2014 GISLA® Judges
Steven Hernandez, CISSP, CISA, SSCP-Chief Information Security Officer, Office of Inspector General, Department of Health and Human Services
Mr. Hernandez is an information assurance professional presently working in the Washington DC area. He completed his MBA in Computer Information Systems and Information Assurance at Idaho State University. He also holds a BBA in Computer Information systems from Idaho State University and degrees in electronic systems, lasers, and electro-optics. Hernandez is affiliate faculty at Idaho State University and with the National Information Assurance Training and Education Center.
Through his work with the National Information Assurance Training and Education Center, Hernandez has lectured on topics in information assurance, risk management, capital planning, investing in security, certification and accreditation, cloud computing, social media, new media and mobile security to graduate level audiences. Hernandez is actively involved in educational content development for the International Information Systems Security Certification Consortium. He has been involved in information technology work in a variety of fields over the past 17 years including the Federal Government, education, higher education, industrial manufacturing, the finance sector and agriculture. His presently holds the role of Chief Information Security Officer and Director of the Information Assurance Division at the Office of Inspector General for the Department of Health and Human Services.
Ray A. Letteer, CISSP, Chief of the Cybersecurity Division of the Command, Control, Communications and Computer Department at Headquarters, U.S. Marine Corps.
Mr. Letteer oversees all efforts for cyber security and information assurance within the Marine Corps including computer network defense, public key infrastructure, electronic key management systems, and certification and accreditation. He also serves as the Marine Corps Senior Information Assurance Official (SIAO) and as the designated approval authority for the Marine Corps Enterprise Network (MCEN), which includes all networks and networked systems, whether in garrison or tactically deployed.
Charles “Chuck” McGann, CISSP, CISM, IAM, manager of corporate information security, U.S. Postal Service
Charles L. (Chuck) McGann, Jr. is the Corporate Information Security Officer for the United States Postal Service (USPS). In this capacity, he has the responsibility of securing an intranet that is one of the largest maintained by any organization in the world with over 145,000 workstations and more than 10,000 servers. The USPS infrastructure encompasses over 600 business applications that support all aspects of business operations as well as movement of the mail.
In his 23 years with the Postal Service, McGann has held numerous positions, entering as Manager, Information Systems for the Springfield, Massachusetts district, and later served as an acting postmaster, business systems analyst, business project leader, distributed systems security specialist and CIRT manager.
McGann holds an MBA from Strayer University, a bachelor’s degree from the University of Massachusetts, and two associate’s degrees from Springfield Technical Community College. He is a certified information systems security professional (CISSP), a certified information security manager (CISM) and holds a certification for information assurance methodology (IAM) from the National Security Agency (NSA).
Dara Gordon Murray, CISSP, Director of IT Security for the Program Support Center, U.S. Department of Health and Human Services (HHS)
Ms. Murray is the Director, IT Security, Program Support Center, U.S. Department of Health & Human Services. She holds a Bachelor of Science (B.S.) and Master of Business (MBA) of Administration from University of Maryland, University College, College Park and a Master of Science, (M.S.) Johns Hopkins University, Baltimore Maryland. Her main course of study was computer science, telecommunications engineeringand business management. She was one of the first to hold the credential as a Certified Information Systems Security Professional (CISSP) and is a distinguished member in good standing on the (ISC)² U.S. Government Advisory Board. She is also a certified Project Manager, Certified Cryptologist, National Security Agency.
She has worked in many aspects of the security field, ranging from information system, physical, personnel, counterintelligence, and computer crime investigations for the Nuclear Regulatory Commission, Justice Department, Federal Bureau of Investigation, National Science Foundation, Smithsonian Institution. Dara's primary responsibilities are with assisting the institutions risk management, security planning, audit response, FISMA compliance, certification and accreditation, and intrusion detection & prevention.
Robert “Rocky” E. Young, CISSP-ISSAP/ISSMP, CISM, CHSP, IAM, CHFI, CEH, PMP, CGEIT, CRISC, Cyber Security and IT Specialist, Defense Information Assurance Program, Office of the Secretary of Defense, Networks and Information Integration, Department of Defense
Relevant Professional Experience: Dr. Young has been a professor at National Defense University since 2002. Prior to that, he was Chief of 11th Wing Information Assurance Office, USAF, providing policy guidance, technical support, and administrative oversight of communication, computer, emission, and information security requirements. Dr. Young spent 21 years in the Air Force and is also a certified physician associate who continues to work in that capacity as a medical provider throughout the DoD.
