Booz Allen IoT Panel
Chris Poulin, Principle BAH Dark Labs, Tom Graham, Team Lead, Sentar, Inc and Moderator Stan Lowe, BAH
Moderator Stan Lowe begins the conversation with explaining the verging topic, can be describe not as the internet of thing IoT but really internet of everything. “Everything is connected to the internet. We will talk about the security around that space.“ Chris Poulin describes as how we need a taxonomy. “When we look at these devices in the context of what its function is. An industrial control device has a different level of risk if you compare that to your refrigerator.”
Tom Graham discusses how he thinks it is possible to protect the internet of things. “Guidance for the developers has been developed from groups like IEEE and NIST and is getting us there. It isn’t a one guidance fits all but standards can require the data must be encrypted in transit”.
Chris states that asset inventory is the foundation. Tom Graham explains why governance is number one. “Governance speaks to the leadership to the organization. You have to have your leaders behind and understands what needs to be done. That create the framework for policies and procedures”.
Chris Poulin is Principal/Director in Booz Allen Hamilton’s Strategic Innovations Group, where he leads the Internet of Things security strategy in Booz Allen’s Dark Labs, as well as dabbles in Machine Intelligence. He joins BAH from IBM, where he led their X-Force research teams. Despite his recent roles in large enterprises, he has an entrepreneurial background, having founded, built and sold a boutique information security consulting firm, FireTower, Inc., and served as the Chief Security Office for Q1 Labs, a startup in the Security Intelligence space. Chris started his security career in the U.S. Air Force over 30 years ago, where he managed global networks and developed software for classified systems.
Mr. Tom Graham serves as the Lead for the DHA Mitigation and Remediation Support (MARS) Team for Sentar’s DHA Cyber Security work. Tom has 10 years direct experience in the Cyber Security and Information Assurance field covering cyber, health IT and security, HIPAA Compliance, policy, technical mitigations and configuration, and risk assurance domains. As the Lead for the MARS team, Tom facilitates one of the most dynamic and cross-functional teams under the DHA umbrella. They are tasked with addressing any area from a technical security standpoint that DISA/DHA prescribes. In addition to this, Tom has also served as a Senior Consultant in the Commercial Healthcare field. During this time, he performed NIST/COBIT based HIPAA assessments, served as a virtual CISO, and conducted training sessions for Executive level administration at multiple covered entities. Also, Tom has been an Information Assurance Officer for DISA, USN, and USMC programs covering multiple projects from inception to completion. Over the course of Tom’s career in IA/Cyber he has received official Naval Commendations and won the Captain Joan Dooling Award. He holds an MBA and MS in Technology from East Carolina University in addition to earning the Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (C|EH), and Fully Qualified Navy Validator (FQNV) designations, among others. Tom also is currently pursuing his PhD in Information Security and Assurance with a concentration on Healthcare Security.
Stan Lowe is an Executive Advisor with Booz Allen Hamilton providing strategic guidance and advice on cyber security strategies and issues facing the federal and private sectors. He assists in the development, organization and implementation of cyber security products and offerings to drive revenue growth.
Additionally he develops strategic partnerships with vendors and service providers to bring additional value to the firms public and private sector customers as well as engaging the cyber community to educate and discuss the firms abilities, strategies and offerings in the cyber security space. Prior to joining Booz Allen Hamilton Stan served as the U.S. Department of Veterans Affairs (VA) Deputy Assistant Secretary (DAS) for Information Security and Chief Information Security Officer (CISO). Where he led information security and privacy across VA’s vast network of more than 1.8 million devices, serving more than 600,000 VA system users. The VA Office of Information Security (OIS) works to prevent and mitigate the impact of any impending threats to VA’s IT infrastructure. Oversaw the management of VA’s Information Security Officers (ISOs), Cyber Security Program, Privacy Program, incident management and response capabilities, security operations, and business continuity efforts.
Prior to becoming the Deputy Assistant Secretary for OIS, Mr. Lowe was the Deputy Director of the Department of Defense (DoD)/VA Interagency Program Office (IPO). In his time working for the IPO, Mr. Lowe worked with the IPO Director to lead the DoD and VA in the development and implementation of Electronic Health Records and the Virtual Lifetime Electronic Record (VLER) Health systems, capabilities, and initiatives, which allow for full information interoperability between the departments to better serve Service members, Veterans, and other eligible beneficiaries. In concurrence with his role with the IPO, Mr. Lowe also served as the Senior Advisor to the Assistant Secretary for Information and Technology at VA. Before joining VA, Mr. Lowe served as Chief Information Officer of the Federal Trade Commission (FTC), joining as Deputy CIO for Management in 2006. Mr. Lowe’s public service record extends to the US Department of Interior in the Bureau of Land Management as Chief of the Information Security Policy and Training Branch (BLM). IoT Panel discusses the verging topic.