The old adage "it takes 10,000 hours of practice to become an expert" is very true in cyber defense. We can't teach people to prevent zero day exploits but we can provide an inexpensive way to show what happens when an exploit is used. Technology today is finally available to provide ubiquitous Cyber Battlerooms, like Netflix, where you log into the cloud and "play" on a Virtual Clone Network of a government agency,... more »
Create Blue Team audits followed by Red Team operations performed by pre-qualified contractors or in-house staff using efficient contract services vehicle managed by GSA. Focus is beyond standard penetration testing and embraces “hunting” tactics largely used by DOD Red Teams to emulate adversaries. Increases resiliency and ability to enhance capability to address early indicators of APTs.
Enhance content aware, rapid, and automated anomaly detection, both in network traffic/usage as well as user behavior. In-memory analytics powerful for this work. Be able to detect and respond in minutes not hours weeks and months.
Reports and articles keep surfacing on the issue of lacking cybersecurity talent in the federal government. Since 2010, little improvement has been seen regarding increased knowledge, skills, and abilities among the federal cybersecurity workforce. (Williams, 2015b).This can be attributed large to leadership failures across the agencies. Cybersecurity experts in the trenches, industrial organizational psychologists, and... more »
Threat data sharing or cybersecurity-related information sharing is essential to the protection of the federal government, other critical infrastructure sectors, and to furthering cybersecurity for the Nation. The government needs to set the global standard on establishing an environment that facilitates threat data information sharing, it still operates in silos. Action must be taken to arm stakeholders with needed information... more »
Currently, the government is still focused on perimeter defense will only a shallow defense-in-depth strategy. The problem centers on an enterprise architecture that is designed to usually protect the entire network at the same level, thus peanut butter spreading network defense resources. Agencies fail built a network defense strategy that focus on protecting their crown jewels, vulnerability reduction, and adversary... more »
Organizations in government tend to be overly optimistic about their capabilities and performance, reference OPM's epic failure. Cyber security is too important to be left to self-assessments. An organization should be externally assessed and rated by unbiased and competent evaluators. Risk is only one aspect of management performance. Governance, culture and technical competence are but three key facets that determine... more »
For a number of years the government has been looking for CIO with a business background and not a technical background. This has placed a number of government CIO into jobs that they have the business background to understand the business process of the organization, however many do not have the background or understanding of the technical knowledge and skills needed to address problems, concerns and issues related... more »
In 2011 the White House via OMB issued a Memo M-11-11 that stated "Effective the beginning of FY2012, existing physical and logical access control systems must be upgraded to use PIV credentials , in accordance with NIST guidelines, prior to the agency using development and technology refresh funds to complete other activities." https://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf. This memo, had... more »