USCIS's cyber culture was altered significantly by Barney, prioritizing the user experience.
Shane Barney, the current CISO for Keeper Security, made a significant impact during his tenure as the Chief Information Security Officer (CISO) for the U.S. Citizenship and Immigration Services (USCIS). Barney served at USCIS for almost seven years, leaving the agency in May 2021.
During his time at USCIS, Barney implemented a transformative change in the agency's cybersecurity operations. He restructured the contract for the security operations center (SOC) at USCIS, encouraging all personnel to focus on building automation and transitioning into programmers. This move aimed to enhance the agency's security operations and align them better with end-user goals.
One of the key principles Barney emphasized was the adoption of zero trust principles. As USCIS moved systems and applications into the cloud, the use of zero trust became increasingly sensible. Barney believed that single sign-on was a crucial foundation of identity management for cloud services in a zero trust environment.
The implementation of zero trust principles was not without challenges. Proper network segmentation and transactional monitoring were identified as key issues in USCIS's zero trust progress. However, Barney's focus on automation helped address these challenges, enabling the agency to effectively handle the extremely high volume of daily log data—up to 20 terabytes—thus improving cybersecurity monitoring and threat detection.
Automation was a game-changer for USCIS, shifting the agency from traditional perimeter-based defenses to a zero trust model. In this model, every access request and activity is continuously validated. Automation supports zero trust by rapidly processing vast amounts of data, identifying anomalies, enforcing policies, and reducing human errors or delays in incident response.
This approach strengthened USCIS’s ability to prevent unauthorized access and respond dynamically to cyber threats, establishing a more resilient security posture aligned with zero trust principles.
Moreover, USCIS's zero trust progress was accelerated after a cyber incident in 2015. A USCIS developer inadvertently made one of its Amazon Web Services storage buckets public, potentially exposing 500 million to 600 million records. In response, USCIS started applying automation to make sure such incidents wouldn't happen again.
The budget for USCIS's zero trust progress mainly focused on fixing networking and data issues. The directorate heads allocated all the money for zero trust capabilities that Barney had asked for without him even being present or defending it. This demonstrates the value that USCIS placed on Barney's vision and the importance of the zero trust strategy.
Despite the progress made, USCIS's zero trust journey is still ongoing. With the agency interacting with 16 million or 17 million people around the world, the correlation and zero trust control of their electronic data remains a significant challenge. However, Barney's emphasis on proper network control and data management provides a solid foundation for meeting the requirements of zero trust.
In conclusion, Shane Barney's leadership at USCIS has been instrumental in transforming the agency's cybersecurity operations. His focus on automation and the implementation of zero trust principles have positioned USCIS to effectively handle modern cyber threats and establish a more resilient security posture.
- Shane Barney, as the former CISO of USCIS, initiated a reimagined workforce by encouraging federal workers to shift from security operations center (SOC) roles into programming, thereby strengthening the agency's cybersecurity and data-and-cloud-computing capabilities.
- In his tenure at USCIS, Shane Barney emphasized the adoption of zero trust principles in the federal workforce, promoting the use of automation for handling high volumes of log data, network segmentation, transactional monitoring, and incident response, thereby enhancing cybersecurity and in line with technology advancements.
