Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
The false missile alert that was sent out from emergency management personnel in Hawaii last week sparked an initial public panic, national outrage, global media coverage and numerous government investigations. Official inquiries are ongoing and many more reports are coming, but what do we know so far? Here are the details and some of the lessons that we can take away.
How can you enhance your security career prospects? What are the top cybersecurity certifications and why do they help? Are employers requiring security certifications? To answer these questions and much more on cybersecurity certifications, I turned to Jay Bavisi, who is a top global expert on cybersecurity certifications and the founder and president of the EC-Council Group.
What were the top cybersecurity blog posts in 2017? The numbers don’t lie, and the metrics tell us what topics readers liked, and shared, and commented on, and viewed the most in the past year. Here are the top cyberblogs, with special emphasis on how cybersecurity impacted technology infrastructure and government technology people, cyberstories, along with societal impacts.
What will happen in cyberspace in 2018? How will technology impact the real world over the next year? Once again, the cybersecurity industry is full of security predictions, cybersecurity trend reports, cyber forecasts, IT security analysis and red-hot security examples to allow everyone to try to connect the dots to the future. Here’s your annual security industry prediction roundup from the top cybersecurity experts, magazines, companies, analysts and more.
How can we provide better security for Internet of Things (IoT) devices? Yevgeny Dibrov writes that cybersecurity can be improved solely with technology improvements. I disagree. Here’s why I believe removing people from IoT security is ‘mission impossible.’
As 2017 draws to a close, the record-breaking hurricane season tops the list of stories that we will ponder for decades. Nevertheless, the new cyberstorms in 2017 were just as potent, striking at the heart of our financial system with more unprecedented data breaches, cyberextortion, CEO fraud and fake news that undermined trust in virtually every area of life. Here’s your year-end cybersecurity and infrastructure roundup of the top online stories — and one attempt to connect the dots.
By Jan. 1, 2018, government contractors who work for the Department of Defense (DoD) or the intelligence community are mandated to comply with a NIST special publication 800-171. In addition, these security guidelines from NIST provide a meaningful road map for other government organizations and contractors regarding cybersecurity protections. Here’s an exclusive expert interview that offers details to help.
Another major data breach stunned the world in November, but this incident was unique in several ways. What can we all learn from the Uber data breach? Here’s an industry roundup of security analysts’ lessons learned from Uber, as well as my top takeaways for all of us.
What's really going on with data breaches, hackers and cybersecurity? The online world is dramatically changing all around us, so how can we understand recent hacking events? Football can help, here's why.
How can you stay secure online (and offline) as you shop this holiday season? Whether at home or work, whether braving the mall crowds on Black Friday or surfing the Net on Cyber Monday, what should you watch out for? Here’s a roundup of some of the best advice I’ve seen from credible sources.
What actions do organizations need to take to prepare for cybersecurity incidents? The National Institute of Standards and Technology (NIST) has answers in Special Publication 800-184, titled: 'Guide for Cybersecurity Event Recovery.' Here’s an exclusive interview with one of the authors.
A new survey by Gemalto indicates that 96% of enterprises and 90% of consumers lack confidence in the security of Internet of Things (IoT) devices. The majority of 1,050 IT and business decision-makers and over 10,500 consumer respondents favor more government regulations to protect data across the IoT ecosystem.
Hurricane Maria brought unprecedented devastation to Puerto Rico, and the majority of residents are still without power. Nevertheless, with new federal aid and some of the world’s top technology leaders getting involved, the hope for a better tomorrow is now returning.
The Department of Homeland Security (DHS) has mandated that all federal executive branch agencies implement Domain-based Message Authentication, Reporting and Conformance (DMARC) to improve email security. In the same directive, DHS also mandated better Web security protections be put into place. I believe state and local governments should follow the lead of their federal counterparts and make implementing DMARC a priority. Here’s why.
Where can public-sector organizations go to find best practices regarding people, process and technology? How can governments successfully partner with the private sector in repeatable ways? Some of the best answers come from the National Association of State Chief Information Officers (NASCIO).
There is a new debate about the old topic of working from home. What’s trending: a revisit of the pros and cons of telework. Should we go back to the way we were, with more time spent in offices, or do something else? Let’s explore.
We have witnessed headline-grabbing data breaches at Equifax, the Securities and Exchange Commission (SEC) and Deloitte in the past month. Many other global companies and governments have seen massive security incidents over the past few years. There are endless lessons learned, but very few talk about this cyber blind spot that impacts us all.
Hacking back has been in the news a lot in 2017, with new proposed legislation that would legalize forms of a more “active defense” for companies. When added to the flurry of ‘hack back’ activity that is below the public radar right now, it seems likely that some form of legalization is inevitable. Let’s explore.
Two historic hurricanes affected two of our most populated states in America in the past month. It’s still early, but what can we say about city, state and federal government emergency management lessons learned so far?
As all eyes turned toward the Caribbean and Florida this week in essential preparation for Hurricane Irma, Equifax announced a different kind of unprecedented ‘incident’ that could significantly impact half of the U.S. population. Here’s what you need to know and how to respond to protect your identity and your family.
One week after Hurricane Harvey hit Texas, there is a mix of weariness and determination in southeast Texas. As the water recedes, the scale of the devastation is becoming clearer. Nevertheless, the heartwarming stories from brave responders bring hope for the long recovery effort ahead.
Illinois state government has launched a 2017-2019 cybersecurity strategy that is both bold and ambitious. Here is what state Chief Information Security Officer (CISO) Kirk Lonbom had to say about where the state is now and where it is going regarding government cyberdefense.
Why is cybersecurity culture so important to organizational success? How can you build a culture of effective security? What are the actions, tips and steps that can help strengthen your cyberculture? Here's a primer.
A 2017 State of Cybersecurity Metrics Annual Report was recently released by Thycotic, and this new survey provides excellent insights into a disturbing lack of cybersecurity metrics worldwide. Most organizations are failing at cybersecurity metrics, planning and performance. Here are the report details — and what you can do to succeed by improving metrics and your overall cyberdefense results.
Law enforcement and global IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections. Here’s how your organization can benefit from the ‘No More Ransom’ project. Also, what can you do if you are held for ransom?
Employees at Three Square Market, a technology company in Wisconsin, will have a small chip injected in their hands this week for security convenience. But where is this biohacking trend heading? Is there a microchip implant in your future?
With the death of traditional security architectures, what new cyberstrategies can protect global enterprises moving forward? This book offers an impressive lineup of global CIO and CISO luminary experts who provide thoughtful answers and insightful perspectives on the coming era of user and entity behavior analytics (UEBA) and identity analytics (IdA).
Coordinated vulnerability disclosure programs, often called “bug bounty” programs, will become much more widely adopted over the next few years. Here’s an exclusive interview with Marten Mickos, a leading cyber industry expert, to explain why bug bounties are growing fast — and how your organization can benefit.
As new reports surfaced about hackers targeting nuclear facilities and as significant cyberattacks continue to escalate in 2017, what lessons can governments learn from recent events? Most important, how can states prepare for this ‘new normal’ in cyberspace? Here are seven actions to reconsider.
Ransomware that is also a ‘wiper attack’ is being called Petya by some, NotPetya by others and other names such as ExPetya or Petrwrap or GoldenEye. But regardless of the name, this nasty cyberattack was wreaking havoc across the globe for days. Was this really sabotage in disguise? Where is this trend heading? Let’s explore.
California banned state-funded travel to four more states this week over what they deem to be discriminatory laws in Alabama, Kentucky, South Dakota and Texas. But what wider impacts might this action have on a diverse range of topics — from out-of-state collegiate sport competitions to government technology partnerships nationwide? Let’s explore.
The technology trend is clear. The continued growth in cloud computing adoption is impressive in both the public and private sectors. And yet, many organizations still hold back for security reasons. Here are seven tips for moving enterprise data to the cloud securely.
Recent surveys reveal that millennials strongly value new experiences and making lasting memories. I saw this trend in a business trip with my daughter more than a decade ago. Here is a true story that touches on careers in government, travel, one millennial daughter and Father's Day.
Every technology leader wants a security-aware, cyber-savvy enterprise culture. But what does that mean and how can we get there? There is an ongoing debate regarding security awareness training techniques, engagement and overall effectiveness. Let’s explore.
In the days following the terrorist bombing in Manchester, England, the worldwide reactions and dramatic events offer important lessons for the future. So what online and offline responses can we observe and learn from after such a terrorist attack?
The Institute for Critical Infrastructure Technology recently published a fascinating report on insider threats. This excellent white paper defines insider threat categories, offers deep Web screenshots, recommendations and resources to help.
After months of speeches, numerous cyber discussions and plenty of draft documents, President Trump signed an executive order on cybersecurity this week. Here is a roundup of the details, industry reactions and next steps.
Digital transformation is all the rage. Tech-driven business innovation is happening all around us. But how do game-changing technology investments get implemented in real life? Where are examples of success? Here are practical answers from a top business transformation expert.
How can we build more trust in future election results? Can we securely move to online voting to increase voter turnout? Some experts think that blockchain technology is part of the answer, and this interview with Votem CEO Pete Martin covers where we are and where we are heading to secure the vote.
