CyberScape: Insider Threats

James “Aaron” Bishop, a member of the Senior Executive Service, is the Chief Information Security Officer (CISO) for the Department of the Air Force, comprised of the U.S. Air Force and the U.S. Space Force. As CISO, he is responsible for advising the Chief Information Officer and senior officials on cybersecurity policy, cybersecurity programs and cyber force development in the department. He leads a Directorate comprised of military, civilian and contractor personnel responsible for developing cybersecurity policy and strategy for over 5,000 Air Force information technology systems. He oversees risk management and cybersecurity accountability for information systems, weapon systems and operational technology supporting military cyberspace operations. His portfolio includes policy and governance of the defense industrial base, cyber supply chain risk management, compliance and cybersecurity capabilities. He has oversight for the Freedom of Information Act, Privacy Act laws and cryptographic modernization supporting cyber operations for the department.

Ms. Stacy Bostjanick is a member of the Senior Executive Service and serves as the Chief of Implementation and Policy, Deputy Chief Information Officer for Cybersecurity (DCIO(CS)), Office of the Chief Information Officer. In this position, she serves as the focal point within the DoD CIO to implement the Cybersecurity Maturity Model Certification (CMMC) program across the Defense Industrial Base(DIB). 

As the CMMC Director, Ms. Bostjanick is responsible for sheparding this critical program though the Code of Federal Regulation System rulemaking process for both the CFR 32 and 48 and ultimately implementing the program across the more than 220,000 companies that make up the DIB. This includes collaborating across the Federal Government with partners such as the Department of Homeland Security and the other members of the Federal Acquisition Security Council, to standardize this process and truly federalize it. In this role, she also directs the Department’s efforts to educate DIB partners on programmatic requirements and ensures that DoD implements risk information sharing though the program’s execution. Additionally, Ms. Bostjanick is responsible for ensuring the Defense Acquisition community is trained and capable of including these requirements in their Programs and Acquisitions.  

Prior to joining the CIO, Ms. Bostjanick served as the Director of SCRM for OCISO(A&S), where she was responsible for ensuring the incorporation of integrated supply chain efforts within USD(A&S). Ms. Bostjanick has an extensive career as an Acquisition Professional with roles that include the head of DIA’s Contracting Activity, and the Senior Contracting Officer for the Missile Defense Agency on the Standard Missile 3 Block IA and IB development and production program. She was responsible for cradle-to-grave execution of over $5 billion of highly-complex, cutting-edge contracts for our nation's missile defense systems. Ms. Bostjanick has also served as the Deputy Procurement Executive with the Office of the Director of National Intelligence where she had responsibility for establishing Intelligence Community Enterprise-wide Policy and submissions to the Program Management Plan on an annual basis.  

Ms. Bostjanick has had numerous awards and accomplishments throughout her career including the Naval Meritorious Civilian Service Award, David Packard Excellence in Acquisition Award, Office of the Secretary of Defense Certificate of Appreciation, the Director of National Intelligence Award for Collaboration Leadership, National Intelligence Meritorious Citation, and the Small Business Award. 

Jason Burt is a Cyber Security Advisor (CSA) with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency(CISA) assigned to Federal Region IV. CISA is the Nation’s risk advisor. The Agency protects the Nation’s critical infrastructure from physical and cyber threats by working with partners to defend against today’s threats and collaborating to build a more secure and resilient infrastructure for the future. CSAs are the front-facing cyber experts supporting regional operations capabilities. Mr. Burt serves as the liaison and focal point for communications, coordination, and outreach. He promotes cyber preparedness and resiliency, incident response, risk mitigation and situational awareness, and manages major cyber engagements; championing cyber resilience to public and private sector partners. Region IV encompasses eight states, including Mississippi, Alabama, Florida, Georgia, North Carolina, South Carolina, Tennessee, and Kentucky. Mr. Burt has been with the Department for nine years. Prior to becoming a CSA, he held positions as a Senior Watch Officer for CISA’s National Cyber Protection System (NCPS) Network Operation Center (NOC), as well as serving as a Network and Systems Administrator for the Department of Veterans Affairs. Additionally, Mr. Burt is also a retired Air Force Cyber Intelligence Officer. In this role, he provided direct support to Air Force Cyber Protection Teams tasked with defending key Air Force assets and resources against cyber threats.

