2016_HSA_Yrbk_YUMPU_r2___

The GSN 

2016 Digital Yearbook 

OF 

Homeland Security 

Awards

The GSN 2016 Homeland Security Awards

The GSN 2016 Homeland Security Awards 

Chuck Brooks, the Distinguished Judge of 

GSN’s 2016 Homeland Security Awards, agrees with 

the analysts now saying say that we are heading 

for a Fourth Industrial Revolution 

GSN: Chuck, thank you again for judging our 

most recent and very successful awards event. 

It was my real pleasure. Each year I am more 

and more impressed with the capabilities of the 

company submissions for best solutions. They 

are all top notch and at the innovative edge 

of security technologies. It also reassuring to 

review many of the new technologies being utilized 

across the physical and cyber spectrums 

for securing the homeland. 

GSN: Speaking of technologies, much is 

happening in the world emerging technologies. 

What are your quick thoughts as a subject 

matter expert on our new tech era? 

In my role of Chairman of CompTIA’s New and 

Emerging Technology Committee I get a window 

on what advancement is 

happening in both the public 

and private sectors. Many 

analysts are now saying we 

are entering a Fourth Industrial 

Revolution. I concur, 

these emerging technologies Chuck Brooks 

are already impacting how 

we live and work. With the advent of artificial 

intelligence, robotics, quantum computing, the 

Internet of Things, augmented reality, materials 

science, 3-D Printing, and data analytics the 

near future will be really exciting. We are living 

in an era where innovation, agility and imagination 

are all essential in order to keep pace 

with exponential technological transformation 

taking place. It is easy to imagine potential 

applications for new technologies. For example 

4

some of the applied verticals in homeland security 

where I see emerging technologies applied 

in the next few years include: 

• Enhanced Surveillance (chemical and bio 

sensors, cameras, drones) 

• Improved facial recognition and License 

plate readers 

• New Non-lethal technologies 

• Counter terrorism and law enforcement 

informatics via predictive analytics and 

artificial intelligence 

• Advanced Forensics via materials science 

and supercomputing 

• Interoperable communications, 

geo-fencing, and situational awareness 

• Biometrics: assured identity security 

screening by bio-signature: Every aspect 

of your physiology can be used as a 

bio-signature. Measure unique heart/pulse 

rates, electrocardiogram sensor, blood 

oximetry, skin temperature 

• Automated cybersecurity and information 

assurance 

• Robotic Policing 

That is my own future homeland security short 

list. However, even with new and exciting 

emerging technologies in the pipeline the new 

digital landscape of connectivity also brings 

a new and wide array of vulnerabilities and 

threats. 

GSN: What vulnerabilities and threats do you see 

associated with these new technologies and 

what will be government’s role in mitigating the 

threats? 

There is a security component to almost anything 

technology related. The connectivity of 

technologies, especially to the internet, makes 

everyone and everything a target of cyber intrusion. 

A good example is the Internet of Things 

(IoT). IOT refers to the emerging connectivity 

of embedded devices to the Internet. It is 

estimated that there will be as between 25 to 

65 billon connected Internet devices by 2020 

(depending on who you cite). The commercial 

and governmental IOT “landscape of sensors” 

is becoming more exponential and complex by 

the moment. Cybersecurity for the connected 

IP enabled smart devices, from phishing, malware, 

ransomware, and denial of service attacks 

Continued on next page 

5


is becoming more of a priority with each passing 

day. The breaches are already happening in 

both the public and private sectors. 

GSN: What are your thoughts on the incoming 

Administration on homeland security issues? 

I think that the appointment of General John 

Kelly at DHS is an excellent one. He has the 

integrity, dedication, and amazing leadership 

skills need for the role of Secretary of Homeland 

Security. He has always been admire by 

those who serve under him and I know he 

will be well received by the law enforcement 

community. I like the fact that he has stressed 

cybersecurity and protecting the electric grid 

during his confirmation hearings. Also, the appointments 

of Tom Bossert as Homeland Security 

Advisor and former Mayor Rudy Giuliani 

to bring in expertise from the private sector on 

cyber tech and applications bodes well. 

In terms of across government mitigation efforts, 

cybersecurity continues to be a lead focus 

in the Department of Homeland Security’s 

(DHS) growing role as the leading civilian agency 

for protecting government agency networks 

and in coordinating and collaborating with the 

private sector. The Department of Homeland 

Security (DHS) is likely to continue to expand 

that role in the new Administration. 

Lt. Gen. H. R. McMaster, President Trump’s 

choice for national security adviser, is seasoned 

with a strong expertise on national security 

threats. On the Department of Defense (DOD) 

Community side, General James Mattis, who 

brings 41-years of Marine Corps experience, 

is another excellent appointment. He simply 

gets things done and he will provide exceptional 

leadership and resources, especially for 

the warfighter. I also like the appointments of 

Retired Senator Dan Coats of Indiana as Director 

of National Intelligence, and Congressman 

Mike Pompeo as Director of the CIA. Both are 

respected by their colleagues and have deep 

legislative oversight experience on national 

security issues. They bring the necessary leadership 

qualities to meet geopolitical challenges 

that require sharing of information, threat intelligence, 

technologies, and working with multiagency 

task forces. 

Although parameters and specifics of the mis- 

6

sions at DOD and in the Intelligence communities 

differ from DHS, there still needs to be a 

collaborative effort for protecting the homeland 

domestically and abroad, especially with 

cybersecurity. I think that the new Administration 

has assembled a very strong and capable 

security leadership team. 

GSN: Can you update us on your social media 

and thought leadership activities? 

Yes, last year I was selected by LinkedIn as 

“One of the Top 5 People to Follow On LinkedIn” 

by LinkedIn (I was named #2). I now 

have around 32,000 first degree followers on 

LinkedIn and manage or own 12 LI groups 

(mostly dealing with tech and security issues). I 

am also active on Twitter nearing 4,500 followers 

(please follow me @ChuckDBrooks) and 

on Facebook. As you all know, social media 

has become part of the digital fabric of how we 

communicate, operate, and conduct business 

in and out of government. 

In the recent months I have published over 100 

articles blogs. My topic areas have included 

homeland security, cyber security, defense, 

CBRNE, IT, R & D, science & technology, 

public/private partnerships, IoT, innovation. 

In addition to Government Security News, I 

have been published in FORBES, Huffington 

Post, InformationWeek, MIT Sloan Blog, Computerworld, 

Federal Times, NextGov, Cygnus 

Security Media, Homeland Security Today, 

The Hill, Biometric Update, CIO Water Cooler, 

Government Executive, Bizcatalyst360, Brink, 

IT Security Planet, Christian Science Monitor, 

and others. 

I have also been very active on the speaking 

circuit at a variety of conferences and events 

at Universities and forums over the past year. 

A couple of highlight; a few months back I 

presented at a workshop sponsored by The 

National Academies of Sciences, Engineering, 

and Medicine and the Federal Bureau of 

Investigation on Securing Life Sciences Data. 

I also spoke at George Washington University 

event about the Cyber Threat Spectrum along 

with co-panelists John Perren, former Assistant 

Director, FBI’s Weapons of Mass Destruction 

Directorate, and Lieutenant Colonel Scott 

Applegate, Strategic Planner, J5, Cyber Policy 


7


Division, Joint Chiefs of Staff. I will be participating 

soon at USTRANSCOM Senior Leader 

Cyber Security Roundtable that will include 

Admiral Michael S. Rogers, who serves as the 

U.S. Cyber Commander, Director of the National 

Security Agency, and Chief of the Central 

Security Service. 

As always, thank you for speaking to me and 

letting me share my perspectives. GSN serves 

as an excellent media resource for all those 

active in the homeland security, cybersecurity, 

and national security fields. I strongly encourage 

others to become regular readers of your 

publication online and in print. 

About Chuck: Chuck Brooks is Vice President 

of Government Relations & Marketing for 

Sutherland Government Solutions. He has an 

extensive policy and technology background 

both in the public and private sectors. In government, 

Chuck has served at The Department 

of Homeland Security (DHS) in legislative 

leadership roles at The Science & Technology 

Directorate, the Domestic Nuclear Defense 

Organization, and FEMA (on detail during 

Hurricane Katrina). He served as a top Advisor 

to the late Senator Arlen Specter on Capitol 

Hill covering security and technology issues 

on Capitol Hill. He currently serves as subject 

Matter Expert to The Homeland Defense and 

Security Information Analysis Center (HDIAC), 

a Department of Defense (DOD) sponsored 

organization through the Defense Technical 

Information Center (DTIC). He also served in 

law enforcement as an Auxiliary Police Officer 

for Arlington, Virginia. In industry, Chuck was 

a Technology Partner Advisor to the Bill and 

Melinda Gates Foundation and he currently sits 

on the advisory boards of several corporations 

and organizations involved in cybersecurity and 

homeland security, including the Safe America 

8

Foundation. In academia, Chuck was an Adjunct 

Faculty Member at Johns Hopkins University 

where he taught a graduate course on 

homeland security for two years. He has an MA 

in International relations from the University of 

Chicago, a BA in Political Science from DePauw 

University, and a Certificate in International 

Law from The Hague Academy of International 

Law. Chuck is well recognized as a thought 

leader and subject matter expert on Cybersecurity, 

homeland security, and emerging technologies. 

In 2016, he was named “Cybersecurity 

Marketer of the Year by the Cybersecurity 

Excellence Awards. LinkedIn named Chuck 

as one of “The Top 5 Tech People to Follow 

on LinkedIn” out of their 450 million members. 

Chuck has published dozens of articles 

in publications such as Forbes, Federal Times, 

Computer World, The Hill, Huffington Post, 

Government Technology, InformationWeek, 

and of course Government Security News on 

the technology and security topics. He is also 

a select “Passcode Influencer” for the Christian 

Science Monitor on information security issues. 

Chuck is a frequent speaker at conferences and 

events and his professional industry affiliations 

include being the Chairman of CompTIA’s New 

and Emerging Technology Committee, and as a 

member of The AFCEA Cybersecurity Committee. 

Chuck has also served as a judge for five 

Government Security News industry homeland 

security awards events. 

9


Category #1: Vendors of IT and Cybersecurity Products and Solutions 

Judging in this category is based on a combination of: 

• Increase in client organization’s security 

• Technological innovation or improvement 

• Filling a recognized government IT security need 

• Flexibility of solution to meet current and future organizational needs 

Best User & Entity Behavior 

Analytics (UEBA) Solution 

Amplivox - Finalist 

Identive - Finalist 

Inmarsat - Winner 

FLIR - Finalist 

Rave Mobile Security – Finalist 

Gurucul - Winner 

Best Industrial 

Cybersecurity Solution 

Aperio - Winner 

Claroty - Finalist 

Darktrace - Winner 

Indegy - Winner 

Best Application Security Solution 

Waratec - Winner 

Best Multifactor Authentication Solution 

No entries 

10 

Best Anti-Malware Solution 

Blue Ridge - Winner 

Bromium - Winner 

Passages - Finalist 

Best Identity Management Platform 

Centrify - Winner 

Forum Systems - Finalist 

HID Global - Winner 

Best Enterprise File Solution 

No entries 

Best Compliance/Vulnerability 

Assessment Solution 

Netwrix Corporation - Finalist 

Risk Vision - Finalist 

Solar Winds - Winner 

Wombat - Finalist

Best Cyber Operational Risk Intelligence 

Red Seal - Winner 

Best Data Security/Loss Management Solution 

Spiron - Winner 

Best Email Security and Integrity Solution 

Wombat Security Technologies - Winner 

Best Endpoint Detection and Response Solution 

Bromium - Winner 

illusive networks - Winner 

Tychon - Finalist 

Best Forensic Software 

No Entries 

Best Big Data Analytics Solution 

Securiport - Winner 

Best Threat Intelligence Solution 

Securiport - Winner 

ViaSat - Finalist 

Best Network Security/Enterprise Firewall 

Forcepoint - Winner 

ViaSat – Finalist 

Best Physical Logical Privileged 

Access Management Solution 

Beyond Trust - Winner 

Centrify Corporation - Finalist 

EKUSA - Finalist 

Forum Systems - Finalist 

Identive - Winner 

Best Continuous Monitoring 

and Mitigation Solution 

Cyber Ark – Winner 

Darktrace - Winner 

Netwrix - Finalist 

Passages - Finalist 

Securiport - Finalist 

Solar Winds Worldwide - Finalist 

Best Security Incident & Event 

Management (SIEM) Solution 

Cyber Ark - Finalist 

Netwrix - Winner 

Solar Winds Worldwide - Winner 

Best Security Infrastructure Orchestration 

Phantom - Winner 

Best Server Security Solution 

BlueRidge - Winner 

11

GSN 2016 DIGITAL YEARBOOK OF HOMELAND SECURITY AWARDS RECIPIENTS 

2016 

Vendors of IT and Cybersecurity Products and Solutions 

Indegy 

2016 Winner 

Awards Category: 

–––––––––––––––––––––––––––––––––––––––– 

Best Industrial Cybersecurity Solution 

Reason this entry deserves to win: 

–––––––––––––––––––––––––––––––––––––––– 

Indegy has developed a cyber security platform that 

protects Industrial Control Systems (ICS)/ SCADA used 

in critical infrastructures (energy, water utilities, petrochemical 

plants, manufacturing facilities, etc.) by providing 

comprehensive visibility into the control-plane 

engineering activities of Operational Technology (OT) 

networks. 

By detecting unauthorized access and logic changes 

made to process controllers like PLCs, RTUs and DCS 

that are used to manage the lifecycle of industrial processes, 

Indegy identifies threats that place the safety, 

reliability and security of ICS systems at risk. Indegy provides 

advanced protection against cyber attacks, insider 

threats and human error. 

Contrary to popular belief, it is not difficult to attack 

ICS networks. Any second year engineering student with 

a basic understanding of industrial control systems has 

the requisite knowledge. 

However, while easy to attack, ICS networks are 

difficult to defend. First, ICS networks are inherently 

different than IT environments. They were designed 

and implemented decades ago, before the cyber threat 

existed, and therefore lack basic security mechanisms 

found in IT networks, such as authentication, encryption 

or logging capabilities. Many are poorly protected 

by “Air Gaps”, which are meaningless in today’s Internetconnected 

environments. 

Second, ICS devices and applications are rarely 

patched due to concerns over stability, disruptions and 

production downtime. 

Third, the communications in ICS networks are very 

different that those in IT networks. While application 

data and physical measurements are communicated 

over known and standardized industrial protocols like 

12

Link to Web Page of Nominated Organization: 

–––––––––––––––––––––––––––––––––––––––– 

http://www.indegy.com/ 

Link to additional information: 

–––––––––––––––––––––––––––––––––––––––– 

A short video depicting the technology: 

https://www.youtube.com/watch?v=xsK-1XnUVr4 

MODBUS, PROFINET, DNP3 and others, engineering 

activities used for programing PLCs, RTUs and DCSs are 

carried over proprietary, vendor-specific, and largely 

undocumented protocols. This includes all controller 

logic updates, configuration changes and firmware 

uploads/downloads, use vendor-specific protocols. If we 

would compare it to IT networks, these activities would 

be called privileged activities. Only that in ICS networks 

there are no controls to restrict these activities to privileged 

users or monitor them. 

Current IT cyber security solutions do not have the 

appropriate technology to monitor these proprietary 

vendor specific protocols and the engineering activities 

that can indicate cyber attacks, identify malicious insiders 

or detect human error. 

The Indegy Industrial Cyber Security Platform is natively 

designed for ICS networks and is the only cyber 

security platform capable of providing comprehensive 

visibility into the control-plane engineering activities of 

OT networks, covering both network activity and direct 

physical access to critical assets. As a result of extensive 

research by Indegy’s R&D labs, the depth of the 

platform’s deep packet inspection (DPI) engine and its 

ability to parse in real-time all engineering-level activi- 


“Attacks on industrial control and supervisory control and data 

acquisition (SCADA) systems is a continuing problem hanging 

over critical infrastructure like power grids and water supplies. 

Its appliances protect deployed SCADA devices that may be too 

numerous to replace with more secure ones. By monitoring to 

find alterations in the control planes of SCADA devices Indegy 

can discover potential changes to their programmable logic 

controllers that may indicate attacks. This can help discover 

threats before they are carried out to older systems lacking 

defenses.” – Tim Greene, Senior Editor, Network World 

http://www.networkworld.com/article/3080097/security/hot-security-startups-to-watch.html 

In Dark Reading, Indegy CEO Barak Perelman explains the 

threats to critical infrastructure, “And Now, A Cyber Arms Race 

Towards Critical Infrastructure Attacks” 

http://www.darkreading.com/attacks-breaches/andnow-a-cyber-arms-race-towards-critical-infrastructure-attacks/a/d-id/1323225? 

