Behind the IT systems that support civilian and defense agencies are a corps of administrators and information security specialists charged with operating those systems securely.
And behind them are organizations that help train and certify them and, as one organization did last night, recognize their efforts.
Nearly 150 of the government information security industry’s most accomplished professionals turned out to salute the work of a select group of their peers at the 8th annual Government Information Security Leadership Awards. The awards were presented by (ISC)², regarded as the world’s largest not-for-profit information security professional body and the administrators of the CISSP (certified information system security professional certification.)
Roberta Stempfley, acting assistant secretary at Department of Homeland Security’s Office of Cyber-security and Communications, set the tone for the awards ceremony and the challenge that security professionals face, admonishing the group to recognize that leadership is perhaps the most important part of their work.
“Yes, leadership is about vision, figuring out resources, and getting obstacles out of the way,” she said. But “leadership is also about understanding that security isn’t one person’s job, but everyone’s job. Leaders have to grasp that complexity,” and think through new ways to “mentor, teach, communicate and engage” people,” she said. “We have to get everyone involved on this.”
(ISC)² Executive Director, W. Hord Tipton (a regular guest contributor to Breaking Gov) and Charles McGann, Jr., corpoate information security officer for the U.S. Postal Service, and a number of GISLA judges presented awards in five categories to:
Technology Improvement
Individual Award: Dr. Emma Garrison-Alexander, assistant administrator for IT at the Transportation Security Agency (TSA), (pictured above with her team) led the project to develop the TSA’s Redaction Toolbar, which prevents improper document redaction and inadvertent release of sensitive security information by providing a standard, automated tool in Adobe Acrobat, and oversaw the development of related policies, processes and training in the use of the new toolbar. Her efforts, which also included establishing the TSA Security Operations Center, which monitors over a billion network events per week, has helped TSA maintain the highest IT security ratings of any Department of Homeland Security component.
Team Award: The Information Assurance Program Management Team, U.S. Army Combined Arms Center, led by Austin Pearson, CISSP, PMP, ITIL V3, Server+, information assurance program manager, and supported by Mary Johnson, CISSP, GISF, took on a long-term project to resolve classified spill issues resulting from the vast number of classified documents and other information processed daily by the Combined Arms Center. The team designed a scalable and efficient system architecture to host the automated Classified Spillage Solution on existing Windows servers, resulting in an initial 85% reduction in spill incidents and associated cost and labor savings.
Federal Contractor
Individual Award: Mr. Shawn Wilson, senior manager of information security, Verisign, Inc., led the effort to execute the Certification and Accreditation (C&A) effort for the U.S. General Services Administration’s (GSA) .GOV registry, which includes about 5,000 domains. As a result of Shawn’s efforts, which withstood a rigorous third-party audit, Verisign achieved the Authority to Operate, making .GOV the first domain name registration service certified to an unprecedented FIPS-199 High Impact system.
Team Award: The NVJC Cyber Dashboard Team, led by Chris Hughes, CISSP, CCNA, GCFW, chief engineer of cybersecurity, and seven other CISSPs, established a Cyber Dashboard to visualize, analyze and generate reports from the aggregated and correlated data feeds of multiple legacy security systems. With this tool, the team foiled numerous exploitation attempts and attacks against Department of Defense (DoD) email accounts; provided “first alert” detection of over 1,000 anomalous message traffic attempts; and detected and stymied a nefarious email campaign against the DoD.
Special Recognition:
The Joint Information Operations Warfare Center (JIOWC) Vulnerability Assessment (JVAT) Computer Network Security (CNS) Team, led by senior systems engineer David Rohret, CEH, Security+, CHFI, ECSA/LPT, and supported by three other information security professionals, has successfully completed over 150 system and system of systems assessments since 2003 on rapidly-fielded and developmental systems, as well as over 300 quick-look assessments on deployed systems, with over half requiring CNA, RF, and other technologies/tactics representing actual adversarial Trusted Third Parties (TTPs).
Workforce Improvement
Team Award: Cyberspace 200/300 Professional Continuing Education Team, Air Force Cyber Technical Center of Excellence, led by Dr. Harold Arata III, associate director, and his 28-person team are recognized for delivering cybersecurity senior and master professional rating courses for the Air Force Space Command to enable a new cyber career force. Thanks to Dr. Arata’s leadership and mentoring, his staff members launched new courses in minimal time, graduated over 600 cyber operations professionals in the first fiscal year and have since received numerous awards and recognition.
Process/Policy Improvement
Individual Award: Mr. Davin Knolton, CISSP, PMP, CKM, CKMP, DAU CIO Cert, CIO/assistant chief of staff, G-6, U.S. Army Combined Arms Center, has coupled multiple information security improvement projects into a single comprehensive and efficient portfolio initiative enhancing IA workforce professional certifications, IT leadership oversight and professional development, and automated classified spillage (DLP) response. The Information Assurance Program Enhancement Portfolio resulted in a significant reduction in the amount of man-hours and funds expended to mitigate classified spills and resolved related issues.
Team Award: Military Satellite Communications Systems Directorate Information Assurance Manager Team, U.S. Air Force, MILSATCOM Systems Directorate, led by Steven Martin, CISM, and his 18-person team successfully put together an effort that ensured reciprocity and consistency of the C&A process across the boundaries of designated accrediting authorities, standardized education and awareness programs for executives and technology professionals and enhanced IA capabilities education. The end goal was to articulate accurate risk assessments, enhance the annual security reviews of all IA controls and better measure FISMA compliance.
Community Awareness
Individual Award: Mr. Henry Yu, CISSP, CISM, chief information security officer, NASA, championed and provided outstanding contributions to the agency’s IT Security User Awareness Video project. Mr. Yu’s videos increased the overall awareness of IT security and common pitfalls and provided guidance on how to secure sensitive email, all of which helped reduce the number of reported incidents involving malware introduction.
Team Award: Cybersecurity Communications Working Group (CCWG), at the U.S. Department of Homeland Security OCISO, led by cybersecurity strategy communications manager Joel Benge, provides a central coordination point for strategic security awareness. Since late 2009, the CCWG has collaborated on an integrated cybersecurity communications strategy, developed common terminology and core messages for cross-departmental communications and responded to a multitude of security incidents.
For more information on the GISLAs, including past winners, selection criteria and eligibility requirements, visit www.isc2.org/gisla