• United States



Back to Basics – Back to Ethics

Mar 15, 20092 mins
IT Leadership

What happened in Washington DC (city) government under Yusuf Acar as CSO over the past few years? Almost everyone involved in government technology in the nation, along with a few others in the FBI, want to find out the answer to that question. What we do know is that Vivek Kundra, President’s Obama’s brand-new, first ever, federal CIO has taken a leave of absence.

Could this very talented leader be in serious trouble? This blogger hopes not. But one lesson is already clear – Web 2.0, Government 2.0, Cloud Computing, or any other techno-savvy change must be built on a foundation of rock solid professional ethics. 

I have no desire to pile-on in this blog. There are plenty of others who have written detailed accounts of the implications of last week’s very serious events. Betanews is one and Wired Magazine is another. While Wired says Kundra will be fine, the Federal Computer Week raises several serious questions about why the CTO wasn’t aware of the activiites of his CSO. Both of those articles have plenty of related links as well.

True, everyone deserves the presumption of innocence until proven guilty. It may yet be true that the DC government is cleared of any wrongdoing.     

 Regardless of what happens next in this situation, this incident already provides some great reminders for every security professional out there. The main message is that unethical behavior must be stopped and dealt with or other great achievements will be undermined. Ethical behavior must be a top priority.  

  No matter how good your staff is at technical tasks, are they trustworthy? I have found that some of the best and brightest are also the most tempted to violate policy. As I describe at length in my book, we all face temptations online. There are steps we can take to protect ourselves, our governments, our businesses, our careers and our families. Most of us run background checks on staff, but that is often not enough. Note: my earliest blogs spend significant time discussing cyber ethics in the office.   

 We must trust, but verify. No one is above the law. Listen to complaints from people who claim that security staff or systems administrators flaunt their authority or access. Security professionals need to be above reproach – or all the technical controls in the world will not help. Good security involves people, process and technology.    

What are your thoughts?


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author