Randy Resnick, director of the Zero Trust Portfolio Management Office within the Department of Defense’s Office of the Chief Information Officer, has been named to the 2024 Wash100 list for his work advancing and synchronizing zero trust efforts and initiatives across the DOD enterprise. This marks Resnick’s debut on Executive Mosaic’s Wash100 list.
Help Resnick win the 2024 Wash100 popular vote competition! Cast your votes for Resnick at Wash100.com. Voting is open until April 30, and the winner will be announced in May.
Stay up-to-date with the latest news from the DOD CIO Office — join the Potomac Officers Club’s 5th Annual CIO Summit on April 17! The Pentagon’s Principal Deputy CIO Leslie Beavers is scheduled to keynote. Register here to save your spot.
“In the past two years, Randy has taken the reins of the DOD’s ambitious zero trust efforts, and he’s now steering the entire defense enterprise toward a more secure, more safe and more trusted future in the cyber realm,” said Executive Mosaic CEO and Wash100 Award Founder Jim Garrettson.
“Randy is a strong leader with deep cyber expertise, and he’s been instrumental in architecting and shaping zero trust within the department. And, as a speaker at previous Potomac Officers Club events, Randy has proven to be a willing participant in connecting with the GovCon community and speaking directly to industry executives to advance DOD missions. We welcome Randy into the Wash100 list for the first time, and we honor him for his bold vision and for his commitment to innovation,” Garrettson added.
Resnick was tapped to lead the newly established Zero Trust Portfolio Management Office at the start of 2022, and in the time since, he has spearheaded major zero trust framework, implementation and adoption efforts. He notably played a key role in the DOD’s Zero Trust Architecture Implementation Strategy, released in December 2022.
“With zero trust, we have identified the items of value within the house and we place guards and locks within each one of those items inside the house. This is the level of security that we need to counter sophisticated cyber adversaries,” Resnick said of the strategy at the time.
During the creation process for the strategy, Resnick collaborated with other executives in the DOD CIO Office to develop 45 capabilities and more than 100 activities that would be used to measure zero trust progress.
“Each capability, the 45 capabilities, resides either within what we’re calling ‘target,’ or ‘advanced’ levels of zero trust. DOD zero trust target level is deemed to be the required minimum set of zero trust capability outcomes and activities necessary to secure and protect the department’s data, applications, assets and services, to manage risks from all cyber threats to the Department of Defense,” Resnick explained.
In the spring of 2023, Resnick’s office collaborated with the National Security Agency and the four Joint Warfighting Cloud Capability contract winners — Amazon Web Services, Google, Microsoft and Oracle — to test zero trust security by launching attacks on the companies’ cloud platform systems.
Resnick said the simulation was designed to give participants the opportunity to observe and learn from a realistic adversary attack.
“That’s going to give us a really good feel on whether or not these zero trust overlays are implemented correctly,” he said.
Later on in the summer, Resnick shared insights into how his office is addressing zero trust security and implementation outside of the Pentagon and at the tactical edge.
“We have 91 activities in an enterprise environment for zero trust to stop the adversary. We need to start thinking through what can we mitigate to the 91 and make it simpler at the edge, while still maintaining the ability to slow down or stop the adversary. It’s a little complex, but we’re working it through on the Joint Staff,” Resnick shared at the Potomac Officers Club’s 2023 Cyber Summit. Registration is open now for the 2024 Cyber Summit on June 6! Click here to register.
Toward the end of last year, Resnick began reviewing 43 zero trust implementation plans created by military services and defense agencies.
“We’re expecting to get these plans and whether or not they exceed our expectations will meet our expectations, that’s to be determined. We are confident that probably 80% to 90% will, but there will be some that we’re going to have to go back and forth,” Resnick said in October 2023.
“We want to know how every single component is going to be hitting target level zero trust or higher by fiscal 2027 or earlier, and a layer on top of that is how are they going to achieve it,” he added.
Most recently, Resnick said his office will begin providing training to combatant commands to guide their implementation of the zero trust capabilities and technologies.
“It’s not mandatory for anybody to take the zero trust courses, but we’re working toward that model where it would actually either be mandatory to take the ZT 101 or thereabouts or roll it into the existing cyber courses and essentially update the cyber course to include zero trust,” explained Resnick.
Executive Mosaic congratulates Randy Resnick and the DOD on their inclusion in the Wash100 list this year.