Meet Our Defenders


AndrewTillotsonHeadShot.jpgDefending against sophisticated cyber threats takes more than technology. It takes people. People with skills and innate qualities to outpace today’s evolving threat landscape. Qualities we call “defender DNA.”

Andrew Tillotson | Information Assurance Engineer

What drives you to be a Defender?

It all comes down to Safety. The assessments I have performed are typically located within a production Industrial Control Systems (ICS) environment. These can include refineries, remote pipeline control rooms, and offshore drilling rigs. Within this environment, if an adversary with knowledge of the ICS environment’s process successfully compromised the system’s availability and integrity it could lead to the halt of production or, at worst, cause bodily harm to facility personnel. Improving the safety of these facilities by finding these avenues of compromise before an adversary can use them with malicious intent is what drives me.

What is your strongest defender DNA quality?

I am inherently curious and always questioning. This curiosity keeps me engaged in every assessment and pushes me to learn the latest techniques an attacker might use to compromise its victim.

How do you prove you have defender DNA?

During an assessment within an ICS environment, I always try and have conversations with frontline engineers that have intimate knowledge of their processes and systems. These conversations usually turn into a fun mental exercise of “If I were the bad guy, I would…” that result in interesting and creative ways to harm the ICS’s ability to operate effectively. Once that exercise has started, we are usually quick to come up with ways to mitigate any attack avenues or vulnerabilities, increasing the ability for the site to defend itself from an unknown adversary.

How does your defender DNA benefit Leidos clients?

Every time I am successful in compromising a computer, or I find a vulnerability in a particular version of installed software, the knowledge that that avenue I used will no longer be accessible to an adversary after it’s successfully remediated and monitored is a benefit to my clients.