Shon Lyublanovits

Cyber Supply Chain Risk Management Lead, CISA
Shon Lyublanovits

Shon Lyublanovits is the Cyber Supply Chain Risk Management Program Lead within CISA’s Cybersecurity/Capability Building organization. Shon leads the SIGMA team which provides operational support to the Federal Acquisition Security Council and serves as the Information Sharing Agency; the STORM team which focuses on improving processes and establishing C-SCRM best practices which can be leveraged across the FCEB, SLTT, and industry; and the SAGE team which handles the PMO’s strategy and governance initiatives. She is a Fed100 award recipient and was named one of the “Rockstars of Cybersecurity” by IEEE. She has over 27 years of federal service and experience in the areas of cybersecurity, privacy, governance, and supply chain risk management.

Prior to joining CISA in July 2022, Shon served as the Senior Advisor for Cybersecurity and the SCRM lead for the Office of Information Technology Category (ITC) in GSA’s Federal Acquisition Service (FAS). While at GSA, she successfully served as ITC’s very first IT Security Subcategory Manager and was the leading force and advocate for dealing with the challenges of infusing cybersecurity and supply chain risk management into the acquisition process. Shon developed one of the top initiatives under the Obama Administration in creating the Highly Adaptive Cybersecurity Services (HACS) SIN in response to the OPM breach. She also successfully created a SCRM center of excellence, ensuring FAS IT products and services aligned with federal cybersecurity standards and mandates. She led the NDAA Section 889 Part B implementation within ITC and served as a champion to promote a SCRM Enterprise Framework focused on Acquisition and Policy Compliance, Cyber Risk Management, and Supplier Relationship Management.

Shon has also held senior cybersecurity leadership positions at the Department of Labor, Army Criminal Investigative Division, and the Defense Logistics Agency. She is a graduate of the Cybersecurity for Managers program at MIT Sloane School of Management. She holds graduate certificates in Information Systems/Information Technology Project Management, Applied Project Management, Six Sigma and Organizational Leadership from Villanova University, is a graduate of Mitchell Hamline’s School of Law Cybersecurity and Privacy Law Program, and holds the Certified Information Security Manager certification from ISACA.