Progress Report on the Identity Management efforts in the Federal Government
Progress & Best Practices
Challenges to Overcome
Interoperability with Programs
A Vision for The Future for Identity Management
Panelists: Mike Butler– OSD Judy Spencer– GSA Steven I. Cooper– Director, Information Technology & CIO, FAA Ashley Stevenson– HP Enterprise Services Peter Engel– SafeNet Alan Carswell– UMUC
Moderator: Jim Flyzik -Flyzik Group
About the Panel
Jim Flyzik President The Flyzik Group
Jim Flyzik is the President of TheFlyzikGroup www.theflyzikgroup.com . The company specializes in Strategic Business Consulting, Performance Based Contracting Consulting and Training and Thought Leadership media events. The company assists small, medium and large companies in providing world-class government services. Jim also serves as the Chairman of the Information Technology Association of America Committee on Homeland Security. Jim also hosts the monthly radio program, The Federal Executive Forum on WFED 1500 AM and www.federalnewsradio.com .
Jim served over 27 years in the federal government. He served as Senior Advisor to Governor Ridge in the White House Office of Homeland Security (OHS). He provided advice to OHS on the National Strategy and Information Management in support of the OHS mission. From February 1998 until December 2002, Jim also served as the Vice Chair of the Federal Government CIO Council overseeing numerous government wide IT initiatives. He was also a member of the President’s Critical Infrastructure Protection Board.
Prior to this, from August 1997 until April 2002, Jim was the Deputy Assistant Secretary for Information Systems and Chief Information Officer (CIO) for the Department of the Treasury. He provided oversight, strategic planning and management direction on over $3.0 billion in annual information technology and information infrastructure programs within Treasury and its fourteen Bureaus. Jim also served as the Acting Assistant Secretary for Management for the Treasury Department from January 20, 2001 until February 8, 2002. In that role he provided oversight of all Treasury bureaus and served as the principal policy advisor to the Secretary and Deputy Secretary on matters involving the internal management of the Department and its bureaus. Jim received the Secretary Certificate of Appreciation on February 12, 2002 for his efforts during this transition period.
Prior to his Treasury positions, Jim worked for 15 years at the U.S. Secret Service where he held key IT management positions, including the Chief of the Communications Division, providing world class telecommunications in support of Secret Service tactical and operational requirements. Jim served as Team Leader on Vice President Gore’s National Performance Review (NPR) Information Technology Team. Following this assignment, he was selected as Chairman of the Government Information Technology Services Working Group, to implement the NPR Information Technology recommendations and coordinate the government services portion of the National Information Infrastructure (NII). He was given the prestigious Eagle Award as the government information technology executive of the year in 1994, a Meritorious Presidential Rank Award in 1995, the Armed Forces Communications and Electronics Association Award for Excellence in Information Technology in 1996, the AFFIRM Award for Outstanding Service to the Citizens in 1997, the Industry Advisory Council Award for Special Achievements and Leadership in 1997, the AFFIRM IRM Executive of the Year Award in 1998, and the Distinguished Rank Executive Award from President Clinton in 1999. In 2001 the Federation of Government Information Processing Councils presented him the John J. Franke award for outstanding government service. In March 2002, Jim was selected by the Federal CIO Council to receive the Azimuth Award as the Government Executive of the Year.
Jim has extensive public speaking experience and frequently serves as a featured speaker at industry events. He has developed, and currently teaches part-time, a graduate level course on Information Systems Security and Risk Assessment at the University of Maryland. Jim was given the Stanley J. Drazek Excellence in Teaching Award in 1998 by the University of Maryland.
Jim has an undergraduate degree in Business Administration and Computer Science and a Masters of Business Administration (MBA) from the University of Maryland with an area of concentration in Information Systems Management.
Michael Butler OSD
Mr. Butler is the Deputy Director for Identity Management at the Defense Manpower Data Center (DMDC) of the US Department of Defense. In 2010 he transitioned from the National Institute of Standards and Technology (NIST) and a six month detail at the Office of Management and Budget (OMB) in the area of Identity Management, National Identity Strategy, as well as immigration issues with the Domestic Policy Council. While at NIST, he participated in cybersecurity requirements for the SmartGrid upgrade to the national electric infrastructure and identity issues.
Previously, he served two years as Program Manager for GSA’s US Access Credentialing System and seven years as the Chief of the US Department of Defense smart-card and identity card system at DMDC. Mr. Butler contributed to the DOD team, which has issued over 16 million Common Access Cards since the program began. Previously, he served 22 years in the US Navy in heavy industry and industrial control systems as well as Program Manager for the US Navy Smartcard Program.
