Sometimes, You Should Just Keep Quiet

Ira Winkler on why Pennsylvania's CISO firing was no surprise

. What's this?

By

March 30, 2010CSO

I have to admit that for a while, I really wasn't sure about what I thought about the firing of Robert Maley, the now former Chief Information Security Officer of the Commonwealth of Pennsylvania. The stories varied, but it initially sounded like he was fired for discussing a specific incident during the recent RSA conference. While I think that CISOs should be held to a higher standard, everyone can commit a faux pas. However the fact is he knew that by speaking at all, he was violating orders in the first place and could be fired, no matter what he said. That is just outright stupid.

At face value, there is a lot to getting out to a conference and meeting your peers. I find that RSA is much more about catching up with old friends, making contacts, talking with people, and just learning. It is impossible to not learn something at RSA if you're looking. I hope I added something to the event as well.

Also see Winkler's column I Was Wrong: There Probably Will Be an Electronic Pearl Harbor


At the same time, you have to consider that Maley's first responsibility was to his employer from a professional perspective. He was a very senior executive in a government organization. Information coming out of any government agency is controlled by policy for a wide variety of reasons. It is a condition of being in the government.

To a large extent, you are not allowed a personal opinion, and anything you say to the outside world is supposed to be cleared. That is pretty much a fundamental requirement of employment for a government agency. Short of covering up crimes, waste or abuse, there really is no justifiable reason to violate this basic policy, especially for a senior executive.

My first professional experience was at NSA. The policy for discussing anything related to the agency was clearly forbidden. There was the blanket statement we were given, "I can neither confirm nor deny anything." The only other alternative we were given was, "I'll only speak to Andy Rooney." That was it. Then when I left NSA, I was told that everything I wrote or said to the outside world had to be cleared. It frankly wasn't until I left a large organization that I was able to really speak my mind.

After I went back to large companies, I had to work out a deal where I would speak to whomever I wanted to as long as I didn't mention that I worked for the company. At the time, I already had a well established reputation that was independent of any company that I worked for. That is clearly not the case with Robert Maley, who is possibly only known because of his position with Pennsylvania.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER