“Work That Matters” is a series in which ECS experts discuss their roles and responsibilities and the larger impact they have in the workplace, community, and world. In this installment, we interview Mike Zakrzewski, senior director of Cyber Technology at ECS. Mike works on the Cybersecurity and Infrastructure Security Agency (CISA) Continuous Diagnostics and Monitoring (CDM) program, which plays a critical role in our nation’s cyber defenses. He also serves as an expert on zero-trust architecture and implementation.
MIKE ZAKRZEWSKI
SENIOR DIRECTOR, CYBER TECHNOLOGY
Q: First, can you give us some background on your work with CISA and the CDM Dashboard? What are the implications for national cybersecurity, and why should the average person care?
A: I have been around the CDM program for more than seven years now in one capacity or another, from designing and implementing solutions at the lowest levels (endpoint logging, asset discovery, vulnerability scanning, etc.) up to the federal dashboard itself, and everything in between.
CDM plays a vital role in safeguarding federal agency networks and systems, empowering agencies to detect vulnerabilities, fortify defenses, and neutralize threats. That mission’s focus has evolved over time to encapsulate continuous monitoring and real-time visibility, as well as incident response and risk management tools. I applaud our CISA customer’s agility in adapting the program to align with emerging threats and the cybersecurity needs of various federal agencies. ECS has played a supporting role in that as well by implementing a capability for government-wide distributed queries and analytics, which gives CISA analysts the direct access to information they need to better evaluate and act on federal risk at scale.
"...information systems control many of the critical functions powering our day-to-day lives."
Now, why does any of this matter to the average person? First, let’s remember that information systems control many of the critical functions powering our day-to-day lives. Take the Colonial Pipeline ransomware attack in 2021. That attack lasted for about a week and led to widespread fuel shortages, affecting millions of people across the southeastern U.S. We have numerous other examples of similar attacks we could point to. It’s organizations like CISA and programs like CDM that protect our government information systems, as well as some of our nation’s most vital assets, from these types of threats.
Q: Collaborating with the right technology partners has always been a key part of ECS’ success strategy. What’s the significance of our partnership with Elastic in making the CDM Dashboard work?
A: ECS works closely with several technology partners. Our Elastic partnership is a great example of how we thoroughly evaluate technology to best meet our customers’ needs, then fully commit to training and upskilling our workforce on that technology. As part of our CDM work, ECS evaluated a number of candidate platforms that could serve as the core technology for data collection and analysis. We performed a compressive trade study, prototyping multiple solutions, and firmly settled on Elastic.
We’ve since trained over 150 engineers across the company on the Elastic stack and have the most Elastic-certified engineers and analysts of any company other than Elastic itself. Elastic is embedded within many of our big data solutions across ECS programs. The ability to recognize patterns hidden within large datasets and identify critical mission intelligence provides a huge benefit to our customers, including CISA.
Q: You’ve spoken about how being in solution architecture has enabled you to broaden your technological knowledge and expertise. With your insight into many different challenge areas facing the cybersecurity field today, what’s one that stands out?
A: If I had to focus on just one area, it would be zero-trust because it’s so foundational to securing modern network architectures. First, it’s important to understand that traditional enterprise network perimeters have essentially dissolved. Almost every organization has widely adopted infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), meaning they store their data and host their resources across multiple cloud service providers (CSPs), outside of a defined corporate perimeter. Hybrid and remote work arrangements are now the norm. All of which means traditional, perimeter-based defenses can no longer effectively secure an organization, because that corporate perimeter is nebulous.
This is the challenge zero-trust addresses.
Q: Even today, misconceptions still abound regarding zero-trust. Do you think the industry at large is ready for the federally mandated shift to zero-trust? What can organizations do to close the gap?
A:Within the last two years we’ve received some very exacting guidance from the Department of Defense (DoD), Office of Management and Budget (OMB), and CISA, all of which was sorely needed. On the federal-civilian side, Executive Order 14028 called for several “bold changes” to the government’s approach to cybersecurity, including moves toward zero-trust architecture. This was followed by OMB’s M-22-09, which codified specific actions related to zero-trust including timelines and budgetary requirements, and CISA’s release of v2.0 of the ZT Maturity Model. On the DoD side, the Zero-Trust Strategy and Capability Roadmap, released in late 2022, describes detailed actions, timelines, and a phased implementation approach to zero-trust.
"Our federal customers have a whole lot of work to do. The good news is that industry is ready to support these efforts."
I bring all that up to make this point: Our federal customers have a whole lot of work to do. The good news is that industry is ready to support these efforts. Zero-trust compliance does not require new technologies to be created. Everything needed for implementation is already available in the current market. In fact, many of the tools needed to implement a zero-trust compliant solution already exist within federal customer environments. What is needed is compliant configuration and integration, improved governance, and movement toward dynamic policy creation and enforcement. It’s no small task, but our industry is equipped to help make it happen.
Q: What sets ECS apart from other service providers when it comes to zero-trust?
"ECS uniquely well-positioned to aid our customers on their journey toward zero-trust maturity."
A: Our breadth and depth of experience across cybersecurity. ECS has multiple programs supporting each of the five core pillars and three cross-cutting capabilities found in the ZT Maturity Model, enabling us to address a customer’s zero trust needs holistically. We have programs of extreme depth in each of these pillars, as well. For example, our Army Endpoint Security Solution (AESS) program delivers endpoint protection to more than 800,000 Army endpoints — a depth of implementation of device pillar capabilities that is almost unmatched in the industry. Or consider a program like CDM and its utility in implementing the visibility and analytics cross-cutting capability. This breadth and depth of expertise is what makes ECS uniquely well-positioned to aid our customers on their journey toward zero-trust maturity.
