Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
Dan Lohrmann joined Security Mentor, Inc. (www.securitymentor.com) in August, 2014, and he currently serves as the Chief Security Officer (CSO) and Chief Strategist for this award-winning training company. Lohrmann is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors.
Daniel J. Lohrmann was Michigan's first Chief Security Officer (CSO) and Deputy Director for Cybersecurity and Infrastructure Protection from October 2011 to August 2014. Lohrmann led Michigan's development and implementation of a comprehensive security strategy for all of the state’s resources and infrastructure. His organization provided Michigan with a single entity charged with the oversight of risk management and security issues associated with Michigan assets, property, systems and networks.
Under Lohrmann’s leadership, Michigan was recognized as a global leader in cyberdefense for government - winning numerous professional awards for outstanding accomplishments. The Michigan Cyber Initiative, Michigan Cyber Range, Michigan Cyber Disruption Response Strategy, Michigan Cyber Civilian Corps, new 7x24 Security Operations Center (SOC), reinvention of end user cyber awareness training, new cybersecurity portal and Cyber Summit Conference Series were just a few of the initiatives achieved in under three years.
Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security (DHS), the White House, Federal Bureau of Investigation (FBI), numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks.
Lohrmann is also a globally recognized author and blogger on technology and security topics. His keynote speeches have been heard at worldwide events, such as GovTech in South Africa, IDC Security Roadshow in Moscow, SecureWorld Expo events nationwide and the RSA Conference in San Francisco.
He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine.
For more than a decade, Lohrmann served as a trusted advisor for the National Association of State Chief Information Officers (NASCIO), the Multi-State Information Sharing & Analysis Center (MS-ISAC). He also served as an adviser on TechAmerica's Cloud Commission, and a co-chair on several National Governor’s Association (NGA) committees to enhance cybersecurity. Lohrmann was also the chairman of the board for 2008-2009 and past president (2006-2007) of the Michigan InfraGard Member's Alliance. He currently serves on the Michigan InfraGard Executive Board.
Dan represented NASCIO on the U.S. Department of Homeland Security’s IT Government Coordinating Council from 2006-2014. In this capacity, he assisted in the writing and editing of the National Infrastructure Protection Plans (NIPPs), sector specific plans, Cybersecurity Framework and other federal cyber documents.
From January 2009 until October 2011, Lohrmann served as Michigan's Chief Technology Officer and Director of Infrastructure Services Administration. He led more than 750 technology staff and contractors in administering functions, such as technical architecture, project management, data center operations, systems integration, customer service (call) center support, PC and server administration, office automation and field services support.
Under Lohrmann’s leadership, Michigan established the award-winning Mi-Cloud data storage and hosting service, and his infrastructure team was recognized by NASCIO for best practices and for leading state and local governments in effective technology service delivery in datacenter consolidation, WiFi and mobile deployments.
Earlier in his career, Lohrmann served as Michigan’s first Chief Information Security Officer (CISO), and the first enterprise-wide government CISO in the USA, from May 2002 until January 2009. He directed Michigan's award-winning Office of Enterprise Security for almost seven years.
Lohrmann's first book, Virtual Integrity: Faithfully Navigating the Brave New Web, was published in November 2008 by Brazos Press, Baker Publishing Group. His second book, BYOD for You: The Guide to Bring Your Own Device to Work, was published in Kindle format in April 2013. He also wrote chapter 8 on "CIO as Protector: Our Cybersecurity Imperative," for the 2011 Public Technology Institute book, CIO Leadership for State Governments: Emerging Trends and Practices.
Prior to becoming Michigan's CISO, Lohrmann served as the Senior Technology Executive for e-Michigan, where he published an award-winning academic paper titled: The Michigan.gov Story — Reinventing State Government Online. He also served as director of IT and CIO for the Michigan Department of Management and Budget in the late 1990s.
Lohrmann has more than 28 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility.
Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College.
He has been featured in numerous daily newspapers, radio programs, TV news, CSPAN and global media from as far away as Australia. Lohrmann writes a regular column for Public CIO magazine on cybersecurity. He's published articles on security, technology management, cross-boundary integration, building e-government applications, cloud computing, virtualization, securing portals and The Internet of Things.
He holds a master’s degree in computer science from Johns Hopkins University in Baltimore and a bachelor’s degree in computer science from Valparaiso University in Indiana.
