Mary Stone Holland brings a comprehensive approach to State’s far-flung outposts
A sharp increase in cyberthreats may have raised Mary Stone Holland’s profile within the State Department in recent years, but it hasn’t changed her approach.
“You have to take advantage of the experts you have around you, especially in the technical fields we work in: Let them bring the answers to the table, and apply the solutions to the government environment,” said Holland, who is director of computer security for State’s Bureau of Diplomatic Security.
Holland is a 25-year State veteran, who worked early in her career in the former Bureau of Inter-American Affairs, where she was involved in the deployment of equipment throughout Latin America. She made the transition from operations to security 15 years ago.
During Stone’s tenure in the bureau, cybersecurity has become a top department concern.
“For many years the department’s cybersecurity team worked in relative obscurity,” Holland said. “However, in recent years, with the increasing danger of the threat and the importance of technology to the department, cybersecurity personnel have been thrust into a leadership position.”
Now, Holland is responsible for a worldwide IT security program. She leads a staff of 135 employees, including engineers, special agents, and computer and cybersecurity specialists working around the world.
Donald Reid, director of security infrastructure for the bureau, said Holland “is credited with re-engineering the department’s IT security program into a comprehensive defense-in-depth program, reflecting best practices and adhering to national mandates and guidance.”
As part of the security program, Holland led a global department project to carry out evaluation and verification of the IT security at the department’s posts worldwide.
Because State has 260 working locations, Holland crafted a verification protocol that limited the need for on-site inspections. Her team gathered information from previous site visit reports issued by the CIO and the Inspector General’s Office, technical security assessments and similar indicators of cybersecurity status.
The next step of the verification process was to obtain quarterly system scans from the posts using the security configuration tool the bureau had developed, known as the Baseline Toolkit. Information from the scans helped Holland’s team decide which posts most needed on-site visits.
That step led to targeted verification trips by the bureau’s regional computer security officers.
Digg
De.licio.us
Slashdot
Technorati
