SlideShare a Scribd company logo

Cyber Lead

K
Kevin Lucier

- The document summarizes the duties and accomplishments of Kevin L. Lucier as Cyber Lead for the OPM Mitigation Project from April 2015 to February 2016 at the Department of Interior. - As Cyber Lead, Lucier helped contain an advanced persistent threat detected at a DOI data center by rapidly responding and collaborating with interagency partners. He then focused on incident mitigation efforts and oversaw the remediation project across the department. - Lucier coordinated daily and weekly meetings to collaboratively address mitigation assignments. He also helped prepare responses to congressional inquiries, implemented a comprehensive cybersecurity strategic plan, and ensured the department met cybersecurity goals and deadlines from the White House.

1 of 3
Download to read offline
Cyber Lead / OPM Mitigation Project April 2015 – February 2016 DOI, OCIO, Service Delivery Kevin L. Lucier Related Project Link: https://www.congress.gov/committees/video/house-oversight-and-government-reform/hsgo00/HGOu5vuvVJE Cyber Lead, Service Delivery, Office of the CIO (Supervisory Program Manager GS-0340-15) Supervisor: Bruce Downs, Deputy CIO - Effectively use a combination of leadership styles, in this case, utilized directive authority across organizational lines - Experienced in advising senior executives – leveraged for efficient staffing, budgetary planning, and recommendations for critical decisions at the departmental level in support of national security initiatives. - Provide high-level technical expertise, program management and leadership / motivation of a cross-functional staff - I meet my goals, accomplish what is truly most important & empower staff to do the same. - Active Top Secret Security Clearance - Much of the narrative provided was taken from nomination and award citation for the OCIO Cybersecurity Award dated August 31, 2015: - In response to an advanced persistent threat (APT) detected at a DOI data center, on April 17, 2015: - As a key member of the initial incident response team (IRT), rallied swiftly and effectively to contain the threat in collaboration with colleagues from the Department of Homeland Security (DHS), the Federal Bureau of Investigations (FBI) and other interagency partners. We took immediate action to deploy the needed tools to detect and respond to the adversary's activities. - I transitioned roles, especially operational priorities, & focused even more granularly upon Incident Mitigation - I was detailed to a Special Project / Temp Promotion to Supervisory Program Manager GS-0340-15/04 as the Cyber Lead for Service Delivery from 06/14/2015 through 10/11/2015. (experience overseeing,managing or leading complex, enterprise class information technology, infrastructure and/or network security programs, projects and teams in one or more of the following areas: Performing security assessments on software applications that reflect the state of modern information security. Software/Systems/Infrastructure Penetration Testing: Performing assessment of software and infrastructure vulnerabilities through penetration testing (red teaming). Performing physical and network security assessments to test their resilience to social engineering and phishing. Information Systems Security Operations and Incident Response: Performing IT security incident response and remediation processes for information system/infrastructure security events. Developing processes and open source tools to proactively detect malicious activity in systems and integrating such into security operations.) - Provided direct technical Systems Administration, project management, and cyber reporting as well as daily implementation, incident response, and security control guidance to staff across OCIO Operations. - I coordinated immediate remediation efforts on behalf of Hosting, in coordination with Hosting Services Managers, and Team Leads, with direct assignments to staff where necessary. Once detailed, I tasked on behalf of Chief, Service Delivery and expanded coordination of remediation efforts across Service Delivery. - Coordinated, and ran a daily (became 2/week) SD Ops Meeting on Security Mitigation to collaboratively work mitigation project plan assignments, and keep senior leadership informed. - Coordinated and oversaw tactical actions taken, as well as the strategic and architectural decisions, and high level projects/assignments and reporting that fell within this new Cyber Lead Role.
- We developed a comprehensive lessons learned and used this to build and implement a remediation plan for the immediate areas of compromise. Ultimately, we expanded remediation planning to all bureaus and offices and worked with colleagues in Policy Management and Budget, the DOI Budget Office (POB), the Interior Business Center (IBC) Acquisition Directorate (AQD) and the Office of the Solicitor (SOL) to prepare and prioritize urgent acquisitions and respond to questions and inquiries from DOI leadership and oversight authorities about resource needs. Many of the tactical actions taken are provided as bullets below, as well as the strategic and architectural actions, and high level projects/assignments that fell within this new Cyber Lead role. • I coordinated immediate remediation efforts on behalf of Hosting, in coordination with HSD Managers, and Team Leads, with direct assignments to staff where necessary. • Coordinated Position Designation Statements in support of others in HSD Management for receipt of classified cyber threat, incident and situational awareness briefings. • Began and continually improved upon Lessons Learned as input to other core data centers and bureaus • Budget procurement needs/recommendations/prioritization, justification In May, I recommended and gained consensus and approval of a method of covering Operational roles across Systems Administration in order to focus efforts toward Incident Mitigation for Hosting Services. I then began to transition roles, especially operational focus according to this plan, and focused even more granularly upon the Incident Mitigation efforts for Hosting Services. Soon after I was detailed / temp promoted NTE120 days and began to report to June Hartley as Chief, Service Delivery (with periods under Bruce Downs as Acting Chief, Service Delivery). Detail to Special Project / Temp Promotion to Supervisory Program Manager GS-0340-15/04 as the Cyber Lead for Service Delivery from 06/14/2015 to 10/11/2015. • Tasking delegated to me for Service Delivery by Chief of SD, and Deputy CIO. • Collaborated with Office of Info Assurance then I coordinated for Service Delivery • Coordinated further remediation efforts on behalf of Service Delivery (vs Hosting Services specific) • Coordinated, and ran a daily (became 2/week) SD Ops Meeting on Security Mitigation • Helped to prepare draft responses and provide input to preparatory questions then participated in practice sessions with DOI CIO, Sylvia Burns in preparation for her hearing sessions with House Oversight and Government Reform Committee. The DOI Cyber Security Strategic Plan, the Incident Mitigation Plan, and IRT and US Cert Action Notes all informed these preparations. • Collaborated with FCCO / NETCOM Network Enterprise Center (NEC) and G-4 POCs at Army and MDA for Classified procurement strategy • Provided direct technical Systems Administration, as well as implementation, incident response, and security control guidance to staff across OCIO Operations. • Collaborated with FCCO / NETCOM Network Enterprise Center (NEC), Public Affairs Officer and G-4 POCs at Army and MDA for Incident Comm Plan examples to provide IRT POCs at DOI. • Coordinated and met DHS / Whitehouse Binding Operational Directive (BOD) 15-01 prior to suspense for Service Delivery: DOICIRC Urgent Advisory ID #: 20150526-02 DOICIRC Incident Reference#: 00000000019476 Date Issued: May 26, 2015 Binding Operational Directive (BOD) 15-01, Critical vulnerability Mitigation Requirement for Federal Civilian Executive Branch Departments’ and Agencies’ Internet-Accessible Systems (Expanded by DOI to apply controls to all systems) (Cyber Security as related to hosting based on Federal laws, policies and procedures; and handling cyber security incidents within a large, geographically dispersed hosting/data center environment.) The Large-Scale PII Breach Incidents Report (AR-15-20001B) updated on May 22, 2015. This product, developed by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC), contains Indicators of Compromise (IOCs) resulting from a number of recent large-scale PII breach incidents. You are requested to have these IOCs deployed to your intrusion detection/prevention systems (IDS/IPS), vulnerability scanning solutions (e.g., McAfee Vulnerability Manager (MVM) & Tenable), hardware/software configuration scanning systems (e.g., SCCM & IEM) and other sensors to the fullest extent and initiating detection, scanning and analysis of every workstation, server and other information technology assets by close of business (COB) … ~55 Snort rules deployed. Any traffic -> malicious IPs, DNS request for malicious host names.
