Panelist Melinda Rogers, chief information security officer (CISO) at the Department of Justice, said that there are unique challenges faced by feds, in addition to devising effective technical responses. Complying with the Federal Information Security Management Act (FISMA) and the more recent Federal Information Technology Acquisition Act (FITARA) are just two of those. Department of State CISO and Deputy Chief Information Officer Bill Lay said that cyber solutions must both compete with and support agency core missions. No matter how large a priority cyber defense is to the federal IT community, it must be kept within that context.
Panelists Kelley Dempsey, senior information security specialist at the National Institute of Standards and Technology (NIST), and Lindy Burkhart, a senior policy advisor in the Office of the DoD Deputy CIO, emphasized that agencies do, in fact, collaborate on cyber security solutions. NIST, stated Dempsey, issues guidance to all federal agencies, and even collaborates internationally, to help individual agencies develop a cohesive cyber solution that can work across many platforms. Burkhart followed, saying that contractors seeking to sell cyber solutions must be able to explain how their technology is compatible with an agency’s existing platform and how it can work with future systems. Contractors face a steep road in the federal cyber market if they can’t offer such flexible solutions.
Onapsis’ Alex Horan agreed with the federal panelists, adding that contractors must also be able to show a clear, short-term Return on Investment (ROI) when discussing any cyber solution with a potential federal client. All panelists discussed the two-year timeframe it takes to get funding for major IT investments. Industry can help their federal clients, Horan said, during this process by showing not only how a solution can offer critical cyber protections, but by also demonstrating the financial advantages of making such investments now.
Cybersecurity remains the first, second, and third federal IT priority, meaning that there are plenty of challenges for federal IT officials and opportunities for contractors that pay attention. As “Protecting the Front Line in Government Cyberattacks” made clear, however, understanding how cyber fits into larger agency mission priorities and the unique challenges federal agencies must face requires specialized knowledge and dedication.
Larry Allen, Federal News Radio
Larry Allen is President of Allen Federal Business Partners, a consulting firm that works with some of the top government contractors doing business in today’s federal market. Larry has over 26 years of experience in the public sector arena. He provides critical information and advice to top 10 federal contractors as well as small and medium-sized companies.
Melinda Rogers, Chief Information Security Officer, Department of Justice
Melinda Rogers is Chief Information Security Officer at the Department of Justice. In this role she leads a team of cybersecurity specialists providing services across DOJ to include: continuous monitoring and diagnostics, security operations and incident response, security architecture, and identity and access management solutions. Additionally, she works across the Federal Government on security matters, coordinating efforts in influencing policy, addressing threats, and establishing capabilities. Prior to DOJ, Melinda served as an Assistant Vice President for Equifax’s Fraud Prevention and Identity Verification Solutions, and held management positions at Procter & Gamble and NationsBank. She holds an MBA from Emory University and a Bachelor’s in Economics from George Mason University.
Kelley Dempsey, Senior Information Security Specialist, Information Technology Laboratory/Computer Security Division, NIST
Kelley Dempsey began her career in IT as an electronics technician repairing PCs and printers before moving on to system administration and network management. While with the Department of the Navy, she began focusing on information system security by training for and then conducting a large scale DITSCAP certification and accreditation from start to finish. Kelley initiated and managed the NIST information system risk management program 2001 – 2008 and joined the NIST Information Technology Laboratory Computer Security Division FISMA team in October 2008. Kelley co-authored NIST SP 800-128 (Security-Focused Configuration Management), NIST SP 800-137 (Information Security Continuous Monitoring), supplemental guidance to NIST SP 800-37 Rev 1 on Ongoing Authorization, NISTIR 8011 (Automating Security Assessments), and NISTIR 8023 (Risk Management for Replication Devices). Kelley is also a major contributor to NIST SPs 800-30 Rev 1, 800-37 Rev 1, 800-53 Rev 3/Rev 4, 800-53A Rev 1/Rev 4, 800-39, and 800-171. Kelley completed a B.S. in Management of Technical Operations, graduating cum laude in 2003 and completed an M.S. in Information Security and Assurance in 2014. Kelley also earned a CISSP certification in 2004, a CAP certification in 2012, and a Certified Ethical Hacker certification in 2013.
Bill Lay, Chief Information Security Officer and Deputy Chief Information Officer for Information Assurance, State Department
William (Bill) Lay serves as the Deputy Chief Information Officer for Information Assurance and the Chief Information Security Officer at the Department of State. In this role, Bill is responsible for the Department’s implementation of the Federal Information Security Management Act. Prior to this position, Bill served on the Army Staff as the Director of IT for the Office of Assistant Chief of Staff for Installation Management and as the Chief Information Officer/G6 for the Army’s Installation Management Command. Over the past thirty-four years, Bill has worked in many Information Technology roles within the Federal Government focused primarily on operations and security. In addition to the Department of Army, he has worked for the Departments of Energy and Commerce, the Federal Communications Commission and the Minerals Management Service. In addition to his federal service, Bill served for ten years as an adjunct lecturer at the University of Alaska, Anchorage where he taught micro and macroeconomics.
Lindy Burkhart, Senior Policy Advisor, Office of the Deputy CIO for Cybersecurity, Department of Defense
Ms. Lindy L. Burkhart is currently serving as the Senior Policy Advisor for Cybersecurity to the Deputy CIO for Cybersecurity. Ms. Burkhart has extensive operational experience in information networking and technology, program management, and policy development focusing on information assurance and cybersecurity within the Office of the Secretary of Defense, the Joint Staff, United States Marine Corps, joint commands and organizations, and the federal government.
As the Senior Policy Advisor for Cybersecurity to the Deputy CIO for Cybersecurity, Ms. Burkhart provides expertise from an operational perspective to policy guidance and leadership to drive OSD processes and actions to realize an integrated Department-wide cybersecurity implementation. Additionally, she advances other organizational priorities through federal efforts ensuring data integrity and cyber discipline best practices, mission partner environment, and enterprise services for the larger DoD Information Enterprise. She supervises the execution of the DoD Cybersecurity Discipline Implementation Plan, prioritizing its execution and integrating cybersecurity efforts aimed at streamlining all federal organizations’ efforts and practices. Ms. Burkhart currently serves as Tri-Chair for numerous groups within the Committee on National Security Systems (CNSS) Subcommittee, which provides a national forum to establish minimum security standards and doctrine for US national security systems. Under her leadership, the various safeguarding groups have published dozens of federal cybersecurity policies.
Since 2014, Ms. Burkhart has served as the Department’s representative to various U. S. federal government partnerships between the U.S. civil, defense, and intelligence agencies that develops minimum standards and guidelines used across the federal government. The joint initiative successfully unified the U.S. federal government’s disparate cybersecurity standards by publishing five National Institute for Standards and Technology (NIST) special publications.
Recently, Ms. Burkhart served as the program manager for the Public Key Infrastructure operations for the Defense Information System Agency. Ms. Burkhart served 26 years in the United States Marine Corps as a Communications and Information Systems Officer in a multitude of leadership, command, and staff positions within DoD. Upon retirement from the Marine Corps, Ms. Burkhart joined the federal government in 2010.
Alex Horan, Director of Product Management, Onapsis
Alex Horan is the Director of Product Management at Onapsis Inc. where he is responsible for the development of ERP vulnerability assessment, testing and securing solutions. Alex has over 15 years of experience working within the IT security industry, covering both software and hardware. As a result he brings a deep knowledge and understanding of vulnerability assessment and penetration testing, as well as systems and network administration and auditing to his work at Onapsis. Alex has previously worked for mid- and large-sized companies helping to design and maintain their security posture.