I recently asked a group of leading CISOs and security industry CEOs what new security topics and technologies were hot right now. What did they say?
Back in early March, a bipartisan group introduced the State Cyber Resiliency Act. If passed and funded, the legislation would provide grants for state and local governments to improve cybersecurity protections and incident response. Here’s what you need to know.
Over the past few weeks, President Trump’s trillion-dollar infrastructure plan has been getting plenty of global media attention. Here are some of the latest developments, along with recent statements regarding what’s included.
Ransomware attacks are grabbing many headlines. Here are several recent public-sector ransomware incidents, along with what steps you can take to protect your enterprise.
Is your metrics program coordinated with decision-making?
America’s JobLink (AJL), a multi-state, Web-based system that links job-seekers with employers around the country, has been hacked. Here’s what you need to know.
Distributed denial of service (DDoS) attacks are accelerating around the globe. A new report highlights that the scale of the cyberdefense problem is growing. What can be done?
There are currently two radically different views regarding the Internet of Things (IoT) in our world. One is bright. The other is dark. Which one will win out? Can they come together — somehow? Here are two opposing perspectives — followed by a potential third way.
The National Governors Association (NGA) 2017 Midyear meeting was held last weekend in Washington, D.C., and the top priorities included cybersecurity and innovative infrastructure strategies in the states. Here are top highlights and several next steps.
The U.S. Department of Energy released an alarming report in January 2017, saying that the U.S. electric grid is in imminent danger from a cyberattack. So where have we been, where are we now, and where are we going regarding smart grid security?
What tips and techniques help parents teach their kids online? Where can cybersecurity professionals turn for resources to train teens about ethical hacking? How can we address cybersafety in new ways moving forward? Here are some answers from the 2017 RSA Conference Cyber Village.
A new Intel Security cloud report reveals that cloud computing adoption is growing rapidly in government and elsewhere all over the world. At the same time, CIOs are struggling to keep enterprise data safe in the cloud. Here is what you need to know.
Fake news is now headline news. Add in fake apps and fake websites, and governments have a huge credibility problem. What can the public sector do? Let’s explore what you can do for real.
What's hot right now in cyber? I asked four leading state government chief information security officers (CISOs) about emerging cyberthreats, their state’s top cyberproject priorities for the coming year and for their views on the future outlook for cybersecurity executives. Here’s what they said.
What has President Trump already said and done regarding cybersecurity? How should our 45th president address our many online problems at home and abroad? Why am I more optimistic than most commentators about our new leader’s pragmatic approach to cyber? Here’s why.
The 2016 U.S. presidential election shined a light on outdated election technology. So what steps must be taken and what technology upgrades are needed to restore the public trust in how we select our government leaders? Going further, how can all government service kiosks be made more secure and reliable? Let’s explore.
What will happen in 2017? Whether you prefer to call them cybersecurity forecasts, online risk trends or security predictions, the answers are similar. Here’s a roundup of what our top industry experts, security companies and tech magazines are saying about the year ahead — and what you can do to prepare.
What cybersecurity blog posts were most popular in calendar year 2016? The numbers don’t lie, and the metrics tell us what readers liked, and shared, and commented on, and viewed the most in the past year.
In 2016, hacktivists took center stage. Hacktivism disrupted many global causes — providing new online missions with anti-establishment goals that wounded public credibility and trust. Here’s a cyber roundup highlighting major international activities online, and how they impacted news headlines in the past year.
As recounts in states wind to a close, courts wrap up their legal cases and electors prepare to assemble to formally declare Donald Trump the next president of the United States, what lessons have we learned from the 2016 recount process?
What is a formal ‘vulnerability disclosure program,’ and why is it needed in a government near you? Watch this CSPAN panel discussion and learn.
With suspicions of hacking, Jill Stein is asking for a recount of the votes cast in Wisconsin, Pennsylvania and Michigan. This is a bad idea. Here are 10 reasons why.
After the election, many government technology executives are in a period of transition. Whether you are coming or going or not sure, most public sector IT leaders are now asking: Where next?
I'm expecting more surprises from President-elect Trump, this time on cybersecurity policy. Here's why.
Despite reports of rigged elections, vote flipping, election fraud, domestic and foreign hacking and much more, you can trust the counting of the votes in America. Here’s why.
After the Mirai botnet was recently used to bring down large portions of cyberspace, there have been new calls for regulating Internet of Things (IoT) devices. Since the voluntary IoT security approach is clearly failing, what can we expect moving forward? Are better standards needed? Should government mandate more security for IoT devices for consumer protection? Let’s explore.
Regardless of who wins, this presidential election campaign has highlighted a series of data leaks with personal information about candidates that will be remembered far after voting is over. New norms are developing regarding online privacy and radical transparency that question the boundaries of hacker ethics in our globally connected world. Many are asking: Will personal privacy even survive in the years to come?
As the public and private sectors struggle to find technology and security professionals with the right talent, skills, integrity, work ethic, perseverance and attitude to excel in the 21st century, I strongly urge you to consider ‘Hiring Our Heroes.’ This effective fellowship program helps military veterans transition into civilian life, and offers so much more. Here’s what you need to know and how your organization can benefit from this outstanding program.
The Cloud Security Alliance working group on the Internet of Things (IoT) released new guidance this week for securing the IoT product ecosystem. The 80-plus page guide is titled: 'Designing and Developing Secure IoT Products.' The report offers 13 recommendations to raise the overall security level of IoT products and services.
Another massive, headline-grabbing data breach was announced this week from Yahoo. What have we learned, and what wider security industry questions just keep resurfacing?
During a keynote session at their annual conference this week in Orlando, the National Association of State CIOs (NASCIO) released their biennial survey results on state cybersecurity. While the overall report trends (compared with the previous three surveys) seemed encouraging, many attendees asked me if the real situation was as positive as the data seemed to imply. Let’s explore the state CISO survey answers and the rest of the story.
Even the best customer service organizations in the world make common online and call center mistakes. Public- and private-sector organizations cannot rest on past successes to ensure future client satisfaction. Here’s a simple case study that shows what to do, and not do, regarding people, process and technology.
How can a government CISO get executive buy-in to obtain authority, autonomy and budget? What are the keys to success in the public sector? What are examples of important cybersecurity projects that are ongoing in major U.S. cities like Atlanta? Here is an exclusive interview with former Atlanta CISO Taiye Lambo.
Steven Fox is a top government cybersecurity expert, Distinguished Fellow with the Ponemon Institute and frequent speaker at top security events all over America. In this exclusive interview, Steven shares several low-tech but sophisticated social engineering techniques that hackers use to gain (unauthorized) privileged access into government systems and large and small company networks. Most important, what can we do to prevent fraud and respond to incidents that do occur?
How do you build a 'smart city?' What innovative factors lead to award-winning smarter technology examples to emulate? Which European city is the smartest? Let’s explore.
Most experts believe the good guys continue to fall further behind in our global hacker wars. So how did we get to this point in cyberspace? Most important, where can you go for help in this new Wild West online?
Do you unplug when you go on vacation? How about placing boundaries or time limits on your children’s screen time? What can be done to help? Is it time to schedule a digital detox?
What's happening with millennials in government? Are new strategies needed to attract and retain young people into public-sector jobs? Let's explore.
In 2016, hacktivism has become a mainstream force impacting millions of global lives. ‘Hacking for a cause’ has now become a weapon that transcends far beyond ‘antisocial geek misfit’ boundaries. From the DNC email hack to the Panama Papers, a surge in new hacktivism is now the top anti-establishment online tool for achieving a diverse set of causes around the globe.
As the world looks forward to the 2016 Summer Olympic Games in Brazil, a long list of problems and solutions have received media attention. But regardless of what happens in the arenas, is your organization prepared? Here’s a primer on potential online trouble spots and how you can prepare.
Top auto industry companies have announced coordinated vulnerability disclosure programs. This use of ‘bug bounties’ to encourage global hackers to help identify security holes points to the future of critical infrastructure protection. Here’s what’s happening now with crowdsourcing vulnerability management, and why the entire cybersecurity industry is taking notice.
Over the past few months, several random events got me thinking a lot more about data backups — again. I know, I know — a boring topic that you already dealt with years ago. You are tempted to just move on. But for your own good, please read this.
More and more devices are plugging into your government’s corner of the Internet of Things (IoT), but are we truly implementing the right projects in 'smart' ways? Here’s what you need to know about the state of smart cities opportunities along with some potholes to avoid and questions to be answered.
The people of the United Kingdom (UK) have voted to leave the European Union (EU). But what does Brexit mean for technology and security professionals around the world in the public and private sectors?
What can we learn from the tragic global events of the past 10 days? The use of social media is front and center in tracking online and offline crimes, especially terrorist activity. How can we prepare for tomorrow?
Bold claims are again being made by hot new startups and the technology giants about the coming age of augmented reality (AR) and virtual reality (VR) applications. While most of the focus has been on gaming, retail and travel, the impact for governments could be huge. Here’s why.
What are the top cyberthreats currently impacting public- and private-sector enterprises? Here are the questions that cybersecurity industry experts are talking about.