Scholarship: Dr. Young is an expert Cyb3r Security and/or Information Security (INFOSEC), Information Assurance (IA) and Information Operations (IO). He has presented widely on IA issues in healthcare, challenges related to wireless networks, cyber security, and network and systems security principles, safeguards, and practices. Recent presentations include “CYB3RSEC & U … What U Don’t Know Online Can Hurt U!” @ the 2011Defense Special Security Officer Conference (DoD) and “Wake Up & Smell the CYB3R: Banking Fraud, Socializing, Identity Theft and Stalking Online—Sounds Like FUN!” @ USDA/FDA.
Jerry G. Ormaner, CISSP, CIO, CISM, Senior Information Technology Project manager, Operations Services staff, U.S. Departmentof Justice
Jerry Ormaner currently serves as Senior Information Technology Project Manager for Department of Justice's (DOJ) Operations Services Staff. Jerry manages critical DOJ services for the following DOJ customers: Department of Homeland Security's (DHS) Immigration and Customs Enforcement (ICE); DHS US-VISIT; DHS U.S. Citizenship and Immigration Services; and DOJ's Litigation Case Management System (LCMS). These customers' systems involve sensitive but classified information and critical infrastructure data. Jerry's job responsibilities involve: mitigating security concerns or risks associated with these enterprise-wide critical systems; mitigating complex technical challenges as they develop; testing disaster recovery capabilities; assisting customers with certification and accreditation activities; and working with customer senior management executives to escalate and resolve risks to systems as they may develop.
Jerry Ormaner served as Assistant Director for U.S. Department of Justice's Security Program for over twelve years. In this very important role, Jerry managed the operational security program for the Department of Justice's critical infrastructure: enterprise-wide voice and data networks; data centers; and related systems. He coordinated the certification and accreditation for IT systems/networks and data centers; managed the contingency planning activities for the Operations Services Staff and the Continuity of Operations Planning for the DOJ's Office of Chief Information Officer; and evaluated vendor security support including training programs for the Department. He has utilized contracted security vendors as well as internal resources to provide security management training for DOJ and other Information Resource Management employees.
Mr. Ormaner assisted the FBI with certification and accreditation of their critical systems and with DOJ Information Management and Security Support, he managed the security oversight and issuance of policy guidance for DOJ's sensitive but unclassified systems and networks. In addition to establishing one of the first successful penetration testing and follow-up security improvement programs in the civilian government, he also supported the Federal Government and the Department's PKI working group and related pilots for DOJ, FBI and DEA.
Prior to this, Mr. Ormaner held several positions with the InternalRevenue Service, including the Information Resources Management and Infrastructure Technology Group. He led the design of up-front security forenterprise-wide data systems involving electronic filing applications for the multi-billion dollar Tax Systems Modernization Program and the Secure Dial-In (SDI) Network for IRS. With the General Services Administration FTS 2000, Mr. Ormaner coordinated the design and installation of new FTS data and voice circuits for federal customers. Prior to government service, he was with American Telephone & Telegraph, Communications where he was a Network Designer and Market Administrator for National Accounts.
Mr. Ormaner holds a BA from State University of New York in Business and English, an MBA in Management and Marketing from Marymount University, Virginia, and Chief Information Officer Certification from Carnegie Mellon University, Pennsylvania. He is also a Certified Information Systems Security Professional (ISC)² and Certified
Katrice N. Lewis, Assistant Professor of Systems Management (Information Assurance and Security), Information Resources Management College, National Defense University
Ms. Lewis has over 15 years of professional experience in Information Assurance (IA). Upon receipt of a Bachelor of Science degree from Loyola College, Ms. Lewis began her career as an Engineer and Scientist with Lockheed Martin Naval Electronics and Surveillance Systems-Undersea Systems (NE&SS-Undersea Systems) located in Manassas, Virginia. In this position, she worked with both classified and unclassified information systems on contracts with various U.S. government departments and agencies to include the Department of Defense. While serving in this capacity, she performed various functions in support of departmental and agency missions to include engineering, simulation modeling, and programming.
Upon conferment of a Master of Science degree from the University of Michigan, Ms. Lewis transferred to Lockheed Martin Information Technology (LMIT) where she served as a Senior Web Solutions Developer and Technical Manager. In these roles, she was responsible for management and oversight of engineering laboratory facilities and projects. Ms. Lewis later transitioned into civil service as a federal employee working for organizations such as the U.S. Department of Treasury and Department of Agriculture.
Prior to her current position as a faculty member of the iCollege, Ms. Lewis served as a Security Officer, Security Manager, Information Systems Security Officer (ISSO), and Information Systems Security Manager (ISSM) for U.S. Department of Treasury, Internal Revenue Service (IRS); Department of Treasury, Financial Management Service (FMS), and the Department of Agriculture, Animal and Plant Health Inspection Service (APHIS).
Ms. Lewis is designated a Certified Information Systems Security Professional (CISSP), Certification and Accreditation Professional (CAP), and Project Management Professional (PMP). She currently holds a Master of Science degree in Information from the University of Michigan-Ann Arbor, Bachelor of Science degree in Applied Mathematics from Loyola College, and a Certificate in Information Assurance from the University of Maryland University College. She is currently pursuing a Ph.D. in Computer Information Systems (DCIS) with a concentration in Information Security at Nova Southeastern University.
Brad Nix, CISSP, CISO, USDA Food & Nutrition Service
Brad Nix is the Chief Information Security Officer for the U.S. Department of Agriculture's Food & Nutrition Service. In this role Brad is responsible for leading the organization's information security and information assurance programs.
Brad has almost 20 years of IT experience with the last 15 years devoted to enterprise information security specializing in information security program assessments and development, governance, architecture, technical vulnerability assessments, and product assessments.
Prior to his career in public service, Brad benefited from extensive consulting experience with small and large enterprise security programs. Brad has provided information security subject matter expertise to several entities across the private and public sector, to include Citigroup, J.P. Morgan, ADP, the Federal Bureau of Investigation, Symantec, the Federal Deposit Insurance Corporation, the United Nations Development Program, and the Departments of Agriculture, Commerce, Interior, and State.
Brad has received a Master's in Management Information Systems from the University of Virginia, and a Bachelor's in Business Administration from James Madison University. Brad is a Certified Information Systems Security Professional (CISSP) and an American Council for Technology / Industry Advisory Council (ACT-IAC) Fellow.
Johan Bos-Beijer, Senior Advisor, Office of the Assistant Commissioner ITS and Director, Strategic AnalysisGeneral Services Administration
Mr. Bos-Beijer has over 37 years of senior management experience equally divided between the public and private sectors. His management work has involved program and lifecycle management, technical operations, client services, finance, analytics, identity management, managed security services, change control and audit resolution. Before joining the federal government, he served at executive and senior management levels in Academia, Financial Aid, Financial Management, and Vice President of Operations for a large law practice and financial banking and servicing. He was a principal contributing author of the US Department of Education Audit Guide and initiated the first Integrated Project Teams and Change Control processes. Mr. Bos-Beijer is author of the 2007/08 identity and access management framework for Department of Education which in turn helped shape the federal framework. His work enabled ED to deploy the first consolidated initiative for program audits and reviews using analytics in 1999/2000 focused on fraud prevention and program integrity. Under his leadership interoperability between the multi-billion dollar portfolios held in the Debt Management and Collection System (DMCS) and National Student Loan Data System (NSLDS) was achieved. In the public sector he has held such key positions as Director of Change Control, Chief of Staff, Deputy General Manager, Special Advisor to the Deputy Secretary, and was the first full time eCommerce Director at ED. Mr. Bos-Beijer initiated the first managed security services provider concept for the agency and served as the principal Director for the Business Continuity and Identity Management Programs. His work has been recognized in Special Act awards from the ED OIG, HHS OIG, special recognition from the Office of the Secretary at ED, DoDIG, and for his teams throughout his career. Mr. Bos-Beijer is also the recipient of a special veterans support in education recognition award for his counseling and guidance to tens of thousands of veterans representing deployments in multiple conflicts as they reentered civilian life.
Since being recruited to join GSA in 2008, he has served as Director of Strategic Solutions and Senior Advisor overseeing, the successful design and migration of the dotGOV domain management program to a direct order service for customers as well as the achievement of a milestone for over $1 billion in cost avoidance for the SMARTBuy program. He created the customer engagement framework in 2009 and developed a repeatable acquisition strategy for data center services in 2010. In his current role Mr. Bos-Beijer is often consulted as an experienced analytics practitioner as advisor to various public agencies in the civilian and defense sectors in maturing or initiating their programs. He completed a special one year (2010/2011) executive senior advisory assignment at the request of the HHS OIG which included the successful development and implementation of the consolidated data analysis center program, predictive analytics framework, data and program management. His recent accomplishments included overseeing enterprise commodity program management in the Office of the Assistant Commissioner where he authored a marketplace strategy and internal consolidated acquisition platform concept of operations across multiple multi-billion dollar portfolios at GSA. He has been a founding and contributing member, as well as speaker, for major organizations including the National Association of College and University Business Officers, National Council of Higher Education Loan Programs, Education Finance Council, Postsecondary Electronic Standards Council, National Association of Credit Managers, National Healthcare Association, American Law Institute, Coalition of Higher Education Assistance Organizations, and the CyberLaw Resource Network. He is federal chair of the ACT-IAC Analytics and Big Data Committee and the Chair of the Government Advisory Panel. Mr. Bos-Beijer has been an advocate of mentoring throughout his career and respected for his passionate dedication in continuing to provide coaching to those starting, changing, or already engaged in their career, most recently volunteering for the armed forces to civilian acclimation services. His development of leaders of the future in their respective fields aligns with the objectives of GISLA and this unique recognition program.
