What happened in Washington DC (city) government under Yusuf Acar as CSO over the past few years? Almost everyone involved in government technology in the nation, along with a few others in the FBI, want to find out the answer to that question. What we do know is that Vivek Kundra, President’s Obama’s brand-new, first ever, federal CIO has taken a leave of absence. Could this very talented leader be in serious trouble? This blogger hopes not. But one lesson is already clear – Web 2.0, Government 2.0, Cloud Computing, or any other techno-savvy change must be built on a foundation of rock solid professional ethics. I have no desire to pile-on in this blog. There are plenty of others who have written detailed accounts of the implications of last week’s very serious events. Betanews is one and Wired Magazine is another. While Wired says Kundra will be fine, the Federal Computer Week raises several serious questions about why the CTO wasn’t aware of the activiites of his CSO. Both of those articles have plenty of related links as well. True, everyone deserves the presumption of innocence until proven guilty. It may yet be true that the DC government is cleared of any wrongdoing. Regardless of what happens next in this situation, this incident already provides some great reminders for every security professional out there. The main message is that unethical behavior must be stopped and dealt with or other great achievements will be undermined. Ethical behavior must be a top priority. No matter how good your staff is at technical tasks, are they trustworthy? I have found that some of the best and brightest are also the most tempted to violate policy. As I describe at length in my book, we all face temptations online. There are steps we can take to protect ourselves, our governments, our businesses, our careers and our families. Most of us run background checks on staff, but that is often not enough. Note: my earliest blogs spend significant time discussing cyber ethics in the office. We must trust, but verify. No one is above the law. Listen to complaints from people who claim that security staff or systems administrators flaunt their authority or access. Security professionals need to be above reproach – or all the technical controls in the world will not help. Good security involves people, process and technology. What are your thoughts? Related content opinion 3 security career lessons from 'Back to the Future' You don't need to be able to predict the future to have a successful security career, but you had darned well better be able to learn from the past. By Dan Lohrmann Jan 12, 2021 6 mins Careers Security interview Secrets of industry-hopping CSOs Who says you can't change industries? Veteran security leaders Mark Weatherford and Cheri McGuire teach you how it’s done. By Dan Lohrmann Mar 02, 2020 12 mins Careers Security opinion Why security pros are addicted to FUD and what you can do about it Despite professing anti-FUD rhetoric, cyber experts fan the flames, breathlessly sharing the details of the latest data breaches. It's a risky addiction that can lead to security apathy in enterprises. Here's how to harness it. By Dan Lohrmann Sep 06, 2018 7 mins Security opinion Bridging the smart cities security divide There are plenty of organizations that seem to be working on answers to secure smart cities, but in many ways it's like the early days of cloud computing with everyone building their own solutions. By Dan Lohrmann Feb 01, 2018 6 mins Internet of Things Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe