MS&E Career Chat: Jeff Fenton, MS Operations Research; Sr. Staff Governance, Risk and Compliance Analyst at Lockheed Martin
Jeff Fenton hosted an informal conversation, reviewing his career path and the details of the various titles he’s held over the years - what they *really* involved, the work that he did and currently does, and how he transitioned from one role or area to another.
- Many careers of the future haven’t been invented yet. Cyber security was not something that existed when Jeff started his career. Always stay open.
- Communication is everything. Jeff can only be successful in his role because of his work building relationships with people, where they trust him to be Dr. Yes instead of Dr. No.
- If your role involves designing systems, policy, anything that people will need to use to do their jobs, never just drop it on them. Always involve the people who will be using it, at all stages - needs finding, design, testing, deployment, and follow up.
- Listening is more important than talking.
- Be ready for change, and learn every day. Read outside of work, take courses, certifications, learn new technologies.
- Remember - you’re there to serve the business, not the other way around. When working with others, think about what their business needs are, how you can help them do their job.
- When moving to a different role, be ready to talk about what you learned in previous experiences, and how you can apply that to the job you want to go into. Show growth and transferable skills. How did you learn from failure? How did you handle adverse situations?
Key highlights from the discussion:
Jeffs role/s and career:
- Movement through roles was always because of expertise gained in a related area. His degree in operations research and company needs enabled him to move into the team leading internal telecoms after the 1984 breakup of AT&T. They needed that background to help make big decisions. Then with that background, moved onto desktop networking soon after ethernet was invented - how to connect everything? Needed OR background for this - so Jeff became responsible for the network. He got involved as a project manager for telecoms in new and remodeled buildings. When the 1989 Loma Prieta earthquake happened, he was responsible for a major network resiliency project, so learned emergency management and disaster recovery. From there, he was able to move into the information security group, which is where he’s been since.
- Jeff is responsible for cybersecurity policy - spends 20% of his time with the legal and HR departments. If there are any legal issues, the immediate response is to show the presence of a sound policy, one that we can show in court, that people have acknowledged receiving and pledged to comply with.
- Much work around education of their users, eg, awareness around phishing. Jeff teaches security engineering in the company. In 20 years of doing this, he’s never repeated the same curriculum 2 years in a row because it changes so fast.
- Cyber security is about 20-30 years old as an industry. People doing it used to be called “Dr. No” because they were perceived as stopping people from doing things. Now, they’re “Dr. Yes”, because their mission is to help people find a way to do the business they need to do, at an acceptable level of risk. They help people understand and manage risk, and design secure systems that are easy to use.
Lockheed Martin as a company, how this impacts Jeff's thinking and work processes:
- Lockheed Martin’s largest customer is the Department of Defense, though they do business internationally with 70+ countries.
- Several US locations - HQ in DC, other facilities in Sunnyvale, Palo Alto, Philadelphia, Atlanta, Dallas area, Orlando, upstate NY, New Jersey, Denver, are the bigger ones.
- Emphasis on DEI for a long time, this is something the company has worked hard on, is proud of, and has been recognized for.
- Offers hundreds of summer internships each year, plus they have a number of part time employees who are studying concurrently, Lockheed Martin looks to give full time permanent roles to those in that program as well as those who do internships with them.
- Corporate information security has over 300 people supporting the non-classified internal operations of the company. A separate group looks after the classified environments.
- As a defense contractor, they’re highly regulated for cybersecurity.
- Cyber security as a job function is strategic and operational - eg, anti-virus, vulnerability scanning, finding and patching bugs.
- Cyber security is critical, examples:
- if Lockheed were hacked and details of their bids got out, their competition could underbid them. This has consequences not just for Lockheed Martin, but also all of their 20,000+ suppliers.
- Suppliers are also a security risk that needs to be managed. An attack on a supplier could mean stolen data, or changing specs on the Lockheed Martin supply chain.
More about Jeff:
Jeff Fenton is a Sr. Staff Cyber Governance Risk & Compliance Analyst in Lockheed Martin Corporation’s Corporate Information Security group. Jeff leads cybersecurity policy and supports security education and compliance with U.S. and international laws, regulations, and standards. His earlier responsibilities with Lockheed Martin included security architecture; network security; business continuity; emergency management; and telecommunications design, operations, and project management. Jeff holds a Bachelor of Arts in Economics from the University of California, San Diego; a Master of Arts in Economics and a Master of Science in Operations Research from Stanford University; and a Master of Business Administration from Golden Gate University. He also holds professional certifications in Information Security, Business Continuity, Information Technology Governance, and Information Privacy.
Jeff avidly follows Stanford football, men’s and women’s basketball, baseball, and other sports, dating back to the start of his student days in 1980. He enjoys the history of Stanford sports as much as the competition. He has served three terms as president and many years as a board member of the Stanford Palo Alto Alumni Club and Stanford Peninsula Alumni. He is also a member of the Stanford Historical Society and serves on its Governance Committee.