//
you're reading...
Information Security, IT & TECHNOLOGY

Former White House CIO Talks Cyber Awareness, Protecting POTUS’s Data, and More


ISACA-Logo

ISACA Now recently sat down with Theresa Payton, Former White House chief information officer (CIO), cybersecurity authority and expert on identity theft and the Internet of Things, for a Q&A on the future of cybersecurity, her days in the White House, and how women (and men) can break into the cybersecurity profession. Payton will present Big Data and the Internet of Things: Boon or Bust for Your Cybersecurity Efforts? in General Session 1 at the 2016 Governance, Risk and Control (GRC) Conference, 22-24 August, Fort Lauderdale, Florida.

ISACA NOW:  With cybersecurity often looking like a chaotic collection of pitched battles between the good guys and the bad guys, do you envision a future where the good guys actually win? If so, how can that happen? If not, how do you envision the future state of cybersecurity? Payton:  As the headlines grow in stature, so does people’s awareness, and that is why I am optimistic about the state of cybersecurity. Now, more than ever, as companies see how unrelenting and crafty hackers can be to get what they want (for example, infiltrating Target via an HVAC vendor) they know it CAN happen to them. Words that were foreign to consumers are now very familiar such as “phishing.” When you learn what these things are, how easily you can be manipulated, then you know not to be complacent because we are sure of one thing:  hackers aren’t going anywhere. It is too lucrative for them.
Knowledge is power!

ISACA NOW:  What was the most challenging cybersecurity-related issue  during your time at the White House? Why?
Payton:  As former White House CIO, my team knew security at the White House came down to people. We knew we had to address the complexity of our systems and technology. We also had to win over the hearts and minds of the staff if we wanted to protect their privacy and security. Our security protocols were meaningless if we made them too difficult for people to do their jobs.

Of course, everything at the White House was considered “critical” and “sensitive” data, but we knew we couldn’t protect every asset the same way. Just as the United States Secret Service has a clear focus:  to physically protect the President and Vice President. We followed that same principle of a clear focus in the CIO’s office.

The CIO’s office was there for protection and to keep all assets safe. However, with a limited time frame and resources, we always had a laser beam focus on the top two most critical assets.

The first example of how we took this approach might remind you of Downton Abbey. Many people may not realize that the Usher’s Office has a long and rich history of providing elegant service, and it follows strict protocols steeped in a rich history. Yet, modern times are evident in the Usher’s office. For example, every chicken breast and every flower stem has to be barcoded. This inventory system enables the White House to know when they need to order more and which budget pays for it. Obviously, we wanted to protect the inventory of food and flowers that came into the White House but those digital assets did not have the same prioritization for protection as the President’s schedule.

ISACA NOW:  You are a woman who has made it to the top of a male-dominated profession. What advice do you have for women who are either just starting out or at the mid-point in a technology career?
Payton:  I have spent my entire career in the field of cyber security. When I stuck my toe into the water, I did not see many women in the field, and today I take heart that this predicament is slowly changing. However, if we were in a race car, now would be the perfect time to step on the gas and go full throttle. We need all hands on deck to defeat our cyber foes and prepare for the future. If you have any inkling to enter this field, here are some tips that helped me along the way:

Volunteer time at FBI InfraGard, which is a partnership between the FBI and the private sector. This is an amazing collaboration between people who represent businesses, academic institutions, state and local law enforcement agencies, all dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

Take online or community college classes to see what you like and dislike about the field. Now that the field of cyber security is growing at such a fast rate, colleges and universities have to catch up. Consequently, they are offering all sorts of classes. To that end, you can also attend a cybersecurity workshop or seminar in your community. Even if you ultimately do not choose this as a career path it surely helps to know the best ways to keep your own data safer!

Talk to people in the field. Find out more about the roles they play and what helped them get started, or even shadow a cybersecurity professional at work. This is what really clinched it for me. The more people I met in the field, the more I knew I wanted to be a part of it. That holds true to this day. The field of cyber security is ever-changing and even more rewarding.

For more on the 2016 GRC and Payton’s appearance, click here.

Theresa Payton, President & CEO, Fortalice Solutions

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, GICSP, CISM, CCSP, CCSK, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 111,053 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, GICSP, CISM, CCSP, CCSK, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,801 other followers

Twitter Updates

Archives

June 2016
M T W T F S S
« May   Jul »
 12345
6789101112
13141516171819
20212223242526
27282930  
%d bloggers like this: