Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Explore our featured teams and missions. Search openings and find out how you can support our meaningful missions.
Continue your mission with us. Get advice from our recruiting team, and browse our FAQs.
Seeking an internship or entry-level position? Learn about the impact you can make on our team.
Find out more about our application process, explore our benefits, and review our FAQs.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
Our 26,300 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
The risks of supply chain attacks are greater now than ever before. Take the diagnostics company LabCorp’s recent disclosure of a breach at a third-party company where approximately 7.7 million customer files were exposed. It’s just one example of many highlighting how an organization’s supply chain can introduce significant cyber threats with damaging business impacts.
Adversaries continually seek new ways to infiltrate organizations, finding entry points through third-party suppliers and vendors. Companies must consider not only how well equipped their internal organization is to defend against threats, but also the threats that third-party suppliers and vendors introduce into their organization.
Without high-confidence visibility into your supplier security levels, it’s extremely difficult to understand whether inbound materials or systems have been compromised. In Booz Allen’s 2019 Cyber Threat Outlook report, we discussed how Internet of Things devices that often permeate supply chains are increasingly becoming difficult to monitor. However, companies must understand how to protect these expanding attack surfaces within their supply chains. Here are three ways that organizations can avoid supply chain attacks.
When using third-party service providers that have virtual access to your organization’s information systems, you and the vendor must establish a certain level of trust and transparency about what data is available, who has access to it, and how it will be used.
By building relationships with your suppliers, you can work together to track risk factors such as ownership, manufacturing locations, supplier relationships, and available attack surface. You can begin to implement continuous monitoring throughout the product lifecycle, perform deep multidimensional analytics with open source tools, and eventually expand your scope of vetting to include subcontractors. Recent activity from MageCart, a retail cybercriminal gang notorious for injecting credit card-stealing code into e-commerce sites, underscores the importance of vetting third-party-provided website code and highlights the potential difficulty of securing websites that are not completely developed in house. Consider including your expectations for security controls and periodic auditing within vendor contracts to ensure that your selected suppliers meet the same level of scrutiny as your internal enterprise.
To determine how adversaries may seek to disrupt your business operations or manufacturing production, first consider the motivations behind a potential attack. You should also identify your most valuable assets, such as intellectual property, proprietary information, and customer information.
By pinpointing these motivations and assets, your organization can figure out which systems and areas of your supply chain to protect and how to prioritize your cybersecurity investments. Implementing efforts like threat hunting, sensor deployment, and centralized log aggregation can help you uncover evidence of activity that’s already happening, gain deep cross-enterprise visibility, or identify gaps in your organization’s capability to detect such activity. A consolidated monitoring capability provides visibility into cyber threats faster and helps uncover complex attack chains.
Don’t be overly confident: Just because you’ve done the pre-work in evaluating your vendors and monitoring your systems doesn’t mean your network environments are risk free. In a recent study, 97 percent of long-tenured pharmaceutical executives think their companies are well prepared to handle an enterprise-wide cybersecurity incident.1 This false perception clearly shows overconfidence into the visibility of their supply chain.
When an incident does occur, it’s best to be practiced, poised, and ready to swiftly and effectively eradicate infection and minimize damage throughout your supply chain environments. Establish a coordinated approach to managing your supply chain environments and enterprise incident response to drive a well-synced response effort. Don’t assume that suppliers will handle everything for you. Even if they have an incident response team, understand up front how that team will or will not be integrated into your own. Learn exactly what they’ll alert you about, when they’ll alert you, and how it will be communicated. Planning for the worst allows your organization to understand what’s happening during an incident, whom from your suppliers to engage with, and how to work together so all parties are equipped to mitigate the damage faster and better.
Increasing visibility into your supply chain, building a trusted relationship with your suppliers, and having a plan in place in case of a supply chain breach can help your enterprise mitigate supply chain risks. Learn how your organization can work to avoid cyber attacks and implement a cybersecurity plan that considers the entire supply chain management and ecosystem.
Learn more about Booz Allen’s Cyber Strategy and Assessments.
1 IPSOS/BoozAllen joint ICS in Pharma Study, May 2019.