Booz Allen Hamilton Vice President and Chief Information Officer (CIO) Kevin Winter is responsible for executing the firm’s IT infrastructure strategy that includes migrating Booz Allen to the cloud, leveraging virtual and mobile technologies to achieve greater effectiveness and efficiency, improving and optimizing the performance and security of our networks and systems, and ensuring our IT Infrastructure enables the delivery of services to our clients. In addition, Mr. Winter is aligned with Booz Allen’s technology capability, specifically in the area of enterprise operations.
Prior to joining Booz Allen, Mr. Winter was the Chief Information Security Officer (CISO) for SRA International. He has also worked at multiple leading technology companies (e.g., Perot Systems, Covad Communications) where he led and managed large-scale networks and IT Infrastructure programs.
He holds a B.A. degree in psychology from the University of New Mexico, an M.B.A. degree from the University of North Carolina, and an M.S. degree in telecommunications from George Mason University.
Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise. With international headquarters in McLean, Virginia, the firm employs more than 22,500 people globally, and had revenue of $5.27 billion for the 12 months ended March 31, 2015. To learn more, visit www.boozallen.com. (NYSE: BAH)
In today’s landscape, a major breach can quickly damage an organization. We’ve all seen how cyber incidents at banks and financial institutions, retailers and healthcare organizations can quickly undermine customer loyalty, tarnish the corporate brand, and damage the bottom line. According to the Identity Theft Resource Center, the number of US data breaches reached a record high of 783 in 2014, a 27.5 percent increase over 2013—and that number is only expected to rise.
As a leading market provider of cybersecurity services and technologies, Booz Allen is helping federal and commercial organizations establish strong, flexible, and innovative cyber defenses aimed at mitigating today’s threats, as well as threats that we see on the horizon. The really successful organizations are those with leaders (CIOs, CISOs, COO, CEOs) that have the communication skills and the ability to articulate the business value of investing in a strong, dynamic cybersecurity capability.
Traditional methods of cybersecurity involve deploying security technology, monitoring for security threats, and then responding to that threat activity. Today, companies are moving to a more “active defense” approach. There’s an old adage in cybersecurity that you want to build in security rather than bolt it on. Those bringing new technology to market are getting this message, but there are still extremely wide security gaps to fill. Booz Allen has embraced an active defense mindset and there are a few things that we do to stay ahead:
- Before we roll out any new IT capability via mobile or cloud we will conduct security reviews of the new technologies. We penetration test any new capability we employ. We do this not only using traditional tools and methods, but we also conduct those tests mimicking the most sophisticated threat actors that operate today.
- Additionally, we work with the technology companies that provide services to Booz Allen (e.g. Cloud provider or SaaS) to understand their approach to security in their services or technologies. We spend a lot of time working with the providers we use to ensure that the deployment of these technologies—inside or outside of our network boundary—is done in a secure way, while meeting the needs of an innovative workforce to have the latest IT capability.
One lesson we’ve learned over the last 15 years in cybersecurity: bolting on security and correcting all the flaws in new technology and capability is extremely expensive. When security lags with new technology, there are always fresh avenues of attack to exploit. New technologies are coming online, and we’re experiencing an increasing connectedness due to the Internet of Things (IoT). It’s imperative for cybersecurity experts to coordinate with the developers of IoT capabilities to ensure security is developed along with innovation.
We’ve also seen the need to help build a cybersecurity capacity in government and the private sector, and have taken proactive measures to develop and strengthen our own cybersecurity workforce:
- Booz Allen played a key role in the development of the NICE-supported National Cybersecurity Workforce Framework. The National Initiative for Cybersecurity Education (NICE) is a public-private partnership focused on developing a technologically skilled and cyber-savvy workforce to help meet the exponential growth in demand. The initiative is led by the National Institute of Standards and Technology, and includes partnerships with other government agencies and private companies.
- We not only helped to develop the NICE-supported National Cybersecurity Workforce Framework, but have been using it internally for five years.
- The framework provides a common taxonomy and lexicon to describe the cybersecurity workforce. It defines 32 specialty areas, their common tasks, required knowledge and skills, and specifies the necessary training and education. Although developed in part as a guide for federal workforce development, it can be a practical guide for any organization with cybersecurity priorities.
- Internally, Booz Allen has invested in the creation of a Cyber University where staff can gain access to training, certifications, information learning resources and academic programs to deepen their cybersecurity skills. This program was named Outstanding Training Initiative by Training Magazine in 2013 and has been instrumental in developing and retaining cybersecurity staff.
- Within our Cyber University we offer a CyberSIM program that takes a challenge-based approach to threat response. The training platform has proven so popular that our clients are wanting similar programs to recruit, retain, and retrain their own cybersecurity professionals.
The cyber landscape has changed dramatically over the last 15 years and continues to change at an ever increasing rate. The organizations that are most ready to excel in this new era are those that are agile; those that develop their people and those that adjust their processes to meet the hyper innovation of IoT, Mobile, and Cloud head on.