Roger Greenwell is the Risk Management Executive and the Defense Information Systems Agency (DISA) Authorizing Official (AO). As the AO, he is responsible for making authorization decisions that balance mission and business requirements with the security in place; the scope of which encompasses hundreds of systems, applications, networks, and satellite communications provided by DISA. Greenwell reviews and approves all plans of action to reduce risk, authorizes DISA’s connections to the network, and validates all agency requirements for cross domain solutions and Internet facing applications. He is also the Department of Defense (DOD) authority for issuing cloud computing provisional authorizations (PAs).
Greenwell leads agency efforts in operating and assuring a reliable, available, secure, and protected enterprise. His responsibilities include driving agency compliance with the DOD Cybersecurity Scorecard reporting requirements. He leads DISA’s efforts in developing DOD-wide security guidance and products including Security Requirements Guides (SRGs), Security Technical Implementation Guides (STIGs), and content used by standards-based tools for automating compliance assessment against DOD standards. He is also charged with leading other key cybersecurity related initiatives including incident response and media analysis, and conducting penetration testing/architecture analysis to critical systems. Until his appointment as the agency AO, he served as the single Information Assurance (IA) certification authority within DISA; supporting accreditation and authorization decisions for all DISA systems and networks.
Prior assignments include Director and Technical Director of DISA’s Field Security Operations (FSO), directing the activities of 300+ personnel supporting Information Assurance activities around the world. He provided oversight to numerous initiatives including a comprehensive vulnerability/risk assessment of Defense Enterprise Email (DEE), along with leading the DISA team supporting the first Operational Assessment (OA) of a coalition network – the Combined Enterprise Regional Information Exchange System – International Security Assistance Force (CENTRIXS ISAF). He served as the DOD certification authority for the general services component of the Computer Network Defense Service Provider (CNDSP) program; validating processes and procedures used by CNDSPs in providing Protect, Detect, Respond, Sustain services across the DOD. Greenwell also served previously as the FSO Chief of the Capabilities Implementation Division and Chief of the IA Standards and Training Division. In these roles, he led efforts to develop operational procedures that supported the deployment of Enterprise capabilities using tools such as the Host Based Security System (HBSS) and the Vulnerability Management System (VMS); and enabled the transformation of the STIGs/SRGs in adopting the standards-based Security Content Automation Protocol (SCAP).
Prior to joining the Government in 2009, Greenwell worked for Hewlett Packard (HP) / Electronic Data Systems (EDS) where he provided security consulting and contract management for multiple customers including DISA, Army, Air National Guard, and Army National Guard. His diverse background and experience includes vulnerability management, computer network defense, standards and policy development, tool development/integration, training, disaster recovery, and emerging technology capabilities. He co-authored the first DOD technical security guide in 1994 supporting the mainframe environment which led to the creation of the SRG and STIG program that exists today.
Greenwell has a Bachelor of Science in Computer Internetworking and is a graduate of the Federal Executive Institute. He holds multiple industry security certifications to include CISSP, CISA, and CISM.