Nominating contact for this entry: 

–––––––––––––––––––––––––––––––––––––––– 

Marc Gendron, President 

Marc Gendron Public Relations 

office: 781-237-0341 

cell: 617-877-7480 

Nominating contact email address: 

–––––––––––––––––––––––––––––––––––––––– 

marc@mgpr.net 

Nominating organization address: 

–––––––––––––––––––––––––––––––––––––––– 


190 Lower County Road 

W. Harwich, MA 02671 

13

ties carried over proprietary control-plane protocols 

is unavailable from any other industrial cyber security 

solution on the market. 

Indegy monitors all ICS network activity with a 

unique focus on proprietary control-plane protocols, 

and provides critical real-time visibility into controller 

logic changes, configuration changes, firmware uploads 

and downloads and controller state. The Indegy platform 

enables ICS engineers and security staff to quickly 

pinpoint the source of problems with details about the 

who, what, when, where and how. It enable effective 

response to incidents before damage occurs and minimizes 

operational disruptions. 

Further, the Indegy platform’s ability to automatically 

detect assets in the ICS network and capture a full image 

of those devices enables it not only to monitor their 

integrity but also supports backup and recovery, allowing 

security staff to quickly restore problematic devices 

and shorten recovery time. The Indegy industrial cyber 

security platform is non-intrusive, agentless, and its DPI 

captures all proprietary, vendor specific control-plane 

activity, including access to controllers (PLCs, RTUS, 

DCSs) or changes in controller state, logic, configuration 

settings, firmware uploads/downloads, etc. To eliminate 

cyber security blind spots, Indegy detects all ICS 

changes, regardless of whether they are performed over 

the network or directly on the physical devices. 

The Indegy platform generates policy-based real-time 

security alerts that allow ICS engineers and security staff 

to quickly pinpoint the source of problems and effectively 

respond to prevent operational disruptions and 

physical damage that could occur from cyber attacks, insider 

threats and human error. Indegy includes built-in 

applications for automated asset management, configuration 

control, policy enforcement, risk analysis. 

For the first time in industrial networks, Indegy provides 

OT administrators with a long-desired, comprehensive 

audit trail. The platform automatically discovers 

all controllers and devices on ICS networks and 

routinely validates their integrity ensuring no logic, 

firmware version and configuration to identify any 

unauthorized or unintended changes take place. It is 

delivered as a turn-key network appliance, and supports 

seamless integration with third party software 

including SIEM, configuration management databases 

(CMDB) and other applications through an easy to use 

RESTFul API. 

Indegy combines a unique mix of cyber-security 

expertise with hands-on industrial control knowledge. 

The company’s leadership and R&D team consists of 

veterans from the Talpiot military academic program 

and the elite 8200 intelligence unit of the Israel Defence 

Forces. This background and expertise is the 

foundation on which Indegy delivers cutting edge 

technologies for securing ICS environments. 

Indegy announced the general availability of its 

industrial cyber security platform in February 2016. 

It currently has customers in the US, Europe and 

Israel (where its R&D lab is based) and the product is 

deployed in live production environments. Indegy’s 

customers include a number of critical infrastructure 

utilities (power, gas, water), a global pharmaceutical 

firm, a petrochemical plant, a Fortune 50 technology 

manufacturer, and more. 

Indeg y has already received several awards: 

• Best Next Gen ICS/SCADA Security Solution 

from Cyber Defense Magazine 

• 2016 TiE50 Winner, one of the 10 Most 

Promising Cyber Security Startups by 

Forbes Israel 

• Network World Hot Security Startup to Watch 

14

15




Beyond Trust 



–––––––––––––––––––––––––––––––––––––––– 

Best Privileged Access Management Solution 


–––––––––––––––––––––––––––––––––––––––– 

Retina CS Enterprise Vulnerability Management 

With its actionable reporting capabilities, advanced 

threat analytics, centralized data warehouse, zero-gap 

coverage, and tight integrations with 3rd party solutions, 

Retina’s results-driven architecture works with 

government users to proactively discover what’s connected 

to their networks, put context around what 

systems and applications are most at risk, streamline 

remediation, track threats over time, and communicate 

progress to various stakeholders across their agencies. 

The following is just a sample of the key capabilities 

offered by Retina CS: 

Threat and Behavioral Analytics: 

• Correlates privilege, vulnerability and threat data 

from a variety of BeyondTrust and third-party 

solutions 

• Aggregate users and asset data to centrally base 

line and track behavior 

• Assign threat levels to events from various 

BeyondTrust and 3rd party data sources, based on 

scoring, malware, exploit research, exploit data 

bases, exploitability indices, CVSS, and more 

• Measure the velocity of asset changes to flag 

in-progress threats 

• Isolate users and assets exhibiting deviant 

behavior and report on outliers and risks 

Actionable Reporting: 

• Over 270 standard reports and pivot grid 

capabilities for custom reports 

• Maps vulnerabilities and misconfigurations to 

DISA Gold Disk, FDCC, NIST, USGCB, and many 

16

more regulatory frameworks 

• Risk Matrices and Heat Maps pinpoint vulnerabili 

ties with known exploits in the wild 

• Threat Analyzers measure remediation results 

before you do the work 

• Vulnerability and Compliance Scorecards and 

SLAs measure remediation and mitigation 

response times in the context of business risk 

BeyondInsight Risk Management Platform: 

• Reporting and analytics engine for Retina CS, 

provides a single, contextual lens through which 

to view user and asset risk 

• Group, assess, & report on assets by OS, domain, 

applications, function, vulnerabilities, and more 

• Built-in workflow, ticketing, and notification 

• Dozens of certified integrations with SIEM, 

GRC, NMS solutions, and more 

• Correlates McAfee, Qualys, Rapid7, 

Tenable, and Tripwire vulnerability 

scan data 

Vulnerability and Privilege Integration: 

• Control application access based on its 

known vulnerabilities, as well as their age, 

potential risk, and impact on regulatory 

compliance 

• Use application usage information to help 

prioritize which vulnerabilities to focus on 

Vulnerability Assessment: 

• Smart Credentials automatically scan targets using 

the highest level privilege credentials 

• Host-Based scanning closes security gaps 

created by cloud and virtual environments, and 

mobile devices 

• Cloud/Virtual scanning of Amazon, Azure, 

Hyper-V, VMware, and more. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.beyondtrust.com/ 


–––––––––––––––––––––––––––––––––––––––– 

ttps://www.beyondtrust.com/wp-content/uploads/ 

ds-retina-cs.pdf?1453837501 


–––––––––––––––––––––––––––––––––––––––– 

Mike Bradshaw, Partner 

Connect Marketing 

office: 801-373-7888 


–––––––––––––––––––––––––––––––––––––––– 


881 W. State Street 

Pleasant Grove, UT 84062 

BeyondTrust is proud of the fact that hundreds 

of U.S. Federal departments and agencies rely daily 

on Retina CS and are honored to have been selected by 

the Department of Homeland Security CDM program as 

its Vulnerability Management solution. BeyondTrust’s 

commitment to serving the U.S. government, and 

government-related organizations, starts with its compliance 

support for strategic cybersecurity mandates such 

as FISMA, CSIP, and the DoD Cybersecurity Culture and 

Compliance Initiative. This also includes the continuous 

monitoring and command and control capabilities made 

possible by Retina CS and its BeyondInsight platform, 

delivering unsurpassed analytics and intelligence to its 

end users. 

17




Phantom 



–––––––––––––––––––––––––––––––––––––––– 

Best Security Infrastructure Orchestration 


–––––––––––––––––––––––––––––––––––––––– 

Recent research shows cyber teams struggle to identify 

and manage security alerts where remediation times 

may require hours of analysts’ time on teams already 

strapped for talent and resources. 

Organizations like the Department of Homeland Security 

and NSA talk of environments with security traffic 

exceeding 1 billion alerts per day - even after reducing 

the load to 1 million alerts per day with correlation and 

other tools, more than 20,000 human analysts would be 

needed to respond. 

Automation and orchestration solutions for incident 

response and threat defense operations are quickly 

emerging as “must have” technologies to increase 

response effectiveness, reduce costs, and ultimately 

achieve cyber resiliency. 

Phantom, the first company to provide an open, extensible, 

and community-powered security automation 

and orchestration platform, has extended its lead since 

entering the market and being named RSA Conference 

2016’s Most Innovative Startup earlier this year. 

The Phantom platform executes digital playbooks 

to automate and orchestrate the security technologies 

organizations already have in place. This layer of “connective 

tissue” allows users to achieve in seconds what 

would normally take hours to accomplish with the 

dozens of independent point products in their environment. 

As further validation of Phantom’s leadership, In-Q- 

Tel made a strategic investment earlier this year, and 

SINET tapped Phantom as one of the most innovative 

security technologies for 2016. 

Phantom is actively involved in the Federal research 

community with projects like Integrated Adaptive Cyber 

Defense (IACD) along with the Department of Home- 

18

land Security (DHS), the National Security Agency’s Information 

Assurance Directorate (NSA/IAD), and Johns 

Hopkins University Applied Physics Lab (JHU/APL). 

IACD is a project intended to “radically shift the mentality 

and status quo in cyber defense to secure integration 

and automation to enable faster response times and 

increase community prevention.” 

Phantom also participates in the OpenC2 Forum 

chaired by the NSA, which is a group working to develop 

a reference architecture that addresses issues pertaining 

to security automation command and control. 

Booz Allen Hamilton and Phantom have formed a 

strategic alliance, fusing Booz Allen’s decades of mission 

intelligence and deep expertise architecting and implementing 

cyber solutions, with Phantom’s leading security 

automation and orchestration technology platform. 

Booz Allen delivers its significant cyber knowledge 

and proven security operations plans by crafting automation 

playbooks for use on Phantom’s platform, incorporating 

best practices in Cyber Threat Intelligence, 

Incident Response, and Security Operations. These playbooks, 

which codify security and business processes, 

help leaders break down common organizational siloes 

that inhibit collaboration and prevent rapid containment 

and resolution of cyber events. The playbooks are 

based on Booz Allen’s expertise and decades of defense 

and intelligence work with the federal government. 

In sum, Phantom is solving one of the biggest challenges 

facing the security community today and has 

been recognized for leadership and innovation in this 

emerging market on several occasions. Their commitment 

to federal cybersecurity community though 

projects like the IACD and OpenC2 Forum, plus their 

partnership with leading firms like Booz Allen Hamilton, 

make Phantom an ideal choice for GSN’s Annual Homeland 

Security Awards. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.phantom.us/ 


–––––––––––––––––––––––––––––––––––––––– 

Booz Allen & Phantom Strategic Partnership Announcement: 

http://www.boozallen.com/media-center/pressreleases/2016/10/automation-enables-cyber-threatmitigationat-machine-speed--pro 

SINET Announces Phantom as One of Most Innovative Security 

Technologies in 2016: 

http://www.businesswire.com/news/ 

home/20160919006353/en/SINET-Announces-16-Innovative-Cybersecurity-Technologies-2016 

In-Q-Tel Announces Strategic Investment in Phantom: 


home/20160426005147/en 

Phantom Named “RSA® Conference 2016’s Most Innovative 

Startup: 


home/20160301005926/en/Phantom-Named- 

%E2%80%9CRSA%C2%AEConference- 

2016%E2%80%99s-Innovative-Startup%E2%80%9D 


–––––––––––––––––––––––––––––––––––––––– 

Manpreet Mattu, Director Strategic Ventures 

Booz Allen Hamilton 

office: 732-718-9812 


–––––––––––––––––––––––––––––––––––––––– 

Booz Allen Hamilton 

8283 Greensboro Dr. 

McLean, VA 22102 

19




Centrify Corporation 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

The Centrify Identity Platform protects against the 

leading point of attack used in data breaches — compromised 

credentials — by securing an organization’s 

internal and external users as well as its privileged accounts. 

Centrify delivers stronger security, continuous 

compliance and enhanced user productivity through 

single sign-on, multi-factor authentication (MFA), mobile 

and Mac management, privileged access security and 

session monitoring. 

Centrify offers derived credential authentication 

support for secure mobile access to apps, websites and 

services that require smart card authentication, opening 

the door to full mobility for state and federal government. 

Derived credentials allow common access card 

(CAC) and personal identity verification (PIV) based 

authentication via mobile devices, without requiring 

cumbersome, dedicated smart card readers. 

Centrify also helps federal organizations comply with 

a myriad of regulations. Centrify provides demonstrable 

compliance to Federal Information Security Management 

Act (FISMA) and best-practice guidance from 

agencies such as the Office of Management and Budget 

(OMB) and the National Institute of Standards and Technology 

(NIST). Below is a list of the federal regulations 

Centrify helps government agencies to address: 

• FISMA 

• HSPD-12 

• NIST-800 Series 

• OMB 

• PCI-DSS 

• HIPAA 

• CDM 

20


–––––––––––––––––––––––––––––––––––––––– 

https://www.centrify.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Centrify Identity Platform: 

https://www.centrify.com/why-centrify/centrify-identity-platform/ 

Centrify Solutions for Federal Regulatory Compliance: 

https://www.centrify.com/solutions/federal-compliance/regulatory-compliance/ 

Additionally, Centrify leverages existing infrastructure to 

centrally secure and audit heterogeneous systems and 

applications. With a single point of administration 

for accounts, access controls, privileges and policy for 

systems and 

workstations, IT managers can implement security 

levels appropriate to their individual organization’s 

needs and 

more easily accomplish the reporting and auditing 

tasks required for certification and accreditation of their 

processes. 

Below are some of the federal certifications and 

accreditations Centrify helps government agencies to 

address: 

• Common Criteria-EAL2+ 

• SOC II 

• FedRAMP 

• FIPS-140-2 

• DITSCAP 

• NIACAP 

• FDCC 

• DIACAP 

This entry deserves to win because Centrify’s platform 

helps government organizations control, audit and 

Centrify Solutions for Federal Certification and Accreditation: 

https://www.centrify.com/solutions/federal-compliance/certifications/ 


–––––––––––––––––––––––––––––––––––––––– 

Jenny Overell, Account Supervisor 

Finn Partners 

office: 415-249-6778 

cell: 925-878-5655 


–––––––––––––––––––––––––––––––––––––––– 

Finn Partners 

101 Montgomery Street #1500 

San Francisco, CA 94104 

report on access to sensitive data while reducing complexity, 

keeping users productive, and addressing the 

specific requirements of key federal regulations. Centrify 

has an extensive history of delivering data center, cloud 

and mobile solutions for the federal market. Centrify is 

trusted by over 100 top government agencies, including 

the FDA, Raytheon, U.S. Army and U.S. Air Force. 

21




Centrify Corporation 

2016 Finalist 


–––––––––––––––––––––––––––––––––––––––– 

Best Privileged Access Management Solution 


–––––––––––––––––––––––––––––––––––––––– 

With the constant forward progress of technology and 

the major shift to cloud-based systems, government 

agencies require a modern approach to managing and 

securing privileged accounts. Centrify Privilege Service 

(CPS) addresses increasingly hybrid IT environments 

of on-premises and cloud-based systems, and closes today’s 

growing gap in security, visibility and control over 

privileged accounts. CPS provides security for modern 

government agencies – where IT is increasingly outside 

the firewall – with a secure cloud-based service that is 

easy to implement and delivers quick ROI. 

CPS is delivered as a modern, multi-tenant cloud 

service, available in 15 languages from 10 data centers 

across the world and with rich support for mobile 

devices. CPS is built on the proven Centrify Identity 

Platform, which powers the Centrify Identity Service, 

the industry’s first entirely cloud-based solution for 

integrated identity, mobility and Mac management. CPS 

also complements and extends the broad set of capabili- 

ties for identity consolidation, privilege management 

and privileged session auditing found in the flagship 

Centrify Server Suite by providing shared account 

password management for servers, network devices and 

Infrastructure-as-a-Service (IaaS). 

With CPS, government agencies minimize risks associated 

with privileged accounts – that are increasingly 

the focus of hackers and malicious insiders – by enforcing 

centralized control over who can access shared 

credentials. And by leveraging privileged session monitoring 

and access reporting, government agencies make 

compliance efforts for privileged accounts efficient and 

effective. Additionally, government agencies achieve a 

future-proofed identity and access management strategy. 

