Americas

  • United States

Asia

Oceania

Collaboration is King: Our New Cross-Boundary Imperative

Opinion
May 24, 20083 mins
IT Leadership

As I’ve traveled across the country, I’ve often been asked the same question: What’s the 2008 key to success as a security leader? From Seattle, Washington to Novi, Michigan, from big state leaders to small county CIOs, people are feeling overwhelmed and under-staffed when faced with mounting security threats. What’s to be done?     

We’ve all felt it. The botnets, application attacks, never-ending number of vulnerabilities, new applications with problems and personnel risks wear us down and seem overwhelming. The problems are too big for any one person or company to handle – even if you have a good security team.   I’ve even talked to a few really good pros who are thinking about getting out of IT security because they’ve had enough.

No, I don’t have all the answers, but I’ll mention some of the things I’ve told these friends and colleagues.    First and foremost, IT security must be a team effort to suceed. We need to surround ourselves with people and groups that can help – both inside and outside our organizations. We need even more partnerships.

This may seem obvious, but I’ve lost count of the number of people I’ve met who have never heard of the US CERT or their state’s Informations Sharing & Analysis Center (ISAC). If this is you and you’re in government, start with the MS-ISAC portal. Others have never heard of NIST’s great website or InfraGard in their area.  Most security staff have heard of SANS training, but many don’t know about their storm center or their free reading room.  

Even more important than knowing about good web resources is having good relationships with vendors who can really help, and colleagues around the country who you can talk to in a pinch.  All of this is easy to blog about, but takes time and energy to effectively develop. The payback can be immediate or may take months or years.   In my opinion, this is also what makes the job fun and interesting. Hearing stories from others and helping in different circumstances is healthy and always reaps rewards. 

In Michigan, we just released a new version of our Michigan IT Strategic Plan. Our plan’s six main themes include: Access, Service, IT Management, Great Workplace, Cross-Boundary, and Innovation. (Yes, we have a detailed appendix on cyber security plans. ) 

Although we’ve done quite a bit in the collaboration area already, we realize that we still have a ways to go. The cross-boundary opportunities are immense across evey business area in state government and IT needs to help lead the way. Security can truly be an enabler – IF we spread that message.  Breaking through old “turf wars” and doing more cross-boundary can save big dollars and enhance cyber security.

I don’t want to sound preachy, but security on an island will fail. The Internet is too global and complex. Our web business challenges aren’t as unique as many believe. The attacks we are facing are coming from everywhere, and the bad guys will get on your island – if you don’t get help.

The criminals are collaborating, so we need to as well. We’re all in this security battle together.  

dlohrmann

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author