Yesterday marked a significant day in U.S. government cybersecurity history – and certainly for those of us in the profession – the day that the White House announced its plan to hire a Chief Information Security Officer (CISO). For decades, we at (ISC)2 have advocated for the voice of CISOs to be heard, for CISOs to be granted a seat at the executive table. And yesterday, the Executive Office of the United States has put out the invitation for one of us to take part in executive decisions – a validation of sorts for cybersecurity professionals who have spent their careers going above and beyond the call of duty, have put in long hours with little sleep and who have dedicated years to a cause that, most often than not, has gone unrecognized.
Not surprisingly, the announcement has people around the world talking; everything from how long overdue it is, to whether the new CISO’s salary will attract the appropriately seasoned candidate, to if this will do anything more than add another person in charge without fixing the real problems.
So, is the new position really the “next logical addition to the White House C-suite”? And will it make a difference in the government’s overall cybersecurity challenge? I believe it will in the long run, but in the short run, his/her impact will depend largely upon what role this person is asked to fulfill. After all, the role of CISO still looks different from organization to organization.
On the heels of the 50th NFL Super Bowl Championship, I can’t help but use the “quarterback” analogy when it comes to identifying the role I believe the new CISO must play. The U.S. government has a number of coaches in the legislative, executive and judicial branches, but ultimately needs a quarterback to take lead of its many cybersecurity efforts on the field. This person needs to huddle the team and call the plays. They need to know what it’s like to feel the crush of defeat while pursuing the taste of victory. They need to be someone who knows how to play defense against an offense twice their size and much more agile, while making the right adjustments to keep them out of the end zone.
Protecting digital assets has been – and remains now – unchartered territory. It is an undertaking best achieved when experts in the field connect, collaborate and contribute. The new federal CISO will be in the unique position to unite agency efforts, consult with both private and public sector leaders and dedicate his/her efforts to minimizing the domino effect of cybersecurity incidents across government.
Team, it looks like we’ve got a new QB on the way. Let’s hope they are not partial to Monday mornings.
Listen to ICIT Fellow Podcast to hear more from Dan about why leadership should be the top priority in the federal government: ow.ly/Z1zxE
-Dan Waddell, CISSP, CAP, PMP, (ISC)2 Managing Director, North America Region and Director of U.S. Government Affairs