35.1 F
Washington D.C.
Saturday, January 28, 2023
spot_img

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards

Homeland Security Today’s annual Holiday Hero Awards honor those who have made lasting contributions to our nation’s security and risen to meet myriad challenges, recognizing those who have dedicated their careers to making our nation safer within the homeland security enterprise and those who have used their talents, determination, or platform to contribute to a safer country.

Here are the winners in the cybersecurity and information technology field. (Read the full list of HSToday Award winners and Mission Award winners.)


HOMELAND’S HUMAN FIREWALL


Homeland’s Human Firewall is a new award to recognize the tireless efforts and achievements of those keeping our cyber infrastructure protected.

Kenneth Bible, Chief Information Security Officer, Department of Homeland Security

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Today

The team led pathfinding work applying the statistical and analytical techniques of latent factor analysis – typically applied in the medical field – to quantify cybersecurity risk based upon correlations among observable variables, mainly those found in the well documented National Institute of Standards and Technology Cybersecurity Framework (CSF).

Based upon the Assessments Team within CISOD and ICE’s work, the Department of Homeland Security (DHS) has launched the Unified Cybersecurity Maturity Model (UCMM), upon which cybersecurity investments can be mapped to their impact in increasing cyber maturity (reducing risk) and visualizing this impact at the system, component agency, and enterprise scale. Further, this campaign directly supported the department’s delivery of a first-ever assessment of risk within the entire portfolio of a major subdivision of the department in FY 2022 based on an innovative application of existing acquisition cyber hygiene clauses.

Simply stated, the team’s work has been seminal – both in terms of the application of latent factor analysis principles, and in terms of practical application to move DHS’ information security program forward towards risk-based methods. Moreover, UCMM is being used to measure risk on DHS public facing systems providing citizen services, such as those at U.S. Customs and Border Protection, Federal Emergency Management Administration, U.S. Immigration and Customs Enforcement, and Transportation Security Administration. The application of UCMM for these systems proactively uncovers and measures cybersecurity risk for the application of appropriate risk reduction measures that can be made to protect citizen access.


ACQUISITION EXCELLENCE


The Acquisition Excellence awards recognize a division, agency or effort that has improved the speed, efficiency, and effectiveness of the acquisition of technology, products or services that support the frontline missions of homeland security. Projects must demonstrate tangible benefits and improved efficiency in the acquisition process.

TSA: Flexible Agile Scalable Teams (FAST), Richard Melrose, Branch Chief and Supervising Contracting Officer, and Cristian Rodriguez, Branch Manager, Application Development Division

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Today
Cristian Rodriguez receives his award from TSAs Assistant Administrator for Contracting and Procurement Bill Weinberg

Richard Melrose serves as the Branch Chief and Supervising Contracting Officer for the set of Flexible Agile Scalable Teams (FAST) contracts awarded to multiple vendors to customize and integrate software and applications for various TSA organizations. Each blanket purchase agreement (BPA) supports offices within various Flexible Agile Scalable Teams (FAST) portfolios, including enterprise support, human capital, security operations, law enforcement, and digital services and workflow collaboration. The contracting approach is one of the most innovative in the federal government, allowing TSA to quickly contract with vendors to provide agile scrum teams of a specific complexity based on a single one-page description of the scope sought for delivery. This vehicle allows TSA to quickly ramp up delivery teams with custom or software as a service/cloud skills on demand. A set of standardized, robust DevSecOps capabilities allow the agile teams to rapidly deliver code to production. The approach has not only facilitated the delivery of new mission critical services for the enterprise but also helped drive down costs by modernizing TSA IT infrastructure using SaaS cloud services.

Cristian Rodriguez serves as the Branch Manager in the Application Development Division within TSA Office of Information Technology (OIT), with oversight of the agency’s Flexible Agile Scalable Team (FAST) contracts to support the technology portfolios for the Enterprise, Security Operations, Law Enforcement, and Human Capital offices. Rodriguez combines traditional and agile principles and processes in building independent customer-funded application development programs, as well as administering more focused TSA Agile Services contracts for faster application development and deployment.

