Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
Dan Lohrmann joined Security Mentor, Inc. (www.securitymentor.com) in August, 2014, and he currently serves as the Chief Security Officer (CSO) and Chief Strategist for this award-winning training company. Lohrmann is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors.
Daniel J. Lohrmann was Michigan's first Chief Security Officer (CSO) and Deputy Director for Cybersecurity and Infrastructure Protection from October 2011 to August 2014. Lohrmann led Michigan's development and implementation of a comprehensive security strategy for all of the state’s resources and infrastructure. His organization provided Michigan with a single entity charged with the oversight of risk management and security issues associated with Michigan assets, property, systems and networks.
Under Lohrmann’s leadership, Michigan was recognized as a global leader in cyberdefense for government - winning numerous professional awards for outstanding accomplishments. The Michigan Cyber Initiative, Michigan Cyber Range, Michigan Cyber Disruption Response Strategy, Michigan Cyber Civilian Corps, new 7x24 Security Operations Center (SOC), reinvention of end user cyber awareness training, new cybersecurity portal and Cyber Summit Conference Series were just a few of the initiatives achieved in under three years.
Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security (DHS), the White House, Federal Bureau of Investigation (FBI), numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks.
Lohrmann is also a globally recognized author and blogger on technology and security topics. His keynote speeches have been heard at worldwide events, such as GovTech in South Africa, IDC Security Roadshow in Moscow, SecureWorld Expo events nationwide and the RSA Conference in San Francisco.
He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine.
For more than a decade, Lohrmann served as a trusted advisor for the National Association of State Chief Information Officers (NASCIO), the Multi-State Information Sharing & Analysis Center (MS-ISAC). He also served as an adviser on TechAmerica's Cloud Commission, and a co-chair on several National Governor’s Association (NGA) committees to enhance cybersecurity. Lohrmann was also the chairman of the board for 2008-2009 and past president (2006-2007) of the Michigan InfraGard Member's Alliance. He currently serves on the Michigan InfraGard Executive Board.
Dan represented NASCIO on the U.S. Department of Homeland Security’s IT Government Coordinating Council from 2006-2014. In this capacity, he assisted in the writing and editing of the National Infrastructure Protection Plans (NIPPs), sector specific plans, Cybersecurity Framework and other federal cyber documents.
From January 2009 until October 2011, Lohrmann served as Michigan's Chief Technology Officer and Director of Infrastructure Services Administration. He led more than 750 technology staff and contractors in administering functions, such as technical architecture, project management, data center operations, systems integration, customer service (call) center support, PC and server administration, office automation and field services support.
Under Lohrmann’s leadership, Michigan established the award-winning Mi-Cloud data storage and hosting service, and his infrastructure team was recognized by NASCIO for best practices and for leading state and local governments in effective technology service delivery in datacenter consolidation, WiFi and mobile deployments.
Earlier in his career, Lohrmann served as Michigan’s first Chief Information Security Officer (CISO), and the first enterprise-wide government CISO in the USA, from May 2002 until January 2009. He directed Michigan's award-winning Office of Enterprise Security for almost seven years.
Lohrmann's first book, Virtual Integrity: Faithfully Navigating the Brave New Web, was published in November 2008 by Brazos Press, Baker Publishing Group. His second book, BYOD for You: The Guide to Bring Your Own Device to Work, was published in Kindle format in April 2013. He also wrote chapter 8 on "CIO as Protector: Our Cybersecurity Imperative," for the 2011 Public Technology Institute book, CIO Leadership for State Governments: Emerging Trends and Practices.
Prior to becoming Michigan's CISO, Lohrmann served as the Senior Technology Executive for e-Michigan, where he published an award-winning academic paper titled: The Michigan.gov Story — Reinventing State Government Online. He also served as director of IT and CIO for the Michigan Department of Management and Budget in the late 1990s.
Lohrmann has more than 28 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility.
Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College.
