New York State Recognizes Cyber Security Champion Award Winners

Three Individuals Honored at the 24th Annual Cyber Security Conference
Tuesday, June 7, 2022

The New York State Office of Information Technology Services (ITS) today announced the recognition of three State employees as State Cyber Security Champions for their significant contributions to support and enhance cyber security in New York State. The winners were honored at the Annual New York State Cyber Security Conference on June 7.

"New York State is a leader in the field of cyber security, and that is a tribute to the many talented New York State employees who dedicate their time to protecting our critical assets," said New York State Chief Information Officer Angelo 'Tony' Riddick. "I congratulate this year's Cyber Security Champion Award winners, who have demonstrated a commitment above and beyond their day-to-day responsibilities to help keep our state and our information safe from cyberattacks. Thank you for your commitment to this important work."

"We are grateful for the contributions of the employees honored with the New York State Cyber Security Champion Award," said New York State Chief Information Security Officer Chris Desain. "Their hard work is bolstering our cyber security posture in New York. Congratulations, and thank you, to the award winners!"

"The MTA is extremely proud of Tariq and his commitment to protecting the MTA's technology assets and improving cyber security agency-wide," said MTA's Chief Technology Officer Rafail Portnoy. "Tariq is innovative and focused, and his initiatives have been invaluable to IT system safety for both MTA employees and customers."

Congratulations to the 2022 New York State Cyber Security Champions:

Tariq Habib - MTA

Tariq Habib is the Chief Information Security Officer for the Metropolitan Transportation Authority. Prior to 2014, MTA employed multiple IT departments, each with a unique but collaborative IT Security department supporting each individual entity. Under his leadership, a single IT Security unit was created to support and protect all MTA IT technology. That responsibility has since expanded to include security for all MTA Operational Technology, and his scope has transitioned from IT Security to overall Cyber Security. The MTA supports many business verticals within its portfolio creating a unique challenge in a 24/7 environment. He hosts a consortium for many of his peers in the transportation industry to encourage collaboration and sharing of insights and strategies. His leadership, vision, and supporting cabinet has been instrumental in reducing risk to the MTA, improving overall cyber security maturity, and improving the physical, data, and system safety of MTA's customers, employees, retirees, and third-party partners.

Dana Rosenstreich - ITS

Dana Rosenstreich, the Executive Director for the ITS Integrated Eligibility Services (IES) Program has demonstrated her commitment to protect NYS and its data throughout her distinguished career. Prior to her role with IES, she was the Executive Director for the Human Services Portfolio, which supported the NYS Office of Children and Family Services (OCFS), NYS Office of Temporary and Disability Assistance (OTDA), and all NYS Local Social Services Districts (57 counties). She has continuously shown interest and concern in ongoing security risks the Portfolio and Agencies has encountered and initiated processes and remediation efforts to mitigate/reduce those risks.

One initiative Dana and her team stood up, prior to CISO's implementation of Archer, a risk management solution, was a Portfolio-wide Risk Register. Not only did this Risk Register include administrative risk the Portfolio faced (gap analysis of staff placement and support), but it also documented information security risk (e.g., end of life support, risks identified during projects as part of SSDLC, vulnerabilities, etc.).

Dana and her team collaborated to continuously update the Risk Register and keep important items in the forefront of conversations. It's important to note that once the CISO Risk Register was initiated, the information security risks included in Dana's Risk Register spreadsheet were imported into Archer, assisting CISO in their security reviews, by centralizing all Human Services Portfolio risks.

Additionally, once Dana transitioned to her role as the Executive Director for IES, she quickly engaged appropriate CISO staff to ensure that security is part of a continuous discussion and to grow the CISO support team for IES. In collaboration with the CISO team, a cyber security plan was drafted, setting project expectations, and identifying milestones necessary to maintain, protect, and secure IES data.

Michael Gibbs - ITS

Mike Gibbs, a key member of CISO's Vulnerability Management (VM) team, has demonstrated his commitment to cyber security with his experience, knowledge, and informed work enabling the team to use: python scripting to collect data from multiple vulnerability identification sources; improve database management allowing for approximately 1 million findings weekly into secured databases; create automated tools to query multiple databases (that he maintains) and automate the production of directed vulnerability and trends reporting to targeted levels of the organization. Thanks to Mike's experience, ITS management may now track and prioritize remediation efforts. The automation of these tasks has allowed the team the time to reach out and follow up with customers. Michael is also always willing to train others on the team.

In addition to the awards, the New York State Cybersecurity conference features over 50 sessions, many of them including interactive discussions led by subject matter experts in government and private industry.

For more information on the 24th Annual New York State Cyber Security Conference, visit the conference website at https://bit.ly/3xmkjyH. For highlights of the event, follow us on Twitter .

About ITS

The New York State Office of Information Technology Services (ITS) was created in 2012 to transform IT services in an effort to make New York State government work smarter for its citizens and enable the state to be accessible for businesses through the use of technology. ITS provides statewide IT strategic direction, directs IT policy and delivers centralized IT products and services that support the mission of the State. ITS operates data centers 24 hours a day, 365 days a year to support statewide mission-critical applications for over 50 Agencies, over 17 million citizen accounts, 120,000 employee accounts, 60,000 phones, 99,000 desktops and laptops, and 3,433 Virtual Desktop remote connections. ITS operates a secure network of over 1,600 miles of fiber to deliver telecommunications, Internet and Intranet services, enterprise email systems and support, IT training, networking, data storage and processing to State government entities in addition to developing new services in support of citizens, businesses and State Agencies.

For more information, visit https://its.ny.gov and follow us on Twitter @nysits.

###