NOTE: The postings on this blog are Dan Lohrmann's own views. The opinions expressed do not necessarily represent Security Mentor’s official positions.
Sample of Lohrmann Individual and Team Awards:
You’ve probably heard the phrase “innovate or die.” But not everyone got the memo. So how does innovation really work in practical terms at the office? Regardless of whether you tend to be an innovator or protector, here are seven ways to help your business and career.
As the government pay gap grows larger with the private sector, where will the next generation of government cybersecurity leadership come from? What's the best background to enable success? Who should consider government cybersecurity roles? The public and private sectors are battling a growing list of global cyberthreats. With more data breaches, cyberattacks targeting critical infrastructure and new Internet of Things vulnerabilities, the competition for competent cybersecurity increases.
The rise in ransomware has taken a dramatic turn for the worse in 2016. Several hospitals recently declared states of emergency. Meanwhile, thousands of global businesses and consumers are now becoming victims of hacking attacks leading to extortion. This very serious situation requires the immediate attention of everyone from PC owners to small businesses to the large governments. Here’s the problem and what actions you must take now to protect yourself.
We’re in mid-March, which means the NCAA College Basketball Tournament is in full swing. But there is more than one way to bust your March Madness bracket, and cybercrooks are also working overtime to grab a piece of the cash. Here’s how (and why) major sporting events are top targets for global hackers.
This is a tale of two studies. The first report from the Governing Institute was sponsored by the National Cyber Security Alliance (NCSA) and AT&T, and covers the intriguing results of a state government legislative survey on cyber. The second reports offers a “Data Breach Digest” from Verizon which elaborates on 18 different data breach scenarios worth considering. Both reports are free and bring excellent recommendations and worthwhile opportunities.
As I flew back to Michigan after another RSA Conference this week, I thought about the highlights, takeaways and major themes in the security industry right now. At the same time, I couldn’t help but look back and reflect on the past several RSA Conferences in San Francisco on a personal level. Bottom line: These RSA Conferences tell quite a bit about where we have been and where are we heading in cyberspace — on both a personal and industry level.
Everybody loves their smartphone, with global adoption soaring and new helpful apps popping up daily. Faster speeds, new models and plenty of competition to lower prices make your mobile device the center of technology innovation. But is there an ‘Achilles Heel’ to watch out for? The answer is yes — and here’s what you can do to help protect yourself.
Scott Schober is small business owner who tells intriguing stories about how his company was hacked — and what happened next. This easy-to-read book is a good primer on the importance of online security for business owners, but it also shows how easily identity theft can happen to anyone, even a cybersecurity expert. Best of all, this book offers practical security advice with helpful steps that we all can follow to secure our corner of cyberspace.
With the exponential growth in data breaches over the past few years, the concept of ‘hacking back’ is growing in popularity. Proponents ask: If I can use a gun for self-defense in my home, why can’t I similarly ‘hack back’ against attackers who invade my cyberspace? Let’s examine that premise from different perspectives.
An exclusive interview with Dr. Phyllis Schneck, deputy under secretary for Cybersecurity and Communications for the National Protection and Programs Directorate within the U.S. Department of Homeland Security.
The 2016 edition of the Consumer Electronics Show (CES) just wrapped-up as the North American International Auto Show sprang into full swing. So what do they tell us about the state of cybersecurity for the exploding Internet of Things (IoT) market?
You are next in line on your organization's depth chart. For a long time, you just wait in the wings for your opportunity to lead. For years, you watch, and learn, and practice, and occasionally get a few opportunities to show what you can do. And then, you get promoted. New management elevates you to #1. But can you succeed? You make a lot of early mistakes. Critics outnumber supporters. Nevertheless, you overcome and excel. How? There are important career lessons to learn from Kirk Cousins
What were the most popular ‘Lohrmann on Cybersecurity and Infrastructure’ blogs written in 2015? Viewer metrics are in, and they tell an interesting story. Here are the results, along with some intriguing trends and links to the top content.
More security predictions than ever before. As I examined hundreds of expert forecasts for 2016 and beyond, with cyber trends and predicted technology events from top companies, it is hard to be optimistic about our online situation. And yet, the combined predictions tell us an important story about online life. So where is cyberspace heading? What surprises await us? Here's your annual one-stop roundup of what security experts are telling us will happen next.
