CISA hires Navy cyber expert to help oversee vulnerability management


The Cybersecurity and Infrastructure Security Agency tapped a Navy leader in cyber and network operations Wednesday to lead its efforts to mitigate potential vulnerabilities and information security weaknesses. 

The nation’s cyber defense agency named Sandy Radesky as the associate director of vulnerability management in a statement posted to CISA’s official Twitter account.

Radesky, who previously served as the deputy command information officer for the U.S. Fleet Cyber Command since December 2020, is a longtime veteran of cyber operations, has spent most of her career supporting the Department of Defense.

She served as the director of analytics for the COVID-19 Countermeasures Acceleration Group beginning in June 2021, where she led a team of “data scientists, logisticians and technologists” to help optimize the process of distributing 400 million vaccinations as part Operation Warp Speed, according to her Navy profile

Prior to that, Radesky served as deputy director of operations at Joint Force Headquarters Department of Defense Information Network at Fort Meade, Maryland, helping oversee enterprise-wise command and control and cyberspace missions. 

A seven-year tenure at the Defense Information Systems Agency ultimately saw her lead the Global Operations Command Defensive Cyber Operations Security Center, its largest operational command tasked with safeguarding the DODIN network. 

The news comes as CISA and the entire federal government face an ever-increasing threat landscape of cyber vulnerabilities. Radesky’s appointment was announced just days after the agency added another Microsoft zero day vulnerability to its catalog of known vulnerabilities that the company said can allow an attacker to gain system privileges after successfully logging in and running a specially crafted application. 

CISA has given all federal agencies until January 31 to patch the bug, titled CVE-2023-21674.

Radesky has also worked as an engineer and project manager for multiple information security and cybersecurity firms in the private sector, including as an engineer for MITRE and an information security analyst at CSC. She previously served as a communications operator in the U.S. Air…

Source…