• Worked tirelessly to draft, review and edit the DOI Cyber Security Strategic Plan (requested by the Secretary on June 23), in collaboration with the Cyber Advisory Group (CAG) formed in late June by DOI CIO. It has five goals: 1. Protect the Department’s critical assets and information; 2. Identify cyber security risks and vulnerabilities; 3. Continuously provide situational awareness and detect incidents; 4. Improve the Department’s ability to respond to and recover from cyber events; and 5. Improve cyber security and privacy awareness and develop a skilled information assurance cyber workforce. and is built around the NIST framework of five core functions, the cyber advisory group added a sixth "Learn" as our commitment to continuous learning and improvement. Identify: What assets need protection? Protect: What safeguards are available? Detect: What techniques can identify incidents? Respond: What techniques can contain impacts of incidents? Recover: What techniques can restore capabilities? Learn: What have we learned and what can we do better? • As a member of the Cyber Sprint team, undertook the challenge of meeting the goals defined in the Office of Management and Budget's (OMB) 30-day Cyber Sprint. I provided SD response, reviewed input and finalized for OS, IBC, OHA, DDC (Mansfield) and RDC. The Cyber Sprint team undertook the challenge of meeting the goals defined in the Office of Management and Budget's (OMB) 30-day cyber sprint. Within one week of the announcement of the cyber sprint, this group effectively engaged the bureaus and offices to achieve 100% personal identity verification (PIV) compliance of privileged IT users throughout the Department. They helped drive 94.5% PIV enforcement for unprivileged users to date, while also reducing the number of privileged users by over 1000 from the initial target. They aggressively promoted cyber hygiene, which included scanning and remediation of all critical and high vulnerability within 30 days. In addition, they helped ensure the bureaus and offices deployed indicators of compromise provided by DHS to all publicly facing IT systems and created the first inventory of DOI's high value data assets. As a result of this extraordinary work, DOI was proud to among the top five federal agencies (and third amongst large cabinet level agencies) that met or exceeded the cyber sprint goals. OMB punished the results publicly in August 2015. This took countless hours of hard work including many long evenings and weekends over several months. The group unified and focused on protecting and securing the Department's IT systems and network to ensure the continuity of DOI's vital mission work. (Cyber Security as related to hosting based on Federal laws, policies and procedures; and handling cyber security incidents within a large, geographically dispersed hosting/data center environment.) • 2017 Cybersecurity Budget Addendum for Department of Interior (DOI) bureau and offices. Collaborated on the requirements, solutions, and budgetary estimates to provide the Cybersecurity Budget Addendum worksheets. Collaborated, and edited the Cybersecurity Budget Addendum Submission document that will go forward to OMB to request the estimated $88.1 million that builds on: (1) baseline cybersecurity investments in the Department’s IT portfolio ($68.5 million); (2) the Department’s 2016 continuing resolution (CR) cybersecurity anomaly request of $89.4 million; (3) and the 2017 Office of the Secretary request of $62.1 million (which includes recurring costs from actions in the 2016 CR anomaly request). • Cyber Sprint 2.0 internal Department reporting – coordinated, and consolidated data, and provided submissions for OS, IBC, OHA, DDC (Mansfield) and RDC on 9 weekly datacalls (continued to 24 at Present). Collaborated with OIA on questions, intent, and phrasing to ensure data collected across the department was actionable, and clearly understood. Met suspense every week, and ensured green reports for our respective areas by prior coordination and assignment of tasks to meet actions in advance of reporting. • Assigned as one of six Core Team members of the new Segmented Security Architecture Team on August 11th, 2015. Team has developed a high level architecture strategy to segment DOI Core services from DOI Shared Service Hosting, and to provide for additional segmentation where required, whereby customers will not share services with others. • Briefed DOI CIO on numerous occasions, provided data for briefings, and coordinated resources for meetings, datacalls, and deliverables. • Reviewed the final US-CERT report on incident with recommended mitigation tasks, to ensure all are covered in the DOI Mitigation Plan or addressed/accepted • Recommended and gathered support for staffing assistance • Complied with Litigation Hold RE: preservation of documentation

