Sarah Nur
Associate CIO for Cybersecurity and Chief Information Security Officer (CISO)
U.S. Department of the Treasury
Sarah Nur is a highly accomplished cybersecurity executive, currently serving as the Treasury CISO and Associate CIO for Cybersecurity. As a distinguished Senior Executive Service (SES) member, Sarah oversees key departmental programs within Treasury’s extensive $4.5 billion Information Technology (IT) portfolio and $550 million cyber budget, ensuring the security of 150,000+ Treasury users.
In her pivotal role, Sarah leads various critical areas such as:
• Enterprise Cyber Risk Management (ECRM)
• Agency cybersecurity priorities
• Investment strategy to ensure protection and resiliency of Treasury Systems and Mission Essential Functions (MEFs)
• Supply Chain Risk Management (SCRM)
• Incident Response (IR)
• Enterprise Threat and Vulnerability Management (ETVM)
• Agency Cybersecurity Policies to empower Treasury Bureau CISOs
• Cybersecurity Communication and Outreach
When Sarah assumed the Treasury CISO role in 2019, the Treasury’s cybersecurity Federal Information Technology Acquisition Reform Act (FITARA) score had been a “D” for several years. Within one year, her leadership transformed and improved Treasury’s cybersecurity posture, resulting in an increased grade from “D” to “B.”
In 2021, Sarah was designated as Chairwoman for the Financial and Banking Information Infrastructure Committee (FBIIC) CISO Subcommittee. The subcommittee was established to facilitate information sharing, develop common risk-based approaches to managing cybersecurity risks, discuss policy decisions, coordinate incident response activities, and operationalize resiliency strategies.
Sarah’s career began as a Microsoft Certified Systems Engineer (MCSE), building, deploying, and administering networks worldwide. This technical foundation led to leadership roles in public and private sectors, including intel community (IC) law enforcement agencies. Her extensive expertise, unwavering dedication, and collaborative spirit have made her an invaluable asset in the ongoing battle against cyber threats.
Determined to widen her focus beyond the scope of an agency CISO, Sarah is making efforts to form a broader coalition comprised of CISOs from the financial sector and international CISOs, including G7 partners. The hope is to engage in information sharing of cybersecurity intelligence and collaborate on incident response, addressing the root causes of cyber threats.
Recognizing that the cybersecurity workforce shortage is now a national security concern, Sarah is passionately working to address the cybersecurity gap head on by partnering with organizations that advocate for broader participation and perspectives from women and underserved communities to consider joining the cybersecurity career paths to tackle global cybersecurity threats. She believes that diversifying the cybersecurity workforce, particularly at leadership and decision-making levels, is essential for addressing the increase in sophisticated cyber threats.