Former White House CIO Talks Cyber Awareness, Protecting POTUS’s Data, and More


ISACA Now recently sat down with Theresa Payton, Former White House chief information officer (CIO), cybersecurity authority and expert on identity theft and the Internet of Things, for a Q&A on the future of cybersecurity, her days in the White House, and how women (and men) can break into the cybersecurity profession. Payton will present Big Data and the Internet of Things: Boon or Bust for Your Cybersecurity Efforts? in General Session 1 at the 2016 Governance, Risk and Control (GRC) Conference, 22-24 August, Fort Lauderdale, Florida.

ISACA NOW:  With cybersecurity often looking like a chaotic collection of pitched battles between the good guys and the bad guys, do you envision a future where the good guys actually win? If so, how can that happen? If not, how do you envision the future state of cybersecurity? Payton:  As the headlines grow in stature, so does people’s awareness, and that is why I am optimistic about the state of cybersecurity. Now, more than ever, as companies see how unrelenting and crafty hackers can be to get what they want (for example, infiltrating Target via an HVAC vendor) they know it CAN happen to them. Words that were foreign to consumers are now very familiar such as “phishing.” When you learn what these things are, how easily you can be manipulated, then you know not to be complacent because we are sure of one thing:  hackers aren’t going anywhere. It is too lucrative for them.
Knowledge is power!

ISACA NOW:  What was the most challenging cybersecurity-related issue  during your time at the White House? Why?
Payton:  As former White House CIO, my team knew security at the White House came down to people. We knew we had to address the complexity of our systems and technology. We also had to win over the hearts and minds of the staff if we wanted to protect their privacy and security. Our security protocols were meaningless if we made them too difficult for people to do their jobs.

Of course, everything at the White House was considered “critical” and “sensitive” data, but we knew we couldn’t protect every asset the same way. Just as the United States Secret Service has a clear focus:  to physically protect the President and Vice President. We followed that same principle of a clear focus in the CIO’s office.

The CIO’s office was there for protection and to keep all assets safe. However, with a limited time frame and resources, we always had a laser beam focus on the top two most critical assets.

The first example of how we took this approach might remind you of Downton Abbey. Many people may not realize that the Usher’s Office has a long and rich history of providing elegant service, and it follows strict protocols steeped in a rich history. Yet, modern times are evident in the Usher’s office. For example, every chicken breast and every flower stem has to be barcoded. This inventory system enables the White House to know when they need to order more and which budget pays for it. Obviously, we wanted to protect the inventory of food and flowers that came into the White House but those digital assets did not have the same prioritization for protection as the President’s schedule.

ISACA NOW:  You are a woman who has made it to the top of a male-dominated profession. What advice do you have for women who are either just starting out or at the mid-point in a technology career?
Payton:  I have spent my entire career in the field of cyber security. When I stuck my toe into the water, I did not see many women in the field, and today I take heart that this predicament is slowly changing. However, if we were in a race car, now would be the perfect time to step on the gas and go full throttle. We need all hands on deck to defeat our cyber foes and prepare for the future. If you have any inkling to enter this field, here are some tips that helped me along the way:

Volunteer time at FBI InfraGard, which is a partnership between the FBI and the private sector. This is an amazing collaboration between people who represent businesses, academic institutions, state and local law enforcement agencies, all dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

Take online or community college classes to see what you like and dislike about the field. Now that the field of cyber security is growing at such a fast rate, colleges and universities have to catch up. Consequently, they are offering all sorts of classes. To that end, you can also attend a cybersecurity workshop or seminar in your community. Even if you ultimately do not choose this as a career path it surely helps to know the best ways to keep your own data safer!

Talk to people in the field. Find out more about the roles they play and what helped them get started, or even shadow a cybersecurity professional at work. This is what really clinched it for me. The more people I met in the field, the more I knew I wanted to be a part of it. That holds true to this day. The field of cyber security is ever-changing and even more rewarding.

For more on the 2016 GRC and Payton’s appearance, click here.

Theresa Payton, President & CEO, Fortalice Solutions

[ISACA Now Blog]

Leave a Reply