Recommended

How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
Resilient Systems
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Resilient Systems
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Government Technology and Services Coalition
 
How to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanHow to Audit Your Incident Response Plan
How to Audit Your Incident Response Plan
Resilient Systems
 
Incident Response
Incident Response Incident Response
Incident Response
InnoTech
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
Government Technology and Services Coalition
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the Trenches
Withum
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
eLearning Consortium 電子學習聯盟
 

Recommended

How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
Resilient Systems
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Resilient Systems
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Government Technology and Services Coalition
 
How to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanHow to Audit Your Incident Response Plan
How to Audit Your Incident Response Plan
Resilient Systems
 
Incident Response
Incident Response Incident Response
Incident Response
InnoTech
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
Government Technology and Services Coalition
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the Trenches
Withum
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
eLearning Consortium 電子學習聯盟
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundation
Bradley Arant Boult Cummings LLP
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony
David Sweigert
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special Teams
Resilient Systems
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012
mrpchcchpc
 
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
Jon Polenberg
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Withum
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
Ben Rothke
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Building Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborBuilding Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe Harbor
Advanced Technology Consulting (ATC)
 
FutureCasting for Teachers
FutureCasting for TeachersFutureCasting for Teachers
FutureCasting for Teachers
Angela Housand
 
Trabajo de opinión Franco Ferrada
Trabajo de opinión Franco FerradaTrabajo de opinión Franco Ferrada
Trabajo de opinión Franco Ferrada
Paulina Andrea Perez Perez
 

More Related Content

What's hot

Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundation
Bradley Arant Boult Cummings LLP
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony
David Sweigert
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special Teams
Resilient Systems
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012
mrpchcchpc
 
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
Jon Polenberg
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Withum
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
Ben Rothke
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Building Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborBuilding Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe Harbor
Advanced Technology Consulting (ATC)
 

What's hot (20)

Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundation
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special Teams
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012
 
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
criminal_division_guidance_on_best_practices_for_victim_response_and_reportin...
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Building Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborBuilding Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe Harbor
 

Viewers also liked

FutureCasting for Teachers
FutureCasting for TeachersFutureCasting for Teachers
FutureCasting for Teachers
Angela Housand
 
Trabajo de opinión Franco Ferrada
Trabajo de opinión Franco FerradaTrabajo de opinión Franco Ferrada
Trabajo de opinión Franco Ferrada
Paulina Andrea Perez Perez
 
PARENT GUIDE TO EMPOWER AND ENGAGING GIFTED KIDS WITH TECHNOLOGY
PARENT GUIDE TO EMPOWER AND ENGAGING GIFTED KIDS WITH TECHNOLOGYPARENT GUIDE TO EMPOWER AND ENGAGING GIFTED KIDS WITH TECHNOLOGY
PARENT GUIDE TO EMPOWER AND ENGAGING GIFTED KIDS WITH TECHNOLOGY
Brian Housand
 
9 sales promotion
9 sales promotion9 sales promotion
9 sales promotion
Rajesh Satpathy, Regional College of Management (RCM), Bhubaneswar
 
Data Science - Part II - Working with R & R studio
Data Science - Part II - Working with R & R studioData Science - Part II - Working with R & R studio
Data Science - Part II - Working with R & R studio
Derek Kane
 
Data Science - Part XIV - Genetic Algorithms
Data Science - Part XIV - Genetic AlgorithmsData Science - Part XIV - Genetic Algorithms
Data Science - Part XIV - Genetic Algorithms
Derek Kane
 

Viewers also liked (6)

FutureCasting for Teachers
FutureCasting for TeachersFutureCasting for Teachers
FutureCasting for Teachers
 
Trabajo de opinión Franco Ferrada
Trabajo de opinión Franco FerradaTrabajo de opinión Franco Ferrada
Trabajo de opinión Franco Ferrada
 
PARENT GUIDE TO EMPOWER AND ENGAGING GIFTED KIDS WITH TECHNOLOGY
PARENT GUIDE TO EMPOWER AND ENGAGING GIFTED KIDS WITH TECHNOLOGYPARENT GUIDE TO EMPOWER AND ENGAGING GIFTED KIDS WITH TECHNOLOGY
PARENT GUIDE TO EMPOWER AND ENGAGING GIFTED KIDS WITH TECHNOLOGY
 
