Musings of a state government CSO.
What are the key traits that CSOs and CISOs need to manifest in order to survive in our ever-changing, even hostile, cyber world? Last Friday evening, I had the honor and privilege of offering the opening keynote speech for CISOs, as well as many oth....
How do security pros typically make the case for more, better or stronger security? Answer: Numbers - big numbers! I recommend adding a few stories.
Ever since I became Michigan’s first Chief Information Security Officer (CISO) in 2002, I have noticed a disturbing gap between front line users, security technologists and many senior policy makers. What can I suggest in the way of a solution?....
Everyone is talking about the sinking of the Titanic – and they should be. Here are five lessons for technology and security professionals from the sinking of the Titanic ...
A CAPTCHA popped up questioning my credentials. “Darn, I hate when this happens,” I thought. “No worries, I’ve been through this security checkpoint before.” I typed in the two different words with the fuzzy characters. ....
What’s really going on with cloud computing in government? That’s been the key question for both public and private sector technology and security leaders over the past few years. Other perplexing issues include: Are the savings real? How....
It’s that time of year when we look back to reminisce on the past and look forward and attempt to predict what’s coming next. What’s the prize? If you can figure out this maze correctly, you can pretty much predict the future of the....
We are discussing technology’s role in reducing the insider threats using a SIEM solution. In the previous installments of this blog series we have established the need for a SIEM solution and determined roles needed to implement this solution.....
This article is about roles and they are as important in government IT as they are in the NBA. The roles and responsibilities required for successful SIEM implementation and the importance of establishing clearly defined roles cannot be over-emphasiz....
Think of SIEM as an insurance policy, one you hope to never have to make a claim against. This is exactly why each organization should consider implementing a SIEM solution… ”To keep the bad guys out and keep the good guys good.” T....
Blogs have a strange way of defining a person. Looking back, it’s been an unexpected five year journey that, when you connect the dots, may point to future cyber events for all of us. Mark Twain once wrote this: “It is not worthwhile to t....
Are all of the top cybersecurity pros in the private sector? Is a move out of government inevitable for the best and brightest (due to pay differences)? Should all government security be outsourced? Why is it important to have solid security leadersh....
I recently read an intriguing Harvard Business Review blog by Alexandra Samuel entitled: "The Three Ps of Online Indulgence." This viral guidance begins with the topic of well-known adults displaying split personalities online. I really lik....
If it is true that Ohio officials were alerted regarding a railroad threat from al-Qaeda, it seems that we need to take this rail security matter more seriously. If rail security included the scanning and protection of luggage on trains, as well as m....
Back on April 15, the Obama Administration released the National Strategy for Trusted Identities in Cyberspace (NSTIC). We need this strategy to work. Here's why:
Over the past few weeks there have been two very different reports released that offer helpful insights and answer important questions regarding the red hot cyber security market.
iPad mania is here, and I’m now convinced that this isn’t a fad. From the Governor’s office to newly appointed department directors to staff bringing in personally owned “Christmas presents,” almost everyone either has o....
Trevor usually spends about six hours each year shopping online for Christmas presents at the office. A few years back he would save the final step, making the actual purchase, for his home PC. But now he feels comfortable enough to pull out his pers....
After a recent session at Secureworld in Detroit, I was asked: Do internal hackers really get caught? That is, can you name people who lost their jobs? Or, do unethical or illegal activities really lead to jail time? Can you provide documented exampl....
When I’m researching hot trends in technology, I like to look across “the pond” and include our European colleagues in the mix. What I find interesting is that the more things change, the more they seem to stay the same.
What does a state government Chief Information Security Officer (CISO) actually do? What is the scope of their authority? Who do they report to? What training and/or certifications are required? How has the role changed over the past decade? Most imp....
“Inside the box thinking” will limit your personal and organizational effectiveness – whatever your role. Mediocrity (or worse) can spread and undermine the entire security team. When new paradigms or industry changes occur, you wil....
“I love my job!” Can you say that? Honestly? How about: “My job is pretty cool, and I like being a security pro on most days. The pay is decent.” Or perhaps, "I need a change of scenery – real bad. Driving a truck a....
A perspective from an anonymous hacker -- "Cyber ethics? Hello! Most hackers I know think those two words are an oxymoron. Rules are for kids, or other people we need to keep in a box. What? Policies? Are you kidding me? Those rules don’t ....
Problem #4 for security pros: So, here we are with that annoying client. Perhaps you think this person is an idiot, but you’d never say that in public. OK, maybe you would. You’ve thought it through, and you’ve concluded that the bu....
Is security in your blood? No matter what your job title is, do you see the world through a strange lens that your kids think is weird? If you think or act like that, welcome to the club – for better or worse until death do you part.
No doubt, customers across the globe will agree that they would rather work with someone who has a positive, friendly, humble, patient attitude. Unfortunately, this description does not fit many security professionals – except when they are tal....
In a first-of-its-kind federal-state cybersecurity partnership, the US Department of Homeland Security is partnering with Michigan to improve cyber defenses.
The second common mistake that I see security professionals making is to offer a "one size fits all" approach to cyber security. Rather, I encourage a "gold, silver, bronze" approach. In complex situations, you may even add a high....
Why do security professionals fail? What works and what doesn't seem to make much difference in getting consistently good results? My answers will probably surprise you.
I recently visited Africa for the first time, and I was impressed. The South African government invited me to give a keynote speech at GovTech 2009 in Durban on hot cyber security trends within governments around the world. Not only was the conferenc....
Why do disruptive cyber attacks seem to rise every August? I've been asking myself that question for several years now. Could it be the timing of the annual Black Hat convention? Students going back to college? Are the hackers taking July off an....
My first exposure to "back doors" on computers came from watching the movie "War Games." It was 1983, and I was a computer science major at Valparaiso University. I still remember two of the taglines: "The only winning move i....
Bottom line, with all of the ID Theft, fraud and hacker stories, why are they cutting my security budget? Gaining executive support for cybersecurity requires us to use the same words that our leaders use.
What are the top ten business risks around the world? Aon Corporation worked with leading organizations in more than 40 countries across 31 industries late last year to answer that question. I think the results will surprise most CSOs and CISOs. More....
It's now official. I have changed technology roles and permanently moved offices within Michigan Government. I am now the Chief Technology Officer (CTO) and Director of Infrastructure Services. After almost seven years as Michigan's first C....
What happened in Washington DC (city) government under Yusuf Acar as CSO over the past few years? Almost everyone involved in government technology in the nation, along with a few others in the FBI, want to find out the answer to that question. What ....
Excuses for plagiarism don't surprise people anymore. If a high school junior proclaimed, "I did it because my hard drive crashed," most would shrug it off as a young mistake and tell them to not let it happen again. But what about pla....
The new OMB director starts a blog while news organizations world-wide announce layoffs. What's going on? Is this the new normal? As the world recession deepens, the traditional role played by reporters continues to change. News organizations ar....
In the opening address at the Black Hat Federal security conference in Arlington, VA, Paul E. Kurtz urged the nation to begin a new discussion on the proper role of government in regulating and defending cyberspace. Kurtz said a clear command and con....
Public/Private partnerships reached a new level of cooperation over the past week, as unprecedented collaboration emerged to fight the Conficker Worm. Of course, it doesn't hurt that Microsoft has offered a $250,000 reward for information that l....
According to the Washington Post, President Obama plans to expand the membership and increase the authority of the National Security Council (NSC). New NSC directorates will set strategy over a wide number of issues including cybersecurity.
New U.S. Department of Homeland Security (DHS) Secretary Napolitano issued a directive on cyber security on January 23. The directive instructs specific offices to gather information, review existing strategies and programs, and to provide oral and w....
As physical security for inauguration festivities go into full swing in Washington D.C. this week, there's plenty of behind-the-scene action related to the new stimulus package which offers new technology spending. While the focus is on broadban....
Predictions - everyone seems to have them. We're still in early January, so I wanted to summarize the best of what I've seen as well as contribute my opinions to the many 2009 security lists floating around in cyberspace.
A recent Seattle Times article offers an interesting case-study for security professionals. The headline: "After 6 months, drivers ignoring cellphone ban." Can we learn anything from law enforcement's implementation of this new law? I ....
What are you doing about Web 2.0 and formal acceptable use policies? As a blogger from a state known to be a leader in the use of technology in government, I get that question a lot. The answer: quite a bit right now.
President-elect Barack Obama offered a sweeping set of proposals to upgrade infrastructures and skill sets across the nation in order to kick-start the economy. His weekly address, delivered as a YouTube video from Change.gov, included several major ....
Cyber Monday 2008 has arrived. You know, that Monday after Black Friday which comes the day after Thanksgiving. So why should Chief Security Officers (CSOs) care? Here's a primer for the rookie CSO.
As President-elect Obama continues to announce his new cabinet choices, the suspense is building around the country regarding who will lead the charge as the nation's first Chief Technology Officer (CTO) that he promised in his plan. More import....
Sponsored Links