Why are you starting with Cyber Security?

The daily news stories about stolen user information and intellectual property from both private and public organizations makes cyber security top of mind for most senior leaders.

There is little distinction between the public and private sectors when it comes to cyber security; Compromised data affects any organization’s ability to perform its mission and serve its customers.  It can also destroy an organization’s long term sustainability.

Recent Executive Order included a number of initiatives targeting US Federal Departments and Agencies:

  • Placing the responsibility for cyber security risk on the heads of federal agencies
  • Calling for a report on cyber security concerns facing critical infrastructure to be drafted within six months
  • Mandating government agencies, especially those in the civilian sector, consider opportunities to share cyber technology when feasible, a shared services approach to cyber

Additionally, the National Institute of Standards and Technology (NIST) published Special Publication 800-171, Protecting Controlled Unclassified Information (CUI) or “sensitive but unclassified” information in Nonfederal Information Systems and organizations in June 2015.

The goal of 800-171 is to provide direction to federal agencies to ensure that sensitive federal data and information is protected when processed, stored, and used outside of the federal government in non-federal information systems. More broadly, the controls specified in 800-171 will need to be addressed in those IT systems that store any CUI or sensitive but unclassified information provided by the federal government[1].

Private corporations that hold such information are expected to implement the controls in 800-171 by the end of 2017.

Forums action for cyber security

Couple the above with the fact that those who perpetrate cyber-attacks are constantly adjusting their tactics and using ever more sophisticated approaches, there is a great deal of urgency both in the public and private sectors to act in timely, reasonable, and prudent ways to protect both public and private information systems.

For companies not directly affected by 800-171, there is no less urgency due to the reputation risks associated with information security breaches or the stealing of their proprietary designs, algorithms, product plans, etc. (Example: The recent Equifax breach)

The NFPPC felt given the above, cyber security/resilience is both timely and necessary as the focus of our first public-private collaboration.  We will focus the collaboration so as to determine what this means to any size organization such that they understand what they need to do to improve their cyber resilience.

[1] https://www.hitachi-systems-security.com/nist-800-171-assessment/

Charlie Tupitza

 Board of Directors – Acting CEO

charlie tupitza
Charlie Tupitza

Charlie Tupitza was the US Head of Cyber Resilience Best practices of RESILIA for AXELOS LLC for the past two years. AXELOS is the intellectual property owner of ITIL the defacto global IT service management best practice framework in both the private and public sectors.  Charlie established relationships in both the private and public sector at the C level around cyber resilience enabling mission driven IT Service Management. He has had the opportunity to speak publicly, and participate in collaborative sessions promoting the sharing of lessons learned across both selectors with a focus on the financial, health, utility, supply chain, defense, defense industrial, as well as federal and state government.

He was a charter member of the Presidential Policy Directive-21 working group to identify cyber security training across the entire federal procurement community headed by the DHS.

Charlie has been responsible for providing enterprise solutions including for the maintenance repair and operation of the Space Shuttle program along with same support for facilities at Kennedy Space Center, Patrick AFB, and Cape Canaveral, ground based FAA equipment, all dams in the US, and Navy facilities while at MRO Inc.

Charlie has extensive experience in physical security with video surveillance at all land based points of entry into the US while at NTMI, providing gunshot detection systems of ShotSpotter in support of the Violent Crime Task Force of the FBI.  He provided Software to automate the development of buffer zone protection plans for the DHS when they first identified Critical Infrastructure Sectors. His unique experience with both physical and cyber risk brings great value to the Forum.

He provided Enterprise Architecture software (Popkin) to the DHS as they DHS brought the agencies together making it up.

Other experience includes being an active participant in the Software and Supply Chain Assurance Forum sponsored by the DHS, GSA, DoD, and NIST.  He is a current working group member of the National Initiative for Cybersecurity Education (NICE).  He participates in working sessions for the Cyber Security Framework (NIST) and the Incident Response and Recovery Working Group (DHS). He was the introducing member for the OASIS-Open Cloud Application Management for Platforms Technical Committee. He was a member of the DoD working groups of Environmental Data Standards, Collaboration, and Maintenance Repair and Operation.

National Cybersecurity Policy Forum

The National Cybersecurity Policy Forum is having an event 6 December 2016 at the National Press Club.

Find registration information and agenda here.

U.S. Commerce Secretary Penny Pritzker will deliver the keynote address at the eighth USTelecom National Cybersecurity Policy Forum. Join us for a discussion of cyber policy initiatives that continue to enhance our

nation’s defenses against an array of adversaries. The Secretary will

commerce secritary penny pritzker
Secretary Penny Pritzker

discuss a report by the President’s Commission on Enhancing National Cybersecurity.

Commissioned by the President and the Department of Commerce, the 2016 Cybersecurity Commission Policy Report sets the stage for consideration of national priorities in the cybersecurity policy arena. This event will feature industry and government officials talking about ongoing work opportunities ahead to defend against the growing speed and complexity of cyber attacks.