9 sales promotion
9 sales promotion9 sales promotion
9 sales promotion
 
Data Science - Part II - Working with R & R studio
Data Science - Part II - Working with R & R studioData Science - Part II - Working with R & R studio
Data Science - Part II - Working with R & R studio
 
Data Science - Part XIV - Genetic Algorithms
Data Science - Part XIV - Genetic AlgorithmsData Science - Part XIV - Genetic Algorithms
Data Science - Part XIV - Genetic Algorithms
 

Similar to Cyber Lead

Formal Resume Final - Chris Hedge
Formal Resume Final - Chris HedgeFormal Resume Final - Chris Hedge
Formal Resume Final - Chris Hedge
Chris Hedge
 
Jeremy Rich-Resume
Jeremy Rich-ResumeJeremy Rich-Resume
Jeremy Rich-Resume
Jeremy Rich
 
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015
Gail Gillis
 
Brian Voorhees Resume(4)
Brian Voorhees Resume(4)Brian Voorhees Resume(4)
Brian Voorhees Resume(4)
Brian Voorhees, MBA, MSITM, PMP, PMI-ACP
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx
standfordabbot
 
Washoe County School District IT infrastructure and security audit
Washoe County School District IT infrastructure and security auditWashoe County School District IT infrastructure and security audit
Washoe County School District IT infrastructure and security audit
This Is Reno
 
DDHI Board Report.ppsx
DDHI Board Report.ppsxDDHI Board Report.ppsx
DDHI Board Report.ppsx
LaurenCampbell84
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015
Debra McElvy
 
Roger Sloan Resume
Roger Sloan ResumeRoger Sloan Resume
Roger Sloan Resume
Roger Sloan
 
Agile Presentation Standing Committee on Gov't Operations Oct 17
Agile Presentation Standing Committee on Gov't Operations Oct 17Agile Presentation Standing Committee on Gov't Operations Oct 17
Agile Presentation Standing Committee on Gov't Operations Oct 17
Dan Murphy, PMP, CSPO, CSM
 
CV - Gunjan Sharma
CV - Gunjan SharmaCV - Gunjan Sharma
CV - Gunjan Sharma
gunjan sharma
 
Jda Resume090811
Jda Resume090811Jda Resume090811
Jda Resume090811
jdanderson02
 
2015 VictoriaPNguyen PM-EA-v5
2015 VictoriaPNguyen PM-EA-v52015 VictoriaPNguyen PM-EA-v5
2015 VictoriaPNguyen PM-EA-v5
Victoria Nguyen
 
Mike Halleron CV 2016-11-06
Mike Halleron CV 2016-11-06Mike Halleron CV 2016-11-06
Mike Halleron CV 2016-11-06
Michael Halleron
 
Case Study
Case StudyCase Study
Case Study
lneut03
 
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
hyacinthshackley2629
 
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterSAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
David Sweigert
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
Project portfolio management
Project portfolio managementProject portfolio management
Project portfolio management
Glen Alleman
 

Similar to Cyber Lead (20)

Formal Resume Final - Chris Hedge
Formal Resume Final - Chris HedgeFormal Resume Final - Chris Hedge
Formal Resume Final - Chris Hedge
 
Jeremy Rich-Resume
Jeremy Rich-ResumeJeremy Rich-Resume
Jeremy Rich-Resume
 
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015
 
Brian Voorhees Resume(4)
Brian Voorhees Resume(4)Brian Voorhees Resume(4)
Brian Voorhees Resume(4)
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx
 
Washoe County School District IT infrastructure and security audit
Washoe County School District IT infrastructure and security auditWashoe County School District IT infrastructure and security audit
Washoe County School District IT infrastructure and security audit
 
DDHI Board Report.ppsx
DDHI Board Report.ppsxDDHI Board Report.ppsx
DDHI Board Report.ppsx
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015
 
Roger Sloan Resume
Roger Sloan ResumeRoger Sloan Resume
Roger Sloan Resume
 
Agile Presentation Standing Committee on Gov't Operations Oct 17
Agile Presentation Standing Committee on Gov't Operations Oct 17Agile Presentation Standing Committee on Gov't Operations Oct 17
Agile Presentation Standing Committee on Gov't Operations Oct 17
 