The FirstNet Board approved the release of an RFP to build, operate and deploy a nationwide public safety broadband network this week. Meanwhile, the Department of Homeland Security Science and Technology Directorate named 10 people to a new Interoperability Advisory Panel. So are next-generation interoperable communications for nationwide first-responders finally getting close?
What is the current situation regarding cybersecurity in Latin America? To answer this question, I turned to Mr. Carter Schoenberg, who is a respected industry security expert who recently started a cybersecurity company in Panama. Here’s the informative interview.
The holiday season has arrived and so have the opportunities for Internet deals, sending and receiving holiday cards and many more online activities. Nevertheless, with the good comes the bad – as phishing scams, one-time bargains that are too good to be true and other cyber traps can lead to major headaches. Here are five common online mistakes to avoid as we head towards another New Year’s Eve.
The recent round of global terrorist attacks have reignited the homeland security versus personal privacy debate. Law enforcement officials point to the apparent use of encryption by ISIS terrorists as proof that encrypted communications need “back doors” to protect the public. But many security experts disagree. So what is the future for encrypted communication as we head into 2016?
Advanced cyberthreats, zero-day exploits, sophisticated malware, ransomware and more. These are just a few of the daily challenges that enterprises face as they try to protect their network endpoints each and every day. How can it be done? Enter next-generation endpoint security products and services. Here’s an overview.
Emerging cyberthreats are a hot topic at cybersecurity summits, in executive boardrooms and remain a top priority with back-office security teams. Here's what you need to know about where we've been, where we are and where online security threats are going.
From smart drones to smart homes to smart cars that drive themselves, the world is dramatically changing all around us. So are governments ready to take advantage of these new innovative opportunities emerging within the Internet of Things (IoT)? Or, as almost everything gets connected to the Internet, could these newly connected devices become “Trojan Horses” that inadvertently bring the next generation of data breaches? What’s being done globally in the public sector with IoT right now?
The National Association of State Chief Information Officers (NASCIO) held its annual conference in Salt Lake City, Utah, this past week. So what were the highlights? From the Internet of Things (IoT) to cloud computing to data center consolidation, which projects, technologies and issues rose to the top of the agenda? Most important, what’s on the minds of government CIOs, and what projects are they actually implementing as we move into 2016?
It is October, so National Cybersecurity Awareness Month (NCAM) is front and center from sea to shining sea. But attention on information security, along with events and helpful publications, have evolved over the years. It’s time to take another look at the new resources along with helpful tools and relationships that can last long after your Halloween candy runs out.
North Carolina Gov. Pat McCrory just established the new Department of Information Technology as the single source of accountability and authority over state government technology projects. State CIO Chris Estes will lead the consolidation effort, along with executive support from his leadership team, including Chief Information Risk Officer Maria Thompson. So who are these leaders? What are their plans and priorities? Where are they heading regarding information security? These are just a few of the questions answered in this exclusive interview.
A new 'understanding' on cybersecurity was announced this past week during Chinese President Xi Jinping's formal state visit. But while this agreement certainly offers a positive step forward for security in cyberspace, many questions remain unanswered.
Elected officials often fail to prioritize cybersecurity until after a data breach when it's too late. So what are the important security issues and actions that are needed by state and local elected officials right now? A new guide by Governing magazine and CGI was just released to answer that question.
On the 14th anniversary of 9/11/01, there are plenty of reasons to be thankful regarding public safety in America. And yet, there is also a growing list of cyberthreats that are grabbing news headlines almost daily. To help understand where we are today and where we are going regarding federal government cybersecurity initiatives, I interviewed Dr. Andy Ozment, the U.S. Department of Homeland Security assistant secretary, who is the new point person for the National Cybersecurity and Communications Integration Center.
Lockheed Martin recently released new open source tools to help defend enterprises from cyberattacks. The system, called Laika BOSS, offers a malware detection and analysis framework for security analysts to share intelligence with other cyber defenders worldwide. Here's my interview with leading cyberexperts who are offering cutting-edge insights and workable solutions to emerging battles in cyberspace.
Phishing and spear-phishing are growing problems. The clever enticements to click are getting more sophisticated and more targeted than ever. The data breach costs are mounting. What can your organization do to take phishing awareness and response to the next level?
