Air Force Operational Test and Evaluation Center (AFOTEC) 
Intermediate level
Theme: Disruptive Technologies

USAF Mission-Based Risk Assessment Process for Cyber

Identifying potential cyber risks & providing recommendations


Practitioner Presentation
Thursday, Oct. 20 Location Code
9:30am-10:30am Sheraton Dallas Hotel ThS/47



This session will provide an orientation on the Mission-Based Risk Assessment Process for Cyber (MRAP-C), a cyber assessment process that can be applied to business systems or programs.


This session is not highly technical, but rather process oriented. The U.S. Air Force developed the Mission-Based Risk Assessment Process for Cyber (MRAP-C) process to inform requirements, engineering, programmatics, risk assessments and testing. The assessment methodology is designed to be executed throughout a program’s lifecycle with benefits ranging from requirements and resource identification to test, risk management and deployment considerations. The process identifies potential cyber risks and gives stakeholders recommendations to influence requirements and design. The process further informs system development, risk management, programmatic decisions, and test through system-specific vulnerability exploitation in the form of vignettes and other assessment products.


The Air Force Operational Test and Evaluation Center (AFOTEC), located at Kirtland Air Force Base in New Mexico, is a direct reporting unit under Headquarters, U.S. Air Force. It is the Air Force independent test agency responsible for testing, under operationally realistic conditions, new systems being developed for Air Force and multi-service use.


Michelle Kesler is the program manager for Mission-Based Risk Assessment Process for Cyber (MRAP-C) at the Headquarters Air Force Operational Test and Evaluation Center (AFOTEC), Kirtland Air Force Base. Kesler is responsible for institutionalizing and supporting MRAP-C throughout AFOTEC, the Air Force, and Space Force. She leads a team of subject matter experts and program support personnel who help defense acquisition programs analyze cyber risk and develop cyber test strategies. Kesler is the key advisor on AFOTEC lean/continuous process improvement initiatives, for AFOTEC leadership and Air Force Lean/CPI Green/Blacks Belts. Kesler began civil service as a student in 1984. She worked her way through college while at AFOTEC as a cooperative education intern and completed her bachelor's degree in computer information systems at the University of New Mexico, Albuquerque. Kesler institutionalized AFOTEC’s use of lean/continuous process improvement by directly advising senior leadership on difficult problems, conducted special initiatives/studies, and proposed alternatives for the center-wide challenges utilizing various lean tools. 

Kevin McGowan is a cybersecurity test engineer, 47 CTS/OL-A, at OASIS Systems, supporting the 47th Cybersecurity Test Squadron, Eglin AFB, FL. McGowan guides the design of cyber resilience testing and evaluation of critical technical parameters and metrics through implementing the Department of Defense cybersecurity test and evaluation processes. He advises and assists acquisition programs, developmental test teams, and operational test teams on test policy, integrated test, test strategy development, test-related document generation, and requirements generation. McGowan writes Air Force cyber test and evaluation policy and guidance and develops cyber assessment and test processes, and assists programs in executing cyber risk assessments, cyber test strategy development, and cyber test planning. McGowan establishes, advises and teaches cyber working groups throughout system cyber vulnerability identification activities, as well as the planning and execution of cybersecurity tests and the generation of cybersecurity and test documentation for defense acquisition programs. McGowan was commissioned as a Second Lieutenant in the U.S. Air Force after graduating from the U.S. Air Force Academy, CO, in 1996. He retired from the Active Duty Air Force in June 2018 as a Lieutenant Colonel and joined COLSA Corporation as a cybersecurity test engineer supporting the 47th Cyberspace Test Squadron. He transitioned over to OASIS Systems during a contract changeover in 2021.