CV - Gunjan Sharma
CV - Gunjan SharmaCV - Gunjan Sharma
CV - Gunjan Sharma
 
Jda Resume090811
Jda Resume090811Jda Resume090811
Jda Resume090811
 
2015 VictoriaPNguyen PM-EA-v5
2015 VictoriaPNguyen PM-EA-v52015 VictoriaPNguyen PM-EA-v5
2015 VictoriaPNguyen PM-EA-v5
 
Mike Halleron CV 2016-11-06
Mike Halleron CV 2016-11-06Mike Halleron CV 2016-11-06
Mike Halleron CV 2016-11-06
 
Case Study
Case StudyCase Study
Case Study
 
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
 
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterSAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
Project portfolio management
Project portfolio managementProject portfolio management
Project portfolio management
 

Cyber Lead

  • 1. Cyber Lead / OPM Mitigation Project April 2015 – February 2016 DOI, OCIO, Service Delivery Kevin L. Lucier Related Project Link: https://www.congress.gov/committees/video/house-oversight-and-government-reform/hsgo00/HGOu5vuvVJE Cyber Lead, Service Delivery, Office of the CIO (Supervisory Program Manager GS-0340-15) Supervisor: Bruce Downs, Deputy CIO - Effectively use a combination of leadership styles, in this case, utilized directive authority across organizational lines - Experienced in advising senior executives – leveraged for efficient staffing, budgetary planning, and recommendations for critical decisions at the departmental level in support of national security initiatives. - Provide high-level technical expertise, program management and leadership / motivation of a cross-functional staff - I meet my goals, accomplish what is truly most important & empower staff to do the same. - Active Top Secret Security Clearance - Much of the narrative provided was taken from nomination and award citation for the OCIO Cybersecurity Award dated August 31, 2015: - In response to an advanced persistent threat (APT) detected at a DOI data center, on April 17, 2015: - As a key member of the initial incident response team (IRT), rallied swiftly and effectively to contain the threat in collaboration with colleagues from the Department of Homeland Security (DHS), the Federal Bureau of Investigations (FBI) and other interagency partners. We took immediate action to deploy the needed tools to detect and respond to the adversary's activities. - I transitioned roles, especially operational priorities, & focused even more granularly upon Incident Mitigation - I was detailed to a Special Project / Temp Promotion to Supervisory Program Manager GS-0340-15/04 as the Cyber Lead for Service Delivery from 06/14/2015 through 10/11/2015. (experience overseeing,managing or leading complex, enterprise class information technology, infrastructure and/or network security programs, projects and teams in one or more of the following areas: Performing security assessments on software applications that reflect the state of modern information security. Software/Systems/Infrastructure Penetration Testing: Performing assessment of software and infrastructure vulnerabilities through penetration testing (red teaming). Performing physical and network security assessments to test their resilience to social engineering and phishing. Information Systems Security Operations and Incident Response: Performing IT security incident response and remediation processes for information system/infrastructure security events. Developing processes and open source tools to proactively detect malicious activity in systems and integrating such into security operations.) - Provided direct technical Systems Administration, project management, and cyber reporting as well as daily implementation, incident response, and security control guidance to staff across OCIO Operations. - I coordinated immediate remediation efforts on behalf of Hosting, in coordination with Hosting Services Managers, and Team Leads, with direct assignments to staff where necessary. Once detailed, I tasked on behalf of Chief, Service Delivery and expanded coordination of remediation efforts across Service Delivery. - Coordinated, and ran a daily (became 2/week) SD Ops Meeting on Security Mitigation to collaboratively work mitigation project plan assignments, and keep senior leadership informed. - Coordinated and oversaw tactical actions taken, as well as the strategic and architectural decisions, and high level projects/assignments and reporting that fell within this new Cyber Lead Role.
  • 2. - We developed a comprehensive lessons learned and used this to build and implement a remediation plan for the immediate areas of compromise. Ultimately, we expanded remediation planning to all bureaus and offices and worked with colleagues in Policy Management and Budget, the DOI Budget Office (POB), the Interior Business Center (IBC) Acquisition Directorate (AQD) and the Office of the Solicitor (SOL) to prepare and prioritize urgent acquisitions and respond to questions and inquiries from DOI leadership and oversight authorities about resource needs. Many of the tactical actions taken are provided as bullets below, as well as the strategic and architectural actions, and high level projects/assignments that fell within this new Cyber Lead role. • I coordinated immediate remediation efforts on behalf of Hosting, in coordination with HSD Managers, and Team Leads, with direct assignments to staff where necessary. • Coordinated Position Designation Statements in support of others in HSD Management for receipt of classified cyber threat, incident and situational awareness briefings. • Began and continually improved upon Lessons Learned as input to other core data centers and bureaus • Budget procurement needs/recommendations/prioritization, justification In May, I recommended and gained consensus and approval of a method of covering Operational roles across Systems Administration in order to focus efforts toward Incident Mitigation for Hosting Services. I then began to transition roles, especially operational focus according to this plan, and focused even more granularly upon the Incident Mitigation efforts for Hosting Services. Soon after I was detailed / temp promoted NTE120 days and began to report to June Hartley as Chief, Service Delivery (with periods under Bruce Downs as Acting Chief, Service Delivery). Detail to Special Project / Temp Promotion to Supervisory Program Manager GS-0340-15/04 as the Cyber Lead for Service Delivery from 06/14/2015 to 10/11/2015. • Tasking delegated to me for Service Delivery by Chief of SD, and Deputy CIO. • Collaborated with Office of Info Assurance then I coordinated for Service Delivery • Coordinated further remediation efforts on behalf of Service Delivery (vs Hosting Services specific) • Coordinated, and ran a daily (became 2/week) SD Ops Meeting on Security Mitigation • Helped to prepare draft responses and provide input to preparatory questions then participated in practice sessions with DOI CIO, Sylvia Burns in preparation for her hearing sessions with House Oversight and Government Reform Committee. The DOI Cyber Security Strategic Plan, the Incident Mitigation Plan, and IRT and US Cert Action Notes all informed these preparations. • Collaborated with FCCO / NETCOM Network Enterprise Center (NEC) and G-4 POCs at Army and MDA for Classified procurement strategy • Provided direct technical Systems Administration, as well as implementation, incident response, and security control guidance to staff across OCIO Operations. • Collaborated with FCCO / NETCOM Network Enterprise Center (NEC), Public Affairs Officer and G-4 POCs at Army and MDA for Incident Comm Plan examples to provide IRT POCs at DOI. • Coordinated and met DHS / Whitehouse Binding Operational Directive (BOD) 15-01 prior to suspense for Service Delivery: DOICIRC Urgent Advisory ID #: 20150526-02 DOICIRC Incident Reference#: 00000000019476 Date Issued: May 26, 2015 Binding Operational Directive (BOD) 15-01, Critical vulnerability Mitigation Requirement for Federal Civilian Executive Branch Departments’ and Agencies’ Internet-Accessible Systems (Expanded by DOI to apply controls to all systems) (Cyber Security as related to hosting based on Federal laws, policies and procedures; and handling cyber security incidents within a large, geographically dispersed hosting/data center environment.) The Large-Scale PII Breach Incidents Report (AR-15-20001B) updated on May 22, 2015. This product, developed by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC), contains Indicators of Compromise (IOCs) resulting from a number of recent large-scale PII breach incidents. You are requested to have these IOCs deployed to your intrusion detection/prevention systems (IDS/IPS), vulnerability scanning solutions (e.g., McAfee Vulnerability Manager (MVM) & Tenable), hardware/software configuration scanning systems (e.g., SCCM & IEM) and other sensors to the fullest extent and initiating detection, scanning and analysis of every workstation, server and other information technology assets by close of business (COB) … ~55 Snort rules deployed. Any traffic -> malicious IPs, DNS request for malicious host names.