Many government technology leaders are struggling. From national headlines to local audit findings, the majority of the news has not been good. Meanwhile, public trust in government as a whole is near historic lows. What can be done? Is it time for reinvention? Back to the drawing board? If so, there is a lot to learn from the journey and actions of Tim Tebow.
The technology and security industries are struggling to keep up with an ever-growing list of problems and cyberattack vectors. There has been a consistent call for new solutions to address evolving cyberspace challenges. One popular answer: New innovative startup companies to help. In order to accelerate these companies, the 'Security Startup Challenge' was formed earlier this year by Kaspersky Lab and several partners. And now, we have the winners.
A new survey of top IT executives reconfirms the findings from other recent cybersecurity studies regarding the online defense at utilities and other vitally important public- and private-sector organizations. The report outlines what is good and what needs improvement in our online defense of critical infrastructure facilities.
A series of recent news headlines reveal cybersecurity experts, who were being paid to defend networks, battle malware and fight cybercrime, were actually black hat hackers. What happened and what can be done to address this growing trend? Is your enterprise prepared?
How well do you know your IT infrastructure? Who is communicating with whom across your network backbone? What systems are bandwidth starved? With legacy systems, PII data, hundreds of networks, complicated databases, hybrid clouds, data warehouses, countless mobile devices and outsourced functions needing 7x24 access, how do you determine what's truly secure? As we prepare for the new Internet of Things (IoT) era, here are some questions that need answers now.
On July 8, 2015, a string of major computer outages occurred at approximately the same time - grabbing global media attention. Significant operational disruptions occurred as a result of computer incidents at the New York Stock Exchange (NYSE), the Wall Street Journal (WSJ) and United Airlines. The nation briefly 'woke-up' to our reliance on technology and got a small taste of the fear that may come if a cyberattack cripples critical infrastructure. What lessons can we learn from these incidents? How can public and private-sector enterprises better prepare for more inevitable disruptions?
Network failures. Colossal data breaches. Global online privacy problems. The bad news reignites debate. Do Internet troubles necessitate a new start? Is it time to push the 'reset' button? But others say that cyberspace is improving and will go much further -- even solving a long list of historic problems. One thing is indisputable: The Internet is changing rapidly before our eyes.
A recent article in The New York Times describes a highly coordinated disinformation campaign using social media. This scary development raises new questions about the reliability of alerts and other emergency communications that rely on social media platforms. Will disinformation campaigns become a growing trend that will undermine recent advances in spreading important information during emergencies?
Data breaches are becoming much more common. Most states have laws mandating the public disclosure of data breaches where personally identifiable information (PII) is at risk. Cyberinsurance policies even cover data breach costs. However, not all data breaches are the same. We need a data breach scale. Here's why...
We are continuing the series of interviews with top CIOs and CISOs from around the nation regarding the best state and local government cybersecurity strategies. This week, we turn toward the Buckeye State to learn from two respected executive leaders. At a time when the federal government is reeling from a major OPM data breach, this security discussion has never been more important.
Alan B. Trabue worked for the CIA for over 38 years, and he has hundreds of true stories to tell about domestic and foreign agents and lies and spies. He has just published an amazing book that tells about his career as a covert operations polygraph interrogator with exciting travels all over the world. For anyone who is interested in polygraph exams or for those who are intrigued by the complexities of intelligence operations around the world, you must read this book. Here is a brief book preview and an interview with the author of 'A Life of Lies and Spies.'
Will Pelgrin started the MS-ISAC more than a decade ago, and he is a leading voice in government cyberdefense. Tomorrow is his last day with the Center for Internet Security, and I caught up with him and new CEO Jane Lute to discuss the past, the present and the future of global cybersecurity -- especially within governments.
Everyone is talking about smart cities. And yet, new public- and private-sector questions are emerging as more organizations engage with this global technology megatrend. So how can you take these opportunities to the next level? Who are the leaders within this hot Internet of Things (IoT) category? Which academic studies and white papers offer best practices and the most helpful resources to take your region to the next level? What cyber-risks are emerging? Here are answers and resources to consider.
Industry experts disagree on whether the Islamic State’s ability to mount a dangerous cyberattack is a top concern or an emerging online threat or completely overblown. But one thing is not in doubt, ISIS is making news headlines in 2015 for their exploits in cyberspace. In my view, ISIS is an emerging online threat to keep a close watch on. Here’s why.
