“CISO: Evolution of a Vocation” comprises three levels. The first level shares the author’s personal journey, beginning as a homeless college dropout and culminating in over thirty years of service as a CISO and CISO-equivalent roles at some of America’s most iconic companies and organizations.
“CISO: Evolution of a Vocation” comprises three levels. The first level shares the author’s personal journey, beginning as a homeless college dropout and culminating in over thirty years of service as a CISO and CISO-equivalent roles at some of America’s most iconic companies and organizations. Drawing on experience and discipline gained from military contracting work; the author maintained a letter log system to manage the commitments and issues he faced. He also kept digital copies of over 1,000 memorandums issued during his later CISO roles. Through excerpts from selected memos, readers gain an unprecedented view into the cybersecurity challenges he confronted as CISO. Each chapter includes “Lessons Learned,” providing readers with the benefits of the author’s life lessons and cybersecurity experiences. Where warranted, the author recognizes his “All Star” team members whom he had the privilege of working with.
In addition to his personal journey, the book also explores the history of major technology advancements and significant security events occurring from 1971 through 2017. This provides valuable context for understanding how the landscape of cybersecurity has evolved over the decades. Building on these experiences, the book examines the evolution of the CISO role itself. Readers follow the progression from the role’s early inception to its current status as a true business leadership position. Each level makes the book accessible and engaging for both general readers and professionals.
Part I - Foundations (1971 1981).
Chapter 1.0 Humble Beginnings. 1.1
EPIC Metals 1971 -
1976. Part II - Learning Curve - Early CISO Positions.
Chapter 2.0 - Westinghouse Plant Apparatus Division 1982
1996. 2.1
Westinghouse Plant Apparatus Division (WPAD) - Overview. 2.2 Field Change
Analyst (FCA) 1982 -
1986. 2.3 Standard Logistics (SL). 2.4 Masters Degree
and Certificate of Advanced Studies (Telecommunications). 2.5 Office
Automation. 2.6 Personal Computers. 2.7 Computer Security Site Manager (CSSM)
1986 -
1996. 2.8 Personal Computers (PCs). 2.9 TEMPEST (Codename). 2.10
Computer Viruses. 2.11 IBM Versus Apple. 2.12 Quality Circles. 2.13 Local
Area Networking (LAN). 2.14 Physical Security Measures. 2.15 COMSEC
Custodian. 2.16 Manager, Personal Computer, Local Area Network, and Security
1990
1992. 2.17 Manager, Logistics Systems Programming 1992
1996. 2.18
Naval Reactors - Secure Remote Area Network (SECRAN). 2.19 CD-ROM. 2.20 Onto
the Next Adventure. 2.21 All Stars WPAD. 2.22 Technology Advancements and
Security Developments 1982
1996.
Chapter 3.0 - United States House of
Representatives 1996
1997. 3.1 U.S. House of Representatives Overview.
3.2 Interview and Arrival. 3.3 Political Landscape. 3.4 FBI Email
Investigation. 3.5 Telephone Hack. 3.6 Mainframe Test Data. 3.7 The Rogue
Information Technology Manager. 3.8 Network Security. 3.9 House Computing
Environment. 3.10 The Audits Continue. 3.11 HISPOLs and HISPUBs. 3.12 Top
Secret Security Clearances. 3.13 President Clinton and the White House
Visitor Logs. 3.14 Forum of Incident Response and Security Teams (FIRST).
3.15 Security Administrator Tool for Analyzing Networks (SATAN). 3.16 Other
Cybersecurity Items. 3.17 Info World September 29,
1997. 3.18 Y2K. 3.19
Departure. 3.20 All-Stars - U.S. House of Representatives. 3.21 Technology
Advancements and Security Developments
1997.
Chapter 4.0 - Ernst & Young, LLP
Washington DC
1997. 4.1 Ernst & Young, LLP - Overview. 4.2 Gallows Road,
Virginia. 4.3 Veterans Administration (VA). 4.4 Banking Work. 4.5
Manufacturing Work. 4.6 Y2K. 4.7 Time to Go. 4.8 Technology Advancements and
Security Developments
1998.