A new cutting-edge technology event with cybersecurity solutions for connected and autonomous cars is being organized by Billington CyberSecurity. The cyber summit will include CEOs in the auto industry as well as top government and technology leaders from around the world.
First, there was phishing … then came spear phishing … and now there is whaling — and other new sophisticated social engineering techniques. The bad guys are modifying their deceptive practices. Here’s what you need to know.
How do you secure your home or small business network? A recently released book by Terence L. Sadler offers practical, helpful answers.
The National Association of State Chief Information Officers (NASCIO) held their Midyear Conference in Baltimore this past week. There were plenty of hot topics on the agenda, including: enabling innovation through agile software development, the continuing need for procurement reform and a big push on cybersecurity.
On June 23, the world will be watching as the citizens of the UK decide whether to remain in the EU. The ramifications of this vote go far beyond Great Britain or Europe. History shows us that American interests and our future security are directly tied to this “special relationship.” Here’s why you should care what happens.
Will you buy another desktop computer or laptop? Or, can your smartphone meet your technology needs? Should your business continue buying PCs? The IT infrastructure industry is divided, but the answer affects more than you think. Here’s why.
April is Autism Awareness Month, and there are plenty of new developments to highlight. The number of private-sector initiatives is amazing, but can governments do more? What can innovative technologies do to aid early intervention for autism spectrum disorders? Currently technology is playing a significant role for adults with autism. That being said, should governments be doing more to hire and help these talented individuals with technical skills? Here’s my view.
You’ve probably heard the phrase “innovate or die.” But not everyone got the memo. So how does innovation really work in practical terms at the office? Regardless of whether you tend to be an innovator or protector, here are seven ways to help your business and career.
As the government pay gap grows larger with the private sector, where will the next generation of government cybersecurity leadership come from? What's the best background to enable success? Who should consider government cybersecurity roles? The public and private sectors are battling a growing list of global cyberthreats. With more data breaches, cyberattacks targeting critical infrastructure and new Internet of Things vulnerabilities, the competition for competent cybersecurity increases.
The rise in ransomware has taken a dramatic turn for the worse in 2016. Several hospitals recently declared states of emergency. Meanwhile, thousands of global businesses and consumers are now becoming victims of hacking attacks leading to extortion. This very serious situation requires the immediate attention of everyone from PC owners to small businesses to the large governments. Here’s the problem and what actions you must take now to protect yourself.
We’re in mid-March, which means the NCAA College Basketball Tournament is in full swing. But there is more than one way to bust your March Madness bracket, and cybercrooks are also working overtime to grab a piece of the cash. Here’s how (and why) major sporting events are top targets for global hackers.
This is a tale of two studies. The first report from the Governing Institute was sponsored by the National Cyber Security Alliance (NCSA) and AT&T, and covers the intriguing results of a state government legislative survey on cyber. The second reports offers a “Data Breach Digest” from Verizon which elaborates on 18 different data breach scenarios worth considering. Both reports are free and bring excellent recommendations and worthwhile opportunities.
As I flew back to Michigan after another RSA Conference this week, I thought about the highlights, takeaways and major themes in the security industry right now. At the same time, I couldn’t help but look back and reflect on the past several RSA Conferences in San Francisco on a personal level. Bottom line: These RSA Conferences tell quite a bit about where we have been and where are we heading in cyberspace — on both a personal and industry level.
Everybody loves their smartphone, with global adoption soaring and new helpful apps popping up daily. Faster speeds, new models and plenty of competition to lower prices make your mobile device the center of technology innovation. But is there an ‘Achilles Heel’ to watch out for? The answer is yes — and here’s what you can do to help protect yourself.
Scott Schober is small business owner who tells intriguing stories about how his company was hacked — and what happened next. This easy-to-read book is a good primer on the importance of online security for business owners, but it also shows how easily identity theft can happen to anyone, even a cybersecurity expert. Best of all, this book offers practical security advice with helpful steps that we all can follow to secure our corner of cyberspace.
With the exponential growth in data breaches over the past few years, the concept of ‘hacking back’ is growing in popularity. Proponents ask: If I can use a gun for self-defense in my home, why can’t I similarly ‘hack back’ against attackers who invade my cyberspace? Let’s examine that premise from different perspectives.
Does using ‘smart’ devices mean that our inboxes will be even more overflowing with more email? For now, probably.
An exclusive interview with Dr. Phyllis Schneck, deputy under secretary for Cybersecurity and Communications for the National Protection and Programs Directorate within the U.S. Department of Homeland Security.
What is the new Global Cyber Alliance (GCA)? Why is it important? Here is an exclusive interview with GCA co-founder and chair Will Pelgrin, as well as the new CEO and president of GCA — Phil Reitinger.
#OpFlint promises online attacks against Michigan Gov. Rick Snyder’s administration in response to the water emergency in the city of Flint.
The 2016 edition of the Consumer Electronics Show (CES) just wrapped-up as the North American International Auto Show sprang into full swing. So what do they tell us about the state of cybersecurity for the exploding Internet of Things (IoT) market?
You are next in line on your organization's depth chart. For a long time, you just wait in the wings for your opportunity to lead. For years, you watch, and learn, and practice, and occasionally get a few opportunities to show what you can do. And then, you get promoted. New management elevates you to #1. But can you succeed? You make a lot of early mistakes. Critics outnumber supporters. Nevertheless, you overcome and excel. How? There are important career lessons to learn from Kirk Cousins
What were the most popular ‘Lohrmann on Cybersecurity and Infrastructure’ blogs written in 2015? Viewer metrics are in, and they tell an interesting story. Here are the results, along with some intriguing trends and links to the top content.
More security predictions than ever before. As I examined hundreds of expert forecasts for 2016 and beyond, with cyber trends and predicted technology events from top companies, it is hard to be optimistic about our online situation. And yet, the combined predictions tell us an important story about online life. So where is cyberspace heading? What surprises await us? Here's your annual one-stop roundup of what security experts are telling us will happen next.
Something new, even unprecedented, happened this year in our cyber world. The most noteworthy data breaches were not focused on financial data. Here’s a data breach recap from 2015 – along with my views on what these events tell us.
The FirstNet Board approved the release of an RFP to build, operate and deploy a nationwide public safety broadband network this week. Meanwhile, the Department of Homeland Security Science and Technology Directorate named 10 people to a new Interoperability Advisory Panel. So are next-generation interoperable communications for nationwide first-responders finally getting close?
What is the current situation regarding cybersecurity in Latin America? To answer this question, I turned to Mr. Carter Schoenberg, who is a respected industry security expert who recently started a cybersecurity company in Panama. Here’s the informative interview.
The holiday season has arrived and so have the opportunities for Internet deals, sending and receiving holiday cards and many more online activities. Nevertheless, with the good comes the bad – as phishing scams, one-time bargains that are too good to be true and other cyber traps can lead to major headaches. Here are five common online mistakes to avoid as we head towards another New Year’s Eve.
The recent round of global terrorist attacks have reignited the homeland security versus personal privacy debate. Law enforcement officials point to the apparent use of encryption by ISIS terrorists as proof that encrypted communications need “back doors” to protect the public. But many security experts disagree. So what is the future for encrypted communication as we head into 2016?
Advanced cyberthreats, zero-day exploits, sophisticated malware, ransomware and more. These are just a few of the daily challenges that enterprises face as they try to protect their network endpoints each and every day. How can it be done? Enter next-generation endpoint security products and services. Here’s an overview.
Where is Florida heading regarding cybersecurity in government? What are the top priorities and hot projects? Hear what the Florida state CIO and CISO have to say in this exclusive interview.
Emerging cyberthreats are a hot topic at cybersecurity summits, in executive boardrooms and remain a top priority with back-office security teams. Here's what you need to know about where we've been, where we are and where online security threats are going.
From smart drones to smart homes to smart cars that drive themselves, the world is dramatically changing all around us. So are governments ready to take advantage of these new innovative opportunities emerging within the Internet of Things (IoT)? Or, as almost everything gets connected to the Internet, could these newly connected devices become “Trojan Horses” that inadvertently bring the next generation of data breaches? What’s being done globally in the public sector with IoT right now?
The National Association of State Chief Information Officers (NASCIO) held its annual conference in Salt Lake City, Utah, this past week. So what were the highlights? From the Internet of Things (IoT) to cloud computing to data center consolidation, which projects, technologies and issues rose to the top of the agenda? Most important, what’s on the minds of government CIOs, and what projects are they actually implementing as we move into 2016?
It is October, so National Cybersecurity Awareness Month (NCAM) is front and center from sea to shining sea. But attention on information security, along with events and helpful publications, have evolved over the years. It’s time to take another look at the new resources along with helpful tools and relationships that can last long after your Halloween candy runs out.
North Carolina Gov. Pat McCrory just established the new Department of Information Technology as the single source of accountability and authority over state government technology projects. State CIO Chris Estes will lead the consolidation effort, along with executive support from his leadership team, including Chief Information Risk Officer Maria Thompson. So who are these leaders? What are their plans and priorities? Where are they heading regarding information security? These are just a few of the questions answered in this exclusive interview.