He has been featured in numerous daily newspapers, radio programs, TV news, CSPAN and global media from as far away as Australia. Lohrmann writes a regular column for Public CIO magazine on cybersecurity. He's published articles on security, technology management, cross-boundary integration, building e-government applications, cloud computing, virtualization, securing portals and The Internet of Things.
He holds a master’s degree in computer science from Johns Hopkins University in Baltimore and a bachelor’s degree in computer science from Valparaiso University in Indiana.
NOTE: The postings on this blog are Dan Lohrmann's own views. The opinions expressed do not necessarily represent Security Mentor’s official positions.
Sample of Lohrmann Individual and Team Awards:
Data breaches are becoming much more common. Most states have laws mandating the public disclosure of data breaches where personally identifiable information (PII) is at risk. Cyberinsurance policies even cover data breach costs. However, not all data breaches are the same. We need a data breach scale. Here's why...
We are continuing the series of interviews with top CIOs and CISOs from around the nation regarding the best state and local government cybersecurity strategies. This week, we turn toward the Buckeye State to learn from two respected executive leaders. At a time when the federal government is reeling from a major OPM data breach, this security discussion has never been more important.
Alan B. Trabue worked for the CIA for over 38 years, and he has hundreds of true stories to tell about domestic and foreign agents and lies and spies. He has just published an amazing book that tells about his career as a covert operations polygraph interrogator with exciting travels all over the world. For anyone who is interested in polygraph exams or for those who are intrigued by the complexities of intelligence operations around the world, you must read this book. Here is a brief book preview and an interview with the author of 'A Life of Lies and Spies.'
Will Pelgrin started the MS-ISAC more than a decade ago, and he is a leading voice in government cyberdefense. Tomorrow is his last day with the Center for Internet Security, and I caught up with him and new CEO Jane Lute to discuss the past, the present and the future of global cybersecurity -- especially within governments.
Everyone is talking about smart cities. And yet, new public- and private-sector questions are emerging as more organizations engage with this global technology megatrend. So how can you take these opportunities to the next level? Who are the leaders within this hot Internet of Things (IoT) category? Which academic studies and white papers offer best practices and the most helpful resources to take your region to the next level? What cyber-risks are emerging? Here are answers and resources to consider.
Industry experts disagree on whether the Islamic State’s ability to mount a dangerous cyberattack is a top concern or an emerging online threat or completely overblown. But one thing is not in doubt, ISIS is making news headlines in 2015 for their exploits in cyberspace. In my view, ISIS is an emerging online threat to keep a close watch on. Here’s why.
I traveled to the United Arab Emirates (UAE) this past week to present the opening keynote at the Gulf Information Security Expo & Conference (GISEC 2015) in Dubai. The event offered a refreshing mix of leading global voices on security and technology topics. But most surprising, the Gulf region's public and private sector executive leaders who presented, the companies exhibiting and the amazing city as a whole offered attendees a different perspective and a positive model for the current cybersecurity and technology infrastructure challenges in the Middle East and the world as a whole.
Are you having trouble getting the needed resources for your cybersecurity program or key projects in government? Is staffing, funding or gaining executive support not adequate to get the job done right? Do you want to strengthen your influence and trust with management? While there are no easy answers, these ideas may help.
Just as many government organizations wrap up enterprise XP migrations a year after initially planned, it's time to start ramping up another major infrastructure effort. Microsoft Windows 10 will be arriving this summer. What new features are coming and is it time to prepare your strategic upgrade plan?
On Friday, March 20, 2015, CyberOU, the student cybersecurity club at Oakland University, held its second annual Cyber Summit in Michigan. Here's why CyberOU is a student-run organization for others around the world to emulate.
We are continuing a series of educational interviews with state and local government technology and security leaders around the nation. This week we visit an intriguing local government in the Pacific Northwest part of the country to learn more about its overall mission and how it keeps customer data safe.