USCIS: Fusion Procurements, Contracting Officer and Component Innovation Coach Chad Parker 

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Today
David Jablonski receiving the award for Chad Parker

The team sought to streamline the evaluation process. With the two task orders expiring around the same time, USCIS wanted to recompete both requirements together in one to solicitation (but not bundle them into a single award) to streamline the approval and evaluation process for the requirement. The team used a new technique called fusion procurements to streamline the procurement process. Using this technique, USCIS issued one solicitation to solicit quotes for the two FINCH requirements with the plan of awarding two separate task order awards. Using FAR 16.505 Fair Opportunity procedures, the team used a two-phased advisory down-select approach. In Phase 1, quoters submitted a 4-page response to three questions about their specialized experience related to one or both FINCH requirements. In phase 2, vendors submitted a written past performance questionnaire and participated in an all-day coding challenge followed by an oral presentation. As a result of this streamlined approach, USCIS received 18 quotes in Phase 1 and advised 7 vendors to proceed to the second phase, with all but one vendor taking the government’s advice to proceed to Phase 2. The Phase 2 coding challenge did not go as planned! During the coding challenge, the USCIS team had an unexpected experience when the cloud platform being used did not capture the code that was written by the vendors. Having to decide on how to proceed upon learning that the cloud platform did not capture the all-day coding challenge submissions in Phase 2, the CO asked all 8 vendors to repeat the all-day coding challenge. This time, the procurement team had their subject-matter-experts (SMEs) fully test the cloud platform before hosting the repeat coding challenges to ensure it met all requirements and would save the submissions.

Using the fusion procurement process to award two task orders from one solicitation significantly cut down on the administrative processes, even with the necessary repeat of the Phase 2 coding challenge. USCIS was able to award both task orders with a combined value of $231 million just 7 months after the release of the solicitation. This was the first time the contracting officer served as the innovation coach for a procurement. Rather than panic and cancel the solicitation when something did not go as planned, he employed the PIL framework of testing and sharing by quickly learning forward from the coding challenge debacle and used the discretion allowed him in FAR Part 1 to have vendors repeat the coding challenge to keep the procurement moving forward to ensure timely delivery of the mission. All vendors were treated fairly and so there was no need to cancel simply because something did not go as planned. A learning culture of testing, sharing, obtaining feedback, and testing again creates a learning organization that is better able to adapt to unexpected challenges to better meet the mission. This USCIS FINCH team demonstrated the benefits of a learning culture and were able to timely support the mission of their frontline users by failing fast and quickly learning forward from their coding challenge.

In addition to Parker, the USCIS FINCH Team is Secondary Contracting Officers Sylwia Salkic and Morgan Skaggs, Program Lead Scott Purnell Saunders, and Legal Advisor Dana-Marie Akpan.

CBP: IT Marketplace, Betty Matias, Gloria Contreras, and Cheryl Ogden

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Today

Matias and Contreras, as a team, exceeded expectations with the IT Marketplace ordering process and increased productivity, which left zero dollars in funds unspent. Their work practices and commitment to acquisition excellence are invaluable and proved the success of the IT Marketplace ordering process for CBP.

Cheryl Ogden was instrumental as a member of the IT Marketplace team of CBP. Her efforts helped to streamline all procurement acquisitions for selected IT commodity buys to reduce the number of procurement actions done by procurement and therefore maximizing procurement resources. She also consolidated the commodity buys to allow CBP to have an anticipated benefit of quantity pricing/discounts to be leveraged for the good of all CBP. In FY21 the IT Marketplace saved $4 million for CBP; for FY22 the IT Marketplace saved $2.5 million allowing the savings to be redirected for other CBP mission-critical requirements. Further, the streamlining of the commodity acquisitions also allows OIT to ensure that all devices deployed are fully imaged, patched, updated and managed for network and cybersecurity requirements by reducing the IT device sprawl through the enterprise infrastructure.


