The GISLA judges handpicked department teams (and, in one case, an individual) from among the nominations in light of their contribution on a project of initiative basis.
In the Community Awareness category, the US Federal Aviation Administration (FAA) Awareness, Training and Evaluations Division Team, led by Nancy Hendricks, CISSP, information systems security specialist, took the prize after launching a six-month campaign to ensure that at least 95% of its Department of Transportation user population completed annual awareness training by a set date and ensuring that the almost 600 ISS specialists received their mandatory ISS role-based training.
“With open communication, defined workflows, cutting-edge development tools and a relentless focus on continuous improvement, the AIS-200 Team has achieved quantifiable results in support of various administrative requirements,” (ISC)² noted.
As far as the Federal Contractor category, the honor went to the US Department of Defense’s Joint Capability Technology Demonstration (JCTD) Adaptive Red Team, led by David Rohret, CEH, Security+, CHFI, ECSA/LPT, CNDA, senior principal systems engineer, CSC.
The JCTD ART was asked to accurately replicate real-world hackers, cyber armies and cyber criminals in how they would attack the DoD and, in response, developed a process for applying effects-based (goal-oriented) scenarios, rather than traditional technology-centric approaches. This novel concept of cyber security looks at the target set through the adversary’s eyes, attacking and assessing from every approach to determine the most likely vector of attack for repeatable actions and the greatest impact.
In the Process/Policy category, it was time to shine for Janet Stevens, PMP, CIO at the USDA Food Safety and Inspection Service (FSIS). Stevens has led the initiative to improve FSIS’s Information Assurance Division (IAD) through cyber security awareness, communication and organizational efficiency, “as evidenced in her innovative use of social media,” (ISC)² noted.
Among other initiatives, Stevens contributes regularly to the OCIO blog, Ping and the FSIS CIO newsletter, providing her agency with an in-depth explanation of cyber security issues and practices and updates on the latest IAD news. “Her commitment to these combined efforts ensures that every member of the FSIS community, from security officers to office staff, is aware of cyber security,” (ISC)² added.
In the category of Technology Improvement, the US Air Force’s Military Satellite Communications (MILSATCOM) Systems Directorate's Host Based Security System (HBSS) Pilot Integration Team, led by Steven Martin, CISM, information assurance manager, took home the laurels. (ISC)² explained that the team leads a diverse partnership between U.S. government, contractor and industry stakeholders “to address the significant challenge of integrating the HBSS baseline on a Space Mission System.” The team was able to complete the project in less than two months by formulating, documenting and completing a proof of concept as a pathfinder model for future implementation. The collaboration also benchmarked the successful migration from an enclave to enterprise approach for implementing, monitoring, and reporting IA security of MILSATCOM systems.
In terms of Workforce Improvement, the US Army Reserve’s Information Operations Command (AROIC) Cyber Warrior Training Development Team, led by Col. John Diaz, CISSP, CRISC, professional engineer and commander, claimed the win. The 10-person cadre of certified cyber-security professionals implemented a training strategy that “systematically trains and transforms AROIC soldiers into elite, combat-ready cyber warriors who are called upon to protect, monitor, analyze, detect and respond to unauthorized activity on the Army’s information systems and computer networks,” according to the (ISC)².
Next year, a new award will join the ranks: the (ISC)² Lynn F. McNulty Tribute GISLA will recognize a member of the U.S. federal information security community who upholds McNulty’s legacy as a visionary and innovator through outstanding service and commitment.
Nominations will open in the spring, and the first recipient will be hand-chosen by the (ISC)² U.S. Government Advisory Board for Cybersecurity (GABCS).
“Lynn McNulty made a significant mark in his efforts to achieve the ambitious goal of building a professional government information security workforce and to strengthen the security posture of the country’s information resources and infrastructure,” said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)², in a statement. “One of Lynn’s very tangible legacies was the GISLA Program, which he championed and which has since become one of the most coveted recognition programs for federal cyber-security professionals today.”
McNulty was considered a true pioneer in government information security circles, having served in a number of critical and high-profile capacities, including as associate director for computer security at the National Institute of Standards and Technology (NIST), as the first information systems security director at the US State Department and as director of government affairs for RSA.
“With this award, we ensure that Lynn McNulty will be remembered and honored every year by the government information security community, which is as strong as it is today in large part because of his talent and persistence,” says Marc H. Noble, CISSP-ISSAP, CISM, CGEIT, MBCI, director of government affairs for (ISC)² and co-chair of the Government Advisory Board. “This award will encourage a new generation of information security leaders to aspire to Lynn’s achievements and his very high ideals.”
McNulty spent his post-government career working in key roles within (ISC)², including as a member of the (ISC)² Board of Directors, (ISC)² director of government affairs and founding co-chair of the (ISC)² US GABC.
In 2009, McNulty was inducted into the Information Systems Security Association (ISSA) Hall of Fame, and this past summer, Federal Computer Week named McNulty as one of the key thought leaders in government IT of the last 25 years.