Securing the Federal Software Supply Chain

Brian Hajost is the founder and COO of SteelCloud, a company that develops technology for automated compliance for DISA STIGs and the CIS Security Benchmarks. Mr. Hajost has transformed SteelCloud into a recognized leader in delivering new technologies that allow government customers and commercial enterprises to effectively meet the compliance mandates of RMF, NIST 800-53, NIST 800-171, CMMC, and IRS Pub 1075. Brian’s technical career has spanned over thirty years, primarily with leading-edge technologies in regulated industries. He holds 10 patents in IT security and two patents in mobile security. Mr. Hajost is an active contributor to AFCEA International through his membership on the Technology Committee and Secure Supply Chain subcommittee. He is also the Vice Chair of the Advanced Technology Academic Research Center (ATARC) Continuous ATO Working Group.

Don Maclean is the Chief Cyber Security Technologist for TD Synnex Public Sector and formulates and executes cyber security portfolio strategy, speaks and writes on security topics, and socialises his company’s cyber security portfolio. He has nearly 30 years’ experience working with US federal agencies. Before joining DLT in 2015, he managed security programmes for numerous US federal clients, including DOJ, DOL, FAA, FBI and the Treasury Department. This experience allowed him to work closely with the NIST Risk Management Framework featured in this paper, and to understand its strengths and weaknesses. In addition to CISSP, PMP, CEH and CCSK certificates, he holds a BA in music from Oberlin College and Conservatory, an MS in information security from Brandeis Rabb School, and is nearing completion of his second Bachelor’s in mathematics. An avid musician, he organises a concert for charity every year, and has been known to compete in chess and Shogi (Japanese chess) tournaments, both in person and online.