MOST VALUABLE PLAYER


The MVP award is given to an official or team that modernizes and improves the operations and performance of an agency, component, or division to increase capacity, speed delivery, use innovation and improve performance. These leaders also focus on the future – developing strategies and plans to address our constantly changing, dynamic threat environment. 

MVP: TEAM

Department of Homeland Security Enterprise Non-Person Entity (ENPE) Public Key Infrastructure (PKI) Project: Dennis Martin, Gladys Garcia, and Giuseppe Cimmino, Office of the Chief information Officer

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Today
Gladys Garcia ENPE PKI Team

Automation is the key to reducing operating costs, reducing system outages caused by expired device certificates and supporting mission agility. Current manual processes for certificate issuance and renewal have higher labor costs and do not scale. The need for device certificates has increased significantly as DHS implements zero trust per the Biden administration’s Executive Order 14028 and the Office of Management and Budget’s Memo M-22-09.

ENPE PKI is based on a modern Certificate Authority (CA) platform that offers multiple protocols for certificate automation, including Microsoft Auto-Enrollment (MS AE) for Active Directory integration, providing an upgrade path from Microsoft Certificate Server, Automated Certificate Management Environment, an industry standard (IETF RFC 8555) made popular via the public Let’s Encrypt certificate service, and Enrollment over Secure Transport protocol (EST), industry standard (IETF RFC 7030) to automate facing with existing Certificate Management tools in components. ENPE PKI was built by a DHS team that has the previous successful experience of operating PKIs for the Department of State, Federal Bureau of Investigation, and General Services Administration and provides a high assurance solution to increase DHS security posture.

Key security enabling aspects of the ENPE PKI design include a highly available, scalable online architecture implemented with the DHS HQ Cloud Team, storage of CA private keys in Federal Information Processing Standard 140 Level 3 hardware security modules on premise and in the cloud, implementation of an offline root CA distributed across multiple physical DHS locations, native PIV user authentication, and adherence to a high-impact security control baseline.

There are additional non-technical, security enhancing aspects of the ENPE PKI system. Centralized policy enforcement, auditing, and monitoring support better governance. Attribution of issued certificates to the system’s FISMA ID that are issued for improved visibility and enables automation of certificate expiration notifications. Having a DHS Enterprise wide root of trust enables root certificate consolidation, easing trust store management, making it easier to identify rogue root or self-signed certificates used by adversaries such as those related to the Solar Winds incident. Additionally, having a modern enterprise CA supports DHS with the crypto agility necessary to manage the migration to post quantum cryptography.

MVP: INDIVIDUAL

Dave Mooney, Cyber Shared Service Management Chief, Cybersecurity and Infrastructure Security Agency

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Today The Protective DNS service helps block the vast majority of DNS-based attacks, protecting the .gov domain across millions of devices. Mooney and his team leverage a shared service approach to allow CISA to offer agencies best-in-class and scalable capabilities that address significant threats while providing the agency increased visibility into cybersecurity threats facing FCEB agencies. This innovative approach is underpinned by the integration of cyber threat intelligence and advanced data analytics, which unleashes state-of-the-art security response measures from CISA and FCEB agencies. Beyond faster response capabilities, the data gathered enables CISA to view trends and data across the enterprise, which informs current and future collective defense strategy and impacts threat-hunting operations as they respond to the evolving threat landscape.

Protective DNS went live in March 2022, and since then the service has blocked more than 135 million attempts to penetrate network security on domain name services for FCEB agencies. Mooney and his team are future- oriented, and they continue to refine service requirements and gain a deeper understanding of the diverse adoption needs. The feedback gathered from continuous agency engagement and internal CISA stakeholders informs the future of Protective DNS and allows the team to iterate on service enhancements to further protect agencies and bolster CISA’s strategic priorities. The success of Protective DNS is the culmination of Mooney’s strategic vision to modernize the service by enhancing agency and CISA protection and improving response capabilities and efforts to stay ahead of the ever-evolving threat landscape.