A new 'understanding' on cybersecurity was announced this past week during Chinese President Xi Jinping's formal state visit. But while this agreement certainly offers a positive step forward for security in cyberspace, many questions remain unanswered.
Elected officials often fail to prioritize cybersecurity until after a data breach when it's too late. So what are the important security issues and actions that are needed by state and local elected officials right now? A new guide by Governing magazine and CGI was just released to answer that question.
On the 14th anniversary of 9/11/01, there are plenty of reasons to be thankful regarding public safety in America. And yet, there is also a growing list of cyberthreats that are grabbing news headlines almost daily. To help understand where we are today and where we are going regarding federal government cybersecurity initiatives, I interviewed Dr. Andy Ozment, the U.S. Department of Homeland Security assistant secretary, who is the new point person for the National Cybersecurity and Communications Integration Center.
Lockheed Martin recently released new open source tools to help defend enterprises from cyberattacks. The system, called Laika BOSS, offers a malware detection and analysis framework for security analysts to share intelligence with other cyber defenders worldwide. Here's my interview with leading cyberexperts who are offering cutting-edge insights and workable solutions to emerging battles in cyberspace.
Phishing and spear-phishing are growing problems. The clever enticements to click are getting more sophisticated and more targeted than ever. The data breach costs are mounting. What can your organization do to take phishing awareness and response to the next level?
Many government technology leaders are struggling. From national headlines to local audit findings, the majority of the news has not been good. Meanwhile, public trust in government as a whole is near historic lows. What can be done? Is it time for reinvention? Back to the drawing board? If so, there is a lot to learn from the journey and actions of Tim Tebow.
The technology and security industries are struggling to keep up with an ever-growing list of problems and cyberattack vectors. There has been a consistent call for new solutions to address evolving cyberspace challenges. One popular answer: New innovative startup companies to help. In order to accelerate these companies, the 'Security Startup Challenge' was formed earlier this year by Kaspersky Lab and several partners. And now, we have the winners.
A new survey of top IT executives reconfirms the findings from other recent cybersecurity studies regarding the online defense at utilities and other vitally important public- and private-sector organizations. The report outlines what is good and what needs improvement in our online defense of critical infrastructure facilities.
A series of recent news headlines reveal cybersecurity experts, who were being paid to defend networks, battle malware and fight cybercrime, were actually black hat hackers. What happened and what can be done to address this growing trend? Is your enterprise prepared?
Talking about security in effective ways is hard – whether the audience is an auditorium full of professionals or a small room at home with a few children. Here are some tips to help.
How well do you know your IT infrastructure? Who is communicating with whom across your network backbone? What systems are bandwidth starved? With legacy systems, PII data, hundreds of networks, complicated databases, hybrid clouds, data warehouses, countless mobile devices and outsourced functions needing 7x24 access, how do you determine what's truly secure? As we prepare for the new Internet of Things (IoT) era, here are some questions that need answers now.
On July 8, 2015, a string of major computer outages occurred at approximately the same time - grabbing global media attention. Significant operational disruptions occurred as a result of computer incidents at the New York Stock Exchange (NYSE), the Wall Street Journal (WSJ) and United Airlines. The nation briefly 'woke-up' to our reliance on technology and got a small taste of the fear that may come if a cyberattack cripples critical infrastructure. What lessons can we learn from these incidents? How can public and private-sector enterprises better prepare for more inevitable disruptions?
Network failures. Colossal data breaches. Global online privacy problems. The bad news reignites debate. Do Internet troubles necessitate a new start? Is it time to push the 'reset' button? But others say that cyberspace is improving and will go much further -- even solving a long list of historic problems. One thing is indisputable: The Internet is changing rapidly before our eyes.
A recent article in The New York Times describes a highly coordinated disinformation campaign using social media. This scary development raises new questions about the reliability of alerts and other emergency communications that rely on social media platforms. Will disinformation campaigns become a growing trend that will undermine recent advances in spreading important information during emergencies?
Data breaches are becoming much more common. Most states have laws mandating the public disclosure of data breaches where personally identifiable information (PII) is at risk. Cyberinsurance policies even cover data breach costs. However, not all data breaches are the same. We need a data breach scale. Here's why...
We are continuing the series of interviews with top CIOs and CISOs from around the nation regarding the best state and local government cybersecurity strategies. This week, we turn toward the Buckeye State to learn from two respected executive leaders. At a time when the federal government is reeling from a major OPM data breach, this security discussion has never been more important.
Alan B. Trabue worked for the CIA for over 38 years, and he has hundreds of true stories to tell about domestic and foreign agents and lies and spies. He has just published an amazing book that tells about his career as a covert operations polygraph interrogator with exciting travels all over the world. For anyone who is interested in polygraph exams or for those who are intrigued by the complexities of intelligence operations around the world, you must read this book. Here is a brief book preview and an interview with the author of 'A Life of Lies and Spies.'
Will Pelgrin started the MS-ISAC more than a decade ago, and he is a leading voice in government cyberdefense. Tomorrow is his last day with the Center for Internet Security, and I caught up with him and new CEO Jane Lute to discuss the past, the present and the future of global cybersecurity -- especially within governments.
Everyone is talking about smart cities. And yet, new public- and private-sector questions are emerging as more organizations engage with this global technology megatrend. So how can you take these opportunities to the next level? Who are the leaders within this hot Internet of Things (IoT) category? Which academic studies and white papers offer best practices and the most helpful resources to take your region to the next level? What cyber-risks are emerging? Here are answers and resources to consider.
Industry experts disagree on whether the Islamic State’s ability to mount a dangerous cyberattack is a top concern or an emerging online threat or completely overblown. But one thing is not in doubt, ISIS is making news headlines in 2015 for their exploits in cyberspace. In my view, ISIS is an emerging online threat to keep a close watch on. Here’s why.
The latest bills, privacy concerns and information-sharing actions.
I traveled to the United Arab Emirates (UAE) this past week to present the opening keynote at the Gulf Information Security Expo & Conference (GISEC 2015) in Dubai. The event offered a refreshing mix of leading global voices on security and technology topics. But most surprising, the Gulf region's public and private sector executive leaders who presented, the companies exhibiting and the amazing city as a whole offered attendees a different perspective and a positive model for the current cybersecurity and technology infrastructure challenges in the Middle East and the world as a whole.
Attendance records were probably broken, and there were numerous very good sessions. Still, surprisingly, government announcements may have been the highlight of the week.
We are continuing the series of interviews with leading state government CIOs and CISOs from around the nation. This week, we turn to Washington state and its security priorities and technology plans.
A new report released this week by Trend Micro and the Organization of American States (OAS) shows a dramatic increase in cyberattacks directed against critical infrastructure owners and operators.
Are you having trouble getting the needed resources for your cybersecurity program or key projects in government? Is staffing, funding or gaining executive support not adequate to get the job done right? Do you want to strengthen your influence and trust with management? While there are no easy answers, these ideas may help.
Just as many government organizations wrap up enterprise XP migrations a year after initially planned, it's time to start ramping up another major infrastructure effort. Microsoft Windows 10 will be arriving this summer. What new features are coming and is it time to prepare your strategic upgrade plan?
On Friday, March 20, 2015, CyberOU, the student cybersecurity club at Oakland University, held its second annual Cyber Summit in Michigan. Here's why CyberOU is a student-run organization for others around the world to emulate.
We are continuing a series of educational interviews with state and local government technology and security leaders around the nation. This week we visit an intriguing local government in the Pacific Northwest part of the country to learn more about its overall mission and how it keeps customer data safe.
What cybersecurity priorities, challenges, actions and plans are Missouri's CIO and CISO working on right now?
By a 3-to-2 vote along party lines, the Federal Communications Commission (FCC) passed new rules on Net neutrality last week. The rules establish the Internet as a utility, but court battles loom before the FCC actions can take effect. Here's what happened, a summary of the news coverage, what it all means, reaction from different sources and what is likely to happen next.
'States Leading on Cybersecurity' was the name of session at National Governors Association (NGA) Annual Winter Meeting on Sunday. Homeland Security Secretary Jeh Johnson addressed looming DHS shutdown impacts as well as federal / state opportunities to work together to share cyberthreats and other critical information across the public and private sectors.
The White House Summit on Cybersecurity and Consumer Protection at Stanford University was a very good event with meaningful outcomes. But it could have been much more.
Unique Indiana state government partnership with Purdue University will also utilize private-sector expertise to defend state networks from next-generation cyberattacks. This breaking news demonstrates that cyberdefense is a top priority for Indiana Gov. Mike Pence.
Governments around the globe are rushing to prepare for computer-generated threats that can cause real-world calamity to our way of life. And while opinions vary on the likelihood of human error causing a major crisis or hostile cyberthreats causing severe societal disruptions, few argue against being prepared. So how are leading governments getting ready for inevitable cyber emergencies?
As you think about resolutions for the coming year, or the next four years in government, don't forget your people. Here are seven important actions to consider.
This should be the year that significant bipartisan progress is made on cybersecurity legislation, with new laws set to pass on issues ranging from data breach notification to sharing sensitive cyber intelligence between the public and private sectors. In fact, since President Obama and Republican congressional leaders can't agree on much else, cybersecurity action is moving to center stage.