CPS offers numerous security capabilities for stake- 

22

holders in the IT chain of command. Highlights include 

the power to: 

• Centrally manage emergency access to all servers 

and network devices in break-glass scenarios 

• Grant secure, cloud-based access for remote and 

outsourced IT staff to servers and network 

devices, without giving VPN access to the full 

data center 

• Secure access to on-premises servers, network 

devices and Infrastructure-as-a-Service via bestin-class 

resource management, shared password 

management and privileged session monitoring 

capabilities 

This entry deserves to win because CPS is the most 

comprehensive and tightly integrated privileged identity 

management solution available today. It increases 

security, simplifies compliance and spans both cloud 

and data center infrastructure. CPS has also been wellreceived 

and successfully deployed in numerous government 

IT infrastructures. By utilizing a pay-as-you-go 

cloud pricing model, CPS implementation 

has resulted in dramatically 

faster ROI than legacy 

systems. 

Centrify has an extensive history 

of delivering data center, 

cloud and mobile solutions for 

the federal market. Centrify is 

trusted by over 100 top government 

agencies, including the 

FDA, Raytheon, U.S. Army and 

U.S. Air Force. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.centrify.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Centrify Privilege Service product overview: 

https://www.centrify.com/products/privilege-service/ 


–––––––––––––––––––––––––––––––––––––––– 

Elise Vue, Senior Account Executive 

Finn Partners 

office: (415) 249 -6767 

cell: (415) 654-8753 


–––––––––––––––––––––––––––––––––––––––– 

Finn Partners 

101 Montgomery Street #1500 

San Francisco, CA 94104 

23




illusive networks 



–––––––––––––––––––––––––––––––––––––––– 

Best Endpoint Detection and Response Solution 


–––––––––––––––––––––––––––––––––––––––– 

illusive networks’ premise is that “you cannot keep applying 

the same approach hoping for a different result”. 

It tackles cyber security from a different angle - the 

perspective of the attackers. Focusing on the actors of 

the attack, rather than just their instruments, it exploits 

their vulnerabilities, changing the asymmetry of cyber 

warfare. 

illusive networks pioneered a new type of defensedeception 

based cybersecurity. Its patent pending 

Deceptions Everywhere ® technology is a deception 

management system (DMS) that neutralizes targeted 

attacks and Advanced Persistent Threats (APT). It distributes, 

monitors and continuously manages deceptions by 

weaving a deceptive layer over the entire network. This 

means that every endpoint, server and network component 

is coated with deceptions. The moment an attacker 

penetrates the network, they are in an ‘illusive’ world 

where all the data is unreliable. 

Alternative ‘Solutions’ 

Before Deceptions Everywhere, enterprises were 

relying on honeypot vendors. Honeypots have a low 

detection rate, high level of false positives, are easily 

traceable, hard to deploy and complicated to maintain. 

They look for malware, but build passive honeypots that 

the attackers may or may not stumble upon. 

Illusive’s deceptions change dynamically over time 

and best fit the environment. Highly dynamic, scalable 

and effective, illusive differs from its competitors: 

• identifies and visualizes attack risks before the 

attack takes place 

• visualizes where deceptions are deployed across 

the network 

• visualizes incident alert location on a map which 

24

draws an entire attack campaign, 

• DMS is self contained and does not rely on any 

external tools 

Deceptions Everywhere technolog y includes: 

Attacker View - IT security professionals view their 

network from an attacker’s perspective, visualizing 

attack paths. Unlike mapping software, it shows attack 

vectors found on each machine, and how attackers can 

navigate the network to reach critical assets, allowing 

security strategies to be adapted to mitigate against attacks. 

Advanced Ransomware Guard - Automatically blocks 

the ransomware operation at the source hosts, alerts the 

defenders and also diverts it to encrypt phony or false 

targets. Once ransomware attempts to access a network 

or move laterally towards strategic assets, it immediately 

detects the specific action, neutralizing the attack immediately 

and automatically. 

Wire Transfer Guard - The first cyber-deceptiondedicated 

solution built to protect financial networks. 

It effectively detects, reports on and mitigates targeted 

attacks that pose high risk of financial and strategic damage 

to financial institutions globally. 

Additional benefits: 

No more ‘false positive’ alerts - attackers act on false 

information, are instantly detected. 

Real-time forensics - Actionable breach report provides 

real-time forensic information needed to contain 

an attack “in its tracks”. 

Low total cost of ownership - Users are not aware of 

deceptions that are deployed and managed in an agentless, 

low-fingerprint manner. 

Conclusion 

Deceptions Everywhere has detected many advanced 

attackers as they tried to move laterally during an APT or 


–––––––––––––––––––––––––––––––––––––––– 

https://www.illusivenetworks.com/ 


–––––––––––––––––––––––––––––––––––––––– 

illusive networks recently released the first cyber deception 

technology to protect wire transfer networks in financial 

institutions. Wire Transfer Guard detects, reports and mitigates 

targeted attacks that pose high risk of financial and strategic 

damage to financial institutions worldwide. 

https://www.illusivenetworks.com/press-releases/ 

illusive-networks-wire-transfer-guard-first-cyberdeception-technology-protecting-wire-transferbanking-networks-against-advanced-attacks-nowavailable 

More information on illusive networks: 

https://www.illusivenetworks.com/media-kit 

Description: 

http://www. 


–––––––––––––––––––––––––––––––––––––––– 

Shlomo Touboul, CEO 


office: Israel: + 972-54-4227780 

U.S. cell: 1-248-797-1414 


–––––––––––––––––––––––––––––––––––––––– 


7 Tozeret Haaretz St., Tel Aviv, Israel 6789104 

and 

25 West 36th Street, 11th Floor, New York, NY 10018 

Ransomware attack, thereby saving the customers 

great losses. The attacker view also showed all the possible 

attack vectors - including numerous attack paths 

that were hidden to the client - allowing customers to 

mitigate immediate risks, demonstrating real return on 

investment. 

25




Wombat Security Technologies 



–––––––––––––––––––––––––––––––––––––––– 

Best Compliance/Vulnerability Assessment Solution 


–––––––––––––––––––––––––––––––––––––––– 

Solution: CyberStrength Assessment Tool 

Wombat is dedicated to creating the tools businesses 

need to educate their employees on best security 

practices. CyberStrength is one of these tools. It was 

launched in 2013 and has since revolutionized the 

concept of employee knowledge assessments, giving 

breadth and depth to all areas of a security training program. 

The scenario-based CyberStrength format offers a 

less invasive way to evaluate knowledge levels and use 

that information to plan a cybersecurity education plan 

that will be the most effective at managing end-user risk. 

CyberStrength is part of the Assess component of 

Wombat’s Continuous Training Methodology. Organizations 

that have used this cyclical, ongoing approach to 

security awareness and training have realized up to a 

90% reduction in successful external phishing attacks 

and malware infections. Moreover, CyberStrength offers 

a library of more than 150 questions in ten categories. 

International organizations are able to use translated 

content to evaluate employees in their native languages, 

and administrators can create custom questions to 

assess knowledge of company policies or compliancerelated 

issues. In addition, Wombat developed seven 

Predefined CyberStrength options to help administrators 

streamline the evaluation process. Additionally, 

security professionals can automatically assign follow-up 

training for end users whose assessment results show a 

gap in understanding that could equate to an increased 

risk to organizational security. 

26


–––––––––––––––––––––––––––––––––––––––– 

https://www.wombatsecurity.com/ 


–––––––––––––––––––––––––––––––––––––––– 

https://www.wombatsecurity.com/security-education/security-awareness-knowledge-assessment 

YouTube video: 

https://www.youtube.com/watch?v=jBnzLGupBG8 


–––––––––––––––––––––––––––––––––––––––– 

Dasha (Daria) Ivanova, Account Coordinator 

SHIFT Communications 

office: 512-792-2543 

cell: 713-705-0158 

CyberStrength is the first tool of its kind. It enables 

businesses to create, administer, and analyze the results 

of organization-wide cybersecurity knowledge evaluations. 

Furthermore, its ability to identify areas of susceptibility 

beyond phishing attacks supports Wombat’s 

vision of an end-to-end security solution. 


–––––––––––––––––––––––––––––––––––––––– 


200 E 6th Street, #202 

Austin, TX 78701 

27







–––––––––––––––––––––––––––––––––––––––– 

Best Email Security and Integrity Solution 


–––––––––––––––––––––––––––––––––––––––– 

Solution: PhishAlarm Analyzer (software companion 

to PhishAlarm, an email analysis tool developed by 

Wombat Security Technologies) 

Launched in February 2016 and generally available 

since July, PhishAlarm Analyzer is a software-based 

phishing threat analysis tool that uses machine learning 

to identify and prioritize reported phishing emails for 

incident response teams. It is a companion to Wombat’s 

PhishAlarm email reporting button, which is a component 

of the company’s ThreatSim simulated phishing 

assessment tool. 

One of the main advantages of this tool is the ability 

to apply machine learning techniques to identify 

potential threats and prioritize reported messages 

accordingly. Its rapid identification and categorization 

of suspicious messages allows info security officers and 

security response teams to isolate and address phishing 

emails that have slipped past email filters, including 

zero-hour attacks. Another advantage of the tool is the 

ability to scan each reported email and establish risk levels 

based on data gathered from real-world phishing and 

spear phishing attacks. In contrast, competing solutions 

28

of this type only consider an end users’ ‘trustworthiness’ 

and ‘accuracy’ in identifying threats, an approach 

that negatively impacts the reliability of results given it 

can take months or even years to precisely judge users’ 

reporting abilities. 

PhishAlarm Analyzer helps businesses educate their 

employees on best security practices. Key benefits 

include rapid scanning, consolidation of email notifications, 

multiple implementation options, easy-to-use 

references, and targeted routing of reports. PhishAlarm 

Analyzer does more than just rank emails and alert response 

teams. It also provides an HTML research report 

with each categorized message, alerting designated staff 

to the sources of the IOCs that are present in the email. 

This saves considerable time and effort, and allows security 

teams to more effectively manage their resources 

and target the most credible and imminent threats 

within their email systems. 

PhishAlarm Analyzer is a prime example of the advantages 

of Wombat’s unique Continuous Training Methodology 

allowing infosec officers and security response 

teams to isolate and address phishing emails that have 

slipped past email filters or unaware end users, including 

zero-hour attacks. 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Overview of the product (Blog Post): 

https://info.wombatsecurity.com/blog/phishalarmanalyzer-prioritizes-reported-emails-for-faster-remediation 

https://www.wombatsecurity.com/security-education/phishalarm-and-analyzer 


–––––––––––––––––––––––––––––––––––––––– 



office: 512-792-2543 

cell: 713-705-0158 


–––––––––––––––––––––––––––––––––––––––– 


200 E 6th Street, #202 


29




HID Global 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

HID Global is the first to enable end-to-end identity access 

management solution across both physical and IT 

resources. The HID PIV (Personal Identity Verification) 

solutions span the full range of identity proofing and 

lifecycle management capabilities to establish, create, 

use, and manage a secure credential with a simplified 

path to compliance. HID PIV leverages the same government-strength 

security standards that have already been 

deployed to more than seven million people across 

the world. Organizations benefit from the ecosystem 

created by this large footprint, with many applications, 

operating systems, and devices natively supporting PIV 

credentials. 

This one of a kind solution provides governments 

and regulated industries an easy to deploy, multi-factor 

authentication solution. It secures access to networks, 

cloud applications and facilities to prevent breaches and 

achieve compliance with PIV, PIV-I, NIST Level of Assurance 

4 (LoA4) and equivalent mandates, policies and 

guidelines. 

Benefits: 

• Comprehensive Security and Trust – HID PIV 

leverages existing standards and extends it to 

facilities access, systems, networks, and 

applications resulting in a better security position. 

• Simplified User Experience – By incorporating 

more capabilities into a single smart card or USB, 

users have fewer credentials to remember in order 

to get access to what they need to do their jobs, 

and are less likely to circumvent your controls. 

• Easier Deployment and Management – The 

components of HID PIV are designed to work 

seamlessly together, so it is faster to get up and 

30


–––––––––––––––––––––––––––––––––––––––– 

www.hidglobal.com 


–––––––––––––––––––––––––––––––––––––––– 

Andrea Lloyd, Manager, Corporate Communications 

HID Global 

office: +1 512 776 9233 

cell: +1 512 965 2341 


–––––––––––––––––––––––––––––––––––––––– 

alloyd@hidglobal.com 

running, and easier to manage over time. 

• A Complete System – HID PIV delivers the 

entire PIV management process from establishing 

identity, to credential creation and issuance, 

synchronization of connected systems, and 

credential revocation. 

HID PIV is available in two options – Enterprise and 

Express, which includes the following: 

• Flexible identity proofing up to NIST Identity 

Assurance Level 3 requirements 

• ActivID ® Credential Management System (CMS) 

for secure management of credential deployment. 

• Smart cards and USB dongles supporting up to 

NIST Authenticator Level 3; proximity, iCLASS and 

Seos ® combo credential technologies; and ActivID 

CMS applets 

• Credentials support one time passwords (OTPs), 

biometrics data and HID’s IdenTrust digital 

certificates used by the US Federal Government 

HID PIV Enterprise also includes the company’s Quantum 

Secure SAFE platform, a Physical Identity and 

Access Management (PIAM) software solution that 

provides the bridge between physical and IT security 


–––––––––––––––––––––––––––––––––––––––– 

HID Global 

611 Center Ridge Drive 


systems. The SAFE Platform augments HID PIV Enterprise 

with a variety of convenient, unified access control 

capabilities that deliver a more comprehensive view 

across otherwise disparate physical access control and 

visitor, tenant and contractor management systems, 

while also providing valuable reporting and predictive 

risk analytics capabilities. 

For maximum ease of procurement, deployment 

and maintenance, customers can take advantage of the 

full HID solution or leverage existing third party components 

to maximize existing investments. The HID 

PIV solution helps organizations improve their security 

posture, comply with mandates, improve the user experience 

and is easier to procure, deploy and maintain. 

31




Identiv 



–––––––––––––––––––––––––––––––––––––––– 

Best User & Entity Behavior Analytics (UEBA) Solution 


–––––––––––––––––––––––––––––––––––––––– 

Federal agencies are feeling pressured to adopt government-wide 

Federal Identity, Credential, and Access 

Management (FICAM) compliant physical access control 

systems (PACS). Identiv’s Hirsch government FICAM 

solution offers a true end-to-end HSPD-12 solution that 

eliminates the need for expensive third-party credential 

management hardware. The net benefit is an overall solution 

that is more secure, faster, and less expensive to 

deploy and authorize access than first-generation FICAM 

solutions. 

Identiv’s Hirsch Velocity Certificate Service is compatible 

with existing Velocity systems running Velocity 3.6 

after application of a feature pack. All existing systems 

have the ability to be upgraded through software updates. 

Identiv’s Professional Services Group (PSG) can 

also provide transition planning support to upgrade 

existing systems. FISMA, COOP, and enterprise PACS 

solutions are also available. 

Identiv’s Secure Network Interface Board 3 (SNIB3) 

is an expansion component update for Hirsch Mx and 

DIGI*TRAC Controllers. It is a sophisticated, secure 

communication device that has dedicated processors to 

efficiently handle encryption and management operations. 

SNIB3 is used to manage PKI certificate data for 

door access as provisioned by Velocity. Using FIPS 140-2 

certified encryption technology, SNIB3 serves as the 

communication hub from controller to Velocity using a 

secure TCP/IP protocol. 

Identiv’s RS485 Reader Expansion Board (RREB) 

is a unique reader communication device that installs 

32

onto the expansion cable of Hirsch Mx and DIGI*TRAC 

Controllers and features eight RS-485 communication 

ports, capable of supporting 16 readers on eight doors. 

The RREB makes it possible to have extremely high data 

rates with up to 16 PIV smart card readers while using 

Open Supervised Device Protocol (OSDP). 

Identiv’s uTrust TS Government Readers are the industry’s 

most flexible and secure intelligent door reader 

endpoints, enabling agencies to deploy a highly secure 

U.S. government FICAM CAK at a fraction of the cost 

of competing solutions. ScramblePad and static keypad 

models are available. The readers have RS-485 and 

Wiegand connections, support PoE power, and can be 

configured to support thousands of different card technologies. 

Existing uTrust TS Government Readers are 

flash upgradeable to enable the FICAM solution without 

needing to replace current readers. 