Mr. Butler served as chairman of the Government Smart Card Interagency Advisory Board from 2002-2006. In 2007, He was selected as a member of the Federal 100 and a recipient of the CIO Leadership Award. In 2008, he was awarded both the GCN and GITEC Program Manager Award and was a “Service to America” Medal Finalist. The GSA MSO Program was awarded the Outstanding Issuer for the Western Hemisphere in April 2008. During his Navy career, he participated in the Smartship project which was awarded the Smithsonian Award for Transportation ion in 1998.
Originally enlisted in the US Navy, Mr. Butler was selected to attend the US Naval Academy where he majored in Physical Science. Subsequently he earned a Master of Science in Computer and Electrical Engineering.
Judy Spencer GSA
Ms. Spencer is the Co-Chair, Federal Identity, Credential, and Access Management Subcommittee (ICAMSC), of the Federal CIO Council’s Information Security and Identity Management Committee. In this capacity, she is responsible for building consensus and promoting cross cutting solutions for unified logical/physical credentialing of Federal employees as directed in Homeland Security Presidential Directive 12, Policy for a Common Identification Standard for Federal Employees and Contractors. Ms. Spencer shares this responsibility with Mr. Paul Grant from the Department of Defense.
In addition, Ms. Spencer helps foster a united approach to Federal ICAM activities – promoting a single activity that combines the goals of HSPD-12, the Federal Public Key Infrastructure (PKI), and e-Authentication. She also holds the position of Chair, Federal PKI Policy Authority, in which capacity she promotes interagency cooperation and interoperability in the deployment of PKI. A key accomplishment of the Federal PKI is the Common Policy Framework which sets the requirements for the use of PKI in attaining HSPD-12 compliance. In addition, the Federal Bridge Certification Authority (FBCA) continues to promote interoperability between discrete trust domains and is a valuable resource to overall e-authentication activities.
Prior to her current position, Ms. Spencer managed the Federal Information Security Infrastructure Program at GSA, which sought information systems security solutions for internet-based communications using public key technology. In addition, Ms. Spencer was involved in the efforts of the Federal sector to promote Critical Infrastructure Protection across the Departments and Agencies. Towards this end, Ms. Spencer led the transition of the Federal Computer Incident Response Capability (FedCIRC) from a pilot to operational status and worked with Federal agencies to build consensus for intrusion detection and incident response to unauthorized electronic exploitation. This activity culminated in USCERT at the Department of Homeland Security.
Ms Spencer has been involved in Federal Information Systems Security efforts for the past 36 years.
Ashley Stevenson Senior Identity Consultant, U.S. Public Sector HP Enterprise Services
Ashley Stevenson is a senior identity consultant and Washington D.C. site leader of the Global Identity Practice in the U.S. Public Sector organization for HP Enterprise Services. He is responsible for managing the local identity management team, and business development of the Assured Identity Plus™ service line to support U.S. federal, state, and local government customers. Stevenson is a Certified Information Systems Security Professional (CISSP), and holds an ITIL Foundations certification from EXIN.
Previously, Stevenson was responsible for developing security and infrastructure architecture components for enterprise scale, multi-tenant operating environments focused on providing IT Service Management using the ITIL framework. In 2009 he graduated from the HP Top Gun program, delivering a functional Identity Federation proof-of-concept using Open Source software. Stevenson also co-authored a security user provisioning innovation paper, which was selected for the top-tier formal presentation at HP’s annual technical conference in 2009. Stevenson joined EDS, now HP, in 1997 to support the General Motors account. By 1999, as part of the regional tools & automation team, he managed security and automation of GM’s Tivoli enterprise management suite. In 2001, he became a system engineer and developed custom Solaris operating system builds and automated security hardening scripts for the Navy Marine Corps Intranet (NMCI) customer.
From 2002 to 2006, Stevenson was the lead business and systems integrator for the Americas region event and workflow consolidation initiative. In October 2006, he was awarded the CIO Jalapeño award for performance excellence. In 2007, Stevenson was promoted to Architect, where he developed architecture blueprints for integrating new security suites with existing multi-tenant infrastructure and applications. He also authored several key program-level artifacts including the security architecture integration guide, which were published to the EDS enterprise reference architecture.
Steven I. Cooper Director Information Technology & CIO FAA
Steven I. Cooper is the current Director, Information Technology, and Chief Information Officer (CIO) of the Federal Aviation Administration’s Air Traffic Organization (ATO). This is the operating arm of the FAA which runs the nation’s national airspace system, ensuring the safety of the flying public while handling 40 million flights per year. Mr. Cooper and his team of 400 professionals are responsible for ensuring the operational excellence of mission support and business systems of the ATO and the underlying technology infrastructure.
