CISO: Evolution of a Vocation

From his humble beginnings as a homeless college dropout, Ron Baklarz went on to become an “overnight success” after sixteen years of night school. He spent thirty years in leading cybersecurity roles at iconic organizations such as the Naval Nuclear Program, the U.S. House of Representatives, and the American Red Cross. Along the way, he pursued professional certifications and received numerous awards that recognized his achievements in building “first of a kind” cybersecurity programs, often with limited resources and budgets. Baklarz holds an M.S. degree in Information Science and a Certificate of Advanced Study in Telecommunications, both from the University of Pittsburgh. He has also earned professional certifications in cyber forensics, CISSP, CISA, CISM, and the National Security Agency’s NSA-IAM and NSA-IEM certifications.

Part I - Foundations (1971 – 1981). Chapter 1.0 – Humble Beginnings. 1.1 EPIC Metals – 1971 - 1976. Part II - Learning Curve - Early CISO Positions. Chapter 2.0 - Westinghouse Plant Apparatus Division 1982 – 1996. 2.1 Westinghouse Plant Apparatus Division (WPAD) - Overview. 2.2 Field Change Analyst (FCA) 1982 - 1986. 2.3 Standard Logistics (SL). 2.4 Master’s Degree and Certificate of Advanced Studies (Telecommunications). 2.5 Office Automation. 2.6 Personal Computers. 2.7 Computer Security Site Manager (CSSM) 1986 - 1996. 2.8 Personal Computers (PCs). 2.9 TEMPEST (Codename). 2.10 Computer Viruses. 2.11 IBM Versus Apple. 2.12 Quality Circles. 2.13 Local Area Networking (LAN). 2.14 Physical Security Measures. 2.15 COMSEC Custodian. 2.16 Manager, Personal Computer, Local Area Network, and Security 1990 – 1992. 2.17 Manager, Logistics Systems Programming 1992 – 1996. 2.18 Naval Reactors - Secure Remote Area Network (SECRAN). 2.19 CD-ROM. 2.20 Onto the Next Adventure. 2.21 All Stars – WPAD. 2.22 Technology Advancements and Security Developments 1982 – 1996. Chapter 3.0 - United States House of Representatives 1996 – 1997. 3.1 U.S. House of Representatives – Overview. 3.2 Interview and Arrival. 3.3 Political Landscape. 3.4 FBI Email Investigation. 3.5 Telephone Hack. 3.6 Mainframe Test Data. 3.7 The Rogue Information Technology Manager. 3.8 Network Security. 3.9 House Computing Environment. 3.10 The Audits Continue. 3.11 HISPOLs and HISPUBs. 3.12 Top Secret Security Clearances. 3.13 President Clinton and the White House Visitor Logs. 3.14 Forum of Incident Response and Security Teams (FIRST). 3.15 Security Administrator Tool for Analyzing Networks (SATAN). 3.16 Other Cybersecurity Items. 3.17 Info World September 29, 1997. 3.18 Y2K. 3.19 Departure. 3.20 All-Stars - U.S. House of Representatives. 3.21 Technology Advancements and Security Developments 1997. Chapter 4.0 - Ernst & Young, LLP Washington DC 1997. 4.1 Ernst & Young, LLP - Overview. 4.2 Gallows Road, Virginia. 4.3 Veteran’s Administration (VA). 4.4 Banking Work. 4.5 Manufacturing Work. 4.6 Y2K. 4.7 Time to Go. 4.8 Technology Advancements and Security Developments 1998. Chapter 5.0 - Prudential Insurance Company of America 1998 – 2000. 5.1 Prudential – Overview. 5.2 Y2K. 5.3 Internet Security Systems (ISS). 5.4 Educational Opportunities. 5.5 Prudential Computer Emergency Response Team (PruCERT). 5.6 Security Operations Control Center (SOCC). 5.7 January 1, 2000. 5.8 Time to Go. 5.9 Technology Advancements and Security Developments 1999. Chapter 6.0 - Counterpane Internet Security 2000 – 2001. 6.1 Counterpane Internet Security - Overview. 6.2 And So It Begins. 6.3 Virginia SOC. 6.4 Competition. 6.5 Enough Already. 6.6 Technology Advancements and Security Developments 2001. Part III - The Complete CISO – Putting Experience into Practice. Chapter 7.0 - American Red Cross 2001 – 2005. 7.1 The American Red Cross (ARC) - Overview. 7.2 Organizational Culture and Complexity. 7.3 Management Turnover. 7.4 Context – Red Cross and Food and Drug Administration (FDA) Consent Decrees. 7.5 Getting Started – “Hands-On” CISO. 7.6 Memos and Issues - March 2001 through December 2001. 7.7 Memos and Issues - January 2002 through December 2002. 7.8 Memos and Issues - January 2003 through December 2003. 7.9 Memos and Issues - January 2004 through December 2004. 7.10 Memos and Issues - January 2005 through October 2005. 7.11 University of Virginia (UVA). 7.12 CISA and CISM. 7.13 All-Stars - American Red Cross. 7.14 Technology Enhancements and Security Developments 2002 – 2005. Chapter 8.0 - MedStar Health 2006 – 2008. 8.1 MedStar Health – Overview and Culture. 8.2 Memos and Issues - July 2006 – December 2006. 8.3 Memos and Issues - January 2007 – December 2007. 8.4 Memos and Issues - January 2008 – May 2008. 8.5 Time To Go. 8.6 All Star - MedStar Health. 8.7 Technology Advancements and Security Developments 2006 - 2008. Chapter 9.0 - The National Passenger Railroad – Amtrak 2008 – 2017. 9.1 Amtrak – Overview. 9.2 Payment Card Industry – Data Security Standard (PCI-DSS). 9.3 Shadow IT (Information Technology). 9.4 Association of American Railroads (AAR) Rail Industry Security Committee (RISC). 9.5 Memos and Issues - May 2008 – December 2008. 9.6 Memos and Issues - January 2009 - December 2009. 9.7 Memos and Issues - January 2010 – December 2010. 9.8 Memos and Issues - January 2011 – December 2011. 9.9 Memos and Issues - January 2012 – December 2012. 9.10 Memos and Issues - January 2013 – December 2013. 9.11 Memos and Issues - January 2014 – December 2014. 9.12 Memos and Issues - January 2015 – December 2015. 9.13 Memos and Issues - January 2016 – December 2016. 9.14 FY 16 Putting It All Together. 9.15 FBI CISO Academy. 9.16 Retirement. 9.17 All-Stars Amtrak. 9.18 Technology Advancements and Security Developments 2008 - 2017. Chapter 10.0 – CISO: Evolution of a Vocation. 10.1 The Early Years (1950 – 1970). 10.2 Middle Years (1970 – 2000). 10.3 Later Years (2000 – Present). 10.4 The Future – Cybersecurity and the CISO. Appendices. Appendix A - IS Audit & Control Journal. Appendix B- Prudential’s First Quarter 1999 Business Value Award (BVA). Appendix C – Sample Customer Service Advisory. Appendix D – Amtrak National Network. Appendix E – Perspective Security Analyst Questionnaire. Appendix F – EC Council Press Release – CCISO of the Year Ron Baklarz. Subject Index.