BACKBONE


Often the “back-end” side of the mission is the most neglected, and yet often the most important. Recipients of the Backbone award have accomplished extraordinary feats to ensure that the support functions of an agency maximize efficiency, support mission and account for new advancements and technology.

Department of Homeland Security Security, Development, and Operations (SecDevOps) Team: Robert Foster and Chakris Raungtriphop, Office of the Chief Information Officer (OCIO)

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security TodayThe Security, Development, and Operations (SecDevOps) team has made significant impact realizing the Deputy Chief Information Officer’s (DCIO) vision of making SecDevOps the standard way of delivering software and transforming the development process at DHS. All aspects of these performance goals were accomplished by the team on schedule and surpassed the FY21 performance goals of the Strategic Technology Management (STM) Director, Chief Technology Officer (CTO), and DCIO for this initiative. The SecDevOps Team built on the efforts of the Agile Acquisition Working Group (AAWG) by gathering data from programs across DHS to identify who has implemented SecDevOps and the level of maturity achieved. The team created a SecDevOps campaign plan that incorporates lessons learned and several discussions with industry. A set of 15 multifaceted action plans were created focused on people, technology, process, and governance to ensure that DHS achieves SecDevOps mastery.

To support the action plan’s success, the team established partnerships with Management Directorate Lines of Business (MGMT LOB) offices that participated in the AAWG to ensure equity across DHS as the agency implements modern IT delivery. Briefings were developed to share with partners and the team met with OCIO and Management directorates to solicit input and support for the campaign. SecDevOps working groups were created that collaborate with components and directorates to receive and incorporate feedback to finalize the action plans. The SecDevOps Campaign plan was briefed to OCIO Executive Directors, the DCIO, the CIO, the CIO Council, and the AUSM and was well-received by all.


EXCELLENCE IN EDUCATION AND TRAINING: CYBER


Department of Homeland Security Office of the Chief Information Officer Workforce Phishing Campaigns: Steven Friend, Lisa Cooper, and Lawrence Knachel

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security TodaySteven Friend, Director, Program Management and Governance Division; Lisa Cooper, Information Technology Specialist/Program Manager for the Enterprise and Headquarters-as-a-Component Cybersecurity Awareness and Training Programs; and Lawrence Knachel, Information Technology Specialist/Penetration Test, Vulnerability Disclosure, and Bug Bounty Lead have shown exemplary dedication to the Department of Homeland Security’s (DHS) mission and a strong desire to enhance the cybersecurity knowledge of the workforce through the implementation of quarterly Phishing Campaigns for Headquarters (HQ).

Friend, Cooper, and Knachel routinely show initiative in improving performance and productivity throughout DHS management. They identified a solution to conduct phishing exercises for Local Area Network (LAN) A users and HQ to resolve Fiscal Year (FY) 2019 and FY20 Office of the Inspector General Audit findings for not conducting exercises as required in DHS Policy Continuous Improvement of Department of Homeland Security Cyber Defenses, November 2017. They consistently deliver exceptional business services to customers and serve as stewards of supporting the DHS mission. Quarterly phishing exercises are conducted across HQ organizations whose employees and contractors use LAN A to gauge overall cybersecurity awareness, capture metrics for training effectiveness, and assist some components in meeting the FY22 Information Security Performance Plan (ISPP) requirements.

Friend and Cooper identified and communicated Social Engineering metrics across the Enterprise, to include HQ. These metrics were incorporated into the FY22 ISPP. Additionally, each quarter, they create and publish a landing page where users who click phishing links will be taken. This page identifies the campaigns as phishing exercises, highlights the cues in each email that indicate they are a phishing attempt, and provides micro-training for users who were phished.