Mr. Cooper is a founding partner of Strativest (www.strativest.com), a firm focused on identifying emerging technologies applicable to homeland security, emergency response and preparedness, assisting in the development of ‘go-to-market’ actions, providing management advisory services for business strategy and business development, competitive intelligence, and the strategic use of information and communications technology for competitive advantage.
In late 2005, Mr. Cooper was asked to join the American Red Cross (ARC) as the Senior Vice President and CIO. Mr. Cooper was responsible for the Information Technology (IT) assets of the Red Cross and leveraging them to support the humanitarian organization’s 35,000 employees and the 300 million Americans they serve. Working with the Board and executive leadership, he guided the introduction of a first ever National Call Center during Hurricane Katrina to provide emergency financial assistance to the more than 4 Million people displaced from their homes. He also coordinated and led a unique partnership of technology corporations to develop and deploy critical services to the more than 1 million families impacted by Hurricanes Katrina, Rita, and Wilma. Mr. Cooper and his senior IT leadership team led the strategic outsourcing of the ARC’s primary data center.
In 2003, he was appointed by President George W. Bush as the first CIO of the Department of Homeland Security (DHS). His accomplishments include the implementation of a Homeland Secure Data Network to enable the exchange of classified homeland security information among Federal Civilian Agencies and the Department of Defense; in partnership, with the Federal Bureau of Investigation (FBI), the deployment of a Homeland Security Information Network to share sensitive information with state and local agencies; first responders, and private sector entities who own critical infrastructure; in developing the department’s first IT Strategic Plan, and in standing up the ‘day one’ IT operations of DHS. Mr. Cooper testified frequently before Congress on matters related to Cyber and Information Security, and the use of Information Technology to achieve homeland security mission objectives.
Early in 2002, Mr. Cooper was appointed Special Assistant to the President for Homeland Security and also served as Senior Director for Information Integration in the White House Office of Homeland Security. In this role, he initiated the integration of the Terrorist Watch Lists, and launched the development of the National Enterprise Architecture for Homeland Security to address information integration within the federal government and the sharing of homeland security information with State, Local, and relevant Private-Sector entities.
Mr. Cooper was named one of the Top 100 CIO’s in America by CIO Insight in 2007. He was previously honored by Government Computer News as the Government Civilian Executive of the Year; by the Northern Virginia Technology Council as a Titan of Technology; was a recipient of the Fed 100 Award recognizing the 100 Most Influential People in Federal Government Technology; and was named by the Washington Post as one of the Five to Watch while serving in the White House. He recently served on the blue ribbon panel established by the Administrator of the FAA to determine the outage of the FAA’s telecommunication network and offer recommendations for improvement.
Peter Engel Vice President, Federal Solutions SafeNet
Peter Engel joined SafeNet in April 2009 in the position of Vice President, Federal Solutions. In this role Mr. Engel provides leadership for SafeNet’s cybersecurity, identity management and data security business development. Mr. Engel has 30 years of business and government experience.
Previously Mr. Engel served as the Chief Operating Officer and Senior Vice President for SCI Consulting and directed that company’s successful growth strategy for the Department of Homeland Security, Environmental Protection Agency, and other federal departments and agencies.
Mr. Engel served as a Vice President with SAIC in both line management and business development roles. He is credited with successfully initiating corporate accounts with the Department of Homeland Security and its predecessor agencies, the Department of Education, the National Archives and Records Administration and other federal departments and agencies. As a result of these and other successful initiatives Mr. Engel was responsible for over $240 million in annual revenue. Mr. Engel was instrumental in the implementation of process maturity initiatives at SAIC including SEI CMMI and the Earned Value Management System (EVMS).
While serving on active duty and in the naval reserve Mr. Engel assisted the U.S. Navy’s first CIO establish that office and its initial policies as well as implement the provisions of the Clinger-Cohen Act. Mr. Engel led efforts in support of U.S. space satellite programs and commanded naval special mission operations around the world.
Alan Carswell Chair, Cybersecurity and Information Systems Graduate School of Management and Technology University of Maryland University College (UMUC) Adelphi, Maryland USA
Alan Carswell has been a faculty member, academic program director, and department chair at University of Maryland University College (UMUC) for nearly 20 years. He has been instrumental in the creation of UMUC’s graduate degree and certificate programs in cybersecurity and cybersecurity policy. The two master’s degree programs, launched in the fall of 2010, currently have an enrollment of more than 500 students. Previously, Dr. Carswell managed the development of numerous large-scale information systems projects for public-, private-, and government-sector clients. He holds a BS in civil engineering from Northwestern University, an MBA from Harvard Business School, and a PhD from the Robert S. Smith School of Business at University of Maryland, College Park.