Booz Allen Hamilton about Cyber Security and HSD

12 Oct 2022
Author: The Hague & Partners

Why a Major Global Organisation and Leading Participant in The ONE Conference Has Based Its Cyber Security Operations at the HSD Campus in The Hague.


Booz Allen Hamilton, a major US technology and consulting firm, chose to base much of their European cyber security team at the HSD Campus in The Hague, a move that shows how leaders in the cyber security field are joining clusters and hubs of like-minded organisations to fight cyber crime and to find high level talent pools.


Booz Allen moved offices within the HSD Campus back in 2020. The HSD Campus in the Hague has been a home for nearly ten years to Security Delta (HSD): a cluster of over 275 companies, knowledge institutions and governmental organisation working to make a difference in securing our digitising society. Douwe Mik, a director on Booz Allen’s Commercial team in Europe, mentioned the networking benefits of being associated with HSD as well as the ability to recruit talent because of all of the activities around the area and the ecosystem. The combination of a highly dependable IT infrastructure in the Netherlands, targeted workspaces and hubs like HSD, and events like the ONE Conference have encouraged leading firms like Booz Allen to set up shop and benefit from these associations to grow their business.


Making A Difference - Deploying Ethical Hacking Techniques and Making Inroads To Tracking Crime on the Dark Web


Booz Allen’s Commercial team focuses its efforts on cyber security, helping clients tackle their most complex challenges. Nowadays, that can sometimes entail managing ethical hacking penetrations and figuring out ways to combat ever-growing dangers emanating from the Dark Web. Ethical hacking is a process by which teams shore up a company's defences by trying to hack into systems – the goal being to discover vulnerabilities and repair them before bad actors can take advantage of those weaknesses. Booz Allen, for example, deploys Red Teams to attack systems and identify risks.


One interesting area is applying social engineering to bypass people-oriented controls and give advice on how to optimise preparedness. No matter how good software systems and defences may be, people remain a risk. Douwe Mik noted that they work “to outline how a client can best apply improvements in their environment, whether technical or more process oriented in nature, because let's not forget, some of the weakest links are not necessarily technology oriented, they may very well be people oriented.” While there are obviously a lot of factors in play, Douwe also pointed out that beyond cyber security tooling, and no matter how networks may be hardened, this is a front where it is critical to remain vigilant and trained.


Douwe Mik: “You only need one person who's susceptible to social engineering or who does the wrong thing, either maliciously, or unknowingly. And then your best technical security controls will not be worth anything.”


The Dark Web is another area of concern. While companies like Booz Allen obviously cannot perform law enforcement functions, they can help deploy measures that help companies identify vulnerabilities and get ahead of problems. The risk and scale of intellectual property theft has grown over time, and certainly no organisation wants to encounter ransomware attacks. By using open source intelligence (OSINT), cyber threat intelligence, and other techniques, Douwe described how Booz Allen works to make sure companies are “actually ahead of an attack rather than trying to fix it afterwards... it's always better to try and prevent something or to actually engage in a cyber incident early on in the attack lifecycle, as opposed to obviously being very, very late and then having to fix everything.”


Resources to Stay One Step Ahead of Cyber Criminals and Attacks - Events Like the One Conference Provide Access To People and Information


The pace of keeping up with cyberattack techniques and bad actors is vicious, and beyond deploying state of the art technology, companies need to recruit great people. This is where ecosystems like HSD are particularly beneficial, as people want to be around hubs where cyber security services are being promoted. Helping boost the local talent pool is the fact that the Netherlands promotes strong industry-university collaborations. The Netherlands is also known for its educational institutions, many of which offer specialised cyber security programs and degrees. This ecosystem together with programs like HSD’s International Cyber Security Summer School offer a wealth of talent acquisition and knowledge opportunities.


And it is by tapping into the right type of people that BoozAllen prides itself on moving beyond theory and making a real-world difference. When trying to implement defences, and prevent “weakest link” vulnerabilities, taking steps to enable clients to actually realise defences is vital according to Douwe. As he mentioned, companies should “not just tell the client, okay, well, this is what you want to do, but actually help the client actually achieve that. So not just a consultant, but a practitioner, as well.”


Beyond finding environments like HSD and taking advantage of the strong local training and educational base, leveraging access to key symposiums and conferences like the ONE Conference is also important. Douwe highlighted that the ONE Conference in The Hague not only provides good networking opportunities, but also has the benefits of a source of talent recruiting and serving as a catalyst for business development.


HSD Partners involved