Editor’s note: Brian Neely of AMERICAN SYSTEMS is the winner of the Chief Officer Awards Private Company CISO Award announced June 17.
On June 17, WashingtonExec will be virtually celebrating the most impactful and innovative C-suite executives in government and industry. These chief officers work in technology, security, data, operations, finance, business and more, excelling on both sides of the government contracting sector. Our team of judges have chosen the finalists for the inaugural Chief Officer Awards, so before we announce the winners during the event, we wanted to get to know the finalists a bit better. This Q&A series highlights their careers, successes, proud professional moments and notable risks.
Brian Neely is chief information officer and chief information security officer at AMERICAN SYSTEMS and a finalist in the Private Company CISO Award category.
What key achievements did you have in 2019?
It was a big one for us — our move to the cloud. Aside from our data and systems requiring very specialized handling, 2019 represented our full transition to the cloud. All data, applications and services are now fully cloud delivered. It was the culmination of a 5-year modernization strategy. In fact, our last on-premise data center was just shut down.
We have already seen better-than-expected cost savings and efficiencies, as well as a wealth of new capabilities. Most people think of the cloud with respect to efficiencies, collaboration and scale, but if you do it right, you can also attain significant gains in security, gains that you could never achieve with on-premise compute limitations.
The cloud enables truly elastic force multipliers like artificial intelligence, machine learning and on-demand hyperscaling. This move has brought the highest security and compliance posture that we have ever had. It’s highly secure and highly resilient.
This transition also allows for complete user “location independence,” which has proven to be fully transparent and seamless to both work and environmental changes, such as the widespread impact of the COVID-19 pandemic.
What has made you successful in your current role?
Being accountable. In business, as in life, you need to accept responsibility for your actions. Every action has a consequence, and it’s easy and natural to accept the responsibility for positive consequences, it’s not always easy to accept the responsibility for negative consequences. Accepting those negative consequences is being accountable.
Sometimes, it is hard for people to accept that they made a mistake; they tend to want to blame others, or the process, or the environment they are in and they don’t want to accept that they possibly made a bad choice. We don’t always make the right choices in life, and in the complex world of cyber, with sophisticated and pervasive threats, mistakes can be costly. You want to make those mistakes as small as possible, identify them quickly, learn from them and then move on — it’s the “fail fast” principle.
In the leadership role for today’s cybersecurity, there is no room for blaming others or for not correcting errors quickly, a leader needs to proactively search out mistakes and foster an atmosphere that is open, and supportive of others who do the same.
What was a turning point or inflection point in your career?
I joined the company as an engineer, working on strategic command and control and weapons platforms. I worked on several different Navy and Army programs, eventually ending up supporting our intelligence community. I previously had a cursory role supporting corporate mergers and acquisitions, but in 2003, I was asked to move to Atlanta to take the lead on the integration of a new software development company that we had recently acquired.
Having just emerged from the dot-come era, it was certainly a different culture when compared to our disciplined military heritage, growing out of the Navy’s Trident Submarine program. It was a great challenge, and I am glad that I was a part of it.
From that point on, I realized that I could play a more effective role in the organization by supporting a broader set of programs, and just two years later I was appointed as our company’s first-ever CTO.
What are you most proud of having been a part of in your current organization?
Our response to the tragedy of 9/11. It was a very challenging time for our country, and I was extremely proud of the way our company responded. The deadliest strike on American soil since Pearl Harbor was no time to have a diminished response capability arising from a potential incapacitating strike on the Pentagon.
At the time, AMERICAN SYSTEMS occupied a building located just across from the Pentagon, and it was re-purposed to establish a “command center” for getting critical military capability back online. The attack happened on a Tuesday, and we were able to have full classified and unclassified capability restored at an alternate location by that following Monday morning. Including full spectrum connectivity, mission support space and literally truckloads of computer power. Patriotism and dedication to the mission fueled many sleep-deprived days and nights of work.
The employee-owners of AMERICAN SYSTEMS pride themselves on helping keep the nation and its citizens safe.
Like me, several of our employee-owners received a presidential commendation for our role in this quick reaction and recovery effort. Playing a part in protecting the homeland certainly adds tremendously to the fulfillment, and when you love what you do, when you can take pride in what you do, that’s all the motivation you need.
What are your primary focuses areas going forward, and why are those so important to the future of the nation?
This one’s easy, one word: compliance. Our country has been ravaged by foreign, nation-state threat actors over the last decade. We’ve suffered a tremendous loss of critical R&D and intellectual capital. And, DOD has responded, and rightfully so, by imposing new, very stringent security controls to help mitigate these threats moving forward.
Like the rest of our industry, we must comply with these new mandates. As a trusted partner to DOD, I see our biggest priority as to not only meet, but exceed these new requirements. We have evolved from the 15 mandated security controls of the FAR and the 23 categories of the NIST Cyber Security Framework to the 110 requirements of NIST 800-171 under the DFARS 252 clause, and the potential dozens of additional requirements associated with protecting High Value Assets, plus, complying with standards like GDPR for employee privacy.
And now we have the Cybersecurity Maturity Model Certification. In order to compete for new awards moving forward, we are not only going to have to assure compliance, but also show proof of compliance… and now, be independently certified.
I have a great team surrounding me, and I have full confidence that we will be able to exceed the government’s expectation for both security and compliance. It should be a very busy 2020.