AWS Security Blog

AWS Verified, episode 4: How Lockheed Martin embeds security

Last year Amazon Web Services (AWS) launched a new video series, AWS Verified, where we talk to global cybersecurity leaders about important issues, such as how the pandemic is impacting cloud security, how to create a culture of security, and emerging security trends. Today I’m happy to share the latest episode of AWS Verified, an interview with Mike Gordon, the Vice President and Chief Information Security Officer for Lockheed Martin Corporation.

Lockheed Martin is a global security and aerospace company with about 110,000 employees in over 50 countries.

Although you might be familiar with the Cyber Kill Chain® framework (a model for identification and prevention of cyber intrusion activity) or Lockheed Martin’s military platforms, like the F-35 fighter jet, the C-130 cargo plane, or the BLACK HAWK helicopter, you might not be aware that they build systems that you probably use every day, like satellites for GPS, weather prediction, and communications. They’ve supported every NASA mission to Mars and built the heat shield for the Perseverance rover that recently landed on Mars. They also deliver full-spectrum cyber capabilities and cyber-resilient systems to defense, intelligence, and global security customers around the world.

Mike is responsible for Lockheed Martin’s overall information security strategy, policy, security engineering, operations, and cyber threat detection and response.

I asked Mike to share Lockheed Martin’s approach to cyber resiliency and how this informs their cybersecurity strategy. His response: “Cybersecurity is embedded in everything we do. We want to make sure that cyber resiliency is not just around supporting and defending our corporate networks, but also those platforms that we deliver to military and government customers around the world. To do so, we developed a new concept called the Cyber Resiliency Level Framework (CRL)…the CRL offers us a standard way to measure the cyber resiliency and maturity of a weapons system. It’s used to assist stakeholders in prioritizing risks and selecting courses of action to help maximize the effect against cyberattacks.”

Mike also shared insights on Lockheed Martin’s cloud transformation journey, partnering across the industry to conduct tabletop exercises, and approaching zero trust in the defense industry supply chain.

Watch the interview, and visit the AWS Verified webpage to watch previous episodes, including interviews with security leaders from Netflix, Vodafone, and Comcast. If you have an idea or a topic you’d like covered in this series, please drop us a comment below.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.


Steve Schmidt

Steve is Vice President and Chief Information Security Officer for AWS. His duties include leading product design, management, and engineering development efforts focused on bringing the competitive, economic, and security benefits of cloud computing to business and government customers. Prior to AWS, he had an extensive career at the Federal Bureau of Investigation, where he served as a senior executive and section chief. He currently holds 11 patents in the field of cloud security architecture. Follow Steve on Twitter.