I traveled to the United Arab Emirates (UAE) this past week to present the opening keynote at the Gulf Information Security Expo & Conference (GISEC 2015) in Dubai. The event offered a refreshing mix of leading global voices on security and technology topics. But most surprising, the Gulf region's public and private sector executive leaders who presented, the companies exhibiting and the amazing city as a whole offered attendees a different perspective and a positive model for the current cybersecurity and technology infrastructure challenges in the Middle East and the world as a whole.
Are you having trouble getting the needed resources for your cybersecurity program or key projects in government? Is staffing, funding or gaining executive support not adequate to get the job done right? Do you want to strengthen your influence and trust with management? While there are no easy answers, these ideas may help.
Just as many government organizations wrap up enterprise XP migrations a year after initially planned, it's time to start ramping up another major infrastructure effort. Microsoft Windows 10 will be arriving this summer. What new features are coming and is it time to prepare your strategic upgrade plan?
On Friday, March 20, 2015, CyberOU, the student cybersecurity club at Oakland University, held its second annual Cyber Summit in Michigan. Here's why CyberOU is a student-run organization for others around the world to emulate.
We are continuing a series of educational interviews with state and local government technology and security leaders around the nation. This week we visit an intriguing local government in the Pacific Northwest part of the country to learn more about its overall mission and how it keeps customer data safe.
By a 3-to-2 vote along party lines, the Federal Communications Commission (FCC) passed new rules on Net neutrality last week. The rules establish the Internet as a utility, but court battles loom before the FCC actions can take effect. Here's what happened, a summary of the news coverage, what it all means, reaction from different sources and what is likely to happen next.
'States Leading on Cybersecurity' was the name of session at National Governors Association (NGA) Annual Winter Meeting on Sunday. Homeland Security Secretary Jeh Johnson addressed looming DHS shutdown impacts as well as federal / state opportunities to work together to share cyberthreats and other critical information across the public and private sectors.
Unique Indiana state government partnership with Purdue University will also utilize private-sector expertise to defend state networks from next-generation cyberattacks. This breaking news demonstrates that cyberdefense is a top priority for Indiana Gov. Mike Pence.
Governments around the globe are rushing to prepare for computer-generated threats that can cause real-world calamity to our way of life. And while opinions vary on the likelihood of human error causing a major crisis or hostile cyberthreats causing severe societal disruptions, few argue against being prepared. So how are leading governments getting ready for inevitable cyber emergencies?
This should be the year that significant bipartisan progress is made on cybersecurity legislation, with new laws set to pass on issues ranging from data breach notification to sharing sensitive cyber intelligence between the public and private sectors. In fact, since President Obama and Republican congressional leaders can't agree on much else, cybersecurity action is moving to center stage.
The International Consumer Electronics Show (CES) in Las Vegas drew huge crowds again this year, with audiences seeing, touching and enjoying the hottest new gadgets and technology. From cars that drive you to drones that are smart to 4K high-definition TVs, it was all there. But the biggest story of all, may be the virtual reality (VR) revolution. VR tools and devices will transform 21st century IT infrastructure.
As we begin 2015, what do your customers really need from you? What is your government technology infrastructure plan of action for the coming year? Here are seven must-have strategies for enterprises to enable long-lasting innovation.
Predictions are everywhere. Most security companies now make them. As I examined 2015 lists and checked them twice, everyone is saying that our online situation will get worse. But how much worse? What surprises await us? Here's what technology experts are saying - along with my naughty and nice labels.
Cybersecurity stories were more popular than ever in 2014, with the word 'cyber' showing up in front of topics ranging from security to shopping scams to global online attacks. But no matter how we rename, reclassify or reanalyze the data in cyberspace, it is clear that the dollars spent, problems encountered and attention given cyber has virtually doubled in 2014.
The North American International Cyber Summit was held in Detroit's Cobo Hall on Nov. 16-17, 2014, and Michigan Gov. Rick Snyder unveiled an updated 'Michigan Cyber Initiative 2015.' Here are the details on the event and the new cyber plan that's a model for the nation.
Once every four years, most state and local governments go through a multi-month period of major upheaval. Regardless of which political party wins in the November midterm elections, major executive turnover usually occurs at the highest levels of government. This fall and winter is one of those times. How can you prepare?
Cybersecurity protections in Wisconsin government took another step forward last week with an impressive cyber summit that included Gov. Scott Walker, Maj. Gen. Don Dunbar (the adjutant general in Wisconsin) and security leaders from around the nation and the world.
