Skip to main content

ACT-IAC: Where government and industry leaders collaborate.

You are here

Steven Hernandez

Chief Information Security Officer and Director of Information Assurance Services

Steven Hernandez, CISSP, CAP, CNSS, SSCP, CSSLP, ITIL, CISA, Sec+ 

Steven Hernandez is an information assurance expert serving the past twenty years in a variety of contexts and missions. He has worked on the front lines in operations centers and led research teams attempting to balance security, privacy, and mission delivery considerations. Transforming risk management in international manufacturing, healthcare, non-profits, and governments at the federal, state, and local levels is extensive through his professional portfolio.  Leading tactical, day-to-day security operations as well as guiding and influencing broad security initiatives such as the US government's FedRAMP program across large organizations with international presence are areas he’s frequently called upon to support. Presently he is the Chief Information Security Officer and Director of Information Assurance Services at the U.S. Department of Education.  Steven also serves as the co-chair of the US Government Federal CISO Council and government chair of the ACT-IAC Cybersecurity Community of Interest. Prior to his position at Education, he held a variety of roles at the Office of Inspector General, US Department of Education including CTO, CIO, CISO, Senior Official for Privacy and Chief Services Engineering Officer.  He is an inaugural member of the United States Scholarship of Service Hall of Fame. He served on the Board of Directors for the International Information Systems Security Consortium (ISC)2, served on the U.S. (ISC)2 Government Advisory Board for Cybersecurity (GAB), judged for the Government Information Security Leadership Awards (GISLA) and contributed to its Executive Writers Bureau. Mr. Hernandez is the lead author and editor of the third edition of the (ISC)² Official Guide to the CISSP CBK, the (ISC)² Official Guide to the HCISPP CBK, and several published works regarding international information assurance.