A judging committee of senior information security experts from (ISC)²’s US Government Advisory Board for Cyber Security (GABCS) and industry assessed individual and team achievements of a select group of nominees, and awarded both the the new Tribute honor and GISLAs in five distinct categories.
In the category of Community Awareness, the Task Force Cyber Team won the recognition. It’s led by Wendy Huskey, deputy information assurance program manager for the HQ Army Materiel Command (AMC). The team was responsible this year for the information security education and awareness of more than 70,000 dedicated military and civilian employees, with an impact in all 50 states and 150 countries. Through its efforts, the team has enabled the AMC – the largest Army Command – to become the second-best trained and certified-compliant command, which steadily maintains a 98% overall IA training and certification compliant posture.
In the Federal Contractor category, the Registration, Compliance, and Verification (RCV) Modernization Team at the Selective Service System (SSS), led by David Ratnaraj, program manager at Advanced Information Services, was honored. With no disruption, the 17-person team replaced a mission-critical legacy mainframe system with a secure, optimized and maintainable web-enabled service oriented architecture (SOA)-based solution that achieved zero cybersecurity vulnerabilities in more than 680,000 source lines of code. The team met demanding security requirements and incrementally “built security in” throughout the software development lifecycle (SDLC), resulting in an annual cost savings of $2.5 million for SSS.
For the category of Process/Policy Improvement, the trophy went to the Mobile Technology Tiger Team (MTTT), led by Roger Seeholzer, security architect for the U.S. Department of Homeland Security (DHS). Comprising 43 members across numerous government agencies, the MTTT in collaboration with 21 other federal stakeholders developed a common criterion for mobile computing programs and gained approval for distribution across the federal space. The common security baseline approach of the Federal Mobile Security Baseline and the Mobile Computing Decision Framework promises to save other federal agencies significant funds, while furthering DHS’ larger ongoing effort to enable safe, secure delivery of digital information and services.
The Technology Improvement honor went to the USDA NITC Cloud Service Provider FedRAMP Certification Team, led by James Steven, associate CIO for the National Information Technology Center (NITC) at the US Department of Agriculture (USDA). The team, working closely with the FedRAMP Project Management Office (PMO), enabled USDA NITC to become the first federal agency to achieve FedRAMP certification for its government-owned and managed USDA Enterprise Data Center (EDC) Cloud Service Offerings. The project came in under budget and two months ahead of schedule. Thanks to the team’s collaboration and its leader’s history of information security advocacy, the program’s FedRAMP System Security Plan provides a model that meets and exceeds Federal Information Security Management Act (FISMA) requirements, and makes it easier to extend cloud-computing services to agencies outside the USDA and for all inter-government agreements.
And finally, the Workforce Improvement category recognized Major General Earl Matthews, director of cyberspace operations for the US Air Force and leader of the AF Cyberspace Workforce Development Program. He has made significant progress toward shaping the 45,000-person cyberspace workforce to meet dynamic requirements in the cyberspace mission area. Of the project’s many successful strategies, Matthews and his staff, in collaboration with the White House, partnered with industry in a “Transitioning Service Member” pilot, initiated the “Knowledge Ops Management Center” pilot, and forged the “Year of the Cyber Civilian” campaign that would drive career transition for 19,000 civilians.
This year also saw the bestowing of a new award, which was established last year as part of the GISLA program after the passing of (ISC)² evangelist and colleague, F. Lynn McNulty, CISSP, known for his dedication to professionalizing the US government workforce. The Tribute Award recognizes a member of the US federal information security community who upholds McNulty’s legacy as a visionary and innovator through outstanding service and commitment – in this case, NIST's Ross.
“Dr. Ross has played a key role in establishing cyber security requirements for federal agencies for decades,” said W. Hord Tipton, executive director of (ISC)² and former CIO of the US Department of Interior, in a statement. “By honoring Ron with this designation, we are ensuring that Lynn’s legacy of influence and commitment to government information security is recognized for years to come.”
Ross serves as senior scientist and information security researcher at NIST, where he leads the FISMA implementation project and is the principal architect of the NIST Risk Management Framework. A former director of the National Information Assurance Partnership, Ross also supports the US State Department in the international outreach program for information security and critical infrastructure protection.
“While there are many people whose efforts and dedication to the advancement of government security is making an impact, few could argue that Ron comes closest to filling Lynn’s shoes. The decision was unanimous,” said Peter Gouldmann, director of information risk programs for the Office of Information Assurance at the US Department of State, and member of the (ISC)² GABCS selection committee. “Ron’s insight and leadership in producing a library of guidance publications over the past decade has greatly contributed to the advancement of information security in government and around the world. His highly collaborative approach, incorporating government and industry, has resulted in products that are being adopted and adapted for use on national security systems, transcending the unclassified and classified systems landscape.”