Scott Davis joined the U.S. Customs and Border Protection (CBP) Office of Information and Technology (OIT) as the Deputy Chief Information Security Officer (CISO) and Chief Security Architect in May 2020. Prior to joining CBP, Scott was the Deputy CISO for the Department of Labor from January 2018 May 2020. He has an extensive and diverse background in military, public, and private sectors with critical infrastructure security and information systems. Scott served for more than 20 years in the U.S. Air Force and has held roles in information systems security and systems engineering with the Department of Homeland Security (DHS) and as the Region Command Information Officer at the U.S. Department of the Navy. He has worked for the National Reconnaissance Office as a Flight Chief of Information Systems and Superintendent for the Communications Operations Squadron. He also worked for Booz Allen Hamilton as a Lead Project Manager and IT Lead.

As the Acting CISO at OIT, Scott provides cybersecurity expertise to ensure OIT technology services are provided in the most secure manner possible in support of the CBP mission. He recently developed the CBP FY22-24 Cybersecurity Strategy which will guide improvements to enhance the security of CBP information systems and the data processed, contained, and distributed by those systems.

Previously he managed and measured cybersecurity risks of the Department of Labor’s IT assets through the Identity and Access Management program by providing credentialed access to network accounts and supervising privileged user accounts. He integrated a Simplified Sign-on (SSO) system for 24 major applications, including three enterprise-wide solutions, reducing the need for multiple passwords, and fortified cybersecurity for the Department’s networks and systems through the use of the Continuous Diagnostics and Mitigation program, while overcoming a 38% Federal staffing shortage.

Scott earned a Bachelor of Science in Information Systems Management and Security Administration from Strayer University, and a Master of Business Administration from Liberty University.

Michael Epley has been helping the US defense and National Security communities use and adopt open source software over the last 2 decades with practical experience as a software developer and enterprise architect. During his tenure at Red Hat, Michael has passionately driven adoption of key technology: cloud and kubernetes, tactical edge/forward deployed systems, data analytics tools and platforms, and disconnected operations -- always in the context of security and compliance concerns unique to this sector. Michael has BS degrees in Mathematics and Mechanical Engineering from Virginia Tech and a JD from The University of Texas School of Law.

Felipe Fernandez is the CTO at Fortinet Federal, a U.S. next-generation cyber security solution vendor that provides real-time threat detection and prevention. In addition to his role as a team manager, Felipe also oversees the US Federal product strategy and certification process at Fortinet Federal, such as the DoDIN APL and NSACSfC. Felipe has more than 21 years of experience in consulting, deploying, operating, and auditing security solutions in DoD and the private sector.

Joe Foster joined NASA in September 2018 to transform how NASA utilizes and adopts the cloud for mission. As a cloud computing subject matter expert with over 15 years of Government service, he provides GFSC with center-wide strategic and tactical advice and leads integration efforts across center to accelerate cloud adoption. He is also the primary interface to the Agency Computing Services Program Office, advocating center-wide cloud computing needs to the Agency. Joe previously served as an IT Program Manager with the National Geospatial-Intelligence Agency (NGA) from 2010–2018, where he was an early adopter of commercial cloud services starting in 2015. In this role he oversaw the migration of over 60 separate applications from on-premises data centers to the cloud; spearheaded adoption of the DevOps Pipeline; and conceptualized the system being used by NGA to plan and track the cloud migration of more than 650 applications Agency-wide. He served on NGA’s Cloud Leadership Team, Cloud Adoption Management Group, and DevOps Council, as well as advised leadership for input to 2 Intelligence Community-wide Cloud forums, the Intelligence Community IT Enterprise steering committee, and the ICITE Mission Users Group Forums. Prior to NGA, Joe also served in the U.S. Department of Homeland Security (DHS), the Nuclear Regulatory Commission (NRC), and as a private sector consultant. Joe is a U.S. Army Veteran (serving from 1998–2005 as a Chemical Weapons Analyst) with a Bachelor’s Degree in Business Management and a Master’s of Business Administration, with a concentration in Organizational Strategy and Finance, from the University of Maryland.

