Page 40 - FCW, November/December 2021
P. 40

Public Sector Innovations
rising star
Matthew Heath
Information Security Specialist and Team Lead
Ace Info Solutions
Matthew Heath didn’t start out in cybersecurity. But in 2019, he interned as a nontraditional student at Ace Info Solutions and soon began volunteer- ing for more challenging positions. He quickly became known as a sub- ject-matter expert and was promoted twice in two years.
Much of Heath’s work has centered on the company’s U.S. Coast Guard CoreTechnology Services contract, which expanded in scope after a 2019 contract modification gave his team the opportunity to prepare assets for cyber readiness inspections.The team is now responsible for cyber compli- ance reporting for over 2,600 servers, 600 network devices and 150,000 users across 60 applications.
As the lead for hiring and training new employees for the team, Heath developed a training program and automated repeatable tasks to deliver outcomes more quickly. He has also taken ownership of the internship program in his section, fostering a supportive environment for interns and helping other nontraditional students develop their careers. He maintains his connection with his alma mater, Blue Ridge Community andTechnical College, by advising students and has so far hired three interns through the college.
Cyber Risk Portal
City of Los Angeles
Half of the 40 departments and 18 offic- es for elected officials in Los Angeles have their own digital services beyond what is provided by the central Infor- mation Technology Agency, creating a vast set of IT assets that are susceptible to cyberattack.
To make it easier to manage risk and give IT departments and city leaders a way to quickly identify, prioritize and remediate the growing number of vulnerabilities, the city created the Cyber Risk Portal. The solution consol- idates vulnerability scan results from multiple sources, identifies the most critical ones and recommends fixes. It also compiles an easy-to-read cyber risk score for each IT asset and depart- ment, which ITA’s Information Security Office sends monthly to department executives and IT directors.
The portal merges threat data from city departments and external partners, including the Department of Homeland Security’s Cybersecurity and Infrastruc- ture Security Agency, which also pro- vides weekly vulnerability scans. The normalized vulnerability data is then cor- related to IT asset records maintained by the city’s IT departments in an enterprise IT service management system.
When the pandemic hit, the city tran- sitioned from 200 remote workers to 18,000 in 11 days, and many departments scrambled to deploy new public-facing, online citizen services. Preparations to launch the Cyber Risk Portal went into overdrive, and it was deployed in the latter half of 2020. By January 2021, the Los Angeles CIO kicked off the monthly distribution of cyber risk scorecards to department executives.
In just six months, the number of department vulnerabilities decreased by 10%, and vulnerabilities have been resolved 30% faster — a key metric for limiting cyber risk. Armed with a clear understanding of cybersecurity risks,
the city’s IT staff and executive leaders can better identify priorities for reme- diation and investment.
The success of the Cyber Risk Portal proves that innovation can produce a simple, effective, human-centered solu- tion to cybersecurity challenges.
Cybersecurity Job Creation System
Old Dominion University
The standards outlined in the Defense Department’s Cybersecurity Matu- rity Model Certification program are designed to ensure that vendors throughout the defense supply chain are adhering to DOD’s stringent secu- rity requirements.
Realizing that goal, however, requires a workforce that is prepared to understand and address those stan- dards and the constantly evolving secu- rity landscape. That can be a challenge in the notoriously tight U.S. cyberse- curity job market.
Old Dominion University’s School of Cybersecurity has created a new cyber- security job creation system that seeks to create a pipeline of workers who are fluent in DOD’s CMMC requirements and the latest guidelines from the National Institute of Standards and Technology so they can help defense contractors secure their systems and products.
The certification program is being funded by a grant from Virginia and is expected to fill 1,300 cybersecurity jobs in the state in the next five years. The university will offer six courses online and plans to enroll over 500 stu- dents. The first cohort will start their classes in March 2022. Some of the credits earned through the program can go toward certain master’s degrees at the university if students choose to continue their education.
The program’s leaders said they will particularly focus on training veterans, a population that is already active in the government contracting workforce. They
40 November/December 2021

   38   39   40   41   42