Chapter 5.0 - Prudential Insurance Company of
America 1998
2000. 5.1 Prudential Overview. 5.2 Y2K. 5.3 Internet
Security Systems (ISS). 5.4 Educational Opportunities. 5.5 Prudential
Computer Emergency Response Team (PruCERT). 5.6 Security Operations Control
Center (SOCC). 5.7 January 1,
2000. 5.8 Time to Go. 5.9 Technology
Advancements and Security Developments
1999.
Chapter 6.0 - Counterpane
Internet Security 2000
2001. 6.1 Counterpane Internet Security - Overview.
6.2 And So It Begins. 6.3 Virginia SOC. 6.4 Competition. 6.5 Enough Already.
6.6 Technology Advancements and Security Developments
2001. Part III - The
Complete CISO Putting Experience into Practice.
Chapter 7.0 - American Red
Cross 2001
2005. 7.1 The American Red Cross (ARC) - Overview. 7.2
Organizational Culture and Complexity. 7.3 Management Turnover. 7.4 Context
Red Cross and Food and Drug Administration (FDA) Consent Decrees. 7.5 Getting
Started Hands-On CISO. 7.6 Memos and Issues - March 2001 through December
2001. 7.7 Memos and Issues - January 2002 through December
2002. 7.8 Memos
and Issues - January 2003 through December
2003. 7.9 Memos and Issues -
January 2004 through December
2004. 7.10 Memos and Issues - January 2005
through October
2005. 7.11 University of Virginia (UVA). 7.12 CISA and CISM.
7.13 All-Stars - American Red Cross. 7.14 Technology Enhancements and
Security Developments 2002
2005.
Chapter 8.0 - MedStar Health 2006
2008.
8.1 MedStar Health Overview and Culture. 8.2 Memos and Issues - July 2006
December
2006. 8.3 Memos and Issues - January 2007 December
2007. 8.4 Memos
and Issues - January 2008 May
2008. 8.5 Time To Go. 8.6 All Star - MedStar
Health. 8.7 Technology Advancements and Security Developments 2006 -
2008.
Chapter 9.0 - The National Passenger Railroad Amtrak 2008
2017. 9.1
Amtrak Overview. 9.2 Payment Card Industry Data Security Standard
(PCI-DSS). 9.3 Shadow IT (Information Technology). 9.4 Association of
American Railroads (AAR) Rail Industry Security Committee (RISC). 9.5 Memos
and Issues - May 2008 December
2008. 9.6 Memos and Issues - January 2009 -
December
2009. 9.7 Memos and Issues - January 2010 December
2010. 9.8 Memos
and Issues - January 2011 December
2011. 9.9 Memos and Issues - January
2012 December
2012. 9.10 Memos and Issues - January 2013 December
2013.
9.11 Memos and Issues - January 2014 December
2014. 9.12 Memos and Issues -
January 2015 December
2015. 9.13 Memos and Issues - January 2016 December
2016. 9.14 FY 16 Putting It All Together. 9.15 FBI CISO Academy. 9.16
Retirement. 9.17 All-Stars Amtrak. 9.18 Technology Advancements and Security
Developments 2008 -
2017.
Chapter 10.0 CISO: Evolution of a Vocation. 10.1
The Early Years (1950 1970). 10.2 Middle Years (1970 2000). 10.3 Later
Years (2000 Present). 10.4 The Future Cybersecurity and the CISO.
Appendices. Appendix A - IS Audit & Control Journal. Appendix B- Prudentials
First Quarter 1999 Business Value Award (BVA). Appendix C Sample Customer
Service Advisory. Appendix D Amtrak National Network. Appendix E
Perspective Security Analyst Questionnaire. Appendix F EC Council Press
Release CCISO of the Year Ron Baklarz. Subject Index.
From his humble beginnings as a homeless college dropout, Ron Baklarz went on to become an overnight success after sixteen years of night school. He spent thirty years in leading cybersecurity roles at iconic organizations such as the Naval Nuclear Program, the U.S. House of Representatives, and the American Red Cross. Along the way, he pursued professional certifications and received numerous awards that recognized his achievements in building first of a kind cybersecurity programs, often with limited resources and budgets. Baklarz holds an M.S. degree in Information Science and a Certificate of Advanced Study in Telecommunications, both from the University of Pittsburgh. He has also earned professional certifications in cyber forensics, CISSP, CISA, CISM, and the National Security Agencys NSA-IAM and NSA-IEM certifications.
