The finalists for WashingtonExec’s 2023 Pinnacle Awards were announced Sept. 25, and we’ll be highlighting some of them until the event takes place live, in-person Nov. 16.
Next is Bo Berlas, the chief information security officer at the General Services Administration, and finalist in the Government Cybersecurity Executive of the Year category. Here, he shares key achievements and what has made him successful in his current role.
What key achievements did you have in 2023?
GSA’s cybersecurity program is focused on innovation, resilience, and driving down risks, all built around the principles of enterprise shared service: One GSA, One Cyber. In FY23, GSA remained resilient while delivering a secure and compliant program to enable GSA’s mission. Our incremental shift-left security model is aligned with the President’s Executive Order for Improving the Nation’s Cybersecurity focused on Zero Trust and OMB M-22-09, Federal Zero Trust Strategy.
Leveraging an FY22 Technology Modernization Fund award, we continue to further our zero trust architecture goals. Key FY23 accomplishments include:
- Fully deployed Secure Access Service Edge, which eliminated the need for VPN, and allowed GSA to switch from MTIPS to raw internet connectivity. This resulted in significant cost efficiencies and improved user experience, all while reducing GSA’s attack surface and furthering Zero Trust goals.
- Fully integrated with CISA shared services.
- Achieved microsegmentation for GSA buildings to further secure Operational Technology/Internet of Things devices supporting building operations.
- Executed C-SCRM program capabilities to identify counterfeit, compromised, or prohibited vendor devices; AND, identified critical vendor risks using supplier illumination tools, and incorporated C-SCRM reviews in the pre-award phase of acquisitions.
- Procured a cloud-based identity and access management solution for authentication and identity governance to further our zero trust goals, including support for more secure phishing-resistant authentication options. Additionally, GSA was among the first agencies to successfully integrate its Continuous Diagnostics and Mitigation (CDM) Dashboard with the CISA’s CDM Federal Dashboard, meeting all requirements for BOD 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks.
What has made you successful in your current role?
Our MISSION, VISION, and TEAM. Government service is centered on mission, and ours is an important one to deliver to the American people. We execute to a clear vision, through a detailed implementation plan, in alignment with the administration’s zero trust architecture goals. We assembled a team of talented IT and cybersecurity professionals, and continually work to improve by attracting, retaining, and upskilling.
In this way, we ensure our ability to successfully thwart the increasingly sophisticated and persistent cyber threat challenges we face.