The 11th annual National Cyber Security Awareness Month kicked off on Oct. 1, with perhaps the biggest set of activities ever planned. But on day two of the festivities, a huge JPMorgan Chase security breach stole the headlines.
There were two very different events this past week in Michigan, but both offered similar messages. The Intelligent Transport System (ITS) World Congress and the Michigan Digital Summit pointed to the radical transformation occurring right now in transportation. There is a paradigm shift occurring using smart transportation systems and mobile technology that enables 'realistic solutions to our global mobility, safety, and environmental challenges.'
Whether the topic is modernizing health care, attracting retaining the right talent, the role(s) of the Chief Data Officer (or the new Chief Digital Officer), the value of big data or even securing enterprises from insider threats, the answer entails culture change. So how do we begin?
Just as mobile technology and cloud computing became a normal part of our lives, along comes the next set of disruptive innovations that will radically change the way we work and play. Get ready for robots to appear in virtually every area of life. But just as with the Internet, there will also be a dark side.
It's time to get in the game. Just as in the 1984 movie 'The Last Starfighter,' being the best at a game could lead to a future that exceeds your wildest imagination. The British Intelligence equivalent to NSA is offering a challenge to play a game, with a great cyber job as the prize for winners.
More cyberdefense action is needed, but many people seem content to hit the snooze button for now. Meanwhile, Black Hat speakers offer some policy advice to help, while smart Americans change passwords - again.
August 1, 2014, was my last full day as Michigan Government's Chief Security Officer (CSO). As I look back at seventeen years of action-packed public service, I will remember the wonderful people who made it all possible and who served (and continue to serve) our citizens so well.
The Michigan Cyber Civilian Corps, state and local government cyber analysts and the West Michigan Cyber Security Consortium participated in an attack-defend-respond tabletop exercise in a virtual city called Alphaville, which exists within the Michigan Cyber Range. Here's why it matters to a town near you.
What do we really do with all that data we collect in government? The answer must be to improve customer service and provide a radical transformation in the way governments interact with residents. Anything less will bring big problems. Here's why.
Ms. Teresa M. (Teri) Takai, who is the CIO for the United States Department of Defense (DoD), has been an exceptional leader in government for more than a decade. She served as state government CIO in both Michigan and California before joining DoD as CIO in 2010. Ms. Takai was appointed to the FirstNet Board of Directors in August 2012.
The news media this week was full of articles describing the U.S. government's role in gathering, mining and analyzing big data from nine leading U.S. Internet companies in order to stop terrorism. Where is this capability going?
For those who worry that individual privacy rights and personal freedoms are already being eroded by the Internet and new technology hold on to your virtual safety belts. Many experts are predicting almost everything will be recorded in public in the near future with wearable tech, whether you like it or not.
There has been a lot of discussion over the past week about Twitter and the power of social media following the breach of the Associated Press (AP) Twitter feed last Tuesday. Bottom line, each of us still needs to decide: Can I trust that tweet?
Recently, my family was discussing lesser known facts about our first President, George Washington. The intriguing conversation centered on George Washingtons 110 Rules of Civility & Decent Behavior in Company and Conversation. How can we apply these rules to online decency today?
Yesterday, I was given the opportunity to speak on a panel at the National Governors Association (NGA) Winter meeting in Washington. Here is a transcript of my opening remarks which offer seven actions for Governors to take on cybersecurity.
The European Network and Information Security Agency (ENISA), which is a part of the European Union (EU), recently issued a report that describes the current global cyber threat landscape - including infrastructure.
Over the past week, Ive been surfing the Net looking for blogs and articles that both recap online security trends from the past year as well as offer new cybersecurity predictions for the coming year. Heres a summary of what Ive seen thats memorable so far.
Ever since the Western States Contracting Alliance (WSCA) was formed in the October 1993 by the state purchasing directors from fifteen states, governments have been saving millions of dollars through cooperative purchasing.
Everyone is talking about the General David Petraeus scandal. But what I find most intriguing are the articles, blogs and opinions analyzing what all of this means for the rest of us who use technology with a special emphasis on redoubling efforts to protect email privacy. So here is my best advice.
Albert Einstein once said, "If I had one hour to save the world, I would spend 55 minutes defining the problem and only five minutes finding the solution." So how can we even begin to define cyberspace and take baby steps towards enabling the good and disabling the bad?
