The finalists for WashingtonExec’s 2024 Pinnacle Awards were announced Sept. 20, and we’ll be highlighting some of them until the event takes place live, in-person Nov. 21.
Next is Donna Bennett, chief information security officer at the State Department, and finalist in the Government Cybersecurity Executive of the Year, category. Here, we highlight her recent achievements, career advice and more.
What key achievements did you have in 2024?
- Bennett oversaw the successful kick-off of the Zero-Trust Acceleration Program, which consisted of 10 TMF funded projects designed to improve the security for the identity pillar. The overall TMF project provided 100% validation of who is on the network, and what resources they are accessing, ultimately leading to greater visibility and security of the systems.
- Bennett directed the ZT working group, which allowed the agency to continue exceeding the NSC encryption and multifactor authentication 90% compliance standards, which helped mature and modernize the ZT capabilities while securing access to the Department systems.
- Bennett’s leadership led to a 25% increase in the Department’s FISMA score (from a C to an A) on Performance.gov. She helped improve the Department’s cybersecurity posture, by streamlining the reporting process for the Federal Cybersecurity Metrics Dashboard on Performance.gov, which allowed for real-time progress tracking.
- Bennett’s insight on the feasibility of new technology initiatives, including cybersecurity and architecture, advanced the Department’s Zero Trust (ZT) program.
- Bennett co-chaired the AI Governance Board and was instrumental in establishing its governance model.
- Bennett helped develop and issue the Department’s first Responsible Use and AI Risk Management Framework.
- Bennett participated in the successful release of the first Chatbot across the Department, which was used during the recent United State General Assembly (UNGA) meetings.
- Because of Bennett’s ability to brief the cybersecurity portfolio to Department Financial Managers at Workshops, OMB, and the Hill, there has been greater understanding and an increase in cyber spending across the Department. This led to the improvement of the Department’s cybersecurity posture based on the results of the Bureau scorecard.
- Bennett helped lead the federal government’s efforts in supply chain practices and registered 103 critical vendor attestation submissions.
- Bennett trained over 500 acquisition personnel in the field on the cybersecurity supply chain risk management policy, and expanded the C-SCRM program by training over 100 contractors.
- Bennett operationalized the supplier assessment program which resulted in over 1000 assessments and 175 rapid assessments that revealed enhanced risk suppliers to HVA systems, which allowed embassy posts to utilize local IT resources, saving the organization millions of dollars.
- Bennett provided technical subject matter expertise and leadership in identifying global cyber threats associated with NDAA 5502, which protects the nation’s assets from spyware. This work contributed to the development of the Anti-Spyware bill, which was signed into law.
- After conducting investigations of Department assets and vulnerabilities, Bennett overhauled the Department’s Vulnerability Disclosure Program (VDP) and mitigated 97% of the 500 Vulnerability Disclosure Reports (VDRs).
- Bennett established the Bug Bounty Program and created the AI Bounty Program. She enrolled four systems into the Bug Bounty Program and worked to enroll several public facing systems. Her work led to risk reduction, while providing insight into the security posture captured within the Department-wide Cyber Risk Registry.
- Under Bennett’s leadership, 12 bureau cyber assessments were completed, which resulted in the delivery of a Cyber Exposure Report that identified cyber risks before they could be exploited.
- Bennett worked with members of the CISO Council to identify cybersecurity priorities and goals for the next five years, and developed and published the annual Department’s enterprise cybersecurity strategic framework.
- Bennett’s efforts led to the downgrade of the Department’s Cybersecurity rating from a significant deficiency rating to a reportable condition rating.
What are your primary focus areas going forward, and why are those so important to the mission?
The focus for the future will likely be the continued development and implementation of the Zero Trust Architecture and Cyber Supply Chain Risk Management.
- The successful initial stages of this program point to the need to continue to strengthen security across all access points.
- Additionally, the need to recruit, train, and retain a strong cybersecurity workforce is also paramount to the continued success of this and other initiatives.
- The department’s mission is to advance the interests of the American people. Cybersecurity is an increasingly important component of that mission given the global nature of the threat landscape. A strong, secure network is essential to protect sensitive information and ensure the continuity of operations.
What is your best career advice for those who want to follow in your footsteps?
- Seek out mentors and build relationships
- Prioritize continuous learning
- Be a proactive leader
Fun Fact: What is something about you that most people do not know?
Bennett and her son and travel around the U.S. and attend WrestleMania every year.