By a 3-to-2 vote along party lines, the Federal Communications Commission (FCC) passed new rules on Net neutrality last week. The rules establish the Internet as a utility, but court battles loom before the FCC actions can take effect. Here's what happened, a summary of the news coverage, what it all means, reaction from different sources and what is likely to happen next.
'States Leading on Cybersecurity' was the name of session at National Governors Association (NGA) Annual Winter Meeting on Sunday. Homeland Security Secretary Jeh Johnson addressed looming DHS shutdown impacts as well as federal / state opportunities to work together to share cyberthreats and other critical information across the public and private sectors.
Unique Indiana state government partnership with Purdue University will also utilize private-sector expertise to defend state networks from next-generation cyberattacks. This breaking news demonstrates that cyberdefense is a top priority for Indiana Gov. Mike Pence.
Governments around the globe are rushing to prepare for computer-generated threats that can cause real-world calamity to our way of life. And while opinions vary on the likelihood of human error causing a major crisis or hostile cyberthreats causing severe societal disruptions, few argue against being prepared. So how are leading governments getting ready for inevitable cyber emergencies?
This should be the year that significant bipartisan progress is made on cybersecurity legislation, with new laws set to pass on issues ranging from data breach notification to sharing sensitive cyber intelligence between the public and private sectors. In fact, since President Obama and Republican congressional leaders can't agree on much else, cybersecurity action is moving to center stage.
The International Consumer Electronics Show (CES) in Las Vegas drew huge crowds again this year, with audiences seeing, touching and enjoying the hottest new gadgets and technology. From cars that drive you to drones that are smart to 4K high-definition TVs, it was all there. But the biggest story of all, may be the virtual reality (VR) revolution. VR tools and devices will transform 21st century IT infrastructure.
As we begin 2015, what do your customers really need from you? What is your government technology infrastructure plan of action for the coming year? Here are seven must-have strategies for enterprises to enable long-lasting innovation.
Predictions are everywhere. Most security companies now make them. As I examined 2015 lists and checked them twice, everyone is saying that our online situation will get worse. But how much worse? What surprises await us? Here's what technology experts are saying - along with my naughty and nice labels.
Cybersecurity stories were more popular than ever in 2014, with the word 'cyber' showing up in front of topics ranging from security to shopping scams to global online attacks. But no matter how we rename, reclassify or reanalyze the data in cyberspace, it is clear that the dollars spent, problems encountered and attention given cyber has virtually doubled in 2014.
The North American International Cyber Summit was held in Detroit's Cobo Hall on Nov. 16-17, 2014, and Michigan Gov. Rick Snyder unveiled an updated 'Michigan Cyber Initiative 2015.' Here are the details on the event and the new cyber plan that's a model for the nation.
Once every four years, most state and local governments go through a multi-month period of major upheaval. Regardless of which political party wins in the November midterm elections, major executive turnover usually occurs at the highest levels of government. This fall and winter is one of those times. How can you prepare?
Cybersecurity protections in Wisconsin government took another step forward last week with an impressive cyber summit that included Gov. Scott Walker, Maj. Gen. Don Dunbar (the adjutant general in Wisconsin) and security leaders from around the nation and the world.
The 11th annual National Cyber Security Awareness Month kicked off on Oct. 1, with perhaps the biggest set of activities ever planned. But on day two of the festivities, a huge JPMorgan Chase security breach stole the headlines.
There were two very different events this past week in Michigan, but both offered similar messages. The Intelligent Transport System (ITS) World Congress and the Michigan Digital Summit pointed to the radical transformation occurring right now in transportation. There is a paradigm shift occurring using smart transportation systems and mobile technology that enables 'realistic solutions to our global mobility, safety, and environmental challenges.'
Whether the topic is modernizing health care, attracting retaining the right talent, the role(s) of the Chief Data Officer (or the new Chief Digital Officer), the value of big data or even securing enterprises from insider threats, the answer entails culture change. So how do we begin?