Cooper leads the phishing effort across HQ and its organizations while ensuring customer service remains a priority. Scheduling and rules of engagement approvals were obtained by Chief Information Security Officers from the Cybersecurity and Infrastructure Security Agency, Countering Weapons of Mass Destruction Office, HQ, Intelligence and Analysis, OIG, and the Science and Technology Directorate at the start of the phishing campaign. Cooper coordinates with stakeholders to include component CISOs, the DHS Network Operations and Security Center, and the Information Technology Service Desk to ensure there are no questions or concerns prior to launch. Additionally, she coordinates content review for select stakeholders such as I&A Counterintelligence, Office of the Chief Human Capital Officer, and Office of the Chief Security Officer. At the conclusion of each phishing exercise,  Cooper gleans lessons learned from various stakeholders, analyzes the results provided by Knachel and the Network Operation Security Center, and develops reporting metrics for each component stakeholder, as well as an executive report for Chief Information Officer Eric Hysen.

Knachel is instrumental in the development, review, and dissemination of phishing email content as well as providing insight into possible reasons for the results we have seen.

All three individuals play a crucial role in DHS’ commitment to provide high- quality services by ensuring that each email follows a progressive complexity model throughout the fiscal year. This was accomplished by drafting each email based on the National Institute of Standards and Technology Phish Scale. The first email was intended to be an obvious phishing attempt in Q2 with each successive email increasing in difficulty throughout FY22. Emails were recognized by several HQ organizations as being real-world focused and increasingly harder to detect as being part of a phishing simulation.

Kiersten Todt, Chief of Staff, DHS Cybersecurity and Infrastructure Security Agency

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security TodayKiersten E. Todt is the Chief of Staff at the Cybersecurity and Infrastructure Security Agency (CISA). She is responsible for the planning, allocation of resources, and development of long-range objectives in support of the department’s goals and milestones; she provides strategic vision, guidance, and direction to ensure the federal government is prepared to interdict or respond to cyber threats to the homeland. Todt has brought private-sector best practices and procedures to CISA. She has deepened private sector and government collaboration in all areas of cybersecurity. She has spearheaded adding cybersecurity to the K-12 curriculum in order to develop new generations of cyber warriors. She has also been a champion for building the cyber workforce. Her combination on intellect, experience, drive, insight, and collegiality has made CISA a much more effective agency.

Prior to her role at CISA, Kiersten served as the Managing Director of the Cyber Readiness Institute (CRI), a nonprofit initiative that convenes senior executives of global companies to develop free cybersecurity tools and resources for small businesses, worldwide. She co-founded CRI in 2017 with the CEOs of Mastercard, Microsoft, PSP Partners, and the retired CEO of IBM.  She was also the non-resident scholar at the University of Pittsburgh Institute for Cyber Law, Policy, and Security. She most recently served in the federal government in 2016  as the Executive Director of President Obama’s independent, bipartisan Commission on Enhancing National Cybersecurity.

Hack DHS

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Today

Amanda Day was instrumental in standing up the “Hack DHS” program. She was the lead for creating the rules of engagement that govern the program, identifying the first set of systems assessed under the program, building a relationship with the team at Cybersecurity and Infrastructure Agency’s Quality Services Management Office who owned the contract the program executed and providing key guidance to the execution of the events. Lawrence Knachel played a critical role in the lead-up to the event, performing the initial outreach to system owners to explain the purpose of the program, completing the rules of engagement for the assessment, training system teams on how to use the platform, and assisting with determining which assets would be assessed. During the event, Knachel conducted daily meetings in which system teams were briefed on new vulnerability findings, presented explanations of the risk those findings presented, and provided guidance on mitigating the vulnerabilities. He regularly briefed leadership with updates, observations, trends, and insights that came from the program. Knachel also represented DHS in interactions with the security researcher community and bounty program vendor. This involved answering questions about the relevancy of findings, ensuring that system owner equities were represented, and making changes to the program as needed based on how it was affecting production systems. Knachel also served as the authority for payout determinations to the researcher community, ensuring payments matched the severity of submitted vulnerability reports.


