Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

❮   Back to News

October 31, 2019

CISO Council Co-Chair, Steven Hernandez, reflects on FY19

By Steven Hernandez, Chief Information Security Officer, Department of Education


Reflecting on the Past

Looking back over this last year is a moment of pride and accomplishment for the Chief Information Security Officers (CISO) Council. When I joined the council as co-chair last October, I remember there was a tremendous amount of ideas, positions and new faces in the CISO community. The Cybersecurity and Infrastructure Security Agency (CISA) had yet to be created and most of us were starting to get our arms around artificial intelligence, zero trust architectures and the role identity management would play in our futures.

In our earliest discussions, Grant Schneider, the Federal CISO, the council and I discussed the importance of ensuring the council was an optimal mix of engagement and idea-sharing while also a council that could foster innovation and collaboration. We were guided by the President’s Management Agenda and its goals for greater modernization, workforce development and leveraging data for better accountability and transparency. Promoting an environment of collaboration and fostering engagement became key goals for our council. Our vision was a council of engaged stakeholders working together to advance cybersecurity and risk management for the Federal Government.

Joining Forces with the CIO Council

Earlier in the year the council formally updated its charter, making the group a committee of the Chief Information Officers (CIO) Council. We did this to not only clearly define who we are and what we hoped to achieve, but also to reaffirm the close working relationship between the CIO and CISO council. This a critical partnership in ensuring risk management is woven into every aspect of a system’s lifecycle.

This last year we also saw the publication of the National Cyber Strategy begin to play a substantial importance in our work though supply chain security, critical infrastructure, combating cybercrime and securing our federal networks. Looking at the changes to our Federal Information Security Management Act reporting, involvement with DHS/CISA and our partner agencies over the last year, it is abundantly clear to me that we have come together in new innovative ways to secure ourselves against an ever-evolving threat.

Making Strides

Looking over the last twelve months I’m most proud of the partnerships, teams, and inclusiveness the council and its members have fostered. A year ago, our meetings were focused on insular issues from getting the right clearances, to finding the best contract vehicles or what tool sets performed best in the mobile space. It has been incredible to watch the CISO community come together and help one another solve matters usually through lessons already learned.

For National Cybersecurity Awareness month, we expanded to partner with our colleagues in the judicial and legislative branches. While we may serve different branches, we all have a passionate focus on protecting the Federal information fabric. We are ultimately all connected, and our adversaries will leverage the gaps and seams between us to find a way in. Our combined focus is clearly on the common future we all face and the necessary strategic assets we’ll need to protect our systems into the future. Having seen the amazing collaboration and growth throughout this last year I know we are on the right path and have bright opportunities ahead!

❮   Back to News

An Official website of the Federal Government

Looking for U.S. government information and services?