State Department's Streufert Moves to DHSHighly Regarded CISO New National Cybersecurity Division Director
At DHS, Streufert will continue to build an effective national cyberspace response system and implement a cyber-risk management program for the protection of critical infrastructure, such as dams and transportation, Mark Weatherford, Homeland Security deputy undersecretary for cybersecurity, said Friday in a blog. Streufert also will work to maintain and strengthen DHS's collaborations with public, private and international organizations to secure the nation's critical cyber infrastructure.
"John comes to DHS with a broad range of experience in cybersecurity and innovation," Weatherford said. "At the Department of State, he helped oversee its work to become the first agency to implement the Trusted Internet Connection initiative and the Einstein program, a cyber intrusion detection system."
Streufert's official title at State was deputy chief information officer for information assurance. Highly regarded among his colleagues in the federal IT community, former Air Force and Energy Chief Information Officer John Gilligan said Streufert understands how to balance security with other mission objectives.
Taking a CIO Perspective
"He's not single focused; security is not the only thing State Department's IT group is trying to achieve," Gilligan said in a 2009 profile on Streufert (see The Influencers: John Streufert). "He's taken a very practical approach. He's not just trying to follow the law or the guidelines that NIST has put out. He's trying to look how to do that in most cost effective way, sort of a CIO perspective on where I can get the most benefit."
Streufert has testified before Congress (see How the State Dept. Cut IT Risk by 90 Percent) and advised many in the government IT security community about implementation of the continuous monitoring for vulnerabilities of IT systems and a risk scoring system (Leaving FISMA in the Dust: A True Metric for IT Security) to judge how agency's subdivisions, such as embassies scattered around the globe, have effectively implemented security controls.
"What's unique about John Streufert is that he has demonstrated how to use enterprise visibility and enterprise scoring as a way of encouraging the highly distributed organizations in the State Department." Gilligan said. "There are lots of embassies that technically do not come under the direct control of CIO, yet by providing automated assessments and providing visibility and sending letters to the IT folks and ambassadors, saying this is your score and these are your problems, he's been able to make dramatic progress in terms of getting them to focus on these important security issues."
At DHS, Streufert replaces Nicole Dean, who's reportedly taking a job with Raytheon.
Streufert joined the State Department in July 2006 as CISO. He also served as co-leader of the interagency Federal Continuous Monitoring Working Group. Previously, he served as acting CIO at the Agency for International Development, where he began implementing some of the practices adopted at State. He also held technical jobs at the Federal Crop Insurance Corp.; Naval Shipyards and the Naval Sea Systems Command. In 2004, Streufert received the Distinguished Presidential Rank award and in 2005 he attained the highest IT security score of the federal government as assessed by Congress.
Syracuse University awarded Streufert a master's degree in public administration in 1985. He received his bachelor of arts degree from St. Olaf College in 1978.