24 Feb Meet Chuck Ames, Senior Program Manager
Criterion’s program managers play a critical role in helping our Federal government customers meet their mission objectives. Each brings a unique perspective and background to their jobs, a combination of technical expertise and problem-solving capacity that helps Criterion develop and implement creative solutions to the challenges our teams face every day.
Today, we would like to profile Chuck Ames, a senior program manager for our Department of Energy customer. Chuck has more than two decades of technical leadership experience, with a focus on cybersecurity. After retiring from the U.S. Army as a Colonel in 2015, he became the Director of Cyber Security for the State of Maryland. He has also served as a cyber subject matter expert and consultant for the Department of Defense and an IT government contractor before joining Criterion in 2020. Chuck is a certified Project Management Professional (PMP) and a Certified Information Security Manager (CISM). He holds an MS in Strategic Studies from the U.S. Air Force Air War College, an MS in Software Engineering Administration from Central Michigan University, and a BS in Geography from Syracuse University.
What would you consider is your key subject matter expertise?
Operating large cybersecurity programs within the Federal and state governments. I prefer advancing the challenge of cyber defense with a whole-of-government approach. In other words, treating cyber disruption preparation in the same vein and using the same frameworks that are used to prepare for natural disasters, power outages, or riots. I believe it is possible to build quality, formidable cyber defenses, and I believe that takes more than a handful of “cybersecurity” personnel scattered about the networked workforce. Every employee and manager has a critical role in limiting the effects of cyber disruption, regardless of their Agency’s primary function or their individual role.
Professionally responding to a reduced number of cyber incidents is the ultimate metric, driving down disruption while increasing the value of the network. Concepts like executive trust, agency reputation, and statutory due diligence come into play as powerful motivators that are instrumental in defining what is the critical infrastructure, what are the key messages, and how can we help a client frame adequate cyber spend and effort.
What is an important lesson learned in that area that you apply frequently to add value to your customers?
Being able to step the customer back and convince them that although the challenge is significant and persistent, our enemy is not guaranteed to win nor are they “ten feet tall.” For example, none of the really bad players use sophisticated methodologies when they don’t have to, so even simple improvements, broadly applied, can eliminate the extent to which a great many disruptors are willing to go. It is not necessarily ideal to chase a specific technical solution that might lead to the elimination of the latest advanced cyber threat. I try to convey to clients that they can’t lose sight of the overall effort required to obtain a good or very good cyber defense, resourced and improved over time. The threat grows and changes constantly, but when approached systemically, significant improvements can be readily obtained.
Do you have a particular approach to solving problems?
Time permitting, absolutely! I like to develop the problem, examine the facts and assumptions, and then define what I want to see happen. From there, I can develop various solutions and evaluate them against one another, select a solution, and implement. However, time only sometimes allows for this deliberate approach, and it can get complicated when the response needs to be developed in coordination with a group, partnership, or regulatory body.
What drives you? What is the key to your success?
I don’t know that I’m driven, per se, but what I enjoy most is leading groups, accountable to ourselves and to people dependent on what we do. If what we do is unique, complicated, mentally challenging, and rewarding, great! Way back when, I taught cannon ballistics in the Army. It was in that job where the precision and technical excellence I thought I had understood and demonstrated in my earlier career on various gun lines began to pale upon self-examination. As it turns out, much of what I thought I knew was wrong, and the new job forced me to humbly ascend several steep learning curves before I was ever authorized to step foot in front of a classroom of Cannon Artillery Officers. I began to process complicated systems with a much more deliberative approach, and I began to recognize whole echelons of professionalism beyond that of practitioner. I learned how dependent pieces of metal, code, and human force are on other pieces of metal, code, and human force. The key is to recognize the practical trade space, conduct most of the mission there, and recognize and appreciate when you’re approaching limits.
What is the craziest job you ever worked?
While I have worked many of them, one summer I worked in a concrete plant. Unfortunately, the project finished, but I needed another few weeks’ worth of cash. I was placed in the sawmill, which consisted of another guy and me wielding giant chainsaws and hand cutting planks. 100% OJT, 2 dudes just told to go do. I couldn’t wait for that nightmare to come to an end, and safely so.
Tell us something about yourself that may surprise your coworkers.
For whatever reason – maybe it’s the close-cropped hair or the serious demeanor my wife says I display – I’m usually the guy randomly selected from the crowd to participate in street performances: unicycles and knife tossing, dancing with kilts, all manner of silly things. I have never understood this.