Just as mobile technology and cloud computing became a normal part of our lives, along comes the next set of disruptive innovations that will radically change the way we work and play. Get ready for robots to appear in virtually every area of life. But just as with the Internet, there will also be a dark side.
It's time to get in the game. Just as in the 1984 movie 'The Last Starfighter,' being the best at a game could lead to a future that exceeds your wildest imagination. The British Intelligence equivalent to NSA is offering a challenge to play a game, with a great cyber job as the prize for winners.
More cyberdefense action is needed, but many people seem content to hit the snooze button for now. Meanwhile, Black Hat speakers offer some policy advice to help, while smart Americans change passwords - again.
August 1, 2014, was my last full day as Michigan Government's Chief Security Officer (CSO). As I look back at seventeen years of action-packed public service, I will remember the wonderful people who made it all possible and who served (and continue to serve) our citizens so well.
The Michigan Cyber Civilian Corps, state and local government cyber analysts and the West Michigan Cyber Security Consortium participated in an attack-defend-respond tabletop exercise in a virtual city called Alphaville, which exists within the Michigan Cyber Range. Here's why it matters to a town near you.
What do we really do with all that data we collect in government? The answer must be to improve customer service and provide a radical transformation in the way governments interact with residents. Anything less will bring big problems. Here's why.
Ms. Teresa M. (Teri) Takai, who is the CIO for the United States Department of Defense (DoD), has been an exceptional leader in government for more than a decade. She served as state government CIO in both Michigan and California before joining DoD as CIO in 2010. Ms. Takai was appointed to the FirstNet Board of Directors in August 2012.
The news media this week was full of articles describing the U.S. government's role in gathering, mining and analyzing big data from nine leading U.S. Internet companies in order to stop terrorism. Where is this capability going?
For those who worry that individual privacy rights and personal freedoms are already being eroded by the Internet and new technology hold on to your virtual safety belts. Many experts are predicting almost everything will be recorded in public in the near future with wearable tech, whether you like it or not.
There has been a lot of discussion over the past week about Twitter and the power of social media following the breach of the Associated Press (AP) Twitter feed last Tuesday. Bottom line, each of us still needs to decide: Can I trust that tweet?
Recently, my family was discussing lesser known facts about our first President, George Washington. The intriguing conversation centered on George Washingtons 110 Rules of Civility & Decent Behavior in Company and Conversation. How can we apply these rules to online decency today?
Yesterday, I was given the opportunity to speak on a panel at the National Governors Association (NGA) Winter meeting in Washington. Here is a transcript of my opening remarks which offer seven actions for Governors to take on cybersecurity.
The European Network and Information Security Agency (ENISA), which is a part of the European Union (EU), recently issued a report that describes the current global cyber threat landscape - including infrastructure.
Over the past week, Ive been surfing the Net looking for blogs and articles that both recap online security trends from the past year as well as offer new cybersecurity predictions for the coming year. Heres a summary of what Ive seen thats memorable so far.
Ever since the Western States Contracting Alliance (WSCA) was formed in the October 1993 by the state purchasing directors from fifteen states, governments have been saving millions of dollars through cooperative purchasing.
Everyone is talking about the General David Petraeus scandal. But what I find most intriguing are the articles, blogs and opinions analyzing what all of this means for the rest of us who use technology with a special emphasis on redoubling efforts to protect email privacy. So here is my best advice.
Albert Einstein once said, "If I had one hour to save the world, I would spend 55 minutes defining the problem and only five minutes finding the solution." So how can we even begin to define cyberspace and take baby steps towards enabling the good and disabling the bad?
I had the opportunity to travel to Springfield, Illinois, during this past week to speak at the Illinois Cyber Security Forum. This blog offers some of the highlights, random thoughts and what I lessons learned during the trip.