Penny Pritzker, Secretary, U.S. Department of Commerce

Panel One: Cyber Readiness: Government Perspective
Moderator: Tim Starks, Politico Pro journalist and author of Morning Cybersecurity
Panelists: Clete Johnson, Senior Policy Advisor on Cybersecurity to Secretary of the U.S Department of Commerce
Cherilyn Pascoe, Professional Staff Member and Investigator, U.S. Senate Committee on Commerce, Science and Transportation
Kiersten Todt, Executive Director, President’s Commission on Enhancing National Cybersecurity

Panel Two: Industry Collaboration on Cyber Preparedness
Moderator: Joseph Marks, cybersecurity reporter, NextGov
Panelists: Scott Aaronson, Executive Managing Director, Electric Edison Institute
Christopher Boyer, Assistant Vice President, Global Policy, AT&T
Larry Clinton, President, Internet Security Alliance
Heather Hogsett, Vice President of Technology and Risk Strategy, Financial Services Roundtable/BITS
Ola Sage, CEO E-Management and Chair of the IT Sector Coordinating Council


itSMF USA Fusion Conference

Joan and Charlie are speaking at this years itSMF USA annual conference in Las Vegas, NV from November 1-4, 2016 jointly hosted by industry icons itSMF USA and HDI
To register for this event go to FUSION 2016 here…
About our session:

Advancing Cyber-Resilience Through Collaborative Innovation

Experience Level: Advanced
Facilitators: Joan Coolidge and Charlie Tupitza

Managing an effective response to cyber-attacks is one of the biggest challenges in today’s complex and interconnected world. It’s not enough to focus on cyber-security. This session will introduce ways you can lead organizations to reduce the impact of cyber-attacks at a manageable pace. Learn how to engage people to work together to find solutions, how to start the discussion from where participants are at the time of their meeting, and how to continue by strategically planning realistic approaches to greater cyber-resilience.

DESMF Working Group Brief

Briefing on DESMF Edition III and IV with the working group and Global Forum to Advance Cyber Resilience Charlie Tupitza to lead briefing.

We are briefing our progress to the DESMF working group on 30 June.  Part of our briefing is to suggest areas to be considered in DESMF Edition IV.  DESMF Edition III was signed by the DoD CIO Terry Halvorsen last week.

CISSE Panel Discussion

We introduced our Forum to the CISSE attendees at this annual conference of the Centers of Academic Excellence in Philadelphia PA on 15 June.

Larry Wilson of the University of Massachusetts, Consultant David Moscowitz, and Joan Coolidge of the Forum discussed the importance of a holistic approach to cyber resilient services.

Larry Wilson, Joan Coolidge, David Moskowitz, Charlie Tupitza at CISSE 2016
Larry Wilson, Joan Coolidge, David Moskowitz, Charlie Tupitza at CISSE 2016

We announced our Common Lexicon release for cyber resilience.

We had the opportunity to discuss several topics including the value of a common lexicon, the NIST Cyber Security Framework, SP 800-160 and the National Initiative for Cyber Education in a service management environment, and education for the cyber workforce around


Cyber Resilience Internship Available

We have a wide variety of opportunities for individuals interested in participating in a cyber resilience internship available now, from basic office work associated with cyber resilience to extensive research that could be used for you as a masters or doctoral candidate. You will also be expected to perform office tasks related to cyber resilience.

You will have the opportunity to attend important meetings with both the public and private sector relating to IT service management and project management focused on the business value of cyber security, cyber resilience.  These meetings tend to be with high level people in both the private and public sector.

The Forum will provide training for internships on topics related to our mission. This training will be provided by our many training partners and will make you eligible to sit for certificate exams.

This is not a technical approach to cyber security, we focus on providing a collaborative environment to share lessons learned, best practices, and frameworks useful in the development of cyber resilient mission driven services in both the private and public sector.

Hours are flexible.

cyber resilience internship

Cyber Resilience Internship Opportunities Available:

Web Site support (WordPress)

Include URL’s for any sites you have developed or support

General Office Work related to Cyber Resilience

Must have command of Microsoft Word, Excel, PowerPoint. Must have organization skills.  Have great grammar skills?  We need you to help proof documents.

Cyber Resilience Research

Tell us about a topic you have researched.

Express Internship Interest

Please review our web site and contact us if you are interested in the following way.

Provide contact information, your education, and your interests.

You must have good communication skills.

Applicants will need to have office skills:  Microsoft word, Excel, PowerPoint.

Location: There will be an advantage to you if you are in the Northern VA or Greater Washington DC area but this is not necessary.  Much of the work can be done from any location with internet and phone available.

e-mail your interest in an internship here

Current Interns:

Jonathan Braley

Bachelors of Science in Information Technology
Major: Data Networking and Security
Harrisonburg, VA


Stuart Rance

Board of Advisers

stuart ranceAs the founder and owner of Optimal Service Management Ltd., in the United Kingdom Stuart helps clients improve how they create value for themselves and their customers.

He is the author of the 2011 edition of ITIL® Service Transition and lead author of RESILIA™ Cyber Resilience Best Practice (published in June 2015). He has also written many service management pocket guides and he regularly presents at major public events.

Stuart is a Chartered Fellow of BCS, the Chartered Institute for IT (FBCS CITP) and a Certified Information Systems Security Professional (CISSP).

All areas of IT Service Management, specializing in developing strategy, and planning and implementing improvements to processes and capabilities.
All areas of Information Security Management.