  • 3. • Worked tirelessly to draft, review and edit the DOI Cyber Security Strategic Plan (requested by the Secretary on June 23), in collaboration with the Cyber Advisory Group (CAG) formed in late June by DOI CIO. It has five goals: 1. Protect the Department’s critical assets and information; 2. Identify cyber security risks and vulnerabilities; 3. Continuously provide situational awareness and detect incidents; 4. Improve the Department’s ability to respond to and recover from cyber events; and 5. Improve cyber security and privacy awareness and develop a skilled information assurance cyber workforce. and is built around the NIST framework of five core functions, the cyber advisory group added a sixth "Learn" as our commitment to continuous learning and improvement. Identify: What assets need protection? Protect: What safeguards are available? Detect: What techniques can identify incidents? Respond: What techniques can contain impacts of incidents? Recover: What techniques can restore capabilities? Learn: What have we learned and what can we do better? • As a member of the Cyber Sprint team, undertook the challenge of meeting the goals defined in the Office of Management and Budget's (OMB) 30-day Cyber Sprint. I provided SD response, reviewed input and finalized for OS, IBC, OHA, DDC (Mansfield) and RDC. The Cyber Sprint team undertook the challenge of meeting the goals defined in the Office of Management and Budget's (OMB) 30-day cyber sprint. Within one week of the announcement of the cyber sprint, this group effectively engaged the bureaus and offices to achieve 100% personal identity verification (PIV) compliance of privileged IT users throughout the Department. They helped drive 94.5% PIV enforcement for unprivileged users to date, while also reducing the number of privileged users by over 1000 from the initial target. They aggressively promoted cyber hygiene, which included scanning and remediation of all critical and high vulnerability within 30 days. In addition, they helped ensure the bureaus and offices deployed indicators of compromise provided by DHS to all publicly facing IT systems and created the first inventory of DOI's high value data assets. As a result of this extraordinary work, DOI was proud to among the top five federal agencies (and third amongst large cabinet level agencies) that met or exceeded the cyber sprint goals. OMB punished the results publicly in August 2015. This took countless hours of hard work including many long evenings and weekends over several months. The group unified and focused on protecting and securing the Department's IT systems and network to ensure the continuity of DOI's vital mission work. (Cyber Security as related to hosting based on Federal laws, policies and procedures; and handling cyber security incidents within a large, geographically dispersed hosting/data center environment.) • 2017 Cybersecurity Budget Addendum for Department of Interior (DOI) bureau and offices. Collaborated on the requirements, solutions, and budgetary estimates to provide the Cybersecurity Budget Addendum worksheets. Collaborated, and edited the Cybersecurity Budget Addendum Submission document that will go forward to OMB to request the estimated $88.1 million that builds on: (1) baseline cybersecurity investments in the Department’s IT portfolio ($68.5 million); (2) the Department’s 2016 continuing resolution (CR) cybersecurity anomaly request of $89.4 million; (3) and the 2017 Office of the Secretary request of $62.1 million (which includes recurring costs from actions in the 2016 CR anomaly request). • Cyber Sprint 2.0 internal Department reporting – coordinated, and consolidated data, and provided submissions for OS, IBC, OHA, DDC (Mansfield) and RDC on 9 weekly datacalls (continued to 24 at Present). Collaborated with OIA on questions, intent, and phrasing to ensure data collected across the department was actionable, and clearly understood. Met suspense every week, and ensured green reports for our respective areas by prior coordination and assignment of tasks to meet actions in advance of reporting. • Assigned as one of six Core Team members of the new Segmented Security Architecture Team on August 11th, 2015. Team has developed a high level architecture strategy to segment DOI Core services from DOI Shared Service Hosting, and to provide for additional segmentation where required, whereby customers will not share services with others. • Briefed DOI CIO on numerous occasions, provided data for briefings, and coordinated resources for meetings, datacalls, and deliverables. • Reviewed the final US-CERT report on incident with recommended mitigation tasks, to ensure all are covered in the DOI Mitigation Plan or addressed/accepted • Recommended and gathered support for staffing assistance • Complied with Litigation Hold RE: preservation of documentation