DHS Fills Key Cybersecurity Posts

Department of Homeland Security hires fill leadership gaps at US-CERT and the National Cyber Security Division, two of the most important players in the nation's critical security infrastructure.
The Department of Homeland Security filled two key cybersecurity positions this month, a DHS spokesman confirmed, hiring former Defense Information Systems Agency CIO Bobbie Stempfley to head up the agency's National Cyber Security Division and giving interim U.S. Computer Emergency Readiness Team director Randy Vickers a permanent job.

Stempfley takes over for Peter Fonash, who had been acting director of NCSD since Cornelius Tate left last year. Stempfley comes to DHS from DISA, where she worked for 10 years (over the last year as CIO), helping serve the Department of Defense with its networking and computing needs. While at DISA, Stempfley oversaw the continued evolution of the agency's rapid access computing environment private cloud computing platform.

As head of NCSD, Stempfley will head up a broad cross-section of the government's cybersecurity efforts, including public-private partnerships to secure critical infrastructure, the national cyberspace response system to alert government and industry of threats and respond to those threats, and a national cyber risk management program.

DHS has asked for $379 million for NCSD next year, with a number of goals in mind. Stempfley will be bringing the new National Cybersecurity and Communications Integration Center, a sort of mega-security operations center, to full speed. She'll also be helping to push forward the deployment of the federal government's Einstein intrusion protection and prevention systems. And she'll be part of a big cybersecurity hiring trend at DHS, which has said it will be hiring up to 1,000 cybersecurity professionals in the next couple of years.

Vickers, meanwhile, takes over for Mischel Kwon, who left US-CERT in August to head up professional services at RSA. Much of NCSD's proposed budget -- $315 million, to be exact -- will go to US-CERT, which helps to coordinate responses to cybersecurity threats by sharing information on vulnerabilities and exploits through an alert system.

US-CERT has taken a high profile inside government in recent years, as it has overseen the Einstein projects and Trusted Internet Connections initiative (an effort to consolidate government network connections).

Over the next fiscal year, according to testimony earlier this week from DHS deputy under secretary Phil Reitinger, who heads up the agency's National Protection and Programs Directorate, US-CERT will perform numerous red team assessments of other agencies' cybersecurity efforts and begin deploying the latest iteration of Einstein (Einstein 3), in addition to carrying out its usual duties.