Joseph Fourcade is a Lead Cybersecurity Analyst with the Enterprise Cloud Solutions Office, Department of Veterans Affairs. He received his Associates from United States Air Force, B.S from Nova Southeastern and his Masters from University of Phoenix. He has worked over 30 years of federal service with over 20 years working for VA and after being honorably discharged from the United States Air Force in 2001 after 10 years of service. Work History during his career listed the Miami VA Medical Center for 8 years In Office of Information Technology and the West Palm Beach VA Medical Center as an ISSO Information Security office.The time as an Information System Security Officer received awards for outstanding customer and college support multiple times for providing understanding of providing security is not a stopper but a path to work together attitude. The support of the enterprise through ECSO security consist of always working with clients to ensure the understanding of cloud adoption and what security cloud provides to the enterprise for applications through fedramp support. In his current position has been recognized for his knowledge and support with all efforts for Security of the cloud for VA.

Anjana Rajan currently serves as the Assistant National Cyber Director for Technology Security at The White House. A renowned cryptographer, technology executive, and entrepreneur, Rajan has spent her career working at the nexus of national security and human rights. Prior to joining the White House, she was the first Chief Technology Officer of Polaris, the largest anti-human trafficking NGO in the United States. In this role, she architected Polaris’s web3 & human rights vision and built a proactive security strategy to defend the organization against foreign malign influence operations and violent extremist threats. 

Previously, Anjana was a Tech Policy Fellow at the Aspen Institute, was a former Y Combinator founder, led open-source development of advanced cryptographic libraries, and worked at Palantir Technologies. She was a Knight Scholar at Cornell University’s Engineering School and received her bachelor’s and master’s degrees in Operations Research Engineering. 

Ken Rogers is a member of the Senior Executive Service (SES) and provides executive leadership for IT strategic planning, policy, portfolio and performance management, and budget formulation and execution including the use of various working capital funds associated with the Department’s $2.97B global IT portfolio. This IT portfolio supports a 76K person workforce operating in over 300 locations around the world. 

Mr. Roger’s public sector career included serving as the State Department Chair at the Department of Defense, National Defense University, College of Information & Cyberspace. He also served as the Chief Information Officer at the Department of Homeland Security’s Science & Technology Directorate and has held leadership positions as the Chief Architect and Strategist at the U.S. Department of Commerce and the Export Import Bank.  

His private sector experience includes financial management, government relations, and information systems management in the banking and aerospace industries, and as an international economic and management consultant supporting USAID. 

Peter Romness is a Cybersecurity Principal for CISO Advisors at Cisco Systems. For over 30 years, he has been devoted to helping government and education organizations securely accomplish their goals. He is honored to be able to help leaders understand and implement the latest cyber strategies to defend against threats, maintain individuals’ privacy, protect sensitive information, and secure government intellectual property.

Peter brings Cisco’s advanced cybersecurity solutions to departments and agencies at Federal, State, and Local Governments, and Educational Institutions. He works with NIST and the National Cybersecurity Center of Excellence (NCCoE) and has contributed to their 1800-Series Special Publications. Peter helps the broader IT community
understand the very latest cyber capabilities and risk mitigation methods to effectively address cyber threats. His technical background and passion for clearly conveying high-tech topics allows him to explain advanced concepts to all audiences from engineer to business leader.

Prior to Cisco Systems, Peter held leadership positions at Hewlett-Packard, AT&T and Panasonic. He holds a degree in Mechanical Engineering from Duke University.

Mr. Korie Seville serves as the Defense Information Systems Agency’s (DISA) Hosting and Compute Center (HaCC) Technical Director. In this role, Mr. Seville is responsible for the strategic technical direction of various DISA HaCC data center and cloud initiatives, including the Joint Warfighting Cloud Capability (JWCC) and Zero Trust.  
 
Prior to becoming the Technical Director, Mr. Seville was the HaCC’s cloud infrastructure architect. As a member of the HaCC, he was responsible for architecting and integrating commercial cloud hosted solutions into the DoD network infrastructure. 
 
Before joining the HaCC, Mr. Seville was an infrastructure architect for the Cloud Computing Program Office (CCPO) providing support to critical cloud enabling projects to include the Cloud Layered Obfuscation Application Kit, Global Directory, Azure Hosting Infrastructure, and the Commercial Virtual Remote (CVR) environment, which brought Microsoft 365 to over a million Department of Defense employees during the global pandemic. Also, Mr. Seville received a Bachelor of Computer Science from the Shippensburg University of Pennsylvania.