I had the opportunity to travel to Springfield, Illinois, during this past week to speak at the Illinois Cyber Security Forum. This blog offers some of the highlights, random thoughts and what I lessons learned during the trip.
I noticed ads showing up all over the place asking me to come back to their websites. Whether I was checking baseball scores at ESPN, doing a Google maps search for driving directions or researching a cybersecurity article at various tech websites, the computer browser was beckoning me to return and buy plane tickets, with targeted ads asking me questions. Will governments be next to use targeted ads online?
One of the hot topics at the MS-ISAC Annual Meeting and GFIRST in Atlanta this week was the recent Wired article by Mat Honan entitled: 'How Apple and Amazon Security Flaws Led to My Epic Hacking.'
I'm at the Multi-State Information Sharing & Analysis Center (MS-ISAC) Annual Meeting in Atlanta, where the state and local government Chief Security Officers (CSOs), Chief Information Security Officers (CISOs) and many of their top team members have gathered for three days.
Back in late June, I wrote about connectivity options while traveling during my vacation in Ocean City, Maryland. The blog was entitled: Vacation WiFi: What Networks Can We Trust? Now, thanks to some emails from an online friend who wishes to remain anonymous, I can offer Part 2 of this story.
For security pros preparing for this massive undertaking, the unflattering headlines pretty much summed up ongoing security problems. But while gold may be out of reach, the security teams can still go for the silver lining.
e-Discovery, information management and the legal aspects associated with enterprise data are hot topics for technology leaders to address with their business customers. But what information governance strategies are legally defensible? What compliance approaches work best in the long run? How can enterprises reduce risk when they save or delete data?
Over the past few weeks, global news outlets have been warning users about Malware Monday and the pending Internet shutdown on July 9, 2012, for computers still infected with the DNSChanger malware. While the issue is certainly real, this blogger believes many headlines were (and still are) too alarmist. Can we learn anything from this?
I was recently on vacation with my family in Ocean City, Maryland. As I powered up my iPad from our fifth floor condo on 136th Street, more than a half dozen wireless networks popped up. I asked myself: Can I use (or trust) any of these? Are they free? Is it worth the risk, if they are?
What's appropriate and what's not regarding the use of social networks? Beyond formal codes of conduct at work, what behaviors and attitudes will likely lead to trouble? What tips can we share from those who have gone before us and learned about the good, the bad and the ugly? What good habits enable a positive experience in the long run? And, what are some examples of social media technology being used in destructive ways that undermine relationships?
A new era began this weekend in cyberspace. Starting with the New York Times article dated June 1, 2012, which proclaimed: Obama Order Sped Up Wave of CyberAttacks Against Iran, the global discourse regarding cyber attacks has now shifted.
Ever since I read Megatrends in 1988, Ive been fascinated by predictions about how technology will alter our daily lives in the near-future. One area that is evolving quickly is our shopping experiences both online and offline.
Over the past few weeks, there have been several high-profile breaches announced involving state government systems - one in South Carolina and one in Utah. My first reaction was to think: There but for the grace of God go we.
Several hundred people had gathered for a second morning to hear the results and ask questions regarding the recently completed Gartner study, which covered all aspects of Michigan Governments Information, Communications and Technology (ICT).
Shaun Henry, the FBIs top cyber cop and executive assistant director responsible for cyber, told the Wall Street Journal (WSJ) that we're not winning and that the current approaches being used by the public and private sectors are: "Unsustainable. Computer criminals are simply too good and defensive measures too weak to stop them."
Internet privacy has long been a hot-button issue. Central questions are being asked about who owns what data, how that data can be used by various companies to target individuals in marketing and whether users can opt-in or opt-out of various data-sharing approaches. Just as in other areas of life in America in 2012, these questions are often end up being settled in the courts.
Will new cybersecurity legislation pass in 2012? If yes, what will be included, what will be left out and which agencies or organizations will be in charge of various information sharing and monitoring roles? These are hot questions in DC right now.
But where do hackers live and spend their time? Beyond Black Hat Conferences around the world, where do hackers congregate online? As security pros scan the world-wide-web for the good, the bad and the ugly, we come across information, tools and methods that the majority of people dont know exist.