MISSION AWARDS


Each year, Homeland Security Today honors shining stars in the community who are making their own unique, invaluable contributions to advance the mission of keeping America safer from myriad threats. Their strong commitment to mission touches every part of their work, from day-to-day operations to special projects and work in the community. 

J. Michael Daniel, President and CEO, Cyber Threat Alliance

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security TodayDaniel then served for almost 5 years as the advisor to the president on cybersecurity matters, leading the development of government-wide cyber policy and overseeing implementation of that policy. Upon leaving government, he moved to lead the Cyber Threat Alliance, a nonprofit organization that is working to improve the cybersecurity of our global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. He extends his service to the government in his current role, working to ensure that the federal agencies and contractors that support them are educated on the importance of sharing threats to the federal ecosystem. His pivotal work to change culture and build trust across and between government and the private sector is steadfast. His work to help combat the pervasive cyber threat across 18 critical infrastructure segments has made a significant impact for this nation and across the globe. Throughout this career, he has served the federal government by making a measurable impact in the cyber mission.

HSI Cyber Crimes Center

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Today

The HSI Cyber Crimes Center (C3), led by Acting Division Chief Ronald Appel and Unit Chief Daniel Lezcano, is at the vanguard of investigating crypto-based cybercrimes, and was integral in the 2022 criminal charges against six defendants in four separate cases for their alleged involvement in cryptocurrency-related fraud, including the largest known Non-Fungible Token (NFT) scheme charged to date. HSI C3 has led numerous digital asset trainings with foreign law enforcement partners in over 20 countries to expand the scope of online investigations, dark web, and cryptocurrency investigations.

HSI C3 is responsible for identifying and targeting any cybercrime activity in which HSI has jurisdiction. HSI C3 supports HSI’s mission through the programmatic oversight and coordination of investigations of cyber-related criminal activity, and provides a range of forensic, intelligence and investigative support services across all HSI programmatic areas. HSI C3 brings together highly technical assets dedicated to conducting trans-border criminal investigations of cyber-related crimes within the HSI portfolio of customs and immigration authorities.

C3 is made up of the Cyber Crimes Unit, the Child Exploitation Investigations Unit and the Computer Forensics Unit. This state-of-the-art center offers cyber-crime support and training to federal, state, local and international law enforcement agencies. C3 also operates a fully equipped computer forensics laboratory, which specializes in digital evidence recovery, and offers training in computer investigative and forensic skills.

Nazrul Islam, Chief of the Health Assessment Team, Office of the Chief Information Officer, Department of Homeland Security

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Todaydevelops the associated risk scores. The chief information officer reviews and reports this score as a vital aspect of the DHS Federal IT Acquisition Reform Act rating, which is published on the Federal IT Dashboard. Islam has been critical to the success of this effort by effectively managing contractor staff to identify and report program status.

Islam coordinates with the Office of the Chief Technology Officer Directorate (CTOD) Program Engagement Integrated Product Team (IPT) to ensure Program Health Assessment results inform CTOD Technical Assessments and the Enterprise Architecture Board. This ensures that programs receive support to increase their risk scores. Islam balances competing interests to ensure customer expectations are met. He also briefs senior program managers and CTOD leadership on status updates. Islam provides all reports and responses for Program Health services in a comprehensive and timely manner. His successful pivot to this new role enables CTOD to continue this important service to the DHS mission.

Negar Samimi, Branch Chief, Business Systems Branch (BSB), Solutions Development Directorate (SDD), Department of Homeland Security

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security TodayMaximizing performance and driving toward innovative solutions are key to focusing on the customer experience, and the service that Negar Samimi of the Office of the Chief Information Officer (OCIO) delivered for the Department of Homeland Security (DHS) Office of the Secretary is a key example. Samimi led a team, in collaboration with the DHS Office of the Secretary, Office of Protocol, in which she successfully developed and launched a new system to support the front office on critical logistics to support senior leadership needs.