The International Consumer Electronics Show (CES) in Las Vegas drew huge crowds again this year, with audiences seeing, touching and enjoying the hottest new gadgets and technology. From cars that drive you to drones that are smart to 4K high-definition TVs, it was all there. But the biggest story of all, may be the virtual reality (VR) revolution. VR tools and devices will transform 21st century IT infrastructure.
As we begin 2015, what do your customers really need from you? What is your government technology infrastructure plan of action for the coming year? Here are seven must-have strategies for enterprises to enable long-lasting innovation.
Predictions are everywhere. Most security companies now make them. As I examined 2015 lists and checked them twice, everyone is saying that our online situation will get worse. But how much worse? What surprises await us? Here's what technology experts are saying - along with my naughty and nice labels.
Cybersecurity stories were more popular than ever in 2014, with the word 'cyber' showing up in front of topics ranging from security to shopping scams to global online attacks. But no matter how we rename, reclassify or reanalyze the data in cyberspace, it is clear that the dollars spent, problems encountered and attention given cyber has virtually doubled in 2014.
Recent reports show that morale is low across the nation for government employees. Are there answers that can help even as public sector pay lags behind the private sector? Here's an example to consider.
Everyone is bringing their own devices to work. But is sensitive data being secured properly on our smartphones and tablets? Soon, new technology will be worn wherever we go. Is your enterprise preparing for WYOD?
Another Cyber Monday, and more online sales records will be set. What can you do to protect yourself at home and work?
The North American International Cyber Summit was held in Detroit's Cobo Hall on Nov. 16-17, 2014, and Michigan Gov. Rick Snyder unveiled an updated 'Michigan Cyber Initiative 2015.' Here are the details on the event and the new cyber plan that's a model for the nation.
What can we learn from the annual American Petroleum Institute (API) Cybersecurity Conference in Houston? Many things, but nothing more important than we are all part of the same cyber ecosystem. We sink or swim together in cyberspace.
Back in the spring of 2014, speculation was already growing about the significant impact that technology and cybersecurity might have on the 2014 midterm elections.
The government security leadership series continues with another set of CIO/CISO interviews. This week we travel to Minnesota.
As the headlines around the world continue to focus on the spreading Ebola health crisis, how can technology help? Effective answers must take advantage of recent advances in big data.
Once every four years, most state and local governments go through a multi-month period of major upheaval. Regardless of which political party wins in the November midterm elections, major executive turnover usually occurs at the highest levels of government. This fall and winter is one of those times. How can you prepare?
Cybersecurity protections in Wisconsin government took another step forward last week with an impressive cyber summit that included Gov. Scott Walker, Maj. Gen. Don Dunbar (the adjutant general in Wisconsin) and security leaders from around the nation and the world.
The 11th annual National Cyber Security Awareness Month kicked off on Oct. 1, with perhaps the biggest set of activities ever planned. But on day two of the festivities, a huge JPMorgan Chase security breach stole the headlines.
The speaker was Facebook VP Vaughan Smith. "We all know that innovation is key to success, but how do we innovate at Facebook? The first key to innovation is moving fast, very fast," he said.
As cyber leaders from across federal, state, local and tribal governments prepare to gather for another annual meeting, the future of government cybersecurity in our local communities now hangs in the balance.
There were two very different events this past week in Michigan, but both offered similar messages. The Intelligent Transport System (ITS) World Congress and the Michigan Digital Summit pointed to the radical transformation occurring right now in transportation. There is a paradigm shift occurring using smart transportation systems and mobile technology that enables 'realistic solutions to our global mobility, safety, and environmental challenges.'
Whether the topic is modernizing health care, attracting retaining the right talent, the role(s) of the Chief Data Officer (or the new Chief Digital Officer), the value of big data or even securing enterprises from insider threats, the answer entails culture change. So how do we begin?
Just as mobile technology and cloud computing became a normal part of our lives, along comes the next set of disruptive innovations that will radically change the way we work and play. Get ready for robots to appear in virtually every area of life. But just as with the Internet, there will also be a dark side.
It's time to get in the game. Just as in the 1984 movie 'The Last Starfighter,' being the best at a game could lead to a future that exceeds your wildest imagination. The British Intelligence equivalent to NSA is offering a challenge to play a game, with a great cyber job as the prize for winners.
The National Cyber Security Alliance is taking the online safety message to a city near you. A national campaign is spreading the word that multifactor authentication is easy to use and available now — often for free.
More cyberdefense action is needed, but many people seem content to hit the snooze button for now. Meanwhile, Black Hat speakers offer some policy advice to help, while smart Americans change passwords - again.
August 1, 2014, was my last full day as Michigan Government's Chief Security Officer (CSO). As I look back at seventeen years of action-packed public service, I will remember the wonderful people who made it all possible and who served (and continue to serve) our citizens so well.
The Michigan Cyber Civilian Corps, state and local government cyber analysts and the West Michigan Cyber Security Consortium participated in an attack-defend-respond tabletop exercise in a virtual city called Alphaville, which exists within the Michigan Cyber Range. Here's why it matters to a town near you.
As we head into the mid-term elections, what cyber policy action is likely in 2014?
Recent cyber stories resemble plots from James Bond films. Can you tell the difference?
As global online harassment concerns rise, workable solutions seem elusive.
A Spartan fan visits Husker Country to learn about cybersecurity in Lincoln.
Coming IoT growth surge will both utilize and surpass cloud computing's appeal.
What has Brazil done to improve technology and other infrastructure to prepare to host the world?
Are you ready to handle big data, more video, new firewalls and an exploding number of mobile devices?
A look at cyber in "Big Sky Country."
David Gustafson and Chris Ipsen offer experience, vision and proven information security leadership.
On Mother's Day, it's time to take another look at this complex issue.
Facebook, Google, LinkedIn and others want to be your trusted data broker
Tempting the click is everywhere in cyberspace. Keep asking: Is that really true?
CIO and CISO offer the nation best-practices to mitigate cyberthreats.
Security pros are feeling the pressure. Are you ready for another action-packed week?
We can learn from front-line government experts who are 'in the arena.' Delaware is raising the bar for the nation in many areas of cybersecurity.
A key NIST Cybersecurity Framework kickoff event was held in Washington DC this week. What happened, what can we learn from the event and what's next?
I am kicking-off a series of interviews with state and local government CIOs and CISOs from around the country. The goal is simple: To listen to their words and learn from their ideas and actions.
Can these hot trends mix, or are they like oil and water? Can we find middle ground on data? Or, will these two trains collide? Do you feel the tension building yet?
How do we improve the security culture in our organizations? It's time to take another look at what works for security awareness programs.
RSA Conference sessions ask: Who can you really trust to protect your data online?
Even if you are not going to California, you still need to pay attention.
This new approach matters more than most people realize.
Yes, federal, state and local governments are impacted.
CyberTech 2014 demonstrates disruptive tech solutions
Why it matters to a community near you.
What do we really do with all that data we collect in government? The answer must be to improve customer service and provide a radical transformation in the way governments interact with residents. Anything less will bring big problems. Here's why.
Quick Pop Quiz: Don't worry, this will be easy.
7 Predictions for optimists and 7 predictions for pessimists for government IT in 2014.
New global fiber, with faster pipes, and end-to-end deliver, owned by tech giants like Google, are a central part of the plan to deliver trust.
2013 was another eventful year in the brief history of cyberspace - with more online holiday shopping, more spear-phishing, some big government project failures and more virtual surprises than ever before.
A few years back, experts predicted that the smartphone would replace the wallet by now. The trouble is, most of these predictions were way too optimistic.
What traps do new security leaders face? How can they avoid them? Where can they go for help?
Everyone loves a deal. And geeks, nerds, government technology staff and cyber pros especially like deals on new technology.
A familiar hot topic is back in the #1 priority slot for state CIOs. But why is cybersecurity back at the top of the 'must do' list?
As the eyes of the entire nation are focused on whether Healthcare.gov will regroup and still be successful. Skeptical citizens are raising wider questions on big government IT projects once again.
Everyone knows that IT security is hot around the globe right now. But it's about to get much hotter, according to Richard Stiennon, who was the lunch keynote at the 2013 Michigan Cyber Summit yesterday.
The 2013 Michigan Cyber Summit is Friday, October 25. You can watch it live on the Internet or access sessions on-demand after the event.
What do state government Chief Information Officers (CIOs) believe are the greatest enterprise risks in 2013?
Is rogue IT threatening to cause a major breach?
From home mortgages to university grants to interns enhancing their career prospects, the federal government shutdown of 2013 is hitting home - and hitting hard.
The NGA released a new compelling strategy paper called Act and Adjust: A Call to Action for Governors for Cybersecurity.
Another National Cyber Security Awareness Month (NCSAM) begins on October 1, 2013, and this could be the best or one of the worst ever. This is why...
The Intelligence and National Security Alliance (INSA) organization just held an excellent summit on CSPAN that is worth a second look.
Spam is back. But this new spam is harder to deal with. Here are some tips to help.
