This is a guest post by Reggie Aftab, PMP, CSM, CSP, IT projects manager, TAPE team at Transportation Security Administration (TSA) Headquarters.
The Information Assurance and Cybersecurity Division (IAD) of the Transportation Security Administration (TSA) is the central office responsible for delivering information security services in the form of risk management, policy management, and information system security officer (ISSO) support. The goal is to ensure that IAD can deliver the information technology (IT) security services mandated by Federal security laws.
The TAPE team assists IAD with information security program management by supporting ISSOs with their assigned systems. We handle information security (keeping data secure from unauthorized users), risk (potential for loss or damage), and vulnerability (known weakness in a system that allows an attack to succeed).
We do this by:
The specific process we follow looks like this:
All the prepared data feeds into a monthly score card that shows cybersecurity risk levels of RED, YELLOW and GREEN to TSA senior management.
The main way TAPE is supporting TSA is through project management and program management (as well as assessments and penetration testing). In our first 90 days at TSA headquarters, I’ve been able to tap into my 17 years as a senior program manager, as well as my time working on mergers and acquisitions projects for banks. It was there that I picked up cybersecurity skills and learned how to use the Splunk security platform.
So what role does TAPE play in making it safer to fly? Our work helps secure and protect all the assets of the TSA – 70+ systems across the board, including TSANet, TSA’s primary IT conduit. We identify any defects in the systems and then work closely with the engineers from CACI to follow up and ensure those fixes so systems remain operational 24/7 without issues.
TAPE is also involved in building out the new TSA Data Center in Springfield, VA by helping to make sure to protect the new servers and systems from the beginning. Watch for a follow-up article about this exciting project.