(ISC)2 has announced the winners of its annual U.S. Government Information Security Leadership Awards (GISLA) program.
A judging committee of senior information security experts from (ISC)2’s U.S. Government Advisory Council (USGAC) and industry assessed individual and team achievements of a select group of nominees and awarded GISLAs in seven distinct categories.
F. Lynn McNulty Tribute: W. Hord Tipton, CISSP, former executive director, (ISC)2
Tipton was the first government CIO to obtain a CISSP, helping to bring high-profile attention to the need for a more professionalized information security workforce. Throughout his career, he drove support and advocated for federal government workforce initiatives such as the NICE Framework, DoD Directive 8570 and reform of OPM’s 2210 Job Series.
He also spearheaded major initiatives such as (ISC)2’s Global Academic Program (GAP) and USA Cyber Warrior Scholarships that are currently assisting the government in filling its cybersecurity workforce gap. Tipton has been instrumental in fostering the security education and certification of hundreds of thousands of individuals worldwide. He has dedicated his life to the advancement of the information security profession in the US government and beyond, and is considered one of the most influential people in security.
Technology Improvement: John Simms, the requirements and acquisition support branch chief and Continuous Diagnostics and Mitigation (CDM) program manager for the Department of Homeland Security (DHS)’s Office of Cybersecurity and Communications
Simms took an innovative approach to rapidly deploy nearly $60 million worth of CDM tools to 21 agencies through a product-only task order. This approach not only supported rapid security improvement for those agencies, but resulted in a $26 million cost avoidance and an average 30% reduction of GSA IT Schedule 70 prices. Through his efforts, Simms ensured that the critical capabilities necessary to meet emerging cyber-threats government-wide were acquired to protect federal networks while saving tax-payer dollars.
Community Awareness: US Marines’ 81 Cyber Protection Team (CPT)
This team quickly became the most sophisticated incident response element in the Department of Defense by building an advanced defensive cyberspace capability in the areas of training, technology employment, methodologies and mission planning.
Utilizing both proprietary and commercial technology, the team built one of the most modern and effective defensive cyber-programs for DoD, including a CPT toolkit that has become the standard for all CPTs across DoD. In the area of training, 81 CPT produced experts capable of conducting incident response, vulnerability analysis and mitigation, and procedure/methodology enhancements to any government organization. As a result, 81 CPT has shaped the way that the U.S. Cyber Command implements CPTs and has set the standard for other DoD teams.
Workforce Improvement: Michael C. Redman, senior information assurance manager and chief for the DoD’s Policy and Accreditation Branch
Redman identified a training gap for DoD cybersecurity professionals and delivered in-house training courses to over 300 personnel using training materials that he created. As a result of the knowledge transfer to students at their level of learning, 93% achieved a pass rate on certifications such as CISSP, CISM, Security+ and Linux+. His holistic approach to information security and course development is bridging the gap between standard course material and the daily reality of civil servants and DoD personnel.
Process/Policy: Benjamin Bergersen, cloud cybersecurity program manager for MAX.gov Shared Services at the US Department of Education
Bergersen utilized his expertise in the areas of government-wide collaboration, building high performance teams, business process transformation, IT governance, strategy, enterprise architecture, information security and portfolio management to lead security transformation of cybersecurity business processes for MAX.gov Shared Services.
His ability to coordinate dozens of staff, multiple major applications, hundreds of servers and over 120,000 users employing the Federal Risk Authorization Management Program (FedRAMP) model resulted in MAX.gov becoming the first federal agency application and software-as-a-service (SaaS) agency to become FedRAMP authorized.
Most Valuable Industry Partner (MVIP): The CERT Coordinating Center (CERT/CC) Vulnerability Research and Coordination team, Carnegie Mellon University Software Engineering Institute
The Institute pioneered efforts in vulnerability research automation for existing and emerging computing domains that have significantly strengthened the larger US-CERT mission of improving information security and providing value to industry partners.
The team deployed the Tapioca automated vulnerability discovery tool and applied it to the 11,000 applications available on the Google Play Store. Within a period of several days, over 20,000 vulnerabilities—or 15% of the total vulnerabilities identified in 2014—were discovered. These results are enabling this new community of developers and vendors of the platforms they utilize to adopt better security practices and bring increased utility to the expanding universe of mobile devices.
Up-and-Coming Information Security Professional: Samuel A. Maroon, IT operations instructor for the US State Department
Maroon spends his spare time teaching and managing the Wounded Warrior Cyber Combat Academy (W2CCA), a program administered by the Federal IT Security Institute on behalf of the FITSI Foundation.
Maroon has worked with more than 30 injured veterans—volunteering 15-20 hours per week—in order to train brave men and women to help protect their country against cyber-attacks. By engaging these wounded warriors, he is tapping into a very talented and motivated resource pool to help address the current shortage of skilled cybersecurity workers while helping to protect our nation’s critical infrastructure.
(ISC)2 also announced this year’s USA Cyber Warrior Scholarship recipient. This scholarship program was developed by the (ISC)2 Foundation in collaboration with Booz Allen Hamilton to help close the government’s cyber workforce gap by providing cybersecurity career training to qualified veterans who served in the United States military.
USA Cyber Warrior Scholarship Recipient: Wajahat Qureshi
Qureshi ended his active duty in the Navy in 2007. He has served with Navy Reserve Command, and in 2013 was named Sailor of the Year. His career goals include attaining his Certified Information Systems Security Professional (CISSP) and earning a commission into the U.S. Navy Reserve as the information warfare designated officer.