Papers & Presentations

Government Contracting Problems: Practical Approaches Can Help

Government Contracting Problems: Practical Approaches Can Help

(July, 2016) -- Common government contracting problems can be addressed by being more practical, John M. Gilligan told audience members at Defense Acquisition University. Examples of government contracting problems include source selection that takes ...
Is Cyber Resilience Really That Difficult?

Is Cyber Resilience Really That Difficult?

(May 18, 2016) -- Achieving high cyber resilience is possible today.  High levels can be achieved without additional cost.  Resilience must be a structured journey, not a random walk. However, cyber resilience is a complex system of systems engineering ch...
Cyber Information Sharing: A Framework

Cyber Information Sharing: A Framework

(October 19, 2015) --  Cyber information sharing is viewed as a primary means to improve the nation’s cyber security posture. There has been increased public dialogue recently regarding the importance, the potential benefits, and the urgency of sh...
Economics of Cyber Security

Economics of Cyber Security

(May 5, 2015) --  Cyber security economics are an important piece of the puzzle. DoD is already spending enough on cyber security. But much of the investment is wasted on duplicative and ineffective capabilities. Addressing the sophisticated attacks do...
Economics of Cyber Security - Part Two

Economics of Cyber Security - Part Two

(May, 2014) -- A set of principles of an economic framework for cyber security, including a description of the the Consensus Audit Guidelines and what to do beyond critical security controls, is the topic of this paper. The paper was the second in ...
Economics of Cyber Security - Part One

Economics of Cyber Security - Part One

(October, 2013) -- With critical security controls to address the cyber security threat front and center, this paper sets out three principles for making smarter more economical investments. The paper which makes an economic case for prioritizing critical...
Cyber Skills Task Force Report by the Homeland Security Advisory Council

Cyber Skills Task Force Report by the Homeland Security Advisory Council

(October, 2012 ) -- On June 6, 2012, Secretary Napolitano announced the formation of a Task Force on Cyber Skills with a two-part mandate. First, identify the best ways DHS can foster the development of a national security workforce capable of meeting c...
Implementing Continuous Monitoring

Implementing Continuous Monitoring

(December 1, 2011) -- In a discussion about implementing continuous monitoring, John M Gilligan explained, "The problem with FISMA is we need triage, not comprehensive medical care." According to Gilligan, an analogy of the “old” FISMA implementation:  an a...
FedRAMP Assessment and Recommendations

FedRAMP Assessment and Recommendations

(December 15, 2010) -- The NIST security framework provides a solid approach to determining cloud security requirements. However, we must rapidly establish a baseline of security controls appropriate for managing risk and a process to enhance controls. ...
Cyberspace Challenges, Initiatives and Best Practices

Cyberspace Challenges, Initiatives and Best Practices

(June 15, 2010) -- Cyberspace challenges pose some of the most serious risks to economic and national security. The nation is at a crossroads with the Obama Cyberspace Policy Review. The White House must lead the way. Cyberspace Challenges The ...
Federal Cyber Security Best Practices

Federal Cyber Security Best Practices

(April 9, 2010) -- A review of federal cyber security best practices shows we must focus on known attacks and measure progress in the near-term. Automation of security control implementation and continuous assessment is essential. A well-managed enterprise...
Cyber Security Top Level Strategy

Cyber Security Top Level Strategy

(February 17, 2010) --  A cyber security top level strategy can work wonders.  A key to success: when you use a comprehensive baseline of security – a well-managed IT infrastructure – you can block 85 percent of the attacks. The threat ranges from u...
Cyber Security Roadmap

Cyber Security Roadmap

(November 20, 2009) -- John M. Gilligan shared a cyber security roadmap and warned that the overall state of cyber security is so poor it cannot be solved quickly. Instead, the focus and priority should be to establish a strong foundation for change. ...
Understanding Technology Stakeholders, their Progress and Challenges

Understanding Technology Stakeholders, their Progress and Challenges

(November 4, 2009) -- Understanding technology stakeholders holds a key in our fight for improved cyber security. Cyberspace is now a warfare domain and a national security crisis, John M Gilligan told the Software Assurance Forum. The Internet, ...
Rapid Government Technology Acquisition: A New Model

Rapid Government Technology Acquisition: A New Model

(November, 2009) -- Rapid acquisition is a new model for acquiring information technology (IT) that has the potential to significantly shorten the acquisition time line while also maintaining the focus on results. It has the potential to revolutionize t...
Leverage Procurement to Fix Cybersecurity

Leverage Procurement to Fix Cybersecurity

(April 6, 2009) -- We can leverage procurement to fix cyber security issues.  The CIO community must partner with the private sector to address the cyber threat. Our way of life and economic prosperity depend on a reliable cyberspace.  Yet, our nation's i ntel...
Automate Enterprise Security Management

Automate Enterprise Security Management

(May 31, 2009) --Using tools that are security content automation protocol (SCAP) enabled makes enterprise security management of information technology more effective.  It addresses problems faced by  CIOs of large enterprises.  Often they cannot see I...
Supply Chain Security Must Improve

Supply Chain Security Must Improve

(May 5, 2009) -- To improve our supply chain security, we must act now. We need to fundamentally change the business model for buying COTs software. Vendors must deliver secure configuration of products and we must use automated tools to validate...
Cyber Security Threats and Needed Actions

Cyber Security Threats and Needed Actions

(April 1, 2009) -- Cyber security threats are an urgent priority for both government and industry, John M. Gilligan said.  In remarks to the DoD National Security Studies Program at GW University, he outlined a series of near-term and long-range priorities fo...
Cyber Security Past and Future

Cyber Security Past and Future

(March 10, 2009) -- Cyber security past and future is the focus of this presentation. Government and industry need to treat cyber security as an urgent priority. The IT community needs to reorient the dialogue: the objective is reliable and resilient...
Technology Carbon Footprint: An IT Fix

Technology Carbon Footprint: An IT Fix

(February 23, 2009) -- Technology carbon footprints surround us all.  Yet, there is also a role for technology in reducing our nation's carbon footprint.  This paper offers an assessment of our current energy and environment posture, identify areas whe...
Cyber Security for the 44th President

Cyber Security for the 44th President

(December, 2008) -- The CSIS Commission on Cyber Security for the 44th Presidency was established in August 2007 to examine existing plans and strategies and to assess what a new administration should continue, what it should change, and what new policies ...
Cyber Security the 21st Century Domain

Cyber Security the 21st Century Domain

(September 3, 2008) -- Cyber security is the 21st Century domain.  Our way of life is threatened by our inability to secure cyberspace, according to John. M. Gilligan. The origins of internet and software development has resulted in enormous vulnerabilities.  ...
IT Portfolio Management Lessons Learned

IT Portfolio Management Lessons Learned

(August 22, 2008) -- This presentation tells the story of how IT Portfolio Management came to the USAF. In the spring of 2001, Members of Congress and their staff told the new AF CIO, “The Air Force does not know where the IT dollars are being spent; w...
Rapid Down Selection of Prospective Bidders

Rapid Down Selection of Prospective Bidders

(January 15, 2005) -- The rapid bidder selection process consists of a quick but formal assessment by the government of a small number of relevant qualifications of interested bidders to determine those companies that are most qualified for the contract ...