I noticed ads showing up all over the place asking me to come back to their websites. Whether I was checking baseball scores at ESPN, doing a Google maps search for driving directions or researching a cybersecurity article at various tech websites, the computer browser was beckoning me to return and buy plane tickets, with targeted ads asking me questions. Will governments be next to use targeted ads online?
One of the hot topics at the MS-ISAC Annual Meeting and GFIRST in Atlanta this week was the recent Wired article by Mat Honan entitled: 'How Apple and Amazon Security Flaws Led to My Epic Hacking.'
I'm at the Multi-State Information Sharing & Analysis Center (MS-ISAC) Annual Meeting in Atlanta, where the state and local government Chief Security Officers (CSOs), Chief Information Security Officers (CISOs) and many of their top team members have gathered for three days.
Back in late June, I wrote about connectivity options while traveling during my vacation in Ocean City, Maryland. The blog was entitled: Vacation WiFi: What Networks Can We Trust? Now, thanks to some emails from an online friend who wishes to remain anonymous, I can offer Part 2 of this story.
For security pros preparing for this massive undertaking, the unflattering headlines pretty much summed up ongoing security problems. But while gold may be out of reach, the security teams can still go for the silver lining.
e-Discovery, information management and the legal aspects associated with enterprise data are hot topics for technology leaders to address with their business customers. But what information governance strategies are legally defensible? What compliance approaches work best in the long run? How can enterprises reduce risk when they save or delete data?
Over the past few weeks, global news outlets have been warning users about Malware Monday and the pending Internet shutdown on July 9, 2012, for computers still infected with the DNSChanger malware. While the issue is certainly real, this blogger believes many headlines were (and still are) too alarmist. Can we learn anything from this?
I was recently on vacation with my family in Ocean City, Maryland. As I powered up my iPad from our fifth floor condo on 136th Street, more than a half dozen wireless networks popped up. I asked myself: Can I use (or trust) any of these? Are they free? Is it worth the risk, if they are?
What's appropriate and what's not regarding the use of social networks? Beyond formal codes of conduct at work, what behaviors and attitudes will likely lead to trouble? What tips can we share from those who have gone before us and learned about the good, the bad and the ugly? What good habits enable a positive experience in the long run? And, what are some examples of social media technology being used in destructive ways that undermine relationships?
A new era began this weekend in cyberspace. Starting with the New York Times article dated June 1, 2012, which proclaimed: Obama Order Sped Up Wave of CyberAttacks Against Iran, the global discourse regarding cyber attacks has now shifted.
Ever since I read Megatrends in 1988, Ive been fascinated by predictions about how technology will alter our daily lives in the near-future. One area that is evolving quickly is our shopping experiences both online and offline.
Over the past few weeks, there have been several high-profile breaches announced involving state government systems - one in South Carolina and one in Utah. My first reaction was to think: There but for the grace of God go we.
Several hundred people had gathered for a second morning to hear the results and ask questions regarding the recently completed Gartner study, which covered all aspects of Michigan Governments Information, Communications and Technology (ICT).
Shaun Henry, the FBIs top cyber cop and executive assistant director responsible for cyber, told the Wall Street Journal (WSJ) that we're not winning and that the current approaches being used by the public and private sectors are: "Unsustainable. Computer criminals are simply too good and defensive measures too weak to stop them."
Will new cybersecurity legislation pass in 2012? If yes, what will be included, what will be left out and which agencies or organizations will be in charge of various information sharing and monitoring roles? These are hot questions in DC right now.
But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people dont know exist.
FUD is a complicated topic. FUD can be your friend or your worst enemy. It can light a fire under cyber initiatives, or end a career. It can influence decisions in the middle of a crisis. Regardless of the story, FUD is important to master and thats not just hype.
It's that time of year when my email in-box starts filling up with invitations to events surrounding the RSA conference in San Francisco. Nevertheless, some of my best experiences have been at security and technology conferences near home.
Major technology vendors announced the formation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) system today. This new email authentication framework should reduce the number of phishing scams that try to trick users into thinking emails are from someone else.