Samimi, who previously served as an IT project manager at Immigration and Customs Enforcement, implemented a robust process that has saved time and gained efficiencies for the military aides who account for the secretary’s arrivals and departures. Instead of tracking emails, the locator is now automated with the use of forms and auto-generated emails that update the location status in either the desktop or mobile view for authorized users.

Rob Thorne, Chief Information Security Officer, U.S. Immigration and Customs Enforcement

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security TodayWith the new memorandums and Executive Orders on zero trust, Rob Thorne applied forward-leaning approaches to strategically respond to these new requirements. His initiative put ICE in a forward-leaning orientation, putting the agency ahead of peer organizations.

In 2022, Thorne kicked off a zero trust assessment to deliver an ICE-specific zero trust implementation framework and a zero trust maturity and gap assessment and to create a zero trust roadmap and architecture for the agency. Thorne empowered his team to forge a holistic approach to tackling the complex demands of zero trust. The framework and maturity effort included translating more than 14 EOs and memorandums into more than 160 ICE-specific requirements, and the gap assessment involved coordination of more than 115 stakeholders and an initial deep dive into 13 sample systems and more than 250 documents. The findings from the assessment will allow ICE to become one of first government entities to create a Zero Trust Architecture (ZTA). Thorne also leads the Cyber Defense and Intelligence Support Services (CDISS) program, which provides comprehensive cyber security operations and engineering services to ICE including monitoring and alerting through a security operations center, incident response, vulnerability management, security engineering and proactive defenses including cyber threat intelligence, a penetration testing/red team, and dedicated threat hunters.

Under Thorne’s leadership, ICE became the first federal civilian entity to obtain a DoD Cybersecurity Service Provider (CSSP) certification. The endeavor to obtain that certification resulted in DHS adopting the foundation of the CSSP and creating a derivative program for the federal civilian sector (DHS CSP).  After obtaining the DoD recognition, ICE was immediately awarded the first DHS CSP Center of Excellence (COE) and the first federal civilian agency to re-certify as a CSP COE.

Charles Wall, Division Director, Information Technology Division, Technology and Innovation Directorate, Federal Protective Service

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security Today

Wall’s initiatives directly improved the operational performance and capabilities of the FPS MegaCenters. Initiating a new cloud-based VOIP communications system project enabled phone and radio service call recording capability, ensured data storage was sufficient to meet record retention requirements, and set the stage for a complementary effort to establish a new cloud-based alarm monitoring system for FPS facilities. Together, the shift from analog to digital will not only save money, but also reduce response times.

Over the past year, Wall led efforts to introduce new productivity-enhancing workflow improvements to help the FPS workforce and began driving development of new automated workflow applications. Having streamlined IT service desk ticket management and response, Wall is gathering user stories to build a new function that auto-populates people and equipment to speed the delivery of service desk incident response and vehicle operations reporting. Wall’s oversight of the IT service desk migration included deploying a new TACCOM Configuration Management capability. Combined, these new systems are giving greater insight into IT and TACCOM network operations, improving troubleshooting response, and facilitating lifecycle management.
Wall’s outstanding leadership and foresight have been critical to these and many more efforts critical to FPS’s modernization efforts. He is playing a principal role in every major initiative that promises to revolutionize how FPS protects its customers and improves the work experience for employees through its ongoing technological transformation. It is no exaggeration to state that Wall’s leadership materially improved the safety and security of every one of FPS’s protected facilities.

