Timothy McKnight likes to say that he\u2019s doing his job if he\u2019s getting dumber--in other words, if he\u2019s trusting his staff members to advise him and make tactical decisions, so that he can focus on the company\u2019s overall security strategy.Of course, as the CISO and VP of the defense contractor Northrop Grumman, McKnight actually needs to be pretty smart. A former special agent for infrastructure protection, corporate espionage and foreign counterintelligence at the FBI, McKnight\u2019s number-one concern now is helping protect his company--and therefore the U.S. government, Northrop\u2019s biggest customer--against governments that are looking to steal intellectual property and gain a competitive advantage over the United States. To do this, McKnight has set up a special intelligence group, focused on identity management and PKI, and worked to develop a business-focused staff.McKnight recently spoke with CSO\u2019s Katherine Walsh about the challenges of leading security at one of the largest U.S. military defense contractors and providers of IT for the federal government.CSO: Protecting the information assets of Northrop Grumman is obviously critical, given its position in the world. Do you treat the R&D data you need to protect and the personally identifying information (PII) of your employees the same way?McKnight: Not in all cases. There is a baseline amount of security across the entire enterprise. We have very significant layers of defenses within our network both internally and externally. There are certain businesses within Northrop Grumman that want their crown jewels for R&D completely walled off with thin clients or other security measures.\u00a0 Some environments within the company deal with PII more than others. It depends on the circumstance. CSO: Can you tell me about the formation of the Cyber Threat Analysis Intelligence Group and its role at Northrop Grumman?McKnight: That team\u2019s focus is on the nation-state threat, which the DoD is now terming the \u201cadvanced persistent threat.\u201d These are well resourced, highly targeted attacks at corporations and governments [by groups] that are looking primarily to steal intellectual property and gain competitive advantage. The Cyber Threat Analysis Intelligence Group is made up of techies and people with government analyst backgrounds. Their job is to focus on the technologies that are considered the crown jewels of Northrop Grumman. They look at the technologies we provide for the government, who the biggest threat to those technologies is, who needs them the most, how they [may be] targeting that information and what can we do to protect against it. That group is deploying customized solutions to handle all of that.CSO: What is the importance of training and employee awareness relative to all the other security initiatives you have to focus on? McKnight: It\u2019s interesting because I don\u2019t struggle with that, but it\u2019s something I think about a lot. We\u2019re trying to do more targeted training for different types of users, so that system administrators get special training, people who handle PII get special training, and our executives and their admins do as well. We\u2019re trying to raise the employee awareness level because we realize the potential for them to be exploited by social engineering or spear phishing, to name a couple scenarios. We\u2019re starting to recognize that some of the security solutions are not addressing some very simple ways to get into networks.CSO: What do you perceive your risk of insider threat to be? McKnight: It really depends on your definition of that, but we know it\u2019s important. It\u2019s a significant threat to the government and our company. The nation is bleeding intellectual property; the U.S. dollar is suffering. The Cyber Threat team is positioned to help us focus on the insider threat. CSO: What are some of your initiatives in the identity management space? McKnight: That\u2019s our biggest program, and it has been for a couple years. Right now our focus is on smart card one-time password roll outs. We\u2019re rolling out a PKI solution specialized for Northrop Grumman. We\u2019ve also built an external PKI company called Certipath with a few other companies: It\u2019s the world\u2019s first federated PKI for the industry. We\u2019ve found that the smart cards or PKI ID management solutions have provided significant protection against well-resourced attacks like the advanced persistent threat. We\u2019ve deployed that to all our internal users who maintain critical systems, and all our application folks (about 2,000 users in all). Over the next couple of years we will roll it out to the entire company as a one match system, where it will provide both physical and logical access to the network. \u00a0CSO: What is the future of your role at Northrop Grumman, or the CISO role in general? McKnight: Ten years ago law enforcement and government types were moving into the role of the security officer, but most of the hires I\u2019ve made in the past 5 years have been people with MBAs or backgrounds in auditing and finance. The role is definitely changing, and the people entering into the field are very different than they were a decade ago. At Northrop Grumman, the role is becoming more focused on risk management. CSO: What\u2019s the advantage to having a business background rather than a technical one?McKnight: There are advantages to both. If someone has knowledge of the technical and the business, that\u2019s fantastic. But there are challenges too. I recently promoted one of our lead technical people into a sector information security officer role. The first thing I told him to do was to step away from the keyboard. It\u2019s really no different from any management role, where you have to learn to transition away from involvement with everything (in this case the very technical things) to letting your people make some of the decisions. It\u2019s a big challenge. I always tell my people that I\u2019m doing my job if I am getting dumber: I mean that in the sense that I\u2019m allowing my people to advise me, and I\u2019m doing the things that I feel are important for the company--such as talking to our CFO or CEO about risk, working on a budget, designing the capital plan for infosec and recruiting new talent. It\u2019s a balance.CSO: Is there one security threat in particular that keeps you up at night?McKnight: It\u2019s absolutely country-sponsored attacks. For us as a company and what we do in the national security space, it\u2019s that advanced persistent threat. We see signs that a digital Pearl Harbor-like scenario is more realistic today than it was five years ago, due to the inner connectivity of all these networks and the global nature of IT. It\u2019s such a low-entry cost for any country or terrorist group. It\u2019s asymmetric; you can do it from anywhere. We need to invest more in protecting against this.