Focusing on excellence in federal cybersecurity is a stated goal of the Obama Administration, and it’s an area increasingly under the microscope. Dovetailing with the zeitgeist, (ISC)² has announced the recipients of its annual US Government Information Security Leadership Awards (GISLA) program, including the 2014 Lynn F. McNulty Tribute.
Announced during a gathering of federal information security executives at the GISLA Gala in Arlington, Va., individual and team achievements of a select group of nominees were awarded GISLAs in five distinct categories. And, the Lynn F. McNulty Tribute went to Bobbie Stempfley, assistant secretary for cybersecurity and communications (CS&C) within the Department of Homeland Security (DHS) National Protection and Programs (NPPD) Directorate.
In Technology Improvement, Jaime Vargas, CISO of the DHS Office of the Inspector General (OIG) designed, developed and implemented an information security continuous monitoring (ISCM) program for the IT infrastructure of the OIG. It encompassed a state-of-the-art architectural solution using automated tools to support the implementation of the Risk Management Framework, and improved the effectiveness of the safeguards and countermeasures that remediate vulnerabilities.
“As a result, OIG’s FISMA compliance scores ranked amongst the highest in the federal government,” (ISC)² noted. “OIG stands as a model component within DHS for information security compliance.”
In the Community Awareness category, Erich Fronck, regional information security director for the Northeast region at the Veterans Administration (VA) led an awareness initiative utilizing a 100% stand-down approach that significantly raised the training compliance level for regional users. As a result, compliance rose to 99.62%, with the number of individuals deficient in training decreasing from approximately 8,000 to less than 2,000.
In Workforce Improvement, the Cyberspace 200/300 Professional Continuing Education (PCE) team took home the award, led by Robert Mills, director of the Center for Cyberspace Research for the Air Force’s Cyberspace Technical Center of Excellence. Mills and his 27-member team faced the Herculean task of planning, establishing, and implementing intermediate and advanced cybersecurity courses (Cyber 200/300) by applying innovative tactics like developing 40 joint network attack/defend/exploit capstone exercises with multiple virtual networks to give real-world hands-on training. This initiative ultimately contributed to the graduation of approximately 400 US Department of Defense joint and allied cyber professionals, and has provided the Air Force cyberspace security workforce with a learning continuum that fills a critical void in cyber workforce education.
In the Process/Policy category, Jeff Harriss, team lead for access control at the OCIO-ITS-IOD operations security branch at USDA set out to reduce the significant number of users granted elevated administrator permissions on their desktop computers in order to reduce risk within the USDA’s user base of 37,000 accounts. He worked closely with customer development communities to pilot and test a solution that would not only resolve technical and procedural issues, but one that built and fostered positive working relationships with customer stakeholders, helping to speed adoption. By March of 2014, the number of local administrators had been reduced from 10% of the population to less than 1% and increased the overall security of this sizable user base.
And in the Federal Contractor arena, Sunny Tuteja, founder, president and CEO of AssurIT Consulting Group developed a plan of action and milestones (POAMs) dashboard for the US Department of Agriculture’s Natural Resources Conservation Service. The dashboard brought previously unavailable visibility into the difficult and costly task of managing the roadmap. The dashboard delivered a strategic view of system weaknesses that resulted in an expected closure of over 75% of the agency’s POAMs and an overall improved security posture at the Natural Resources Conservation Service.
Meanwhile, the Lynn F. McNulty award was established in 2012 as part of the GISLA program in honor of its namesake, an (ISC)² evangelist and colleague known for his dedication to professionalizing the US government workforce. The award recognizes a member of the US federal information security community who upholds McNulty’s legacy as a visionary and innovator through outstanding service and commitment.
“Bobbie has overcome many challenges while growing an effective organization that is dedicated to preventing disruptions to our critical information infrastructure and to protecting the public, the economy, government services, and the overall security of the United States,” said W. Hord Tipton, executive director of (ISC)² and former CIO of the US Department of Interior, in a statement. “Thanks to her vision and tenacity, the CS&C – now comprised of five divisions -- leads interagency and public-private initiatives that enable all to better secure their parts of cyber space.”
Ms. Stempfley came to DHS in 2010 to serve as the director for the National Cyber Security Division (NCSD), and she was later selected to serve as the deputy assistant secretary for CS&C. Prior to her work at DHS, Ms. Stempfley was the CIO for Defense Information Systems Agency (DISA) where she oversaw IT systems and services used by the major branches of the US military.
“Ms. Stempfley has shepherded CS&C through years of transition and has superbly represented the department through important changes,” said Joe Jarzombek, director for software and supply chain assurance at DHS. “You will also find her serving in many behind-the-scenes roles that have enabled CS&C to better serve the nation and our partners. Her actions and level of commitment truly exemplify the way Lynn McNulty served our information security community of practice.”