DISA – Chief Information Assurance Executive Directorate (May 2010 – December 2012)
The Office of the Chief Information Assurance Executive (CIAE) oversaw program management and implementation of DoD Information Assurance (cyber security) and NetOps capabilities in an enterprise environment. Given position to lead development of agency strategic plans and policies that directed programs in proper implementation of cyber initiatives for example, frameworks for risk-based decision making, defining active threats and prevention capabilities and supply risk chain management. Recommend action on emerging technologies and ensured compliance with the agency’s long-range and annual strategic guidance.
- Recommended complex cyber security plans and strategies to senior management and mission partners after researching laws, Presidential Orders, DoD Directives, Director’s Intent and standards to support decisions on agency policies and best business practices for example, threat environment impact and threat intelligence.
- Led working groups to define DoD’s threat environment which are then used to create threat mitigation strategies across multiple agencies. Steered analysis of the DoD Supply Chain Materiel Management Policy which resulted in written policy in DoD and provided intelligence support to the procurement process.
- Authored and co-authored multiple DISA and DOD publications in Information Assurance and Cyber governance and policy including the mobility cyber security governance document for DISA.
- Led cross agency groups to define cyber and intelligence alerts to support risk based decision making for the agency. Developed the Cyber Readiness Model currently used to harden core and in mitigation of active threats.
- Led various inter-agency cyber security working groups involving 26 agencies including the NSA, USCC, DoD, DHS, law enforcement agencies and other Intelligence Agencies. In particular, achieved consensus, never before achieved at this scale, to address security, technical, legal and policy concerns of multiple agencies to enable sharing of data to enhance threat intelligence communication across these agencies.