How Peraton Is Maintaining Cyber Leadership, According to Tom Afferton

Even in his early career in the telecommunications industry as an electrical engineer, Tom Afferton understood the importance of information assurance and network security. His telecommunications experiences gave him some exposure to the nascent years of cybersecurity. He was then involved in building more resilient communications networks after the September 11, 2001 attacks, which motivated him to pursue a career in government services full-time, to try to make a real impact on his country’s national security.

Afferton dedicated nearly 20 years of his life to Northrop Grumman working in various roles, including director of strategy and technology for civil security programs and eventually vice president of defense and intelligence services. He worked in a range of customer verticals, such as defense, intelligence, public safety and civil. When he joined Peraton in 2021, Afferton was appointed president of the cyber mission sector, bringing his work full circle back to cybersecurity.

The accomplished leader spoke with ExecutiveBiz about Peraton’s modernized cyber work with organizations like U.S. Cyber Command, the changes the company is making to attract the best talent, and how Peraton is working to meet the government’s needs for tech that’s tailored to specific use cases, not left to the imagination.

ExecutiveBiz: What do you think are the most pressing cyber threats to national security that we’re facing today? How is Peraton addressing these threats?

Tom Afferton: The threats we face have evolved far beyond individual hackers. We’re now dealing with nation-states and organized crime aiming to compromise systems, steal intellectual property, gather intelligence, disrupt military operations and raise funds.

Two areas of particular concern stand out recently. First, there’s credible evidence that the People’s Republic of China is penetrating critical infrastructure networks—not just to steal intellectual property or gather intelligence, as traditionally seen, but to pre-position itself for potential disruption or destruction of essential government services. This could be a means of distraction during other global operations, but it also risks eroding trust in our critical government services.

The second concern is the compromise of social media through misinformation, disinformation and malinformation campaigns. These tactics aim to undermine faith in U.S. institutions, such as elections, amplify fears and potentially serve as a distraction from other operations worldwide.

At Peraton, we’re proud to work with government customers for whom cybersecurity, information warfare and signals intelligence are primary missions. Our impact is evident through scale and reach. Earlier this year, Peraton announced its continued support of U.S. Army Cyber Command’s comprehensive cyber operations, planning, intelligence, cyber training and exercises. We also assist U.S. Cyber Command in coordinating military cyber operations. These are large-scale, multi-hundred-person programs, necessary to counter sophisticated adversaries effectively.

A key element of our approach is breadth. My experience across the defense, civil and intelligence sectors has shown me the value of combining offensive and defensive cyber capabilities under one line of business. Our organizational structure mirrors the growing government collaboration, as seen in joint advisories from the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the FBI.

For example, on the civil side, Peraton supports the Department of State in diplomatic security, cyber operations and global network monitoring, along with cyber-related forensics in their investigations worldwide. We also have a longstanding relationship with CISA, and its predecessor organizations, providing threat hunting, incident response, and more recently, critical infrastructure incident response. Peraton’s cyber community of practice stitches together these efforts by sharing best practices and providing training, while fostering collaboration through operations and training to broaden analysts’ knowledge.

EBiz: Do you think the United States’ cybersecurity efforts are keeping up with demand? If not, how can we accelerate and broaden cybersecurity?

Afferton: There’s a lot we can do, and I’ll talk more about technology, tools and processes later, but it’s also crucial to consider the different stakeholders involved. Our immediate government clients understand the cyber threat well and, in most cases, have the budget and resources to defend themselves or engage industry partners. Similarly, Peraton, as a large company within the defense industrial base, is a target but also has the resources, budget and internal controls to protect itself.

However, when we look at essential services or the extended defense industrial base, there are institutions, like hospitals, schools, local water authorities and small businesses, in the defense sector that aren’t as well-equipped to defend against nation-state threats. On the government side, it’s encouraging to see agencies like CISA offering capabilities, tools, guidelines and free services for critical infrastructure. The NSA’s Cyber Collaboration Center also provides guidance and services for small businesses within the defense sector. The goal is to ‘raise the floor’ so that even those who are most vulnerable have a basic level of cyber hygiene. As the first national cyber director, Chris Inglis said, ‘To beat one of us, you have to beat all of us.’ Strengthening the weakest links strengthens everyone.

