Who are you and where do you sit?
Hello. I am Johnny Grant. As Nitz’s Deputy, I am still a DAO, but I spend a lot of my time doing the things that enable your actual DAO to do their job (Travel, Timesheets, Waivers, Policies). Probably one of the most important things I do is attempt to help Nitz manage his calendar. Trust me he needs the help.
Where did you work before you came to CSD?
Before coming to CSD, I was the ISSM at Air Force Space Command in Colorado Springs. At times I certainly miss the area and great friends I have there.
Why did you want to come and work at CSD?
I was convinced to move out to DC by Nitz when we were both still contractors. I was going to help establish an IA Centre of Excellence for the company we both worked for at the time by developing training curriculum and helping to build a surge to need pool of Cyber professionals. At the end of the day I missed the direct day to day contact with the field and contributing their successes. About 10 years ago I was given the opportunity to change from contract to civilian and have never looked back.
From what you have seen, what is the biggest challenge for the community?
The timely and effective management of POA&Ms, specifically when related to Self-Inspections & CONMON. Not only are we not seeing POA&Ms get worked on in the agreed upon timeframe, we aren’t seeing any sort of self-discovery and generation of new POA&Ms related to CONMON. I’ve said it several times before. CSD should not be the ones discovering an issue at a location. The ISSO/ISSMs out there know their areas far better than we do or should. Use the self-inspection program to find issues within the cyber program. Document them and negotiate the mitigations with your DAO and guess what happens when you get inspected? Not only do you not get dinged for the issues already discovered, you probably get called out for having a healthy cyber program.
It Depends 