Erik Avakian, CISSP, CISMP, CISA, CGCIO, CISO, Commonwealth of Pennsylvania
A Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Information Security Manager (CISM) and National Certified Government Chief Information Officer (CGCIO) with over 15 years experience in enterprise-level multi-user server environments including advanced experience in large scale enterprise deployments, procurements, and advanced security controls and solutions for environments encompassing over 75,000 users. Extensive experience in security compliance, governance, incident response, and IT services and intimate knowledge of the commonwealth’s business goals and objectives and upcoming initiatives with a proven track record of mapping business requirements to demonstrated results. Proven experience in leadership and development and implementation of the commonwealth’s security strategy with a strong understanding of the support, guidance, leadership, customer support and oversight necessary to lead ongoing and future commonwealth initiatives and security services.
Peter Gouldmann, CISSP, Director of Information Risk Programs, Office of Information Assurance, U.S. Department of State
Mr. Peter Gouldmann is the director of information risk programs at the Department of State. In this role, he is responsible for strategy and implementation of the National Institute for Standards and Technology (NIST) Risk Management Framework and Information Security Continuous Monitoring programs. Most recently he was the Project Manager for the State and USAID IT transformation Initiative - an international shared services and network and systems consolidation effort. Prior to this he held several roles in the State Department's Office of Information Assurance including Risk Officer, Chief of Systems Authorization, Security Architect and NIST/Committee on National Security Systems (CNSS) Liaison.
For over 30 years, Mr. Gouldmann has held IT and IT security-leadership positions within the Department of State, the private sector and the United States Air Force. He holds a Masters Degree in Information Management from Syracuse University, a Bachelor of Science in Management, and is a distinguished graduate of the National Defense University's Advanced Management Program. Mr. Gouldmann has been awarded the CIO certificate in Federal Executive Competencies from the CIO University, and holds the Certified Information Systems Security Professional (CISSP) credential and Project Management Professional (PMP) certification.
Mr. Gouldmann is a frequent speaker at IT security forums, and is an expert on the topic of information risk management. In addition to his State Department activities, he has participated in and led many IT security policy discussions government wide. Mr. Gouldmann has served as co-chair of the CNSS permanent subcommittee, co-chair of the Risk Assessment Methodology working group, and as a member of the NIST Joint Taskforce Transformation Initiative Interagency Working Group. Mr. Gouldmann is also a current member of the International Information Systems Security Certification Consortium (ISC2) Government Advisory Board.
Jill Vaughn, CISSP, Deputy Chief Information Officer, Depurt Assistant Administrator, Office of Information Technology, TSA
Since March 2013, Jill Vaughan has served as the Deputy Chief Information Officer and Deputy Assistant Administrator for the Office of Information Technology, working diligently to ensure the effectiveness of TSA's information technology programs. As the Deputy Assistant Administrator for the Office of Information Technology, Jill ensures that mission-critical information technology products and services are provided to over 60,000 TSA employees at airports and field locations around the world. This includes extensive IT infrastructure, cyber security and information assurance, end user provisioning and services, and applications development, as well as compliance with the policies and standards set by the Department of Homeland Security and the White House.
Jill was formerly TSA's Chief Information Security Officer, primarily overseeing areas covering Computer Network Defense, Focused Operations, FISMA Compliance and Policy, Cyber Security Awareness & Outreach, and Secure Infrastructure and Vulnerability Management. Her extensive administrative experience includes overseeing IT Security for one of the largest managed services contracts in the current administration.
Jill combines over 14 years of Information Technology experience with over 10 years of experience in Information Security. She holds a Bachelor of Science Degree in Business from Virginia Polytechnic and State University and a Masters Certificate for Project Management from George Washington University. Jill is also a Certified Information Systems Security Professional (CISSP), ISC2 and a graduate from the Department of Homeland Security (DHS) Senior Fellows Program.
Greg Maier, CISSP, Director and CISO, InformationAssurance Division, TSA
Greg Maier is the Chief Information Security Officer at the Transportation Security Administration. Greg has been with TSA as both a Federal Employee and a Contractor for the past 10 years. Before becoming a Federal Employee, Greg worked at General Dynamics, PricewaterhouseCoopers, and Deloitte on Federal IT Security Contracts. Prior to his work with the Federal Government, Greg worked in both the Medical Software and Banking Industries.