• United States




White House picks a CISO and, spoiler alert, I didn’t get the job

Sep 09, 20163 mins
CareersGovernmentTechnology Industry

There simply isn’t an emoji to capture my emotion at a moment like this. I didn’t even get a rejection letter. The White House first announced that they were seeking a candidate in February 2016. Yesterday, The White House selected their first CISO candidate yesterday and it wasn’t me. Of course, I’m being facetious. The small entanglement of being a Canadian may have been a limiting factor in my candidacy that never was.

This position was created as an output from the Cybersecurity National Action Plan (CNAP). But, it should be noted that this is a CISO position that comes with funding. The Information Technology Modernization Fund (ITMF) was created to provide $3.1 billion to drag US government IT kicking and screaming into the future. I know, I had to pause after I read that there is funding the first time too.

Brigadier General (retired) Gregory J. Touhill was announced as the CISO on Thursday, September 8th. I can’t help but to wonder if they asked him to stand on a big red target painted on the floor. Tongue in cheek but, with the upcoming election in the US looming large one has to wonder how long he will be gainfully employed.

From Nextgov:

The administration named Gregory Touhill, the Homeland Security Department’s deputy assistant secretary for cybersecurity and communications, and a retired Air Force brigadier general, to the top information security position. Grant Schneider, the National Security Council’s cybersecurity policy director and former Defense Intelligence Agency chief information officer, was named acting deputy CISO.

Now as I sit and pout in the corner (not really), I’m taken aback as I realize the breadth and depth of the job that lies ahead for Touhill. Daunting to say the least. Case in point there is the fiasco that was the OPM breach. Remember that gem? Yeah, that didn’t go away. That is simply one small example of the workload that is waiting.

Another example are the breaches allegedly by foreign entities into various levels of government. Not the least of which was the compromise attempts of voting systems of at least two states. I doubt that those states would fall under Touhill but, you can be damn sure they will be on his radar.

From The White House:

Strong cybersecurity depends on robust policies, secure networks and systems and, importantly, a cadre of highly skilled cybersecurity talent. Building on the Cybersecurity Workforce Strategy to identify, recruit, and retain top talent, the CISO will play a central role in helping to ensure the right set of policies, strategies, and practices are adopted across agencies and keeping the Federal Government at the leading edge of 21st century cybersecurity.

That’s all well and good. You most assuredly need a solid governance framework in place but, you also need to be able to deal with petulant children as well. We can’t forget examples like such as when the CIA was caught with their fingers in the cookie jar. They admitted that they had been spying on Senate staffers.

Yeah, forgot about that one did ya?

It’s going to be an interesting first 90 days for the Touhill in his newly minted CISO role. I wish him all the best and hope he lasts longer in this role than the next two months.


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author