Outgoing Secretary of Homeland Security Janet Napolitano warned that a major cyber attack is coming
There have been a number of futuristic technology ventures recently announced that are either visionary game-changers or a huge waste of money.
Where were you when the lights went out in 2003?
How much tracking by advertisers is ok? The answer relies on trust...
"And my challenge to each of you is to take the cyber awareness training... like me..."
But how do we take these vital security goals to the next level? What are the desired outcomes and corresponding actions required to strengthen our mutual cyber defenses? Where do you start?
No service? My Verizon connection has great all week why now? Something was wrong.
Enquiring minds typically want to know: What is the next big thing in technology? The nice thing about that question is that you can go almost anywhere with the answer.
Early this week the European Union (EU) mandated national maximum sentences of at least two years in prison for attempting to illegally access information systems. Will these tougher penalties deter cybercrime?
Are insiders or outsiders the greatest IT threat to enterprise security? Lately, the pendulum seems to be swinging towards the insider threat.
Ms. Teresa M. (Teri) Takai, who is the CIO for the United States Department of Defense (DoD), has been an exceptional leader in government for more than a decade. She served as state government CIO in both Michigan and California before joining DoD as CIO in 2010. Ms. Takai was appointed to the FirstNet Board of Directors in August 2012.
There is a free webinar coming up on the topic of BYOD. The online event will be on Tuesday, June 18, at 2 PM (EST).
Do the ends justify the means in the case of Edward Snowden disclosing classified NSA secrets to the world? I think not.
The news media this week was full of articles describing the U.S. government's role in gathering, mining and analyzing big data from nine leading U.S. Internet companies in order to stop terrorism. Where is this capability going?
Yes, spear phishing is hot all over the USA - very hot. In fact, this threat may be #1 on the list.
For those who worry that individual privacy rights and personal freedoms are already being eroded by the Internet and new technology hold on to your virtual safety belts. Many experts are predicting almost everything will be recorded in public in the near future with wearable tech, whether you like it or not.
For some reason, there seems to be an abundance of career advice floating around social media web pages right now. What are some of these good career tips, and what is the best career advice I ever received?
What do hackers and Mother's Day have in common? According to the wealth of cyberspace knowledge that is defined by Wikipedia, a hacker can mean many things...
What will actually happen in (or to) cyberspace on May 7, 2013? Is this the new normal in cyber threats?
There has been a lot of discussion over the past week about Twitter and the power of social media following the breach of the Associated Press (AP) Twitter feed last Tuesday. Bottom line, each of us still needs to decide: Can I trust that tweet?
After the unprecedented events of that took place in and around Boston last week, where are we now and where are we going?
I am excited to announce the release of my new eBook on the hot topic of mobile technology and specifically bringing your own device to work (BYOD).
Recently, my family was discussing lesser known facts about our first President, George Washington. The intriguing conversation centered on George Washingtons 110 Rules of Civility & Decent Behavior in Company and Conversation. How can we apply these rules to online decency today?
What are futurists predicting regarding technology? And for security, what is coming down the road?
There has been a lot of discussion over the past few months regarding an article entitled: Why you shouldn't train employees for security awareness. Here's my response.
The National Institute of Standards and Technology (NIST) issued a press release recently announcing the development of a new framework to reduce cyber risk. What do they need right now? Your input.
What are the top infrastructure projects in the world? Why were they chosen? What projects are hot in North America? How is cloud computing changing the way business in conducted?
The largest cybersecurity conference in the world was held this past week - RSA in San Francisco. The 2013 show was as big and, in reality, overwhelming as ever. He are a few takeaways.
Yesterday, I was given the opportunity to speak on a panel at the National Governors Association (NGA) Winter meeting in Washington. Here is a transcript of my opening remarks which offer seven actions for Governors to take on cybersecurity.
What are bloggers and other commentators saying about the new EO on cybersecurity and PPD-21?
According to Bloomberg, President Obama plans to release an executive order on cybersecurity soon after the State of the Union address.
Notifications sent from social media companies. Some people love them others want them to go away.
If Internet connection speed was an Olympic event, America wouldn't even get a medal.
Is it time to change the way we think about work / life balance? I'm not sure, but I've become more open-minded on this issue. Allow me to explain.
The European Network and Information Security Agency (ENISA), which is a part of the European Union (EU), recently issued a report that describes the current global cyber threat landscape - including infrastructure.
Just when I thought I was turning the corner on Internet security awareness & cyber safety, along comes an eye-opening situation that hits so close to home that I am forced to rethink the road ahead - again.
Over the past week, Ive been surfing the Net looking for blogs and articles that both recap online security trends from the past year as well as offer new cybersecurity predictions for the coming year. Heres a summary of what Ive seen thats memorable so far.
As we head into the heart of the holiday season, our thoughts and prayers still turn towards the families and devastated communities following the horrible events in Newtown, Connecticut, on December 14, 2012.
Do we need such a national doctrine on cybersecurity? If so, what needs to be included? How will the rest of the world view this doctrine? Can a cyberdoctrine help guide our actions?
Ever since the Western States Contracting Alliance (WSCA) was formed in the October 1993 by the state purchasing directors from fifteen states, governments have been saving millions of dollars through cooperative purchasing.
What were the top government data breaches in the USA in 2012 (so far)? It appears that this year will be remembered more for state and local breach headlines than for federal government breaches.
More and more companies and governments are implementing technology policies that allow their staff to bring your own device to work (or BYOD). But is BYOD really cheaper for governments?
Everyone is talking about the General David Petraeus scandal. But what I find most intriguing are the articles, blogs and opinions analyzing what all of this means for the rest of us who use technology with a special emphasis on redoubling efforts to protect email privacy. So here is my best advice.
I'd like to introduce our new Michigan Cyber Range which was formally launched on Friday, November 9, 2012.
We currently have several important security stories and not much public attention.
The impact of Tropical Storm Sandy is being felt far and wide.
Day 2 at the NASCIO annual meeting, and one hot topic is the new Cybersecurity survey results that were released this morning called
Here are some of my highlights from the first day at the NASCIO Conference in San Diego
The National Association of State Chief Information Officers (NASCIO) is holding their annual conference in San Diego this year from October 21-24, 2012.
Patch Tuesday is just around the corner, and I feel an urge to rant.
Senior officials in the U.S. government believe that Iranian hackers are responsible for a new wave of significant cyberattacks. What does this mean?
What actions steps can we take to improve cyberethics at home and work?
Albert Einstein once said, "If I had one hour to save the world, I would spend 55 minutes defining the problem and only five minutes finding the solution." So how can we even begin to define cyberspace and take baby steps towards enabling the good and disabling the bad?
When we go to the dentist for our semi-annual checkup and teeth cleaning, we typically get asked a series of questions about recent patterns of personal behavior. Perhaps its time for instituting a regular cyber check-up?
I had the opportunity to travel to Springfield, Illinois, during this past week to speak at the Illinois Cyber Security Forum. This blog offers some of the highlights, random thoughts and what I lessons learned during the trip.
Over the past few days, numerous news sources reported that President Obama is strongly considering an executive order on cybersecurity. It appears cybersecurity is becoming more political.
I noticed ads showing up all over the place asking me to come back to their websites. Whether I was checking baseball scores at ESPN, doing a Google maps search for driving directions or researching a cybersecurity article at various tech websites, the computer browser was beckoning me to return and buy plane tickets, with targeted ads asking me questions. Will governments be next to use targeted ads online?
One of the hot topics at the MS-ISAC Annual Meeting and GFIRST in Atlanta this week was the recent Wired article by Mat Honan entitled: 'How Apple and Amazon Security Flaws Led to My Epic Hacking.'
As in previous years, the GFIRST conference in being held during the same week as the MS-ISAC Annual Meeting and the InfraGard annual meetings. This allows a diverse group of experts from around the country to attend multiple events during one trip.
I'm at the Multi-State Information Sharing & Analysis Center (MS-ISAC) Annual Meeting in Atlanta, where the state and local government Chief Security Officers (CSOs), Chief Information Security Officers (CISOs) and many of their top team members have gathered for three days.
Back in late June, I wrote about connectivity options while traveling during my vacation in Ocean City, Maryland. The blog was entitled: Vacation WiFi: What Networks Can We Trust? Now, thanks to some emails from an online friend who wishes to remain anonymous, I can offer Part 2 of this story.
Have you noticed some new words showing up in magazines and newspapers around the country? Words like: cyberattack, cyberwar , cybercrime and cyber... whatever.
Suddenly, without warning, no power. The blackout spreads. The grid goes down. What can we learn from this?
The 2012 Summer Olympic Games are here, and the five to eight hour time difference between the mainland USA and the UK may be just the right combination to bust your work network(s).
For security pros preparing for this massive undertaking, the unflattering headlines pretty much summed up ongoing security problems. But while gold may be out of reach, the security teams can still go for the silver lining.
e-Discovery, information management and the legal aspects associated with enterprise data are hot topics for technology leaders to address with their business customers. But what information governance strategies are legally defensible? What compliance approaches work best in the long run? How can enterprises reduce risk when they save or delete data?
