Bill Hill, MITRE’s chief information security official, was named a winner in the Top Global CISOs in the World Awards for 2022, sponsored annually by Cyber Defense Magazine. Judges looked at thousands of CISOs, searching for the most innovative and with unparalleled success in communicating with executives, detecting and stopping breaches and data loss, complying with regulations, and building powerful risk reduction programs for their organizations.
Bill Hill leads us in keeping MITRE’s networks secure while enhancing the creativity needed to power technical advances. During his 25-year career with MITRE, he has been instrumental in the development of MITRE’s resources for an effective threat-informed cyber defense strategy and building resiliency into MITRE’s own systems.
But not only has his expertise applied to MITRE’s enterprise systems, his innovations and leadership have led to landmark standards and frameworks that are freely available to the greater cyber community. He also works with the six federally funded research and development centers that MITRE operates for multiple government agencies to advise our federal sponsors of how to build and maintain their own cyber defenses, modernize their IT systems, and enhance their resiliency.
In highlighting just a few of the projects Hill’s leadership has contributed to, he was one of the originators of the Common Vulnerabilities Exposures (CVE®) list, which identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities.
More recently, Hill led the development of the MITRE Shield framework for communicating and planning cyber adversary engagement, deception, and denial activities. The Shield framework morphed into MITRE Engage™, which debuted in February this year and gives the cyber community a new set of tactics to engage attackers. Informed by adversary behavior observed in the real world, the framework maps to MITRE ATT&CK®, which gives the cyber community weapons for their defense. CISOs can use MITRE Engage to create a strategy for protecting their companies, defenders can use it to implement that strategy, and vendors can use it to align their products with their users’ goals.
As Hill has put into practice over the last decade, adversary engagement and deception operations can cut the cost of a data breach in half, waste an adversary’s time, and make attackers easier to detect. His real-life practice of these tactics was fundamental to the development of MITRE Shield and later MITRE Engage for the greater cyber defense community.
Across the federal government ecosystem; critical infrastructure organizations; and health, space, and transportation industries—to name a few—MITRE is sought after as a trusted adviser to evaluate the potential vulnerabilities in systems and how much risk there is. Hill is also one of our leading experts in implementing zero trust architectures (ZTA), securing the movement of data, assessing risk, and building cyber resilience and threat intelligence capabilities. His expertise, leadership, and innovations are invaluable inside MITRE, but also affect the entire cyber defense community.