As some of you have undoubtedly heard, Dan Lohrmann has moved on to bigger things and accepted the position as Chief Technology Officer and Director of the Infrastructure Services Administration for the state of Michigan. My Herculean task is to try and fill Dan's very large shoes in blogging about the latest cyber security news in government. Dan's blog has been one of the few links I hit consistently because it's always been timely and thought-provoking.
A little about me. I've been in the technology business my entire life and in the cyber security business for the past 17 or so years ... what an exciting ride it's been! I was a Cryptologist in the US Navy and left active duty in 2001 where my last job was working with the Navy's Computer Network Defense Operations, the Navy Computer Incident Response Team (NAVCIRT), and the Navy Red Team. Those early days in cyber security were incredible and just in case you're wondering, the Navy has some of the best security professionals in the world as well as an exciting and very relevant mission! While at the NAVCIRT I met a very smart guy named Stephen Northcutt who was doing some really interesting work at the Navy Surface Warfare Center and building cool IDS tool called Shadow...perhaps you've heard of him? After I left the Navy I spent a couple years with Raytheon building and running a Security Operations Center and doing some Certification and Accreditation (C&A) work which brought me face to face with the limitations and weaknesses of FISMA (it's not altogether bad, it just has limitations and I'll write more about that in the coming weeks as the Consensus Audit Guidelines (CAG) gets more legs.)
In 2005 I became the State of Colorado's first CISO and had the very enviable task of building the statewide information security program. Really now, who wouldn't leap at that opportunity? Governor Bill Owens recognized the significance of an all-encompassing security program and gave me the executive support and resources I needed to quickly establish enterprise security governance. After Governor Bill Ritter took office in 2007, he raised the ante by hiring Mike Locatis as his CIO to consolidate all IT and security operations in the state. I loved working with Mike but after three years in Colorado, opportunity knocked again and I moved to California to take over as CISO when Governor Schwarzenegger hired Teri Takai as his CIO to begin revolutionizing IT in the Golden State. Talk about timing. I now have the best and most challenging CISO job in the world and look forward to blogging about the exciting things happening in the government cyber security space.
I'm always looking for interesting things to write about so please feel free to post whenever you get the chance and if you have something provocative, let me know.
Leave a comment