Over the past few weeks, global news outlets have been warning users about Malware Monday and the pending Internet shutdown on July 9, 2012, for computers still infected with the DNSChanger malware. While the issue is certainly real, this blogger believes many headlines were (and still are) too alarmist. Can we learn anything from this?
I was recently on vacation with my family in Ocean City, Maryland. As I powered up my iPad from our fifth floor condo on 136th Street, more than a half dozen wireless networks popped up. I asked myself: Can I use (or trust) any of these? Are they free? Is it worth the risk, if they are?
What's appropriate and what's not regarding the use of social networks? Beyond formal codes of conduct at work, what behaviors and attitudes will likely lead to trouble? What tips can we share from those who have gone before us and learned about the good, the bad and the ugly? What good habits enable a positive experience in the long run? And, what are some examples of social media technology being used in destructive ways that undermine relationships?
Computer experts from around the world are warning users to change passwords immediately following the announcements that millions of passwords from LinkedIn, eHarmony and Lastfm were posted on hacker websites.
A new era began this weekend in cyberspace. Starting with the New York Times article dated June 1, 2012, which proclaimed: Obama Order Sped Up Wave of CyberAttacks Against Iran, the global discourse regarding cyber attacks has now shifted.
How do social networking sites get attacked by hackers? What methods are used? Why are attacks successful? What can be done to improve security on social networks?
Ever since I read Megatrends in 1988, Ive been fascinated by predictions about how technology will alter our daily lives in the near-future. One area that is evolving quickly is our shopping experiences both online and offline.
Most of us always trying to do multiple activities at the same time. But is it really working?
How much attention should cyber pros pay to comments from the "noobs" about technology and security?
Opinions are all over the map on "Bring Your Own Device" (BYOD) to work. Here are some viewpoints and a poll.
Over the past few weeks, there have been several high-profile breaches announced involving state government systems - one in South Carolina and one in Utah. My first reaction was to think: There but for the grace of God go we.
So what is the right level of security? How do you know if you have gone too far, or not far enough in protecting critical systems? Do all business functions need the same level of security?
Everyone is talking about the sinking of the Titanic and they should be. Here are five lessons for technology and security professionals from the sinking of the Titanic ...
So how can this customer service theme work for security professionals? Allow me to tell you a true story.
Several hundred people had gathered for a second morning to hear the results and ask questions regarding the recently completed Gartner study, which covered all aspects of Michigan Governments Information, Communications and Technology (ICT).
Shaun Henry, the FBIs top cyber cop and executive assistant director responsible for cyber, told the Wall Street Journal (WSJ) that we're not winning and that the current approaches being used by the public and private sectors are: "Unsustainable. Computer criminals are simply too good and defensive measures too weak to stop them."
Internet privacy has long been a hot-button issue. Central questions are being asked about who owns what data, how that data can be used by various companies to target individuals in marketing and whether users can opt-in or opt-out of various data-sharing approaches. Just as in other areas of life in America in 2012, these questions are often end up being settled in the courts.
I traveled to Eastern Europe last week to speak at two different one day cybersecurity conferences that are a part of a series of events known as the IDC IT Security Roadshow 2012.
Will new cybersecurity legislation pass in 2012? If yes, what will be included, what will be left out and which agencies or organizations will be in charge of various information sharing and monitoring roles? These are hot questions in DC right now.
But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people dont know exist.
How many online social networks have you joined? I'm starting to wonder if there are too many social media sites that I participate in. Is a backlash coming?
FUD is a complicated topic. FUD can be your friend or your worst enemy. It can light a fire under cyber initiatives, or end a career. It can influence decisions in the middle of a crisis. Regardless of the story, FUD is important to master and thats not just hype.
It's that time of year when my email in-box starts filling up with invitations to events surrounding the RSA conference in San Francisco. Nevertheless, some of my best experiences have been at security and technology conferences near home.
Major technology vendors announced the formation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) system today. This new email authentication framework should reduce the number of phishing scams that try to trick users into thinking emails are from someone else.
The Federal Trade Commissions website at www.onguardonline.gov remained down for a second day after it had suffered a security breach.
This is turning into a wild week for headline-grabbing cyber activity. Immediately following Internet protests of proposed new legislation to crack down on Internet piracy, the Department of Justice (DOJ) moved quickly to shut down one of the most popular websites known for illegal downloads called Magaupload.
On January 18, 2012, Wikipedia and a long list of other popular websites will go dark to protest the proposed Stop Online Piracy Act (SOPA).
A highly sophisticated malware network called "Shnakule" has recently been singled out as increasingly dangerous. Many security firms are rapidly reacting and even changing their views on cyber crime operations as a result of new information.
Its that time of year when we ask: where are we heading in regards to cybersecurity in 2012? Also, where have we been?
But one of my children said, "Why don't you write something fun for all those people who have to work between now and New Years Eve. How about some computer jokes, funny security stories or a list of your top 5 or 10 geek/nerd or security T-shirts?"
A new cybersecurity bill was introduced by members of the House Homeland Security Committee on Thursday, December 15, 2011. Named the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PrECISE Act), the proposal would establish a federal overseer as a quasi-government agency which would coordinate information sharing between the private and public sector.
Despite his weaknesses, Tebow is winning over the hearts and minds in America. We love our underdogs, because most of us have our failings and weaknesses too. Our lives are full of the critics,... We just dont see our mistakes paraded around as publically or as often as Tim Tebow.
Privacy concerns are growing regarding the use of Carrier IQ software in many mobile phones.
Its that time of year again. Cyber Monday has arrived, and recent survey results say that 50% of Americans do some holiday shopping from work.
The Department of Homeland Security (DHS) announced that the Illinois water system in Springfield was not hacked.
The top technology story at the end of last week involved multiple news sources reporting a cyber attack that penetrated a US public water system in Illinois. Heres what we know, and what we dont.
The Duqu Trojan, which is also known as son of Stuxnet, was discovered just two months ago and is getting headlines for the sense of humor that its creators have revealed in the code. According to Kaspersky Lab, the hacker group behind the Duqu Trojan may have been working on the code for more than four years.
New reports sound like they could be promoting a popular television drama series on mobsters - with a new technology twist. Something like: The Sopranos go cyber.
The National Association of State Chief Information Officers (NASCIOs) Security and Privacy Committee has released a new report entitled: The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs.
Mark Weatherford has been named as the new deputy undersecretary for cybersecurity at the Department of Homeland Security (DHS). Mark is a thoughtful executive who has both military service and hands-on experience dealing with every aspect of our cyber ecosystem. I am confident that he is the right person for this job as we head into 2012.
There have been several recent articles and reports that offer ways to save Information Technology (IT) dollars. The lists of potential cuts are worth reviewing, but I urge some caution as well.
Governor Snyder quickly raised the bar: "If people walk away tomorrow saying that we had a nice conference with good speakers, we will have failed. We need everyone walking away saying that it is time to act now on cyber whatever their role."
As reported by Government Technology Magazine last week, Michigan is merging physical and cyber security. I will be moving to the newly created role of Michigan Chief Security Officer (CSO) in October. The reaction from my friends and colleagues from around the country has been all over the map ranging from Great move to Are you really ok with this?
I had just come out of an e-Michigan meeting in the Romney Building in downtown Lansing. It was a few minutes after 9 AM on 9/11/01. Someone yelled, A small plane just hit the World Trade Center in New York!
Where did you first learn what it means to out-hustle the competition? How did you develop that strong will to win? When was the first time you worked hard with teammates to accomplish a goal? For many readers, the answer is likely to be playing sports.
Hurricanes are notorious for disabling technology by cutting off electricity. In some cases, the threat of coming storms can overwhelm our phone systems and websites. But technology is also being used in new ways to prepare for and clean up after natural disasters, like hurricane Irene.
Governments across North America are now consolidating data centers at an unprecedented pace. This is not just talk, but real action is (finally) occurring.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) is holding its annual meeting in Nashville, TN, this week, and the focus is all about ways to strengthen partnerships.
The string of major cyber hacking attacks continued this week, with ManTech International reportedly being the latest company hit. What's to be done?
Going Back to the Future may no longer be just for the movies. The intelligence community has launched a new project which attempts to predict what will happen next by using crowdsourcing techniques.
Where do you get your blog and/or article ideas? I'm often asked that question. Or colleagues want to know: What are the top ten websites you turn to in order to gauge innovative technology trends?
Sometimes we come across a new word or phrase that is not only different, but intriguing. Which brings me to the topic of today's blog: What is a healthy cyber ecosystem?
Recently I decided, if you cant beat the spammers, I might as well just relax on Memorial Day Weekend and enjoy a good laugh on them.
This has been a rough week for our technology operations. The good news is that our critical Secretary of State systems are up and offices are open and helping customers.
I was recently asked: What is the next big thing in technology?
Youre never as good as you look when you're winning, and never as bad as you look when you're losing. I think that adage applies beyond sports to many aspects of life and business including the management of computer operations connected to the global Internet in 2011.
How important is social networking to leading companies right now? Very important. In some cases, it may even be the most important priority. Its time for state and local government agencies to reexamine these social networking trends and build new strategies to engage partners with social media.
What is FedRAMP? How does it help with cloud-computing environments? Can we use it here in our state? I expect these questions will be asked across America over the next few years in the halls of state and local governments.
Microsoft released the new Internet Explorer (IE) 9 this past week, and government enterprises across the world now have another important decision to make.
As Japan strives to recovers from the devastating earthquake and tsunamis, global governments are sending aid in a variety of forms.
As state leaders gather in Washington, D.C., this weekend for the 2011 National Governors Association (NGA) Winter Meeting, one topic on the agenda is cyber-security. Experts in the field will be addressing questions like: What threats in cyber-space do we now face? What are the potential ramifications of these cyber-threats? What steps can governments take now?
Egyptian democracy and high-speed Internet are not topics that typically go together, but they were both highlighted during President Obamas speech this week in Marquette, Michigan.
A quiet, but dramatic, change is well under way in rural America. Over the next two years, Broadband Internet access will become available to many parts of the United States that have been struggling with only dial-up connectivity up until now
What do think about that WikiLeaks situation? Ive been getting that question a lot lately - not only from the typical techies or security pros, but from just about everyone else.
Its that time of year when everyone seems to be recapping 2010 and making technology predictions for 2011. Here are my favorite predictions and some important trends to watch regarding government technology infrastructures for 2011.
The Federal Government has issued a cloud first policy as a part of the Office of Management and Budget s 25-point plan to reform federal information technology management. What does it mean for state and local governments?
It s not in the contract. We hear these words every day in government. The challenge is huge: To be innovative in our RFPs or Invitations to Bid (ITBs) and still be efficient.
The US Office of Management & Budget (OMB) will be implementing fundamental changes that entail structural changes in how programs are funded, staffed and managed. The plans call for a cloud-first policy which boosts the use of government cloud computing for new systems.
There are many ramifications from the state and local government election results this week, such as this article which highlights new Governors to bring big turnover of State CIOs. So what should current (or prospective) government technology professionals be doing now to prepare for 2011?
Our Michigan Digital Summit was held this past week, and the opening keynote was truly different in a fun way.
What is clear is that the battle for mobile apps is heating up, and the mobile OS space has moved up to become a core issue for CxOs over the next few years.
Day three at the NASCIO conference began with a keynote session led by Thornton May, who is an IT Futurist, Executive Director and Dean at the IT leadership Academy and Author of The New Know: Innovation Powered by Analytics.
The opening keynote by best-selling author Don Yaeger was inspiring and funny.
Microsoft released the new Internet Explorer 9 (IE 9) beta web browser this past week, and the initial reviews from technology critics and even competitors like Google are positive.
There have been quite a few headlines lately about the current challenges facing Virginia's government technology infrastructure . From this IEEE Spectrum article, to Computerworld in ...
Everyone's talking about Intel's pending acquisition of McAfee for $7.7 billion. The list of questions is long. Did they pay too much - or too little? ...
Are recent announcements of product offerings from Google, Microsoft and others going to fundamentally change government technology service delivery? Has the long ...
"We need your help to stop online thieves." This surprising message from many banks to their customer base is becoming more popular as online ...
How much email is too much? New survey results from Harris Interactive found that 50 emails a day may be the breaking point for employees. ...
Earlier this week I received an email from an out of state friend and respected colleague who I haven't heard from in a while. He ...
In a unanimous decision last week, the US Supreme Court rejected the privacy claims of an employee who was texting using employer-provided equipment. According ...
Imagine this: " A motorist still at the office can use a cell phone to remotely start his car or truck, adjust the temperature, confirm ...
Move over Second Life , a new virtual world is being created for the federal government called vGov. According to Government Computer News: "The ...
Try typing "free storage" into a Google search, and you'll get almost 47 million results. Here are a few highlights: Mozy.com offers: "2GB, Absolutely Free ...
The National Association of State CIOs (NASCIO) Midyear Conference for 2010 was held during the last week of April in Baltimore. The attendance was the ...
Since posting a blog on the Apple iPad's effect on government standards a few weeks back, I've received several questions from around the country regarding ...
There's been some tough press lately for cloud computing. Recent conferences on the topic have turned more negative as very high expectations are slow to ...
iPad fever is here! On a weekend that celebrates Easter, the NCAA Final Four and record warm temperatures over half the country, everyone seems to ...
I was jogging on my treadmill when I saw the breaking news on ABC - Moscow subway bombing just occurred. It was Monday morning, March 29, ...
In my twenty-five years as a security and technology professional, I have never seen so many hot headlines around technology issues. Whether you are ...
I read a very interesting CNET article yesterday entitled, "Why no one cares about privacy anymore." I urge you to take five ...
Microsoft is warning that the extended support phase is ending for Windows 2000 (server and client), on July 13, 2010 . In addition, other products with lapsing service ...
Many schools around the nation issue student laptops. But what activities are allowed with those laptops by students or family members? What policies apply? What ...
What's all the Buzz about? No, I'm not referring to the Olympics, an uptick in the economy or even springtime bees. Google ...
This is not your grandfather's winter games. Every Olympic city makes major investments in technology, security and infrastructure in the 21st Century, and ...
Now that Oracle's acquisition of Sun has been approved by the European Commission , what's next? That is, what does this merger mean for government technology ...
The world-wide media was full of stories this week regarding the Google situation in China. Articles ranged from the Global Implications of Google's ...
The Federal Communications Commission (FCC) Chairman Julius Genachowski has asked congressional leaders for more time to deliver the much anticipated National Broadband Plan, ...
What's around the corner for 2010? What new invention will be the next iPhone, iPod or blackberry? Are there any hot ...
As we approach a new decade in 2010, my mind instinctively goes back in time and scans the past decade. My thoughts easily jump ...
Wireless Local Area Networks (LANs) have been around for years, but how can state and local governments manage wireless networks efficiently and effectively from an ...
A funny thing happened on my way to work yesterday. Actually, the situation was pretty frustrating, and there were a few lessons learned ...
Are deeper budget cuts coming for struggling state and local governments? After a year filled with tough news regarding furlough days and more belt ...
Technology directors around the nation were watching the weekend news very closely for events regarding online sales on Black Friday (the ...
How do you give thanks at work? One USA Today headline this morning read, "The spirit of the season: Be thankful, spend less." ...
The National Association of State CIOs (NASCIO) has again polled state CIOs to determine what's hot and what's not as we head into&...
Lockheed Martin and thirteen other leading technology providers announced the formation of a new cyber security technology alliance yesterday. The announcement took place ...
The National Association of State Chief Information Officers (NASCIO) released their list of best practices at their annual conference in Austin, Texas last week. ...
The University of Michigan released a report today rating and ranking 104 federal government websites in terms of how well the satisfy citizens. The report is ...
What's the best strategy regarding upgrades to your desktop and netbook operating systems? Should governments move to Windows 7, Linux or wait for Google's ...
This past week we held the annual Michigan Digital Government Summit in Lansing. Our opening keynote was presented by Mark Allen, six ...
It was Saturday morning, October 3, 2009, and I was trying to log into my gmail (Google mail) account about 7:45 AM (EST). After typing in ...
Got any calls lately from vendors who want to share their new cloud computing strategy? I certainly have - and from some unlikely sources. ...
I just returned from a nine day trip to South Africa where I was one of the keynote speakers during&...
EMC continues to lead IBM, Dell and HP in the external disk storage systems market, but worldwide revenue declined by 18.7% from the ...
In a recent interview with Government Computer News (GCN), Federal CIO Vivek Kundra revealed some very interesting perspectives regarding the need to upgrade technology ...
The State Alliance for e-Health, which is sponsored by the National Governor's Association (NGA), has released new guidance which urges states to start planning ...
Do you ever struggle with balancing work and family time? I certainly do. Turning off a Blackberry can be hard - even on vacation. No ...
Every few weeks I visit a few of the federal government technology websites like Government Computer News or Federal Computer Week to see ...
A few times a year I feel the need to rant. This blog entry is one of those times, and the topic is dealing ...
After a revolt over cost, timelines and a host of other difficult issues, the original "Real ID" appears dead. Secretary Napolitano testified ...
As our national and local economies continue to struggle, managing a technology budget is getting increasingly difficult. There are many unknowns as we ...
The race has begun. Across America, state and local governments, private sector infrastructure providers, libraries, universities, non-profit groups, school districts and more are all ...
Over the past few weeks, I've dedicated significant time and energy to learning more about the latest trends in cloud ...
A few months ago we held a one day management offsite which included some inspiring words from the top, a great (but ...
I was sitting in the back of the auditorium inside the Michigan State University's Kellogg Center in East Lansing. The event was the Michigan ...
Are we truly at a significant crossroads in the protection of our Nation's critical infrastructure? More specifically, will the cross-sector cyber infrastructure ...
The nation's first all-digital election was deemed a success by Honolulu's city officials over the weekend. According to the Associated Press: "Some 115,000 voters in Honolulu's ...
There have been quite a few articles about insourcing over the past few months. As expected, this buzz has sparked another debate about ...
To buy or not to buy (more telework capacity) - that is the question during an epidemic. As the H1N1 flu situation evolved rapidly ...
Government Technology Magazine hosted an invitation only CTO Summit for government CIOs and CTOs on April 14-15. This year's focus was "Data ...