FUD is a complicated topic. FUD can be your friend or your worst enemy. It can light a fire under cyber initiatives, or end a career. It can influence decisions in the middle of a crisis. Regardless of the story, FUD is important to master and thats not just hype.
It's that time of year when my email in-box starts filling up with invitations to events surrounding the RSA conference in San Francisco. Nevertheless, some of my best experiences have been at security and technology conferences near home.
Major technology vendors announced the formation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) system today. This new email authentication framework should reduce the number of phishing scams that try to trick users into thinking emails are from someone else.
This is turning into a wild week for headline-grabbing cyber activity. Immediately following Internet protests of proposed new legislation to crack down on Internet piracy, the Department of Justice (DOJ) moved quickly to shut down one of the most popular websites known for illegal downloads called Magaupload.
A highly sophisticated malware network called "Shnakule" has recently been singled out as increasingly dangerous. Many security firms are rapidly reacting and even changing their views on cyber crime operations as a result of new information.
But one of my children said, "Why don't you write something fun for all those people who have to work between now and New Years Eve. How about some computer jokes, funny security stories or a list of your top 5 or 10 geek/nerd or security T-shirts?"
A new cybersecurity bill was introduced by members of the House Homeland Security Committee on Thursday, December 15, 2011. Named the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PrECISE Act), the proposal would establish a federal overseer as a quasi-government agency which would coordinate information sharing between the private and public sector.
Despite his weaknesses, Tebow is winning over the hearts and minds in America. We love our underdogs, because most of us have our failings and weaknesses too. Our lives are full of the critics,... We just dont see our mistakes paraded around as publically or as often as Tim Tebow.
The Duqu Trojan, which is also known as son of Stuxnet, was discovered just two months ago and is getting headlines for the sense of humor that its creators have revealed in the code. According to Kaspersky Lab, the hacker group behind the Duqu Trojan may have been working on the code for more than four years.
Mark Weatherford has been named as the new deputy undersecretary for cybersecurity at the Department of Homeland Security (DHS). Mark is a thoughtful executive who has both military service and hands-on experience dealing with every aspect of our cyber ecosystem. I am confident that he is the right person for this job as we head into 2012.
Governor Snyder quickly raised the bar: "If people walk away tomorrow saying that we had a nice conference with good speakers, we will have failed. We need everyone walking away saying that it is time to act now on cyber whatever their role."
As reported by Government Technology Magazine last week, Michigan is merging physical and cyber security. I will be moving to the newly created role of Michigan Chief Security Officer (CSO) in October. The reaction from my friends and colleagues from around the country has been all over the map ranging from Great move to Are you really ok with this?
Where did you first learn what it means to out-hustle the competition? How did you develop that strong will to win? When was the first time you worked hard with teammates to accomplish a goal? For many readers, the answer is likely to be playing sports.
Hurricanes are notorious for disabling technology by cutting off electricity. In some cases, the threat of coming storms can overwhelm our phone systems and websites. But technology is also being used in new ways to prepare for and clean up after natural disasters, like hurricane Irene.
Going Back to the Future may no longer be just for the movies. The intelligence community has launched a new project which attempts to predict what will happen next by using crowdsourcing techniques.
Youre never as good as you look when you're winning, and never as bad as you look when you're losing. I think that adage applies beyond sports to many aspects of life and business including the management of computer operations connected to the global Internet in 2011.
How important is social networking to leading companies right now? Very important. In some cases, it may even be the most important priority. Its time for state and local government agencies to reexamine these social networking trends and build new strategies to engage partners with social media.
As state leaders gather in Washington, D.C., this weekend for the 2011 National Governors Association (NGA) Winter Meeting, one topic on the agenda is cyber-security. Experts in the field will be addressing questions like: What threats in cyber-space do we now face? What are the potential ramifications of these cyber-threats? What steps can governments take now?
A quiet, but dramatic, change is well under way in rural America. Over the next two years, Broadband Internet access will become available to many parts of the United States that have been struggling with only dial-up connectivity up until now
The US Office of Management & Budget (OMB) will be implementing fundamental changes that entail structural changes in how programs are funded, staffed and managed. The plans call for a cloud-first policy which boosts the use of government cloud computing for new systems.
There are many ramifications from the state and local government election results this week, such as this article which highlights new Governors to bring big turnover of State CIOs. So what should current (or prospective) government technology professionals be doing now to prepare for 2011?