2. Business Initiated Vulnerabilities

President and CEO

We talk about these issues inside the beltway everyday the THR CIO community. The business owners need to get a job done and take care of their customers. Again it comes down explaining in business oriented words to make the business owners understand not the cyber language. WE also need to do a better job explaining this outside the beltway. There needs to be a coordinated education blitz that is explained over and... more »

Voting

5 votes
Public Input

8. Building Effective Security into Acquisitions

Working with Insurance Industry for Standards

There is a rapid increase in cyber insurance across the commercial landscape. This is getting the C-level attention because the risk and costs are being codified into actual numbers, not just fear of something bad happening. The Federal Government should leverage off this trend and require all Government contractors to have a level of insurance, which will likewise drive a level of accountability and measurement. This... more »

Voting

7 votes
Public Input

7. Executive Leadership-led Risk Management

Executive led RIsk Mgmt.

Executive Leadership-led Risk Management has not been a part of the past because risk management issues were isolated to factions of the Organization. To keep Executive Leadership engaged in Risk Management activities execute a Risk Management Framework (NIST) which involves all Tiers 1-3(Organization., Mission-Business Processes, & Information Systems) in the Risk Management Process/Commuincations. Two-way Communication... more »

Voting

4 votes
Public Input

8. Building Effective Security into Acquisitions

IT Hardware Country of Origin Limits

With the preponderance of IT devices and chipsets being manufactured in China, there is a distinct possibility that the PLA is hard-coding spyware and back-doors in the hardware built there. Acquisition laws need to specifically require that all components & sub-components used in sensitive IT / data communications systems be built / fabricated and assembled by U.S. companies in the US. Further, safeguards (inspections... more »

Voting

8 votes
Public Input

6. Solving the Talent Search

Challenging Internships in Cybersecurity

Talented students, particularly many female and minority students are unaware of the career opportunities available to them in cybersecurity. The government and CISO/CIO partner organizations can help colleges and universities grow the talent pool for qualified cybersecurity professionals by creating and publicizing internship opportunities for students. Presently most internships in cybersecurity recruit junior and... more »

Voting

4 votes
Public Input

8. Building Effective Security into Acquisitions

Enforce existing requirements

In 2011 the White House via OMB issued a Memo M-11-11 that stated "Effective the beginning of FY2012, existing physical and logical access control systems must be upgraded to use PIV credentials , in accordance with NIST guidelines, prior to the agency using development and technology refresh funds to complete other activities." https://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf. This memo, had... more »

Voting

5 votes
Public Input

6. Solving the Talent Search

Understanding cybersecurity talent requirements

The first step in tackling the cybersecurity talent search is in develop a better understanding of the competencies required for effective, and proactive, cyberdefense and intrusion response. With the rapid change in technologies and tactics for exploitation and intrusion, defining the required talent is a tall order. As such, new approaches for rapid creation, expansion or tailoring of job series will be needed so... more »

Voting

3 votes
Public Input

6. Solving the Talent Search

CIOs and Workforce Need More Tech Training

For a number of years the government has been looking for CIO with a business background and not a technical background. This has placed a number of government CIO into jobs that they have the business background to understand the business process of the organization, however many do not have the background or understanding of the technical knowledge and skills needed to address problems, concerns and issues related... more »

Voting

1 vote
Public Input

6. Solving the Talent Search

Cybersecurity Interns

I like the idea of cybersecurity interns next summer , but I couldn't figure out how to comment on it. I think the government needs to realize that there are big bucks to be made in the private sector if you are really good at this, and so they can't expect people to stay in Government. The Government should be prepared to depend on private sector contractors, who can do this work well. However, experience in other... more »

Voting

3 votes
Public Input

1. Addressing Cyber Fundamentals

Cybersecurity is everyone’s responsibility

Although the OPM breach has been the major source of cybersecurity discussion the past few months, it is certainly not the only issue that needs to be addressed. During the panel discussion at the NACo Summit we also covered topics like the White House Cybersecurity Sprint and how to better protect systems and data for long-term security. If you are not familiar with the 30-day White House Cybersecurity sprint, it is... more »

Voting

6 votes
Public Input

6. Solving the Talent Search

Create a National Goal and Ethos Around Cybersecurity

Spur renewed interest in both education and training channels that increase STEM talent in the U.S. Motivation originates from both increased funding and availability of relevant coursework and from concerted marketing to create an ethos and national goal equivalent to the objective of landing a man on the moon.

Voting

2 votes
Public Input

6. Solving the Talent Search

Better Align Cybersecurity Work to Competitive Pay Levels

• To acquire and retain top caliber cybersecurity talent, pay structures must be established that are aligned to market pay, and specifically to information/computer security. Given the wide range of pay for the broad levels of talent in the market, multiple, tiered pay structures could be created that would be competitively responsive to the range of pay, defined by the talent (i.e. skills, education and performance),... more »

Voting

2 votes
Public Input

6. Solving the Talent Search

Better Align Cybersecurity Work to Competitive Pay Levels

• To acquire and retain top caliber cybersecurity talent, pay structures must be established that are aligned to market pay, and specifically to information/computer security. Given the wide range of pay for the broad levels of talent in the market, multiple, tiered pay structures could be created that would be competitively responsive to the range of pay, defined by the talent (i.e. skills, education and performance),... more »

Voting

2 votes
Public Input