This is turning into a wild week for headline-grabbing cyber activity. Immediately following Internet protests of proposed new legislation to crack down on Internet piracy, the Department of Justice (DOJ) moved quickly to shut down one of the most popular websites known for illegal downloads called Magaupload.
A highly sophisticated malware network called "Shnakule" has recently been singled out as increasingly dangerous. Many security firms are rapidly reacting and even changing their views on cyber crime operations as a result of new information.
But one of my children said, "Why don't you write something fun for all those people who have to work between now and New Years Eve. How about some computer jokes, funny security stories or a list of your top 5 or 10 geek/nerd or security T-shirts?"
A new cybersecurity bill was introduced by members of the House Homeland Security Committee on Thursday, December 15, 2011. Named the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PrECISE Act), the proposal would establish a federal overseer as a quasi-government agency which would coordinate information sharing between the private and public sector.
Despite his weaknesses, Tebow is winning over the hearts and minds in America. We love our underdogs, because most of us have our failings and weaknesses too. Our lives are full of the critics,... We just dont see our mistakes paraded around as publically or as often as Tim Tebow.
The Duqu Trojan, which is also known as son of Stuxnet, was discovered just two months ago and is getting headlines for the sense of humor that its creators have revealed in the code. According to Kaspersky Lab, the hacker group behind the Duqu Trojan may have been working on the code for more than four years.
Mark Weatherford has been named as the new deputy undersecretary for cybersecurity at the Department of Homeland Security (DHS). Mark is a thoughtful executive who has both military service and hands-on experience dealing with every aspect of our cyber ecosystem. I am confident that he is the right person for this job as we head into 2012.
Governor Snyder quickly raised the bar: "If people walk away tomorrow saying that we had a nice conference with good speakers, we will have failed. We need everyone walking away saying that it is time to act now on cyber whatever their role."
As reported by Government Technology Magazine last week, Michigan is merging physical and cyber security. I will be moving to the newly created role of Michigan Chief Security Officer (CSO) in October. The reaction from my friends and colleagues from around the country has been all over the map ranging from Great move to Are you really ok with this?
Where did you first learn what it means to out-hustle the competition? How did you develop that strong will to win? When was the first time you worked hard with teammates to accomplish a goal? For many readers, the answer is likely to be playing sports.
Hurricanes are notorious for disabling technology by cutting off electricity. In some cases, the threat of coming storms can overwhelm our phone systems and websites. But technology is also being used in new ways to prepare for and clean up after natural disasters, like hurricane Irene.
Going Back to the Future may no longer be just for the movies. The intelligence community has launched a new project which attempts to predict what will happen next by using crowdsourcing techniques.
Youre never as good as you look when you're winning, and never as bad as you look when you're losing. I think that adage applies beyond sports to many aspects of life and business including the management of computer operations connected to the global Internet in 2011.
How important is social networking to leading companies right now? Very important. In some cases, it may even be the most important priority. Its time for state and local government agencies to reexamine these social networking trends and build new strategies to engage partners with social media.
As state leaders gather in Washington, D.C., this weekend for the 2011 National Governors Association (NGA) Winter Meeting, one topic on the agenda is cyber-security. Experts in the field will be addressing questions like: What threats in cyber-space do we now face? What are the potential ramifications of these cyber-threats? What steps can governments take now?
A quiet, but dramatic, change is well under way in rural America. Over the next two years, Broadband Internet access will become available to many parts of the United States that have been struggling with only dial-up connectivity up until now
The US Office of Management & Budget (OMB) will be implementing fundamental changes that entail structural changes in how programs are funded, staffed and managed. The plans call for a cloud-first policy which boosts the use of government cloud computing for new systems.
There are many ramifications from the state and local government election results this week, such as this article which highlights new Governors to bring big turnover of State CIOs. So what should current (or prospective) government technology professionals be doing now to prepare for 2011?