The "Safeguarding Citizen Data" project won 2009 Information Security Project of the Year for the Mid-Atlantic region in Executive Alliance's Information Security Executive of the Year awards.

At the turn of the 21st century, the Commonwealth of Pennsylvania (Commonwealth) shed its hierarchical mainframe driven environments and embraced cutting edge web based technologies. This enabled the Commonwealth to change from a closed system agency centric modality to an open system web based environment which allowed it to open its services and data to the citizenry.

This paradigm change helped to make Commonwealth's services and data more accessible to the public but it also created additional security risks that were not prevalent in its old mainframe environments. Opening its services and data repositories to the Internet, the Commonwealth had to take into account SQL Injections, Cross Site Scripting (XSS), Sensitive Data Leakage (SSNs, Cardholder data, PII, HIPPA etc.

In order to address these threats, the Commonwealth created a security project entitled Operation Secure Enterprise (OSE) which focused on addressing network web based threats. Unfortunately as time progressed, hackers and crackers were able to bypass these security measures by changing their attack vector from network based attacks to application based attacks (SQL Injects and XSS Attacks) which focused on exploiting vulnerabilities within the application code.

As the number of these attacks increased, the Office of Administration, Office for Information Technology (OA/OIT) realized that there was a need to change its security strategy from a network centric based model to a holistic model which included application security. This process is called the Commonwealth Application Certification and Accreditation (CA)² Process.

The (CA)² process takes all of the OSI security layers into account by having agencies complete a risk assessment process which includes risk assessment questionnaires, source code scans, host based intrusion scans, and vulnerability assessments. These questionnaires, scans, and assessments benchmark the risk web applications pose to the IT infrastructure.

The (CA)² process has identified critical vulnerabilities that if not corrected could have been exploited by SQL or XSS attacks which could have led to identity thefts and the propagation of malicious code. By closing vulnerabilities before they are exploited, the Commonwealth has prevented data leakage, identity theft, and theft of services saving the Commonwealth millions of dollars.

Bob was named Chief Information Security Officer for the Commonwealth of Pennsylvania in November 2005. Prior to his appointment as CISO, Bob joined the Commonwealth in July 2005 as an IT Consultant and project manager for the Enterprise Security Auditing and Monitoring project, a primary component for the Operation Secure Enterprise initiative. The tremendous success of the project helped the Pennsylvania Information Security Architecture program win the 2007 award for outstanding achievement in information technology by the National Association of State Chief Information Officers (NASCIO ). In 2008, Bob was named a finalist in the 2008 SC Magazine Awards for CSO of the Year and was nominated as the Information Security Executive of the Year – North America. Pennsylvania security was a finalist in the NASCIO 2008 Recognition Awards for Outstanding Achievement in the Field of Information Technology. Additionally, his team was named a finalist in the 2008 SC Magazine Awards for Best Security Team.

Bob has assembled a vast array of expertise and experience in all areas of security including risk assessment, architecture, design, policy development, deployment, incident response and investigation, and enterprise solution deployments in areas including intrusion detection, data protection, compliance, and incident reporting and response. His expertise is regularly quoted in industry magazines such as Federal Computer Week, StateTech, SearchSecurity, Access Controls and Security Systems, and the Wall Street Journal.

Throughout his career, spanning over 24 years in the information technology field, Bob has served both public sector agencies and private corporations including the Pennsylvania Higher Education Assistance Agency and the Pennsylvania State Senate and House of Representatives. He also served as an IT Manager at the Pennsylvania Health Care Cost Containment Council and the Hospital & Health System Association of Pennsylvania.

Bob holds a number of industry certifications including many product-specific certifications. His security certifications include Certified Information System Security Professional (CISSP), Certified Information Forensics Investigator (CISFI), and Encase Certified Examiner (EnCE).

Prior to his IT experience, Bob served nine years as a law enforcement officer. During his career, he obtained the rank of Sergeant and received numerous commendations and several for valor.