As deputy CIO of information assurance for the Department of State, John Streufert oversees the security of the State Department's IT infrastructure. His forward-thinking approaches have been emulated across government as cybersecurity best practices.
Streufert is an advocate of what the feds call continuous monitoring, the "near real-time" monitoring of security risks, and he gets credit for helping to promote the concept across federal agencies. He has employed a metric that he helped create called the Risk Scoring Program, which assigns grades to different types of security threats like missing software patches. The program goes beyond the requirements mandated by the Federal Information Security Management Act and influenced changes made to FISMA compliance guidelines. Streufert, who's also chief information security officer for the State Department, has been instrumental in the department's forward-thinking cybersecurity education programs. Before joining the Department of State, he held IT management roles at the Agency for International Development, Federal Crop Insurance Corp., Naval Shipyards, and the Naval Sea Systems Command.