In summary, Identiv’s FICAM solution is faster and 

less expensive. It provides customers a low-cost, simple 

to deploy, secure solution for FICAM compliance. The 

time required to upgrade existing Hirsch Velocity PACS 

is significantly less than competitor’s solutions, allowing 

federal agencies to meet rapidly approaching compliance 

deadlines. The time and cost to deploy new systems 

or transition from another system is offered at the 

same extreme value as other Hirsch solutions. 


–––––––––––––––––––––––––––––––––––––––– 

identiv.com 


–––––––––––––––––––––––––––––––––––––––– 

Identiv’s End-to-End Federal Identity, Credential, and Access 

Management (FICAM) Solution was developed to implement 

a simple, affordable FICAM-compliant solution simply with 

optimal performance: 

identiv.com/ficam 


–––––––––––––––––––––––––––––––––––––––– 

Anja Pellegrino, Sr. Content Manager 

Identiv 

office: 213-910-0043 


–––––––––––––––––––––––––––––––––––––––– 

apellegrino@identiv.com 


–––––––––––––––––––––––––––––––––––––––– 

Identiv Federal Headquarters 

2425 Wilson Blvd., Suite 325 

Arlington, VA 22201 

33




























–––––––––––––––––––––––––––––––––––––––– 

identiv.com 


–––––––––––––––––––––––––––––––––––––––– 







–––––––––––––––––––––––––––––––––––––––– 


Identiv 

office: 213-910-0043 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 




33




Identiv 



–––––––––––––––––––––––––––––––––––––––– 

Best Physical/Logical Privileged Access Solution 


–––––––––––––––––––––––––––––––––––––––– 










solutions. 





















34




























–––––––––––––––––––––––––––––––––––––––– 

identiv.com 


–––––––––––––––––––––––––––––––––––––––– 







–––––––––––––––––––––––––––––––––––––––– 


Identiv 

office: 213-910-0043 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 




35







–––––––––––––––––––––––––––––––––––––––– 

Best Compliance/Vulnerability Assessment Solution 


–––––––––––––––––––––––––––––––––––––––– 

CyberStrength Assessment Tool 

Wombat is dedicated to creating the tools businesses 

need to educate their employees on best security 

practices. CyberStrength is one of these tools. It was 

launched in 2013 and has since revolutionized the 

concept of employee knowledge assessments, giving 

breadth and depth to all areas of a security training program. 

The scenario-based CyberStrength format offers a 

less invasive way to evaluate knowledge levels and use 

that information to plan a cybersecurity education plan 

that will be the most effective at managing end-user risk. 

CyberStrength is part of the Assess component of 

Wombat’s Continuous Training Methodology. Organizations 

that have used this cyclical, ongoing approach to 

security awareness and training have realized up to a 

90% reduction in successful external phishing attacks 

and malware infections. Moreover, CyberStrength offers 

36

a library of more than 150 questions in ten categories. 

International organizations are able to use translated 

content to evaluate employees in their native languages, 

and administrators can create custom questions to 

assess knowledge of company policies or compliancerelated 

issues. In addition, Wombat developed seven 

Predefined CyberStrength options to help administrators 

streamline the evaluation process. Additionally, 

security professionals can automatically assign follow-up 

training for end users whose assessment results show a 

gap in understanding that could equate to an increased 

risk to organizational security. 

CyberStrength is the first tool of its kind. It enables 

businesses to create, administer, and analyze the results 

of organization-wide cybersecurity knowledge evaluations. 

Furthermore, its ability to identify areas of susceptibility 

beyond phishing attacks supports Wombat’s 

vision of an end-to-end security solution. 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

https://www.wombatsecurity.com/security-education/security-awareness-knowledge-assessment 

YouTube video: 

https://www.youtube.com/watch?v=jBnzLGupBG8 


–––––––––––––––––––––––––––––––––––––––– 

Daria Ivanova, Account Coordinator 


office: 512-792-2543 

cell: 713-705-0158 


–––––––––––––––––––––––––––––––––––––––– 

divanova@shiftcomm.com 


–––––––––––––––––––––––––––––––––––––––– 


200 E 6th Street, #202 


37




Forcepoint 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Forcepoint Stonesoft ® Next Generation Firewall 

Forcepoint’s network security solution Stonesoft® Next 

Generation Firewall (NGFW) connects and secures distributed 

government agency offices, branches and cloud 

systems with the industry’s greatest ease, efficiency, and 

reliability. 

Stonesoft is designed for government agencies from 

the ground up to enable interoperability between multiple 

organizations to securely connect people and data 

everywhere the mission takes them – from inside headquarters 

out to the field and up to the cloud. 

With Stonesoft, agencies centrally deploy, monitor 

and update thousands of firewalls and intrusion prevention 

systems to dramatically reduce administrative 

burdens and costs. Stonesoft’s unique high-availability 

architecture and Smart Policy system is scalable and 

resilient at all levels, practically eliminating downtime 

while boosting performance. 

Most of all, Forcepoint excels at both networking and 

security. As the industry’s pioneer in Advanced Evasion 

Technique (AET) defenses and proxy technologies for 

mission-critical applications, we’re relied upon to protect 

many of the most sensitive networks and data. 

Stonesoft delivers superior networking and security, 

so agencies can be more: 

• Effective – The Stonesoft Security Management 

Center (SMC) slashes the complexity and costs of 

creating and managing networks of thousands of 

NGFWs and IPSs – from central command centers 

out to remote locations and up into the cloud. 

• Efficient – Our high-availability architecture is 

unmatched, providing more scalability, longer 

lifetime, and lower OpEx while eliminating 

downtime. 

• Secure – We excel at both networking and security 

38

and our proxy technology protects the most sensitive 

networks in the world. 

In November of 2016, NSS Labs gave Stonesoft their 

highest Next-Generation Firewall (NGFW) rating 

“Recommended” four years in a row and also a “Recommended” 

rating for Next-Generation Intrusion Prevention 

System (NGIPS) in 2016, with a perfect record of 

blocking advanced evasions. 

Productivity in a government environment comes 

from visibility through correlation, extremely detailed 

overviews and reporting capabilities. Stonesoft not only 

manages and correlates engine traffic and feeds, it monitors 

third party devices, and integrates with endpoint 

client agents. This ensures a full picture of point-topoint 

analytics for an agency’s network security environment. 

Stonesoft’s mission critical features include: 

• Robust Security – Enable 16 node active-active 

firewall clustering to further increase uptime and 

speeds and feeds on daily traffic and VPNs, while 

ensuring smart validity checks to administrative 

changes. 

• Unique Proxy Functionality – Within the Stonesoft 

Management Console (SMS) leverage advanced 

levels of inspection control with attributes, 

connection parameters and commands for specific 

proxies. 

• Plug-and-Play Deployment – Deploy Stonesoft 

NGFW instantly at remote sites without sending a 

technician and without shutting down missioncritical 

networks affecting national security. 

• Simple, Precise Firewall Policies – Avoid errors and 

security holes with Smart Policies that are easy to 


–––––––––––––––––––––––––––––––––––––––– 

https://www.forcepoint.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Forcepoint Stonesoft ® NGFW: Optimize and scale network 

security: 

https://www.forcepoint.com/product/network-security/forcepoint-stonesoft-next-generation-firewall 


–––––––––––––––––––––––––––––––––––––––– 

Jeff Hunter, Federal Product Marketing Manager 

Forcepoint 

office: 1-703-537-3969 

cell: 1-703-989-1686 


–––––––––––––––––––––––––––––––––––––––– 

jeff.hunter@forcepoint.com 


–––––––––––––––––––––––––––––––––––––––– 

Forcepoint 

12950 Worldgate Dr., Ste. 600 

Herndon, VA 20170 

comprehend and more efficient to maintain. 

• Update Without Service Windows – Push new 

policies and updates without downtime for the most 

critical networks. 

• Unmatched Security – Stonesoft is the only security 

solution to protect against highly sophisticated and 

dynamic AETs for the most mission-critical 

applications. 

• Dynamic Agility – Use the same software for a 

variety of protection roles. 

39 

Stonesoft is the premier solution for government agencies 

looking for the highest level of network security in 

complex and mission-critical environments.




Waratek 



–––––––––––––––––––––––––––––––––––––––– 

Best Application Security Solution 


–––––––––––––––––––––––––––––––––––––––– 

The majority of government agencies still run customdeveloped, 

mission critical applications on out-of-date 

versions of Java. Most of these applications cannot be 

taken offline to install updates, and the quarterly frequency 

of critical patch updates overwhelms IT staff. 

Waratek has developed a disruptive new approach by 

virtualization-based to application security called Runtime 

Application Self Protection (RASP). This approach 

makes enterprise applications self-protecting by providing 

transparent, secure RASP containers for web applications 

deployed in on-premises datacenters and cloud 

environments, protecting new and legacy applications 

without the need to make any code changes or impacting 

application performance. Waratek delivers out of 

the box protection for enterprise applications and data 

from logic attacks like SQL Injection, network attacks, 

unpatched vulnerabilities at runtime, and unknown 

attacks. 

Waratek monitors, detects and blocks threats from 

within the Java Runtime Environment (i.e. JVM) in realtime, 

to enable applications to self-protect from the inside 

out. With Waratek, organizations gain visibility into 

malicious activity, enforce security policies and virtually 

patch vulnerabilities at runtime. The platform mitigates 

against vulnerabilities in legacy application platforms, 

third party and open source code, and effectively counters 

“zero day” malware. Waratek automatically modernizes 

any web application running on a legacy version of 

Java by updating it with all the security and performance 

improvements inherent to the Java 8 OS without changing 

even one line of code or performing a restart. 

Unlike other RASP solutions, Waratek uses a virtualization-based 

approach to create secure containers for 

protected applications. As a result, it does not require 

40

any code changes, or hardware and does not impact the 

performance of the application. With Waratek, all future 

routine and emergency security patches can be applied 

virtually without taking the application out of production. 

Waratek’s unique virtualization-based approach 

eliminates the need for enterprises to re-write or modify 

their applications, which significantly reduces the cost 

of ownership compared to traditional RASP products. 

Meanwhile, Waratek protects up to 98 percent of an 

application’s attack surface from known and unknown 

vulnerabilities without generating false positives by 

monitoring activity within the JVM in real-time. This 

eliminates the constant tuning and rule-writing associated 

with web application firewalls. In addition, Waratek 

can virtually patch applications that cannot be patched 

or taken out of production for patching, using its virtual 

patching capabilities. These combined capabilities 

significantly reduce total cost of ownership compared 

to other web application security products. Finally, 

since Waratek creates a secure container within the Java 

Runtime Environment, it can protect an infinite number 

of applications without introducing any scalability, 

performance degradation, management or configuration 

issues. 

According to Gartner Inc.’s Top 10 Security Predictions 

2016, by 2020, 40 percent of enterprises will 

secure developed applications by adopting application 

security self-testing, self-diagnosing and self-protection 

technologies. 

Gartner recommends companies adopt runtime application 

self protection (RASP). 

41 


–––––––––––––––––––––––––––––––––––––––– 

www.waratek.com 


–––––––––––––––––––––––––––––––––––––––– 

A short video depicting the technology: 

https://youtu.be/z8PRaAE4Y9E?rel=0 


–––––––––––––––––––––––––––––––––––––––– 



office: 781-237-0341 

cell: 617-877-7480 


–––––––––––––––––––––––––––––––––––––––– 

marc@mgpr.net 


–––––––––––––––––––––––––––––––––––––––– 



West Harwich, MA 02671 

• Most Valuable Product in Computer Technology 

Review CTR MVP Awards 2015 

• SIIA NextGen winner 2015 

• SIIA CODiE finalist 2015 

• Cyber Defense Magazine Infosec Leader 2015 

• CRN Top 20 Coolest Cloud Security Vendors For 


Customer case examples: 

The company has garnered recognition and awards, A Global Bank inventoried hundreds of internal applications, 

and found a multitude of Java versions for which 

including: 

• Innovation Sandbox winner of Most Innovative quarterly releases of security vulnerabilities is commonplace. 

A traditional upgrade or patching approach 

Company, RSA Conference 2015 

• CRN Top 20 Coolest Cloud Security Vendors For was unfeasible. Even if it were, it would have imposed 

2016 Continued on next page

a huge cost and operational burden on the business, 

while impacting the bank’s agility and customer responsiveness. 

The Bank integrated Waratek’s security technology 

into their application hosting platform. This resolved 

the Java patching issue, as well as remediated other 

issues such as SQL Injection attacks, in a manner that 

is transparent to the applications. The net result was a 

dramatic reduction and avoidance of security patching 

costs, while improving security and preserving the agility 

of the organization. 

The centralized virtual patching capabilities provided 

by Waratek across hundreds of applications eliminated 

the need for the bank’s application development to 

upgrade to new versions of Java along with the associated 

testing and deployment activities. This saves time 

and money, and reduces business impact by minimising 

application downtime. It also enables the bank to 

focus on improving its applications and infrastructure to 

better serve customers and shareholders. With Waratek, 

the bank has a solution to a difficult security problem 

which significantly reduces its risk and exposure to data 

breaches. 

42

43




Claroty 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Claroty exited stealth mode at the right time, with the 

right team and the right technology to leverage the 

burgeoning, yet underserved market for Operational 

Technology (OT) security – a market Gartner predicts 

will double by 2020. 

Vendors have attempted to tackle industrial control 

system (ICS) cybersecurity challenges twice previously: 

first with legacy IT security products, and then with IT 

point solutions retrofitted for ICS environments. Neither 

approach addressed core ICS cybersecurity issues; 

did not work in the very different ICS environment; and 

did not foster the necessary dialogue between OT and 

IT teams that is essential for effective OT security. Everything 

about OT – from protocols to staff – is different 

and requires technology specifically designed for that 

environment. Claroty was founded not just to bridge the 

gap between OT and IT, but with a mission to secure 

and optimize the industrial control networks that run 

the world. 

Launching in September with $32 million in venture 

capital, Claroty is the most substantially funded 

ICS cybersecurity startup. The company boasts an elite 

management team with deep experience in both IT and 

OT disciplines. And the Claroty Platform – born from 

this combined IT and OT expertise – is supported by 

an unrivaled ICS security research organization that 

comprises the “top 1% of the 1%” from a special Israeli 

Defense Force cyberunit. 

Purpose-built for OT environments, the Claroty 

Platform is designed to safely monitor ICS, SCADA and 

other critical networks. It uncovers previously hidden 

issues and alerts cybersecurity teams and system operators 

to malicious attacks and process integrity issues 

that may impact industrial operations. Claroty gener- 

44

ates context-rich alerts, summarizing multiple associated 

events into a single robust notification for rapid 

investigation and response, and improved operational 

resilience. The Platform’s other differentiating features 

include: deeper visibility across all OT layers; broadest 

protocol coverage; superior anomaly and change detection; 

continuous, real-time monitoring; and safe, “passive” 

deep packet inspection. 

Notably, Claroty achieved several significant customer 

milestones well before its September launch. Securing 

multiple seven-figure deals, the Claroty Platform has 

been implemented in complex enterprise-class networks 

across dozens of industry verticals for more than a year. 

Underscoring this early customer success, a CISO from 

a global Fortune 100 organization explains his engagement 

with Claroty: “We are using Claroty to add security 

monitoring to our control systems around the world 

– an important part of our business where security was 

not previously thought of or architected in. We selected 

Claroty to give us greater visibility into the shop floor 

environment – both the assets that are there and the 

activities taking place. Equipped with this additional 

visibility we are able to increase productivity and make 


–––––––––––––––––––––––––––––––––––––––– 

https://www.claroty.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Claroty Solution Brief: 

https://s3.amazonaws.com/claroty-public/Claroty_ 

Solution_Brief.pdf 


–––––––––––––––––––––––––––––––––––––––– 

Carro Halpin, Account Executive 

CHEN PR 

office: 781-672-3132 


–––––––––––––––––––––––––––––––––––––––– 

chalpin@chenpr.com 


–––––––––––––––––––––––––––––––––––––––– 

CHEN PR 

71 Summer Street, Penthouse 

Boston, MA 02110 

process improvements in addition to enhance security.” 

Additionally, market research analysts are lauding 

Claroty’s approach. In April, Gartner named Claroty 

a “Cool Vendor” in the publication “Cool Vendors 

in Smart City Application Solutions, 2016.” The firm 

noted that what makes the company cool is the Claroty 

Platform, “which detects suspicious and/or anomalous 

system activity within industrial environments in realtime 

for rapid mitigation, a requirement for most eventdriven 

industrial systems.” 

45




CyberArk 



–––––––––––––––––––––––––––––––––––––––– 

Best Continuous Monitoring and Mitigation Solution 


–––––––––––––––––––––––––––––––––––––––– 

Privileged account protection and threat detection are 

at the center of many federal requirements designed to 

secure agencies from both internal and external threats. 

Third-party contractors, like Harold Martin and Edward 

Snowden, add another significant layer of complexity. 

Contractors are typically not controlled by an organization’s 

internal policies, yet they often have the same – or 

greater – levels of privileged access to internal networks 

and information. 

The CyberArk Privileged Account Security Solution 

offers proactive protection of privileged credentials and 

threat detection of privileged account activities, while also 

enabling federal organizations to respond to advanced 

threats. Proactive protection includes the secure storage 

and management of privileged credentials, monitoring 

and isolation of privileged account sessions, and the 

enforcement of least privilege and application control at 

the endpoint. The CyberArk solution also features targeted 

analytics and the ability to analyze network traffic to better 

detect indications of an attack early in the lifecycle, includ- 

ing credential theft, lateral movement and privilege escalation. 

Incident response teams use CyberArk to quickly 

identify threats and shut down in-progress attacks. 

Specifically, with its privileged threat analytics capabilities, 

CyberArk enables government entities to dramatically 

shorten an attacker’s window of opportunity and reduce 

damage; rapidly detect attacks with analytics based on 

built-in and continuously-updated algorithms; prioritize 

incidents that require immediate attention by conducting 

event correlation and raising the risk score on critical incidents; 

adapt threat detection to a changing risk environment 

with machine learning algorithms that continuously 

adjust baseline behavior profiles as authorized behavior 

changes over time; and automatically respond to a suspected 

stolen privileged credential to stop an attacker’s 

movement and accelerate remediation. 

With its privileged session monitoring capabilities, Cy- 

46

erArk can isolate, monitor, record and control privileged 

sessions on critical systems including Unix and Windowsbased 

systems, databases and virtual machines to meet 

specific Federal guidelines around continuous monitoring. 

The solution acts as a jump server and single access 

control point, prevents malware from jumping to a target 

system, and records keystrokes and commands for continuous 

monitoring. The resulting detailed session recordings, 

DVR-like playback and audit logs are used to simplify 

compliance audits and accelerate forensics investigations. 

The CyberArk Privileged Account Security Solution was 

recently added to the U.S. Department of Defense (DoD) 

Unified Capabilities Approved Products List (UC APL). At 

the time of its inclusion, CyberArk was the only comprehensive 

privileged account security solution on the list. 

The solution also received the U.S. Army Certificate of 

Networthiness (Army CoN). These key government recognitions 

are added to CyberArk’s Common Criteria Evaluation 

Assurance Level EAL 2+ certification. 

CyberArk is trusted by more than 2,800 customers, 

including 45 percent of the Fortune 100 and more than 25 

percent of the Global 2000. As of Q3 2016, CyberArk has 

contracts in all three branches of the U.S. Federal government 

and across more than 15 distinct departments or 

agencies, among others. CyberArk can help meet security 

and compliance requirements in Federal organizations including 

FISMA/NIST SP 800-53; Department of Homeland 

Security CDM Program; NERC-CIP; and HSPD-12. 


–––––––––––––––––––––––––––––––––––––––– 

www.cyberark.com 


–––––––––––––––––––––––––––––––––––––––– 

CyberArk security and compliance for government organizations 

web page: 

www.cyberark.com/solutions/federal-government-solutions/ 

CyberArk Privileged Account Security Solution web page: 

http://www.cyberark.com/products/privileged-accountsecurity-solution/ 

CyberArk Privileged Session Manager web page: 

http://www.cyberark.com/products/privileged-accountsecuritysolution/privileged-session-manager/ 

CyberArk Privileged Threat Analytics web page: 

http://www.cyberark.com/products/privileged-accountsecuritysolution/privileged-threat-analytics/ 

NIST SP 800-53 Revision 4: Implementing Essential Security 

Controls with CyberArk® Solution - link to whitepaper: 

http://www.cyberark.com/resource/nist-sp-800-53-revision-4-implementing-essential-security-controls-cyberarksolutions/ 

Addressing the NIST SP 800-171 CUI requirements with Cyber- 

Ark - link to white paper: 

http://www.cyberark.com/resource/addressing-nist-sp- 

800-171-cui-requirements-cyberark/ 

CyberArk for NERC Secured Remote Access - link to white paper: 

http://www.cyberark.com/resource/cyberark-nerc-secured-remote-access/ 


–––––––––––––––––––––––––––––––––––––––– 

Liz Campbell, Sr. Manager, Corporate Communications 

CyberArk 

office: 617-558-2191 


–––––––––––––––––––––––––––––––––––––––– 

liz.campbell@cyberark.com 


–––––––––––––––––––––––––––––––––––––––– 

CyberArk 

60 Wells Avenue 

Newton, MA 02459 

47




Gurucul 



–––––––––––––––––––––––––––––––––––––––– 

Best User & Entity Behavior Analytics (UEBA) Solution 


–––––––––––––––––––––––––––––––––––––––– 

Gurucul is changing the way government entities and 

enterprises protect themselves against insider threats, 

account compromise, targeted attacks, cyber fraud, data 

exfiltration and external intruders in the cloud, onpremise, 

and in hybrid environments. The company has 

pioneered a new cybersecurity category called user and 

entity behavior analytics (UEBA). Gurucul was the only 

vendor that analyst firm Gartner cited for meeting all 

five use cases outlined in their Market Guide for UEBA 

report: security management, insider threats, data exfiltration/DLP, 

identity access management, SaaS security, 

plus Gurucul met their extra qualifications for compliance 

and cyber fraud. 

Gurucul’s cyber security platform, Gurucul Risk 

Analytics (GRA), goes beyond traditional solutions that 

are based on rules, signatures and patterns. The U.S. 

Government has been affected by an increasing number 

of attacks, such as those targeting the IRS and the 

OPM, that exposed vast amounts of sensitive informa- 

tion. To detect threats early in the “kill chain,” Gurucul 

GRA ingests huge volumes of data generated by user 

access and activity across on-premise and cloud applications 

to identify anomalous behavior that spans time, 

place, access and actions. Gurucul GRA also includes 

identity analytics (IdA) to identify and eliminate excess 

access, access outliers, orphan and dormant accounts. 

Gurucul’s holistic approach of combined UEBA and IdA 

provides a 360-degree context for identity, accounts, 

access and activity, and is uniquely capable of detecting 

cyber threats that appear “normal” to traditional security 

products while identifying advanced security threats 

and low-and-slow attacks in their early stages, with an 

extremely low false positive rate. 

Traditional rules-based detection cannot keep pace 

48

with today’s sophisticated and targeted attacks. Rules, 

patterns and signatures are based on a historical understanding 

of attacks and a limited understanding of the 

data. They cannot predict future attack scenarios, and 

they generate excessive alerts. In contrast, Gurucul GRA 

monitors information on how identities are being used 

by both humans and machines, modeling hundreds of 

attributes and applying machine learning algorithms to 

create a rich source of “context”. Gurucul GRA derives 

and then leverages useful and predictive cues that are 

too noisy and highly dimensional for humans and traditional 

software to analyze within its machine learning 

models. Not only does this AI allow Gurucul GRA to 

identify security threats, even low-and-slow attacks, but 

also to predict a threat in its early stages, allowing for 

efficient remediation with an embedded case ticketing 

or integration with third party case management. 

Unlike machine learning solutions that rely on static 

peer groups, Gurucul GRA automatically builds baseline 

behavior around an identity, compares it against 

‘dynamic’ peer groups with similar behavior profiles 

and provides a real-time risk-ranked, 360 degree view 

of who is accessing what applications and data, on what 

devices, at what time, and in what locations. This greatly 

improves clustering and outlier analysis for more accurate 

behavior patterns resulting in lower false positives 

than using static peer groups. 

While most UEBA solutions are on-premises only, 

or require another partner solution for cloud visibility, 

Gurucul GRA provides a cloud API-based solution for 

visibility into SaaS, IaaS, PaaS and IDaaS solutions. Thus 

Gurucul GRA delivers a unique hybrid-UEBA approach 

that extends across both on-premises and cloud. UEBA 

as a feature within multiple solutions results in a divided 

and less contextually rich outcome for anomaly 

detection and risk scoring. 

An industry-first, Gurucul GRA features a self-audit 



–––––––––––––––––––––––––––––––––––––––– 

http://gurucul.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Link to Gurucul Risk Analytics (GRA): 

http://gurucul.com/gurucul-risk-analytics 

Gurucul STUDIO: 

http://gurucul.com/pressreleases/gurucul-studio-enables-it-security-teams-to-build-custommachine-learning-modelsthat-detect-user-entitybased-threats-and-risks 

Gurucul Self Audit: 

http://gurucul.com/solutions/self-audit 

SC Magazine product review: 

http://www.scmagazine.com/gurucul-risk-analytics/ 

review/4399/ 

Dark Reading article by Gurucul CEO Saryu Nayyar, explaining: 

The Blind Spot Between The Cloud & The Data 

Center: 

http://www.darkreading.com/vulnerabilities- 

--threats/the-blind-spot-between-the-cloud-and-thedata-center/a/d-id/1326063? 


–––––––––––––––––––––––––––––––––––––––– 



office: 781-237-0341 

cell: 617-877-7480 


–––––––––––––––––––––––––––––––––––––––– 

marc@mgpr.net 


–––––––––––––––––––––––––––––––––––––––– 



West Harwich, MA 02671 

49

capability that empowers users to monitor their access 

for risk-ranked anomalous and suspicious activity, 

similar to the feedback loop that credit cards and credit 

monitoring agencies provide for their customers. The 

rich context that users provide goes beyond the knowledge 

of security analysts in security operation centers to 

identify and confirm anomalies. Self audits also provide 

security awareness and deterrence as key elements of an 

insider threat program. 

Gurucul GRA allows customers to implement data 

lakes of their choice with the ability to compute and 

store on big data for higher performance and increased 

data variety than legacy architectures. This provides 

efficiencies for machine learning models and significant 

savings by avoiding SIEM indexing fees, proprietary storage 

and data transfer fees. 

Gurucul’s newest release of GRA includes another 

innovation: Gurucul STUDIO. The intuitive step-by-step 

graphical interface does the heavy lifting to enable customers 

in highly regulated organizations, government 

agencies and the intelligence community to create their 

own custom machine learning models without the need 

for data science expertise or coding. Along with an open 

choice for big data, GRA also includes a flex data connector 

to ingest legacy (i.e. mainframe, building access 

systems) or new (i.e. SaaS apps, CASBs) data sources 

without coding or professional services. This enables 

customers to analyze any dataset with desired attributes 

through machine learning models with predictive risk 

scoring outcomes. 

Finally, Gurucul GRA is a proven big-data security 

analytics solution that is successfully deployed by government 

agencies and global Fortune 500 companies 

across the financial, healthcare, technology, retail and 

manufacturing sectors. 

Gurucul has been recognized in several high profile 

awards and reports, including: 

• 2016 SC Magazine US for Best Behavior Analytics/ 

Enterprise Threat Detection platform 

• 2016 SC Magazine Europe for Best Behavior 

Analytics/Enterprise Threat Detection platform 

• 2015 and 2014 SINET Innovator awards 

• 2016 Cyber Defense Magazine winner in three 

categories: 

- Best of Breed User Behavior Analytics Solutions 

for 2016 

- Best Insider Threat Prevention Solution for 2016 

- Hot Company for Insider Threat Detection 

Solutions for 2016 

• 2014 Gartner Cool Vendor in Identity and Access 

Management 

Gurucul company and product updates: http://gurucul. 

com/press 

50

51



Aperio Systems 

winner 

aperio-systems.com 

Best Compliance/Vulnerability 

Assessment Solution 

RiskVision 

finalist 

riskvisioninc.com 

Best Anti-Malware Solution 

Passages 

finalist 

getpassages.com 

Best Security Incident and 

Event Management (SIEM) Solution 

Solar Winds 

winner 

solarwinds.com

Category #1: Vendors of IT Security Products and Solutions 


ViaSat, Inc 

finalist 

viasat.com 

Best Endpoint Detection 

and Response Solution 

Tychon 

finalist 

tychon.io 

Best Continuous Monitoring & 

Mitigation Solution 

Netwrix Corporation 

finalist 

netwrix.com 


Securiport 

winner 

securiport.com


Best Data Security/Loss Management 

Solution 

Spirion 

winner 

spirion.com 


Forum Systems 

finalist 

forumsys.com 

Best Server Security Solution 

Blueridge 

winner 

blueridge.com

Category #1: Vendors of IT Security Products and Solutions 

Best Endpoint Detection and Response 

Solution 

Bromium 

winner 

bromium.com 


Sqrrl 

winner 

sqrrl.com


Category #2: Vendors of Physical Security Products and Solutions 

Judging in this category is based on a combination of: 

• Increase in client organization 

• Technological innovation or improvement 

• Filling a recognized government IT security need 

• Flexibility of solution to meet current and future organizational needs 

PHYSICAL SECURITY, ACCESS CONTROL, 

IDENTIFICATION, COMMUNICATIONS 

Best Biometric Identification System 

No Entry 

Best Access Control Hardware 

Identive - Winner 

Best Asset Tracking 

With Pairing Technology 

Offsite Vision Holdings - Winner 

Best Mass Notification System 

Amplifox Sound Systems - Winner 

LRAD 2 - Finalist 

Rave Mobile Security - Finalist 

Best Acoustic Hailing Service 

Amplivox Sound System - Finalist 

LRAD - Winner 

Best Lock-Down and 9-1-1 Notification 

in Active Shooter Situations 

Rave Mobile Safety - Winner 

Best Active Shooter 

Gunshot Detection Solution 

Shooter Detection System - Winner 

56

DETECTION PRODUCTS 

Best Chemical Detection Product or Solution 

FLIR - Winner 

Best Explosives Detection Product or Solution 

FLIR - Winner 

Best Nuclear/Radiation Detection Solution 

FLIR - Winner 

Best Automated License Plate 

Recognition (ALPAR) 

Perceptics LLC - Winner 

Best Spherical Situational 

Awareness Imaging Technology 

IC Realtime - Winner 

OTHER PRODUCTS 

Best Perimeter Protection, 

Intrusion Detection System 

Ross Technology Corporation - Winner 

Best Crash Barriers 

(Gates, Fences, Barriers, Bollards) 

Ross Technology Corporation - Winner 

Best Guard Booths 

B.I.G Enterprises – Winner 

SERVICES/EDUCATION 

Best Disaster Preparedness, 

Recovery, Clean-up 

High Rise Escape Systems Inc - Winner 

57



Vendors of Physical Security Products and Solutions 

LRAD Corporation 



–––––––––––––––––––––––––––––––––––––––– 

Best Acoustic Hailing Service 


–––––––––––––––––––––––––––––––––––––––– 

Designed for integrated applications, the LRAD 950RXL 

can be controlled remotely across an IP network enabling 

system operators to create a fully functional, 

unmanned perimeter security solution and respond to 

potential threats from a safe location. The LRAD 950RXL 

achieves a maximum peak output of 156dB and broadcasts 

highly intelligible voice messages and warning 

tones from close range up to 3,000 meters. The LRAD 

950RXL’s ability to immediately interact with a potential 

threat remotely provides security personnel additional 

time and distance to accurately assess situations and 

scale their response appropriately. The LRAD 950RXL 

reduces manpower, false alarms and deadly incidents 

while providing a highly effective and cost efficient, 

remote response security solution. 

58


–––––––––––––––––––––––––––––––––––––––– 

www.LRAD.com 


–––––––––––––––––––––––––––––––––––––––– 

https://www.lradx.com/lrad_products/lrad-rxl/ 


–––––––––––––––––––––––––––––––––––––––– 

Robert Putnam, Sr. Marketing Manager 


office: 858-676-0520 


–––––––––––––––––––––––––––––––––––––––– 

rputnam@lradx.com 


–––––––––––––––––––––––––––––––––––––––– 


16990 Goldentop Road, Ste. A 

San Diego, CA 92127 

59




Rave Mobile Safety 



–––––––––––––––––––––––––––––––––––––––– 

Best Lock-Down and 9-1-1 Notification in Active 

Shooter Situations 


–––––––––––––––––––––––––––––––––––––––– 

Rave Panic Button is the industry leading one button 

panic mobile application. In seconds, Rave Panic Button 

clearly communicates an emergency to 9-1-1, on-site 

personnel, and first responders. As a result, response 

times are shortened and first responder safety is improved. 

According to the FBI, only 31% of active shooter 

incidents last longer than 5 minutes. With Rave Panic 

Button, staff, security, and on-site personnel will be immediately 

notified of an incident and can initiate emergency 

procedures before first responders arrive. 

In August 2015, the state of Arkansas deployed Rave 

Panic Button statewide to protect more than half million 

students, faculty, and staff. Since then they have 

seen countless examples of how Rave Panic Button has 

saved lives. In one instance, a student brought a gun on 

campus. Within 1 minute of pushing the panic button, a 

school resource officer was on the scene and lockdown 

procedures started. In two minutes, a second school 

resource officer arrived. In 8 minutes, first responders 

arrived on the scene, secured the gun, and prevented 

any injuries or deaths that day. 

When Rave Panic Button initiates the 9-1-1 call, a 9-1- 

1 call taker instantly sees where the call is coming from, 

who pushed the panic button, and what type of emergency 

has occurred. Additionally, the 9-11 call taker can 

see the building’s floor plans and other facility information. 

As the incident unfolds, the call taker can send text 

updates to teacher and staff to keep them informed and 

aware. With Rave Panic Button, 9-1-1 serves as incident 

command by continuously providing instructions to 

people on-site and relaying information to first responders. 

This better coordinated response saves time and 

60

saves lives. 

By immediately notifying 9-1-1 and on-site personal, 

Rave Panic Button initiates lockdown procedures and 

speeds up the process. A partner integration in Nassau 

County, NY highlights how Rave Panic Button’s is 

integral to lockdown procedures. In Nassau County, NY, 

Rave Panic Button was deployed to protect 350 schools 

and over 200,000 students. Since Nassau County has 

Rave Panic Button and IntraLogic Video Management 

Solutions, the Rave Panic Button triggers all doors 

to automatically lock. The 9-1-1 supervisor can also 

search live camera feeds and provide updates to first 

responders. As first responders arrive on the scene with 

improved situational awareness, they can use the Intra- 

Logic system to unlock doors. 

Institutions are replacing hard wired panic buttons 

for a fraction of the cost with the mobile technology that 

travels with you, calls 9-1-1, and alerts staff in 1.5 seconds. 

Rave Panic Button is trusted by schools, universities, 

hospitals, and corporations nationwide because 

when seconds count Rave Panic Button can be trusted 

to deliver a faster and more efficient response. 


–––––––––––––––––––––––––––––––––––––––– 

ttps://www.ravemobilesafety.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Rave Panic Button Video: 

https://www.youtube.com/watch?v=3wa9Fl0NsPY 

Rave Panic Button Alerts Teachers to Gun on Campus: 

https://www.youtube.com/watch?v=E5dMt_DRaA4 

Arkansas Deploys Rave Panic Button App to Better Protect K-12 

Students: 

https://www.youtube.com/watch?v=m8_L70rqVNk 

Limestone County Increases Safety with Rave Panic Button: 

https://www.youtube.com/watch?v=83N5gwBqqbA 

SNOPAC 9-1-1 Leverages Rave Panic Button to Locate Missing 

Children: 

https://www.ravemobilesafety.com/case-studysnopac-9-1-1rave-panic-button-technology-locatemissing-children/ 

Rave Panic Button: 

https://www.ravemobilesafety.com/panic-button/ 


–––––––––––––––––––––––––––––––––––––––– 

Katharine Dahl, Director of Marketing 


office: 508-532-8933 

cell: 508-341-0545 


–––––––––––––––––––––––––––––––––––––––– 

kdahl@ravemobilesafety.com 


–––––––––––––––––––––––––––––––––––––––– 


50 Speen Street Suite 301 

Framingham, MA 01701 

61




Perceptics, LLC 



–––––––––––––––––––––––––––––––––––––––– 

Best Automated License Plate Recognition (ALPAR) 


–––––––––––––––––––––––––––––––––––––––– 

Perceptics is the sole LPR system provider for primary 

passenger vehicle inspection lanes at all land border 

ports of entry into the United States. Overall, Perceptics 

LPRs, driver and scene cameras are installed in over 

600 (inbound, outbound, and tactical) lanes for U.S. 

Customs and Border Protection. Perceptics recently 

installed LPRs at 42 U.S. Border Patrol check point lanes 

in Texas, New Mexico, Arizona, and California away from 

the border. 

Perceptics is the only company to successfully and consistently 

meet and exceed CBP’s stringent specifications, 

including CBP’s 95% LPR full plate read rate requirement 

for character and state/province identification, as 

well as delivery on performance, system availability, and 

equipment reliability targets. 

Perceptics has continually demonstrated its ability to engineer 

and develop the most accurate high performance 

imaging systems for national border security agencies in 

North America. 

62


–––––––––––––––––––––––––––––––––––––––– 

http://www.perceptics.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Border Security Info: 

http://www.perceptics.com/markets/border-security/ 

Checkpoint LPR: 

http://www.perceptics.com/products/license-platereaders/checkpoint-lpr/ 

Freeflow LPR: 

http://www.perceptics.com/products/license-platereaders/freeflow-lpr/ 


–––––––––––––––––––––––––––––––––––––––– 

Casey Self, Marketing Manager 


office: 865-671-9257 

cell: 865-210-3351 


–––––––––––––––––––––––––––––––––––––––– 

casey.self@perceptics.com 


–––––––––––––––––––––––––––––––––––––––– 


11130 Kingston Pike 

Suite 6 

Knoxville, TN 37934 

63



Vendors of IT Security Products and Solutions 

Identiv 



–––––––––––––––––––––––––––––––––––––––– 

Best Access Control Hardware 


–––––––––––––––––––––––––––––––––––––––– 










solutions. 





















64




























–––––––––––––––––––––––––––––––––––––––– 

identiv.com 


–––––––––––––––––––––––––––––––––––––––– 







–––––––––––––––––––––––––––––––––––––––– 


Identiv 

office: 213-910-0043 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 




65




Shooter Detection Systems LLC 



–––––––––––––––––––––––––––––––––––––––– 

Best Active Shooter Gunshot Detection Solution 


–––––––––––––––––––––––––––––––––––––––– 

The sound of a gunshot can easily be mistaken for 

construction noise or a car backfiring and this uncertainty 

can trigger unnecessary fear and panic or worse, 

inaction. Shooter Detection Systems’ Guardian Indoor 

Active Shooter Detection System listens and looks for 

gunfire and then reports that a shot has occurred within 

one second. The system has zero false alerts and 

displays the shooter’s location on an easy to read floor 

plan that shows security and key personnel where the 

gunshot occurred. This allows officials to immediately 

and appropriately respond to a life-threatening event 

and save lives with 

accurate, real-time 

information. 

As recent FBI 

reports have stated, 

Active Shooter 

incidents have 

been on the rise 

in the U. S. for the past several years. Effective response 

depends on the timely detection and reliable identification 

of an active shooter and the immediate communication 

of the incident details to at-risk personnel as well 

to emergency responders. A multi-mode (acoustic and 

IR based) gunshot detection sensor networked within 

a facility provides immediate and accurate detection of 

an Active Shooter within one second. The system also 

automates camera call up and initiates access control, 

therefore allowing security personnel to begin lockdown 

or evacuation procedures, and first responders to 

immediately address the threat. 

Shooter Detection Systems is comprised of a targeted 

team of business, tactical and multi-disciplinary systems 

engineering experts who collectively have over 40 years 

66

of experience with acoustic gunshot detection systems 

that were developed for military applications. While 

working at a major defense contractor, the SDS team 

was responsible for the successful production and delivery 

of over 10,000 gunshot detection systems to Iraq 

and Afghanistan. As a result of sniper attacks on the U.S. 

power grid, these same systems have been deployed to 

protect critical infrastructure and prevent the effects of a 

crippling power loss by sniper attack. 

Understanding the immediate need for technology 

to address the Active Shooter threat, the team began 

investigating how their experience designing acoustic 

detection technology could be applied indoors, offering 

a solution to this difficult and emerging problem. With 

a nation in fear of the Active Shooter, false alerts would 

not be tolerated. The difficulties in applying acoustic 

technology in an indoor environment were examined, 

thoroughly tested, and found to have an unacceptable 

false alert rate. Though even the vehicle gunshot detection 

version uses an acoustic modality to detect shooters, 

it was found that in an indoor environment, an 


–––––––––––––––––––––––––––––––––––––––– 

http://www.shooterdetectionsystems.com/ 

Link to full award submission report: 

–––––––––––––––––––––––––––––––––––––––– 

http://www.shooterdetectionsystems. 

com/?p=15028 


––––––––––––––––––––––––––––––––––– 

Kendra Noonan, Director of Communications 

Shooter Detection Systems 

office: 1-844-SHOT911 


–––––––––––––––––––––––––––––––––––––––– 

knoonan@shooterdetectionsystems.com 


–––––––––––––––––––––––––––––––––––––––– 

Shooter Detection Systems 

300 Newburyport Turnpike 

Rowley, MA 01969 

acoustics-only approach was insufficient. The result is the 

Guardian Indoor Active Shooter Detection System. 

The Guardian system is comprised of dual modality 

sensors strategically positioned within facilities that 

transmit gunshot alerts within one second. Guardian incorporates 

the world’s finest acoustic gunshot detection 

software and combines it with infrared sensor gunfire 

flash detection to produce the most accurate indoor 

gunshot detection system available. The sensor’s unique 

dual validation requirement provides the highest rate of 

detection while bringing the number of false alerts to 

zero. 

SDS is regularly chosen to participate in DHS Active 

Shooter and Terrorism scenario training drills involving 

multiple cooperating government agencies, a sampling 


67

The Evolution of Superior Gunshot Detection 

2011 

1990’s 2003 2005 2009 2010 2013 2014 

is below: 

In August 2014, SDS was selected to participate in 

a DHS sponsored School Safety Mock Active Shooter 

Drill at a large school in Wayne, New Jersey. Over 100 

role player participants were included in this exercise, 

including mock active shooters, shooting victims, and 

first responders. The active shooters in this scenario 

used high power rifles and handguns, and the Guardian 

sensors deployed throughout the facility provided 100% 

detection on all gunshots with zero false alerts. First 

responders were alerted via Situational Awareness Map 

and SMS messages, allowing immediate response and 

rapid takedown of the mock active shooter. In August 

2015, SDS was chosen to participate in a DHS sponsored 

Mock Active Shooter/Terrorist Drill at a multilevel 

synagogue in West Orange, New Jersey. The mock active 

shooter in this scenario used a high-power rifle and 20 

Guardian sensors deployed throughout the synagogue. 

The system provided 100% detection on all gunshots 

with zero false alerts. 

In November 2015, SDS was chosen by DHS to 

participate in an Active Shooter scenario in a New York 

City subway setting. Coincidentally, this event followed 

a series of coordinated terrorist attacks in Paris, drawing 

high level visitors to this subway event. DHS Secretary 

Jeh Johnson, New York City Mayor Bill de Blasio, NYPD 

Commissioner William Bratton, FDNY Commissioner 

Daniel Nigro, and NYPD Police Chief James Waters 

could witness firsthand how the Guardian sensors deployed 

along the subway platform and in the subway 

car alerted at 100% detection with zero false alerts. 

The Guardian System’s Situational Awareness Map was 

broadcast inside NYPD Mobile Command Center and 

shot information was repeated to first responders, allowing 

swift takedown of the active shooter. 

In June 2016, SDS was chosen again by DHS to 

participate in an Active Shooter/Terrorist drill, this 

time in a professional sports stadium environment. 

The exercise took place at Fenway Park in Boston, MA, 

with over 500 role players participating in a simulated 

attack on a crowd at the entrance to the stadium. 

In cooperation with the Boston Police Department, 

SDS deployed sensors along the Gate D entrance and 

integrated with the building’s existing video surveillance 

system. In multiple scenarios, the Guardian 

system alerted on 100% of the shots fired along the 

concourse. The system sent alerts to participating First 

Responders, Fenway Security Personnel, and provided 

instant camera views to the active shooter to the Fenway 

Security Operations Office. 

As of December 2016, SDS is installed nationwide 

with over 14 million hours of operation in real-world 

68

environments with zero false alerts. These installations 

include airports, Fortune 500 corporations, court 

systems, utilities, healthcare facilities and high-rise office 

buildings, with upcoming installations in many more 

government and private buildings. Active Shooter Protocols 

are now a standard practice among all these industries. 

The Guardian Indoor Active Shooter Detection 

System is the missing link to activate these protocols 

with confidence, decreasing response time and saving 

lives in the event of an active shooter. 

With the FBI recently reporting that 2014-2015 

showed the most active shooter incidents ever in a twoyear 

period, there is no better time or reason for SDS 

to win the GSN 2016 Homeland Security Award for Best 

Active Shooter Gunshot Detection System. 

For more information, please contact us at sales@ 

shooterdetectionsystems.com or call 1-844-SHOT911. 

69




B.I.G. Enterprises, Inc. 



–––––––––––––––––––––––––––––––––––––––– 

Best Guard Booths 


–––––––––––––––––––––––––––––––––––––––– 

B.I.G.’s award-winning Portable/Turnstile booth: 

B.I.G. helps facility owners put exceedingly tough access 

control wherever it is needed. 

Turnstiles are used at a wide variety of settings to allow 

only one person at a time to pass into an area. Now 

B.I.G. Enterprises has created a Portable Guard Booth 

w/Turnstile unit to provide secure access when and 

where needed. 

From a business/revenue standpoint, turnstiles give 

an accurate, verifiable count of attendance. From a 

security standpoint, they provide added access control 

limiting access to personnel with proper badges, and 

lead patrons to enter single-file, so security personnel 

have a clear view of each patron. 

From stadiums, amusement parks, mass transit stations, 

office lobbies, airports, ski resorts, and casinos to 

government buildings and critical facilities such as data 

centers, chemical or nuclear power plants, controlling 

the flow of foot-traffic—but at flexible places on a property 

can be exceedingly valuable. 

Recently, one of B.I.G.’s customers—a major North 

American construction company, needed to control 

construction workers as they arrived and departed each 

day from a highly sensitive power plant construction 

project. Nuclear power plants, Generation Stations and 

certain fuel fabrication facilities must show they can defend 

against a set of adversary characteristics called the 

Design Basis Threat (DBT). In general, the DBT outlines 

threats and adversary characteristics these facilities must 

demonstrate they can protect against. B.I.G.’s awardwinning 

Portable Guard Booth w/Turnstile unit helps 

such facilities show that they their access control can 

stand up to specific tactics used by terrorist groups and 

70

organizations. 

The prefabricated unit in this photo is designed with 

three Turnstiles, but B.I.G. could provide the same 

model with fewer or greater turnstiles. Portable, this 

unit can be used in various areas for secured access into 

a facility. 

The Portable Guard Booth WITH Turnstiles features 

full structural steel framing with insulated galvanized 

steel walls and roof, dual pane insulating glass, interior 

shelving, LED lighting, outlets and J-Boxes for data & 

communications, HVAC, floor and high solids polyurethane 

paint finish. The turnstile area is framed to accept 

the turnstiles and features galvanized flooring covered 

with polished aluminum diamond plate, recessed compact 

Fluorescent lights in the soffit above the turnstiles, 

and three factory-installed turnstiles. 

“Because we are experts at perimeter security and 

access control, we were pleased to work with this major 

utility company to assist in a critical time of their expansion 

process. Whatever the requirement you may face, 

B.I.G. Enterprises, Inc. has the solution.” – said Vice 

President David King. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.bigbooth.com/ 


–––––––––––––––––––––––––––––––––––––––– 

http://www.bigbooth.com/case-studies/april-2016 


–––––––––––––––––––––––––––––––––––––––– 

Sharon Bailey, Managing Director 

Brand Orbit 

office: 626-791-7954 


–––––––––––––––––––––––––––––––––––––––– 

sharonb@brandorbit.com 


–––––––––––––––––––––––––––––––––––––––– 

Brand Orbit 

1051 E. Altadena Drive 

Altadena, CA 91001 

About B.I.G. Enterprises: 

Since 1963, B.I.G. Enterprises, Inc. of California 

has engineered and manufactured a 

comprehensive line of high quality, highend, 

prefabricated security and revenue control 

booths. Their state-of-the-art selection of 

pre-assembled buildings include guardhouses, 

cashier booths, portable shelters, and 

a variety of custom-made kiosks. For more 

information, visit: www.bigbooth.com. 

71




Ross Technolog y 



–––––––––––––––––––––––––––––––––––––––– 

Best Perimeter Protection 


–––––––––––––––––––––––––––––––––––––––– 

Engineered to be extremely flexible and user friendly, 

the XT-4200 is the only electro-mechanical rising beam 

barrier that meets the ASTM F2656 M50-P1 crash test 

standard. Crash tested with a 24’ clear opening, this 

barrier is not only a cost effective solution for securing 

wide entrances, it’s also designed to reduce maintenance 

and operating costs. 

The all-electric system utilizes a continuous-duty 

rated motor and gearbox to provide long-term reliability 

and reduced downtime. And because the motor 

and drive system are located within the posts, they’re 

shielded from the elements to deter corrosion. This also 

makes it easy to access equipment for service. Finally, 

the crash beam is raised and lowered by a unique dual 

drive chain system to ensure consistently smooth and 

quiet operation. 

Like our Anti-Ram Fence, the XT-4200 post design 

features integral rebar rods (provided by Ross) to spare 

installers the time and expense of purchasing rebar and 

building cages. The post is also engineered to accept 

Ross XL-501 Anti-Ram Fence Beams for a complete, 

integrated perimeter security system. 

72


–––––––––––––––––––––––––––––––––––––––– 

http://www.rosstechnology.com/ 


–––––––––––––––––––––––––––––––––––––––– 

(XT-4200) M50 P1 Post & Beam Gate: 

http://www.rosstechnology.com/perimeter-security/ 

gates-and-fencing-2/m50-p1-post-beam-gate/ 

Beam style gates are ideal for guarding access control points 

with wide entrances, eliminating the need to install and 

maintain multiple wedge barriers or bollards. And because 

the vertical support posts and foundations are often installed 

beyond the roadway margins, these barriers can reduce the risk 

of interference with underground utilities. The XT-4200 Anti- 

Ram Gate features a unique rising beam actuated by a highly 

reliable, electromechanical drive system. It’s also engineered 

to integrate seamlessly into our XL-501 Post & Beam Fence to 

create a turnkey perimeter security solution. 


–––––––––––––––––––––––––––––––––––––––– 

Steve Luscian,Vice President, Sales and Marketing 

Ross Technology 

office: 717-656-2200 


–––––––––––––––––––––––––––––––––––––––– 

Sales@rosstechnology.com 


–––––––––––––––––––––––––––––––––––––––– 


104 N. Maple Avenue 

P.O. Box 646 

Leola, PA 17540 USA 

73




Ross Technolog y 



–––––––––––––––––––––––––––––––––––––––– 

Best Crash Barriers (Gates, Fences, Barriers, Bollards) 


–––––––––––––––––––––––––––––––––––––––– 

The XL-501 Post and Beam Anti-Ram Fence was engineered 

to be extremely simple and efficient in terms 

of the materials required to arrest vehicle impact and 

the effort required for construction. Constructed from 

heavy-duty structural steel, this unique system utilizes 

a single tubular beam with patented, energy-absorbing 

technology that enables the vertical posts to be set on 

30-foot centers. This design feature eliminates the need 

for multiple intermediate posts and cable runs used in 

traditional anti-ram fence products. Ross Post and Beam 

Anti-Ram Fence accommodates a wide range of inherent 

site considerations, including layout and terrain 

changes. The heavy-duty galvanizing and optional epoxy 

primer and polyurethane topcoat provide a high-quality, 

durable finish that withstands the elements. And the 

high-strength tubing does not require initial or ongoing 

tensioning. 

74


–––––––––––––––––––––––––––––––––––––––– 

http://www.rosstechnology.com/ 


–––––––––––––––––––––––––––––––––––––––– 

(XL-501 / RSS-F501D) M50 P1 Post & Beam Fence: 

http://www.rosstechnology.com/perimeter-security/ 

gates-and-fencing-2/anti-ram-m50-p1-post-beamfence/ 

Anti-ram fencing safeguards high-risk facilities that require complete 

perimeter protection against vehicle-borne attacks. These 

anti-ram barrier systems provide maximum security for buildings, 

equipment and hazardous materials vulnerable to highspeed 

impacts or in close proximity to roadways. The XL-501 

Post and Beam Anti-Ram Fence is a proven high security vehicle 

barrier delivering vehicle-stopping strength with an innovative 

design that reduces overall costs, simplifies installation and 

improves visual appeal. 


–––––––––––––––––––––––––––––––––––––––– 

Steve Luscian,Vice President, Sales and Marketing 


office: 717-656-2200 


–––––––––––––––––––––––––––––––––––––––– 

Sales@rosstechnology.com 


–––––––––––––––––––––––––––––––––––––––– 


104 N. Maple Avenue 

P.O. Box 646 

Leola, PA 17540 USA 

75


Best Mass Notification System 

Rave Mobile Security 

finalist 

ravemobilesafety.com 

Best Asset Tracking with 

Pairing Technology 

Offsite Vision 

winner 

offsitevision.com 

Best Explosives Detection Product 

or Solution 

FLIR Systems 

winner 

flir.com/fidox2

Category #2: Vendors of Physical Security Products and Solutions 

Best Spherical Situational Awareness 

Imaging Technology 

IC Realtime 

winner 

icrealtime.com 

Best Disaster Preparedness, Recovery, 

Clean-up 

High Rise Escape Systems, Inc 

winner 

hres.com


Category #3: GSN 2016 Government Excellence Award 

Judging in this category is based on one or more of the following criteria: 

• Development of successful strategy and increase in public safety 

• Providing a notable solution to a recognized problem 

• Reduction in cost and/or major increase in efficiency and effectiveness 

• Decisive, successful action to respond to threat or emergency 

Special note on this year’s Government Awards: 

Rather than relying on predetermined categories, the judges decided instead 

to select five entries that would best represented the term Government Excellence. 

2016 Government Excellence Entry 

selected by judges: 

Agency: USDA Agricultural Research 

Service (USDA-ARS) 

Category: Most Notable Federal 

Government Program, Project or Initiative 

Product: BeyondTrust Powerbroker 



Agency: Federal Emergency Management 

Agency (FEMA) 

Category: Most Notable Cybersecurity 

Program or Technology 

Product, Service or Program: Personal 

Identity Verification (PIV) and Single 

Sign On (SSO) enablement 

78



Agency: Department of Homeland 

Security, Office of Cybersecurity and 

Communications 



Product: National Cybersecurity 

Assessments and Technical Services 

(NCATS) 



Agency: DOJ, OPM 

Category: Most Notable Government 

Security Program, Project of Initiative 

Product, Service or Program: Interagency 

Security Committee Risk Management 

Process (ISCRMP) Training Program 



Agency: State of Montana 

Category: Most Notable State 

Government Program, Project or Initiative 

Program: State Information Technology 

Services Division (SITSD), State of 

Montana 



Agency: Wombat Security Technologies 



Product, Service or Program: Wombat 

Security Education Platform 

79



GSN 2016 Government Excellence Award 

USDA Agricultural Research Service (USDA-ARS) 



–––––––––––––––––––––––––––––––––––––––– 

Most Notable Federal Government Security Program, 

Project or Initiative 

Name of Nominated Product, Service, 

or Program: 

–––––––––––––––––––––––––––––––––––––––– 

BeyondTrust Powerbroker 


–––––––––––––––––––––––––––––––––––––––– 

In June of 2015, the Office of Management and Budget 

(OMB) launched a 30-day Cybersecurity Sprint to assess 

and improve the health of all Federal assets and networks. 

Agencies were directed to protect Federal information 

systems, and improve the resilience of networks 

in both civilian and military organizations, then report 

on their successes and challenges. Organizations were 

instructed to immediately patch critical vulnerabilities 

and strictly limit the number of privileged users with access 

to authorized systems, while significantly accelerating 

the use of strong authentication for privileged users. 

The US Department of Agriculture, Agricultural Research 

Service (USDA-ARS), took the call to action seriously 

and set out to rapidly secure 11,000 privileged users in 

their windows environment. Deploying BeyondTrust 

Powerbroker for Windows in half the time expected 

for a deployment of this size, the USDA-ARS was able 

to secure and manage their privileged accounts quickly 

and efficiently. In many cases, achieving this well ahead 

of peer agencies. 

Legacy Software: Upgrades and Vulnerabilities 

The USDA-ARS began to see immediate benefits. “As 

we brought ARS sites from around the country into 

Enterprise Active Directory, under the agency domain, 

we found thousands of machines had older versions of 

software, such as Internet Explorer, Adobe, Java, etc. 

Many of these older versions of software were found to 

contain vulnerabilities and a mandate was generated to 

upgrade to the latest versions. With PBW, I was able to 

80

quickly and easily create rules that provided users the 

administrative privilege to uninstall old software and 

install new software without the need for administrative 

credentials,” said the project lead at the agency. In 

addition, this project allowed the agency to create a very 

large set of “canned” rules to allow background update 

services to install updates and patches. “We immediately 

began to see a drop in the number of vulnerabilities 

reported in these applications.” 

Elevating Specific Applications 

Like many of our government agencies, the US 

Department of Agriculture ARS has cases where one 

user, or several users, need to launch an application 

with administrator privileges on a specific machine or 

group of machines. However, they don’t need full-time 

administrator privileges or access to the username and 

password of a local administrator account as part of 

their day-to-day duties. This implementation allowed the 

agency to elevate the specific application to launch with 

administrative privileges without the user ever obtaining 

the username and password for a local administrator 

account. “Thus, the user is not able to login to the computer 

with an administrator account, thereby gaining 

administrator-level access to everything on the machine, 

nor do they have the ability to launch/install other 

applications using the built-in ‘Run-As’ function,” said 

the agency project lead. The USDA-ARS is making the security 

of their information systems a priority, achieving 

least privilege quickly and effectively. Congratulations to 

the agency teams and leadership for a job well done. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.beyondtrust.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Mike Bradshaw, Partner 


office: 801-373-7888 


–––––––––––––––––––––––––––––––––––––––– 

mikeb@connectmarketing.com 


–––––––––––––––––––––––––––––––––––––––– 


881 W. State Street 

Pleasant Grove, UT 84062 

81




Federal Emergency Management Agency (FEMA) 



–––––––––––––––––––––––––––––––––––––––– 

Most Notable Cybersecurity Program or Technology 


or Program: 

–––––––––––––––––––––––––––––––––––––––– 

Personal Identity Verification (PIV) 

and Single Sign On (SSO) Enablement 


–––––––––––––––––––––––––––––––––––––––– 

In June of 2015, the Office of Personnel Management 

suffered a high-profile data breach which spurred action 

on cyber security across numerous agencies. Adrian 

Gardner, the Chief Information Officer (CIO) of the 

Federal Emergency Management Agency (FEMA), was 

determined to safeguard his agency’s information. He 

sought a comprehensive, rigorous solution rather than a 

“Band-Aid” approach, and had a very aggressive schedule 

to implement the solution in six months. Mr. Gardner 

requested that 76 high priority systems be Personal 

Identity Verification (PIV) Card and Single Sign On 

(SSO) enabled to ensure that industry leading security 

standards, aligning with FEMA’s Target Actionable Architecture, 

would be applied to systems containing user 

information. 

The FEMA PIV SSO project was kicked off on October 

1, 2015, consisting of a joint FEMA-IBM initiative that incorporated 

efforts led by the Office of the Chief Information 

Officer (OCIO) and supported by various mission 

critical FEMA program areas. The scope of the effort 

included the implementation of an enterprise security 

infrastructure based on the IBM Security Access Manager 

(ISAM) Webseal, Federated Identity Manager (FIM) 

and Integrated Windows Authentication (IWA) technologies. 

FEMA’s systems leverage a wide variety of technologies, 

including Java, C++, .NET, PowerBuilder, 

and Mainframe. The PIV/SSO implementation approach 

varied depending upon the technology and existing 

authentication mechanism of the specific application. 

FEMA understood that no single solution would be 

82


–––––––––––––––––––––––––––––––––––––––– 

https://www.fema.gov/ 


–––––––––––––––––––––––––––––––––––––––– 

Given the nature of this project, there is limited publicly 

available information. What information can be found on the 

internet has been included here. 

able to address the authentication needs for all applications 

within an organization as large and complex as 

FEMA. Accordingly, the team created a standardized 

approach which took into consideration the systems’ 

technical platforms (Powerbuilder, Java, .NET, Custom- 

Off-The-Shelf ) and other mitigating factors such as 

end user population types, need for mobility support, 

the production environment and other critical factors. 

Moreover, the integrated team took into consideration 

a user population that does not currently use PIV cards 

for access: namely state, local, tribal, and territorial 

(SLTT) users. The solution allowed them continued 

access to the systems through user name and password 

authentication as a temporary workaround until PIV-I 

would be rolled out. 

The system deployments were planned to minimize 

the impact to the mission of the organization. Application 

releases were grouped based on technology, 

authentication method and application dependency. 

The first group deployment, in mid-February 2016, 

included applications dependent on the mission-critical 

National Emergency Management Information System 

(NEMIS) system. The second group of applications, 

mostly relying on the FEMA Integrated Security and 

Access Controls – FEMA Access Management System 

(ISAAC - FAMS) landing page, were deployed at the end 

of February. The last group of systems, primarily includ- 


This quick reference guide helps to demonstrate the proper 

use of the system. It helps to explain how the user interface 

changed to increase security without impacting current work 

products: 

http://floodmaps.fema.gov/tutorials/piv/MIP_PIV_ 

Quick_Reference_Guide.pdf 

Note from FEMA Chief Information Security Officer (CISO), 

Donna Bennett to employees describing the implementation of 

the single sign on system: 

https://www.fema.gov/media-library- 

data/1458661814326-bf98611bc38ad- 

8ba63241578a3e2c145/PIVRollout.txt 

Helps to describe the innovative nature of FEMA’s authentication 

program and its impact: 

https://gcn.com/articles/2016/10/06/dig-it-fema-authentication.aspx 


–––––––––––––––––––––––––––––––––––––––– 

Thomas Coleman, Partner 

IBM Global Business Services 

office: 301-803-6689 

cell: 202-320-3280 


–––––––––––––––––––––––––––––––––––––––– 

thomas.coleman@us.ibm.com 


–––––––––––––––––––––––––––––––––––––––– 

IBM Corporation 

600 14th St, NW, Floor 2 

Washington, DC 20005-2012, US 

83

ing Cloud based systems and systems outside of the 

FEMA Enterprise Network, were deployed at the end of 

March, meeting the initial six-month deadline through 

tight collaboration across all stakeholders. 

The completion of PIV/SSO enablement is a significant 

step in furthering FEMA’s cyber defenses and 

controls to better protect FEMA data, including information 

from disaster survivors and FEMA partners. The 

PIV/SSO effort not only introduced a scalable enterprise 

security platform but it also integrated all FEMA’s critical 

systems within the infrastructure to ensure the security 

of the organization’s applications and the data which 

it maintains. This was accomplished with minimal user 

interruption as the integrated FEMA-IBM team carefully 

planned the deployment of the systems taking into consideration 

FEMA restrictions of system changes during 

active disaster declarations. 

This project PIV enabled FEMA systems at the application 

level, allowing FEMA to attain the Level of 

Assurance 4, in accordance with the NIST SP 800-63 

requirements, for their high value systems. With this 

capability, the agency has transformed the way all users 

access their applications, simplifying and streaming 

their access to the applications while improving system 

security and reducing FEMA operational overhead of 

manually updating employee records. By creating a 

standardized solution approach across disparate identity 

architectures throughout different FEMA IT Systems, 

this project also reduces the effort for any new system to 

be integrated within FEMA’s enterprise security infrastructure 

in the future. The FEMA PIV/SSO effort applied 

industry-leading security standards and created a robust 

security layer, which enhances FEMA’s ability to both 

secure and control access to sensitive information. This 

implementation not only leveraged an architecture that 

conforms to various FICAM model objectives, but also 

helped FEMA reach its objective of meeting OMB and 

DHS mandates. 

Summary highlights of how the PIV/SSO initiative transformed 

FEMA’s security posture include: 

• Implementation of an architecture that conforms 

to goals for Federal Identity, Credential, and Access 

Management (FICAM) model. 

• FEMA attainment of Level of Assurance 4, in 

accordance with the NIST SP 800-63 requirements, 

for their high value systems. 

• Implementation of appropriate policy controls 

such as User Based Enforcement (UBE). 

• Reduced PII Exposure and improved audit 

reporting. 

• A standardized solution across disparate 

identity architecture throughout different 

FEMA IT Systems. 

• Reduced FEMA operational overhead of manually 

updating employee records. 

84

85




Department of Homeland Security, 

Office of Cybersecurity and Communications 



–––––––––––––––––––––––––––––––––––––––– 



or Program: 

–––––––––––––––––––––––––––––––––––––––– 

National Cybersecurity Assessments and Technical 

Services (NCATS) 


–––––––––––––––––––––––––––––––––––––––– 

In May 2015, the Department of Homeland Security 

(DHS) issued a first-of-its-kind binding operational 

directive (BOD) requiring all federal agencies to patch 

critical network vulnerabilities within 30 days. The National 

Cybersecurity Assessments and Technical Services 

(NCATS) Cyber Hygiene program was responsible for 

identifying critical vulnerabilities in agency systems. 

They helped create the BOD Scorecard, BOD vulnerability 

tracker, real-time dashboard with graphs for real-time 

situational awareness, and programmed a hierarchical 

data structure to enhance the categorization of each 

stakeholder’s internet protocol (IP) space. These products 

have improved DHS’s ability to determine a federal 

department or agency’s network security status in realtime. 

The National Cybersecurity Assessments and Technical 

Services (NCATS) program is located within the 

DHS’s Office of Cybersecurity and Communication’s 

86

National Cybersecurity and Communications Integration 

Center (NCCIC). The NCATS team focuses on proactively 

engaging with its federal, state, local, tribal, territorial 

and critical infrastructure partners to improve their 

cybersecurity posture, limit their exposure to risks and 

threats, and reduce rates of exploitation. The NCATS 

team offers cybersecurity services such as red teaming, 

penetration testing, and vulnerability scanning at no 

cost. 

To date, the NCATS program has worked with over 

386 organizations, delivered over 19,000 reports and 

helped resolve over 326,000 vulnerabilities. DHS’s 

Office of Cybersecurity and Communications Assistant 

Secretary Dr. Andy Ozment states, “NCATS is a lifeline to 

funding-constrained public and private sector partners, 

particularly among the critical infrastructure sectors. 

Their cybersecurity expertise in current and emerging 

threats provides an objective third-party perspective to 

help improve an organization’s cybersecurity posture.” 


–––––––––––––––––––––––––––––––––––––––– 

http://www.DHS.gov/cyber 


–––––––––––––––––––––––––––––––––––––––– 

https://www.us-cert.gov/ccubedvp/federal 

https://krebsonsecurity.com/2015/12/dhs-givingfirms-free-penetration-tests/ 


–––––––––––––––––––––––––––––––––––––––– 

Rob Karas, Director of National Cybersecurity 

Assessment & Technical Services (NCATS) 



Contact Bob Hopkins on his behalf: 703-235-5788 


–––––––––––––––––––––––––––––––––––––––– 

Robert.Hopkins@hq.dhs.gov 


–––––––––––––––––––––––––––––––––––––––– 



245 Murray Lane, SW 

Building 410, MS 645 

Washington, DC 20528 

Organizations participating in DHS’s “Cyber Hygiene” vulnerability 

scans. Source: DHS 

87







–––––––––––––––––––––––––––––––––––––––– 



or Program: 

–––––––––––––––––––––––––––––––––––––––– 

Wombat Security Education Platform 


–––––––––––––––––––––––––––––––––––––––– 

The Wombat Security Education Platform helps IT security 

professionals maximize learning and lengthen retention 

through the implementation of a continuous cycle of assessment, 

education, reinforcement, and measurement all 

in one integrated platform. Wombat’s methodology sits in 

strong contrast to a “one and done” approach, providing 

an innovative and appealing way to teach the end-user, 

which sharpens their security skills and gives IT security 

professionals and enterprises the opportunity to mitigate 

risk through constant security awareness. Wombat’s success 

in driving awareness and creating lasting behavior 

change for end users is demonstrated across a variety of 

industries. After pairing mock phishing attacks and interactive 

training modules, a large public college in the 

Northeastern U.S. saw a significant reduction in malware 

and viruses, a 90% reduction in successful phishing attacks 

from the wild, significantly fewer support requests, an 

increase in the number of users reporting incidents and 

attacks, and a greater awareness of issues. 

Wombat’s training program differentiates itself from 

other offerings by focusing on the following: 

• Learning Science Principles: Wombat applies traditional 

proven training methods to a modern education 

problem with an innovative software-based solution. All 

of Wombat’s training solutions utilize multiple learning 

science principles to engage the learner, lengthen retention 

and change behavior. Wombat’s training software 

asks learners to practice as they learn, provides immediate 

feedback for right and wrong answers, and provides 

teachable moments to show a learner what they don’t 

know. 

• Automating Attacks and Training: Wombat’s simulated 

88

attacks and knowledge assessments are integrated with 

cloud-based training modules so everyone who falls for 

an attack, or scores below an assessment threshold, can 

automatically be assigned training they can complete at 

a later time. This enables the organization to understand 

and address the riskiest users in their organization. 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Testimonials page: 

https://www.wombatsecurity.com/about/testimonials 

Platform page: 

https://www.wombatsecurity.com/security-education 

Educate page: 

https://www.wombatsecurity.com/security-education/educate 

Independent media coverage: 

http://www.eweek.com/small-business/wombatreleases-security-education-platform.html 


–––––––––––––––––––––––––––––––––––––––– 



office: 512-792-2543 

cell: 713-705-0158 


–––––––––––––––––––––––––––––––––––––––– 

divanova@shiftcomm.com 


–––––––––––––––––––––––––––––––––––––––– 


200 E 6th Street, #202 


Wombat’s Security Education Platform contains Security 

Assessment Tools that give customers important insights 

into susceptibility and allows them to narrow in on key 

areas of susceptibility. Clients can pair the company’s 

CyberStrength® knowledge assessments with Wombat’s 

ThreatSim®, SmishGuru®, and USBGuru® simulated 

attack programs for a comprehensive view of an organization’s 

potential vulnerabilities. Security officers also have 

the ability to customize training programs for the entire 

organization or to focus on a group of employees. Wombat’s 

mobile-responsive modules provide users increased 

flexibility and accessibility. Meeting U.S. 508 & WCAG 

compliance standards and offering more than 25 languages 

provides a diverse cross-section of users the opportunity 

to complete training requirements regardless of their 

native language or individual abilities. The newly released 

Dynamic Reporting capabilities within the Security Education 

Platform allow IT security professionals to seamlessly 

monitor user performance and deploy gamification of 

security education programs to further motivate employee 

engagement in training initiatives. 

Wombat Security Technologies is the first and only 

company to offer a complete suite of anti-phishing and 

security awareness assessment and training products that 

leverage progressive training techniques to effectively improve 

human response against cyber threats – up to a 90% 

reduction in malware infections and phishing attacks. The 

platform provides the ability to assess, educate, reinforce, 

and measure. This gives IT security professionals a solid 

foundation to implement an effective security awareness 

program, where each and every employee becomes a “security 

guard” of the company no matter what kind of cyber 

attack the company faces. Wombat’s Education Security 

platform is built on scientific research, which distinguishes 

Wombat from any other education platform across the 

security industry. 

89




State of Montana 



–––––––––––––––––––––––––––––––––––––––– 

Most Notable State Government Security Program, 

Project or Initiative 


or Program: 

––––––––––––––––––––––––––––––––––––––– 

State Information Technology Services Division 

(SITSD), State of Montana 


–––––––––––––––––––––––––––––––––––––––– 

SITSD has been working to increase visibility in agencies 

across the state of Montana including Health & Human 

Services, the Department of Revenue, the Department 

of Administration and the Judicial Department, through 

the use of Splunk Enterprise and Splunk Enterprise 

Security. SITSD utilizes this platform to improve the 

security posture of the state, and is doing so through 

troubleshooting and other crucial capabilities. The 

SITSD team is also now able to monitor multiple security 

categories – including information across the network, 

directories, web filtering, DNS and virtual servers 

– as well as the security bandwidth of various agencies 

across the state. 

Within SITSD, security teams now have the ability to 

build and use threat intelligence dashboards, providing 

visibility into all threat intelligence activity across the 

network. Using these dashboards, the team automatically 

accesses datafrom agencies across the state within 

minutes to assess and mitigate potential threats. Prior to 

implementing the security platform, the team manually 

retrieved this information, which was very time consuming. 

Security personnel can now pull data from multiple 

sources into one pool for unified search discovery and 

troubleshooting. Examples are Firewall, Websense Filtering, 

Netscaler, Active Directory Auditing, DNS, and VM 

machine access. 

In addition to these new capabilities, teams within 

SITSD have begun to function in a proactive manner 

90


–––––––––––––––––––––––––––––––––––––––– 

https://sitsd.mt.gov/ 


–––––––––––––––––––––––––––––––––––––––– 

The State Informational Technology Services Division is part of 

the Montana Department of Administration. The mission of the 

State Information Technology Services Division is to provide 

shared IT services to support the needs of the state and citizens 

of Montana: 

http://sitsd.mt.gov/Services-Support/Enterprise- 

Architecture 

rather than in the reactive way they functioned prior to 

deploying the platform. They can now fully understand 

their threat environment and monitor all types of data, 

which has led to a major increase in efficiency and information 

sharing across Montana. The state no longer has 

to assess threats on a case-by-case basis, and can more 

efficiently and effectively protect the data of the state, 

and therefore its citizens. 

This program has become a critical tool for Montana’s 

network. “Any time we have network or content 

filtering issues, our go-to is Splunk. Previously, troubleshooting 

issues could take hours, and multiple people 

across different bureaus working together as the logs 

were from several sources,” said Randy Haefka, Enterprise 

Support Services Section Supervisor, Enterprise 

Technology Services Bureau, SITSD/Montana Department 

of Administration. The team now has all of its 

tools and information centralized on one platform, 

which further enables it to be proactive and maintain 

the integrity of the state’s network. 

Independent media coverage: 

http://sitsd.mt.gov/News-Events/PID/22417/evl/0/ 

CategoryID/125/CategoryName/Current-SITSD- 

News 


–––––––––––––––––––––––––––––––––––––––– 

Ron Baldwin, Chief Information Officer 


office: 406-444-2777 


–––––––––––––––––––––––––––––––––––––––– 

RBaldwin@mt.gov 


–––––––––––––––––––––––––––––––––––––––– 


Department of Administration 

125 N. Roberts 

Helena, MT 59620 

91




DOJ, OPM 



–––––––––––––––––––––––––––––––––––––––– 

Most Notable Federal Government Security Program, 

Project of Initiative 


or Program: 

–––––––––––––––––––––––––––––––––––––––– 

Interagency Security Committee Risk Management 

Process (ISC RMP) Training Program 


–––––––––––––––––––––––––––––––––––––––– 

Approximately 350,000 Federal facilities across the country 

require a comprehensive risk assessment methodology 

that addresses threat, consequence, and vulnerability of 

the 33 undesirable events identified in the Department of 

Homeland Security (DHS), Interagency Security Committee 

(ISC) Standard Report. Often facility security practitioners 

do not always consider all the undesirable events 

when conducting risk assessments due to lack of expertise 

or available resources, leaving facilities vulnerable to risk, 

exposed to unnecessary expense, and non-compliant with 

the ISC standards. 

The ISC RMP Training Program was first established as 

a pilot course in May 2011 by the DOJ. After some refinement, 

the course documentation was submitted to the 

ISC and approved in December 2011 as the first official 

risk management process training program. At the end of 

2012, DOJ reached out to OPM to establish a partnership 

to have the highly regarded program managed by OPM/ 

EMDC, based on their 50 year history in delivering stellar 

leadership and management development programs. 

The DOJ/OPM partnership officially kicked off with the 

first open enrollment course delivered in Washington, DC 

in January 2014. The feedback from the participants in this 

first course reflected an overall success score of 4.93 out a 

possible 5.0. 

The ISC RMP Training Program continues to reach new 

heights and achieve success. Most recently, the program 

recognized and celebrated the graduation of the 500th 

participant. The program has been successfully delivered 

92

to over 540 graduates from 57 different agencies, with 

participants ranging from GS-6 to SES. The number of 

participants continues to grow substantially, with increasing 

numbers coming from the Department of Defense. 

The program has been delivered more than 29 times to 

date, with additional single agency requested or ad hoc 

sessions being added to the training schedule each year. 

The program also continues to receive higher than industry 

average course evaluation scores. 

The success of the program is demonstrated in the 

significant increase in the number of security practitioners 

who effectively establish risk assessment methodologies 

for their facilities that comply with the ISC RMP standards. 

Participants who are responsible for securing their agencies 

facilities and practitioners who participate in the 

development of security countermeasures receive access 

to the first ISC certified and approved Risk Management 

Process Tool, designed to automate the process of calculating 

facility security levels and identifying the relevant 

countermeasures associated with various types of threats, 

consequences, and vulnerabilities of the 33 undesirable 

events. 

Graduates of the ISC RMP Training Program are able to: 

• Provide guidance to Facility Security Committees 

(FSCs) 

• Perform ISC-Compliant Risk Assessments 

• Determine Facility Security Levels (FSL) 

• Identify Necessary Levels of Protection (LOP) 

Establishing and executing a comprehensive risk assessment 

methodology is a challenge for many Federal facility 

security professionals across the country. The ISC RMP 

Training Program should be recognized by the Government 

Security News 2016 Homeland Security Awards Program 

for providing a blended learning solution for Federal 

agencies to address risk assessment challenges, reduce 

cost and inefficiencies of their security resources, and mitigate 

the impact of undesirable events at their facilities. 


–––––––––––––––––––––––––––––––––––––––– 

https://cldcentral.usalearning.net/ 


–––––––––––––––––––––––––––––––––––––––– 

The Department of Justice and Office of Personnel Management partnered 

to offer the ISC Risk Management Process Training Program. This course is 

designed to provide opportunities for individuals to become experienced 

with the ISC Risk Management Process. Participants learn how to accurately 

summarize the main features of the ISC Risk Management Process, identify 

how its implementation benefit their organization; and given the risk assessment, 

make informed, risk-based decisions. The training program consists 

of collaborative exercises, hands-on interactive training, and instruction 

from accomplished risk management professionals. This is the first and only 

ISC certified and approved training course offered to Federal audiences: 

https://leadership.opm.gov/programs.aspx?c=180 

The current lead RMP instructor, E. Reid Hilliard, also won the GSN’s 2010 

federal trophy for his team leadership in documenting the Physical Security 

Criteria for Federal Facilities. Note: This nomination is for the training that’s 

been implemented based on the 2010 work products: 

http://gsnmagazine.com/article/21986/everett_reid_hilliard_doj_and_interagency_security 


–––––––––––––––––––––––––––––––––––––––– 

Reid Hilliard, Assistant Director 

Justice Protective Services, DOJ 

office: 202-598-1441 cell: 202-514-1441 

Janet White, Education Program Director 

Eastern Management Development Center, 

Center for Leadership Development, OPM 

office: 202-606-6531 cell: 202-731-8631 

Kevin McCombs 

Director Security Services Facilities, Security, and Emergency Management, 

OPM 

office: 202-418-0201 cell: 202-345-0025 


–––––––––––––––––––––––––––––––––––––––– 

Everett.R.Hilliard@usdoj.gov 


–––––––––––––––––––––––––––––––––––––––– 

U.S. Department of Justice 

Office of Personnel Management 

950 Pennsylvania Avenue, NW 

1900 E Street, NW 

Washington, DC 20530-0001 

Washington, DC 20415 

93

The News Leader in Physical, IT and Homeland Security 

CEO/Editorial Director 

Adrian Courtenay 

917-696-5782 

acourtenay@gsnmagazine.com 

Editor 

Steve Bittenbender 

502-552-1450 

sbittenbender@gsnmagazine.com 

Senior Writer 

Karen Ferrick-Roman 

412-671-1456 

karenferrickroman@gmail.com 

Columnist 

Shawn Campbell 

Campbell on Crypto 

shawn.campbell@safenetat.com 

Columnist 

George Lane 

Hazmat Science & Public Policy 

georgelane@hotmail.com 

Contributing Author 

Lloyd McCoy Jr 

Immix Group 


Walter Ewing 


Wendy Feliz 


Joshua Breisblatt 


J. Michael Barrett 


Christopher Millar 

Gatekeeper Security 

Art Director 

Gerry O’Hara, OHDesign3 

gerry@ohd3.com 

203-249-0626 

Production Manager 

Brenden Hitt 

Brenden.hitt@gsnmagazine.com 

Direct: 203-216-7798 

FREE 

SUBSCRIPTION 

SIGN-UP 

Monthly Digital Edition 

Airport/Seaport Newsletter 

Daily Insider Newsletter 

Cybersecurity Newsletter 

CLICK HERE 

94

2016_HSA_Yrbk_YUMPU_r2___

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?