2016 Rising Star Awards
Lisa J. Wiswell
Digital Security Lead, Defense Digital Service, Department of Defense
- By Troy K. Schneider, Sarah Lai Stirland
- Nov 11, 2016
The successes of the Defense Department’s “Hack the Pentagon” bug-bounty experiment have been well documented: more than 1,400 participating hackers, 138 bounties paid for confirmed vulnerabilities, nearly 1,200 bug reports across five DOD websites and a total cost of just $150,000.
Less well known is all the back-end work that made the program possible.
Lisa Wiswell, the Defense Digital Service’s digital security lead, managed the initiative, which was the first bug-bounty program run by a federal agency. And because DOD’s traditional response to outsiders poking around in its systems is to threaten prosecution, getting Hack the Pentagon off the ground required significant planning and persuasion.
“We spent a tremendous amount of time with our legal team and all of the stakeholders across the departments to make sure that we defined our rules and restrictions down to a T,” Wiswell told FCW. “You have to make sure that you tell folks what they can do and, almost even more importantly, what they cannot do.”
She managed communications and expectations throughout the initiative, ensuring that DOD stakeholders, participating hackers and the contractors that helped manage the process knew what to expect.
The results impressed Defense Secretary Ashton Carter, who said the experiment illustrated the Defense Digital Service’s ability to “drill tunnels through the walls that too often separate the Pentagon from America’s wonderful and innovative technology base, one of our nation’s greatest sources of strength.”
DOD issued a request for proposals in August to secure contractor support for a permanent bug-bounty program.
Troy K. Schneider is editor-in-chief of FCW and GCN, as well as General Manager of Public Sector 360.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.
Sarah Lai Stirland is a technology reporter based in San Francisco. Connect with her on Twitter at @LaiStirland.