2009 GCN RISING STAR
Alma Cole works to keep CBP, DHS a step ahead of malicious attacks
GCN recognizes the innovators who help keep government on the front line of IT
- By Rutrell Yasin
- Aug 10, 2009
Alma Ritter Cole
Organization: Customs and Border Protection, Homeland Security Department
Title: Lead, Cyber Security and Focused Operations, DHS Security Operations Center
First IT mentor: Patricia Butera. Ms. Butera entrusted me with significant responsibilities and provided me with unique opportunities that allowed me to rise to the occasion. She has also taught me the importance of having a clear vision and communicating that vision to internal and external stakeholders.
More on Rising Stars
Rising Stars 2009
GCN Rising Stars
DHS' information architect has helped make data-sharing plans a reality
Soo-Hoo brings finer IT to N.Y.'s finest
Latest accomplishment on the job: Over the last six months, I championed interagency information sharing about cyber threats affecting DHS and other federal agencies. Because of this, the mean times to detect and remediate incidents has been significantly reduced, decreasing exposure to DHS information. Enhanced incident tracking has also improved the understanding of why attacks happen and how damage can be minimized. These efforts have greatly enhanced the situational awareness for DHS executive management and have significantly improved the cybersecurity posture of DHS.
Career highlights: DHS SOC collaborated with component SOCs and the U.S. Computer Emergency Readiness Team to ensure DHS systems were protected from the Conficker Worm/Downadup, which was scheduled to alter its command and control technique on April 1. The Vulnerability Assessment Team issued Information Security Vulnerability Alerts requiring all components to take emergency action to install critical security patches and configurations to minimize exposure. Patching and configuration settings were verified, and all systems were scanned for Conficker infections through DHS-wide vulnerability scans, which were performed by the VAT. Additionally, the SOC had implemented and was actively monitoring over 160 intrusion detection system and antivirus signatures to detect Conficker activity. Situational awareness for senior leadership was maintained through face-to-face briefings and regular status reporting. Because of proactive action of the SOC and VAT, DHS only observed one Conficker infection for every 100,000 DHS systems. Similar proactive efforts were undertaken to effectively protect DHS against Agent.BTZ threats.
Exercise director and planner for DHS SOC participation in National Cyber Exercise Cyber Storm II.
Represented DHS as a primary member of the Office of Management and Budget's Trusted Internet Connections (TIC) Interagency Working Group, which established the TIC criteria for all civilian federal agencies.
Provide weekly security update briefings for DHS CIO, CBP CIO, DHS chief information security officer and other executive.
Favorite job-related bookmark: http://www.theregister.co.uk/security/
Dream non-IT related job (really): Special weapons and tactics team
When it comes to protecting networks against emerging cyber threats, it’s always good to be one step ahead of potential attackers.
Alma Cole, branch lead of the Custom and Border Protection’s Focused Operations team at the Office of Information and Technology, takes that concept to heart.
Cole, 31, is responsible for management and oversight of the CBP and the Homeland Security Department’s Security Operations Center (SOC) cyber intelligence program, digital media analysis, and penetration testing and vulnerability assessment teams.
“There is so much going on right now with information security, it takes an incredible amount of attention and work to stay on top of [it] and ensure you understand what’s happening in your environment, so you can adequately deploy defenses,” Cole said.
And he has a vast environment to cover.
The DHS SOC is the department's collection point for information security reporting. That means other SOCs, such as those of the Coast Guard, Federal Emergency Management Agency, Immigration and Customs Enforcement, and Transportation Security Administration, report to the DHS security operations center.
The DHS SOC, in turn, works with the U.S. Computer Emergency Readiness Team (US-CERT), which provides support and defense against cyberattacks for the federal civil executive branch, along with information sharing and collaboration with state and local government, industry, and international partners.
Moreover, DHS SOC is the Trusted Internet Connections provider for all DHS agencies. “So for all the agencies that have migrated over to the TIC, we are responsible for their information security at the most critical point, which is the actual Internet gateway.”
Cole has the professionalism and demeanor to bring teams together to work under any circumstances, said Patricia Butera, director of network and security operations at CBP and DHS and Cole’s supervisor. When he talks, senior management listens, she said.
In the two years that Cole has been with CBP, he has worked with his team to proactively address emerging threats and strengthen DHS cyber defenses, Butera said.
For instance, Cole helped drive the SOC’s collaboration with other security operations centers and US-CERT to ensure that DHS systems were protected from the Conficker Worm/Downadup, which was scheduled to alter its command and control technique April 1.
All SOCs were ordered to install critical security patches and configurations to minimize exposure, and all systems were scanned for Conficker infections, Cole said.
The SOC implemented and actively monitored more than 160 intrusion detection system and antivirus signatures to detect Conficker activity. Senior management was kept informed through face-to-face briefings and regular status reporting. As a result of the proactive action of the SOC and vulnerability assessment team, DHS only observed one Conficker infection for every 100,000 DHS systems, Cole said.
Similar proactive efforts were undertaken to effectively protect DHS against other threats, such as Agent.BTZ, Butera said.
Cole also helped build, from the ground up, the cyber intelligence and digital media analysis team, which does in-depth registry workstation analysis to break down an event to its lowest element for investigation, Butera said.
Cole attributed his success to his training with the Federal Scholarship Program, which focused on the federal government's information security needs, an internship with the Government Accountability Office and his mentors at CBP.
He credits DHS senior management for laying down a foundation that provides the DHS SOC with the situational awareness of cyber activity and supporting his work on interagency information sharing, giving his team the tools to proactively defend DHS information systems.
“At the end of the day, we’re not here just to clean up systems,” Cole said. “We have to keep in mind at DHS our ultimate goal isn’t to clean up viruses, our ultimate goal is to protect the country” and to ensure that DHS is able to provide all of its services to residents and citizens, he said.
Rutrell Yasin is senior editor for GCN covering cloud computing.