Paul Weston, Section Chief, Security Assurance Branch, Information Assurance Division, OCIO, Immigration and Customs Enforcement

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security TodayPaul Weston has championed SecDevOps and has shifted security left in OCIO enabling development teams to build security into their pipelines rather than waiting until production to discover and remediate vulnerabilities. His team has made the process extremely easy for development teams to adopt tools and techniques to be more secure and produce software faster, all while expending less energy than before. With the Secure Hardened Image, projects can deploy their applications to a Linux image with less than 20 security compliance findings (down from ~180 and all baselined). The image is rebuilt and patched daily, eliminating the need for teams to patch on their own and encouraging immutable infrastructure. By providing a reference pipeline architecture and extensive documentation, he has empowered development teams to build security scanning into their pipelines so that every build produces the evidence ISSOs need to make a risk determination. This leads toward building a continuous ATO process where documentation is generated on-the-fly via OSCAL, collecting evidence from the pipeline, and providing a real-time assessment of security and compliance. Weston also put the same capabilities in place for containerized workflows as development teams move to the next generation of architectures, building off the work of DoD’s Iron Bank, producing UBI hardened container images for ICE, and defining the security and development strategies for containers in the Containerization Working Group.

DHS Hummingbird Team: Michael Weissman, Senior Leader HRIT Technical Liaison, Office of the Chief Information Officer, Department of Homeland Security

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards Homeland Security TodayMichael Weissman has been with DHS Headquarters less than two years. However, in that short period of time, he has made significant contributions to nearly every major system DHS Office of the Chief Information Officer (OCIO) has fielded. Weissman’s initial effort was to assist with Operation Vaccinate Our Workforce (OVOW). Without any ramp-up time, Weissman quickly made significant technical contributions that were critical to its success. His emphasis on teamwork, communication, and coordination allowed the program to effectively leverage its resources to ensure that more than 100,000 of DHS’s front-line resources could receive vaccinations.

Additionally, Weissman led the development of the Secretary’s dashboards. Building upon the work Weissman led in the Data Services Branch, he spearheaded the implementation of processes and technology that delivered key reports to DHS’ front office every morning. These reports provided metrics on the southwest border and status of Operation Allies Welcome. The coordinated effort was successful because of the foundational work that Weissman contributed.

At the direction of OCIO, and in support of the Operation Allies Welcome initiative, the DHS Hummingbird (HB) application was targeted to transition from the Department of State to the DHS HQ. This massive initiative required fully transitioning the HB application within 32 days. During the transition to DHS HQ, a major requirement was ensuring minimal interruption to Afghan resettlement activities in the field while executing the transition of the Hummingbird application to the DHS environment under a short timeline.

The transition team, including Weissman, Rosa Fisher, Nicole Larrain, Beth Mullen-Zehner, Abdulasis Deef, Tarundeep Singh, Yvette Jenkins, and Tyrone Huff, faced multiple challenges in planning and executing the successful migration of the Hummingbird application from Department of State (DoS) to DHS Headquarters (HQ). State had developed and rolled out the Hummingbird application in a matter of days as an emergency response to the Afghan crisis. Thanks to this rapidly developed program, Afghan allies were able to reach US safe havens for eventual resettlement.

Not having preexisting Department of State documentation in place detailing all aspects of the Hummingbird project (such as system design, application specifications, system interconnections, security profiles, and governance documentation, etc.) was a major challenge for the team, particularly in light of technical debt incurred.

Furthermore, many of the required DHS HQ governance processes require multiple months to complete, far longer than the required 32-day migration schedule. In addition, the team had limited access to Department of State support services given other Department of State initiatives. As a result, the team spent an extensive amount of time working to understand program requirements and reviewing, assessing, and testing the application. The migration effort also included implementation of a new identity management system in the DHS HQ environment and development of a reporting solution to address extensive, complex, and ever-evolving large-scale reporting requirements.

Adding complexity were the many stakeholders across multiple federal agencies with urgent delivery timelines. Given the urgency of Afghan resettlement tasks, stakeholders required minimal impacts to field operations through the migration process. This included maintaining weekly releases up to the point of migration and a very tight migration outage window of 12 hours or less. On the DHS HQ side, the team faced challenges related to the first-time implementation of an external facing portal and the engage.dhs.gov domain. While working these migration issues, the development team also managed an organized agile process to manage the high number of requirements for development and release on a weekly basis.

By applying strong project planning and communication techniques, the Hummingbird team kept the project tracking for on-time delivery with a new identity management solution.

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles