FCWPerspectives
PERSPECTIVES
PARTICIPANTS
George “Dennis” Bartko
Director, Capabilities Development Group, CIO, U.S. Cyber Command
Ibrahim Beshir
Information System Security Officer, State Department
Deborah Dement
Cybersecurity Analyst, Naval Air Systems Command, U.S. Navy
Abby Famoriyo
Information System Security Officer, Department of Housing and Urban Development
Ross Foard
CDM ICAM SME and Phase 2 Engineer, Department of Homeland Security
Laura Gerhardt
Technical Lead and Developer,TechnologyTransformation Service, General Services Administration
Colin Han
Information Security Specialist, Food and Drug Administration
Thresa B. Lang
Deputy Director, Navy Cybersecurity Division/DDCIO- Navy, Department of the Navy
James J. Quinn
Lead Systems Engineer, Continuous Diagnostics and Mitigation Program, DHS
Daniel Stein
Program Director, National CybersecurityTraining
and Education Program, Cybersecurity Education and Awareness Branch, Stakeholder Engagement and Cyber Infrastructure Resilience Division, DHS
Shue-Jane Thompson
Vice President and Partner, Cyber Security and Biometrics, Global Business Services, IBM
Rod Turk
Acting CIO and Chief Information Security Officer, Commerce Department
Note: FCW Editor-in-Chief Troy K. Schneider led the Aug. 9 roundtable discussion.The gathering was underwritten by IBM, but the substance of the discussion and the recap on these pages are strictly editorial products. Neither IBM nor any of the roundtable participants had input beyond their Aug. 9 comments.
executive said. “We built in these delays thinking we were gaining assurance when we actually are reducing the reliability of the system.”
“You need to be able to identify vulnerabilities at the system level,” another participant said, “and be able to remediate and push out that patch in hours or minutes — not days or weeks.... There are big legacy systems out there with known vulnerabilities for years. That kind of cycle time is just unacceptable.”
That participant also argued that cloud services — and especially platform-as-a-service offerings — can dramati- cally improve an agency’s security posture.
“If you’re looking at FedRAMP solutions, they’re already meeting the FISMA compliance burdens,” she said. “So that replicability and automation \[are\] built into the process.” Agencies can push those activities onto the cloud service provider and focus on mission-specific security “rather than everything under the sun.”
A different take on the workforce challenge?
Finally, a handful of the participants argued that the executive order’s biggest impact might actually involve the workforce.
One executive said that “until now, there had been the sense that the workforce is important, but not nearly as important as this, this, this and this. Now that we have the reality that the cybersecurity workforce is not necessarily up to the standards of other either friendly or competitor nations, that puts it into the context of national security.”
Another said that although the order doesn’t say so explicitly, it “suggests that an awareness of cybersecu- rity careers is becoming more of a requirement for the public to know about it.”
A third argued that the real challenge is not growing the pipeline of cyber specialists to bolt on solutions at the end but rather instilling the technology creators with cyber awareness. “Until the designers and the developers get into that mode, we’re always going to be behind,” he said.
A fourth participant, meanwhile, pointed to a very dif- ferent workforce challenge. “Everybody complains about how we don’t have cybersecurity technical people,” he said. “But I submit to you that if you don’t have a couple people in your organization who know how to speak, know how to write, know how to do finances, you’re going to lose.”
He added that “the typical cybersecurity scientist is going to be talking in bits and bytes. Put them in front of the CFO — forget about it. The CFO is not going to have a clue, and you’re not going to get your money.” n
32 September 15, 2017 FCW.COM