out of compliance with other rule sets that they've told us we have to be compliant with. So sometimes, it's very unique having to take all these different rule sets from different organizations and figure out, okay, well what meets the intent and what best sets us up for success in both being authorized to operate on a government network, but also ultimately keeping the system secure. I think it's very unique and quite challenging at times.
What skills or past experiences have been most beneficial in this field?
From a professional perspective, I worked at US Army Cyber Command for a couple of years and in my time there, I worked on a variety of different teams, but I did a really long stint working for their internal HQ cybersecurity team. On that team, I was doing a lot of compliance work, which is very similar to what I do now. So taking a system that there's an operational need for and how do we get it on the network and assure our authorizing official that the system has been properly secured, that we know it's not putting any additional risk to add to an unclassed environment or a classified environment.
That was directly applicable to my job here. I also was fortunate to get to work in some defensive cyber operations while I was at US Army Cyber Command. While I was there, I got to do a lot of things, like threat hunting, doing detection work, looking at a lot of different seam tools, and trying to see, is this actually a threat that may potentially be on our environment and therefore it's an incident and we need to respond to it or is this a false positive?
Tools are imperfect, and so there always is going to be that human element of trying to figure out is this a legitimate threat or just our tool malfunctioning. I think that is also pretty applicable to what I do on a day-to-day here. Lastly, one of the more applicable experiences of my life has definitely been leadership roles I've taken in my community as well as being the eldest child. I think some of that organization skills definitely apply, just with so many different customers and so many different environments that we have to secure. You have to be very organized and have a good memory of, okay, how is this customer's environment unique from this customer's environment? And therefore, are the rules different from what we have to be compliant with?
What are the biggest issues you are trying to solve for your customers?
I would definitely say the biggest issue we're trying to solve for our customers is automating compliance as much as possible. Typically, with customers, I work very closely with their cybersecurity or information assurance staff. For some customers, that department is really built out and I may have 10 to 15 people who are actively working on a package with me. Then sometimes, I have customers where their cybersecurity staff is two people. So, it falls back on us to do a lot of that legwork when it comes to getting their system online and operational.
The more that we can automate compliance, the faster we can say, Okay, we're good to go to operate on your network and the AO can say yes. So really looking into how do we optimize those approval timelines? How do we talk to some of our stakeholders, such as the government AOs or the NSA CFSC office? So, they are very aware of what our system looks like and so when they're approving systems for different customers, we almost have a package ready to go to say, here you go, review it, let us know if we're good. Yeah, just automating those timelines and making it as fast as possible. In government, typically an ATO or an authority to operate on a government system can take 18 months. We're really trying to get under that 18-month timeframe and get closer to 12 and even six months, to be able to go operational.
When not at work, what would we find you doing?
I'm a huge college football fan. Go dogs. I pretty much always have the SCC network on. Saturdays are my favorite day of the week, not just because it's the weekend, but I love watching college football. Growing up in the south, there's a ton of exposure to college football, so I'm sure I'm not alone in that.
I also really love to cook. I have 1,000,001 cookbooks, and I particularly like cooking food from cultures that are different from my own, just because I find it challenging because I didn't necessarily grow up with these particular cooking methods or flavors, etc. So, getting to learn a little bit about the world through cooking is really fun for me.
Recently, I have started to take up pottery, so that's a newer hobby, but I've been really enjoying it. It's a really great way to de-stress at the end of the day.
.png?width=371&height=494&name=Dave%20Pisanic%20(1).png)