Dan McKeown and Lawrence Wells: Building a cyber security unit

Written by Richard Broderick

Dan McKeown (MSST ’14) and Lawrence Wells (MSST ’15) were hired as contract employees by Optum, the technical and networking arm of health industry giant UnitedHealth Group (UHG), in the fourth quarter of 2014. In the beginning of 2015, they became permanent employees. Optum was about to create an internal cyber defense organization with a large enough staff to handle all networking, information risk management, and technical issues across the entire span of UHG’s many divisions and offices.

The irony of the position he and McKeown found themselves was not lost on Wells. “Here we were the two new kids on the block and suddenly we were in charge of things,” he said.

Wells and McKeown began by interviewing and hiring new personnel. With that underway, the pair began to train their staff in UHG’s network systems and overall organizational structure. “The fun part was we both got hired on as a team and then turned around to hire our team and train it even as we were learning the company’s systems and environment ourselves,” Wells recalls. “We had a lot of help but it was still a big challenge.”

Once the “fun part” was over, Wells and McKeown moved on to develop processes and procedures for cyber incident detection, response, and remediation. Over time, the team has developed even more carefully targeted processes and procedures designed to respond specifically to UHG’s wide-ranging network needs.

Today the SOC employs 40 individuals—30 based in the United States and 10 in India.

“UHG is the largest health provider in the U.S. and one of the largest in world,” he said. “It is a Fortune 6 company that is continually adding new companies to its corporate family.”

For example, he cites UHG’s recent acquisition of Catamaran, one of the world’s largest prescription management companies. “UHG is an insurance company, a bank, a pharmaceutical company—it does just about everything related to health care,” said Wells.

The size, scale, and complexity of UHG bring unsurprisingly, equally complex and large-scaled cyber security needs.

For Wells, the road to cyber security came by way of the military. He served as a petty officer in the U.S. Navy, working with the sonar team aboard a ship that carried guided missiles.

“There were security issues built into everything we did and everything I was doing was secret,” Wells said. “At the time there were no real cyber security issues—but keeping content and information secure was a big deal.”As computers and, in particular, computer networks quickly became a ubiquitous reality in both the public and private sphere so did “real cyber security issues.”

Once out of the Navy, Wells transitioned into network administration. That pursuit led him to create ad hoc cyber security systems to protect the servers at the companies where he went on to work over the next nearly 20 years.

Meanwhile, McKeown got his start in cyber security early in life.

“I started playing with computers when I was very young and building my own,” he recalls. “By the time I got to high school and saw movies like Hackers, I wanted to be one of guys breaking into networks.” One day it clicked for him. He could be one of those hackers. “Then I realized I could use the knowledge I learned from hacking to protect online interactions,” he said.

“As UHG brings on individual companies not all have the same security needs or network structures that we do,” he said. “We have to go into their network environments, take a look at their security postures and find a way to integrate them in into our system.”

“In the SOC, we monitor security events. We look at logs and ongoing events on all of our networks, all input and output, firewall logs, intrusion detection systems—everything. Our job is to prevent things that might show up in the headlines. We don’t want to be on the news for this kind of thing,” said McKeown.

At Optum, McKeown and Wells lead a team that works on more common kinds of risks and threats to ones that Wells describes, with a touch of admiration, as “artistic.” In any case, the two men and their colleagues have built—and continue to develop—cyber security systems that not only have the intelligence to detect threats built right into them but also to be self-healing when there is a security event of any kind.

“Cyber defense is a combination of tools and intelligence analysis,” observes Wells. “Our job at Optum is to develop the software and personnel judgment to be able to identify risks and remedy them before they pose a threat to our networks.”