Another important element is workforce development. There’s a recognized shortage of cyber talent across industry and government. We’re seeing support for workforce movement between government and industry. One way Peraton has advocated for this is by encouraging a shift from degree requirements for cyber roles, focusing instead on certifications and experience. This change helps us tap into a valuable talent pool, like veterans with hands-on experience who may lack a formal degree. When we’ve shared this with government clients, especially the Office of the National Cyber Director, there’s been strong support. These changes in contracts and government requirements are broadening the qualifications for cyber roles and opening the door to a wider range of talent.

EBiz: How is Peraton using AI-assisted cyber threat intelligence to battle threats in the cyber domain?

Afferton: It’s interesting to see how adversaries are leveraging artificial intelligence to automate and disguise traditional tactics. For example, what used to be simple phishing scams, like those emails about a ‘Nigerian prince,’ are now much more sophisticated. Recognizing humans are often the weakest link, raising awareness through events like Cybersecurity Awareness Month is vital, but it’s equally important to equip analysts with the right tools.

One example of how Peraton is addressing this is through a capability we call the Cyber Threat Intelligence Technical Exchange, or CTeX. Threat intelligence data comes in various formats—from malware code to government advisories to system logs. Peraton’s tool automates the analysis of this data, organizes it into a data lake and pairs it with a large language model so analysts can easily query the data. We also format it for human-to-human sharing, as well as machine-to-machine exchanges, allowing for streamlined reporting and even automating routine responses.

At a recent event, a government representative emphasized the need for technology to be tailored to specific use cases, not left to the imagination. So, we’ve designed this system with direct input from analysts, and we’re now working closely with a government customer to test specific use cases to ensure it meets their needs.

Another area where Peraton is applying AI is the combating of misinformation, disinformation and malinformation. Through a Peraton Labs developed capability, we analyze vast amounts of open-source media in over 100 languages. Working with small business partners, we can identify botnets, assess social media trends and analyze foreign audience behavior through tools like focus groups and ad tech-enabled surveys. All of this data feeds into a visual environment that enables analysts to conduct rapid, comprehensive assessments.

We’ve also built an extensible architecture of multimodal large language models, a.k.a. MLLMs, enabling generative AI analytics of text, statistical and image data. Included in this is the custom collection of information into a privileged user data lake that can be cited in generative AI outputs, helping analysts to show their work. This capability allows users to rapidly analyze millions of data points, identify correlations and trends in data, and generate cogent outputs to support customer mission sets—all while providing the necessary transparency to validate results and demonstrate reliability. By putting this technology in analysts’ hands, we help them manage the overwhelming volume and variety of data, enabling them to focus on critical issues and leave the routine tasks to automation.

EBiz: How is Peraton thinking about building resilience and security into supporting warfighters operating across distributed geographies?

Afferton: I’ve mentioned before that a big challenge in the cyber and information warfare mission is managing vast amounts of data, especially for analysts. One area that’s tackled large-scale data for many years is signals intelligence, which is why we’ve organizationally aligned these missions. Effective cyber operations require not only expertise in data architectures but also in behavioral science to address insider threats and to architect data for threat intelligence.

One challenge we’re investing research and operational experience in is the need for resilient, distributed data architecture in geographically vast theaters, like the Indo-Pacific. Traditionally, large-scale data management has relied on centralized processing, but with increased edge increased edge processing power and the growing need to support expanded analytics at the edge, we’re rethinking how data architectures can be adapted for resilience. When warfighters are spread out over large areas, there’s increased latency and risk of disconnection from centralized systems. So, we’re working with commercial technology providers to design cloud environments with an integration layer to build a resilient distributed data mesh, delivering faster, richer information to warfighters at the edge.

In a disconnected or disrupted environment, it’s critical to keep operations running. This brings unique challenges, especially regarding signals intelligence data compliance with legal standards that typically operate within a centralized framework. Peraton has been conducting research, building prototypes and helping customers visualize the potential of this distributed data architecture. These efforts are informing requirements based on mission needs, defining standards and driving the next wave of exercises and demonstrations to build a truly resilient data mesh.