I'm at the NASCIO Annual Conference in Miami this week, and there is record attendance.
The opening keynote by best-selling author Don Yaeger was inspiring and funny. He told a series of stories from playing one-on-one basketball with Michael Jordan to being mentored by the great basketball coach John Wooden. His major focus was the characteristics of greatness, and here are a few of his 16 points:
Point 1 - It's personal. They hate to lose more than they love to win.
Point 2 - They understand the value of association. You'll never outperform your inner circle. (Who do you spend your time with that pushes you?) Mr. Yaeger told several great stories about Bill Walton being pushed by Swen Nater in practice more than anyone else during the real games.
Point 3 - Greatness is measured by your heart. "You cannot live a perfect day without doing something for someone who cannot repay you." (By John Wooden)
The "secret sauce" that set this opening apart was the emotional story behind every point made - especially the Warrick Dunn stories. Mr. Yaeger emphasized that we each can choose to get bitter or better when we face adversity, and Warrick Dunn chose to get better despite setbacks.
After the opening, I attended a breakout session - Cybersecurity: Emerging Threats, Evolving Roles. The speakers were David Taylor, Florida CIO; Will Pelgrin, president and CEO of the Multi-State Information Sharing and Analysis Center (MS-ISAC); Srini Subramanian, security lead for Deloitte, and Randy Vickers, director of the U.S. Computer Emergency Readiness Team (US CERT).
The panel discussed emerging threats, and Randy started by saying the traditional threats, such as phishing, malware, insider threats and external hackers, are getting much more sophisticated. The best medicine is information sharing and partnering through the GFIRST portal and MS-ISAC.
Mr. Vickers also urged the audience to sell cybersecurity better with new ROI reports and discussions on what's at stake for reputations in states. This will lead to implementation of more best practices.
Will Pelgrin emphasized the speed of change in cybersecurity. He pointed out five areas of concern, including: end of life software, not patching old devices, new technologies such as smart phones, human behavior challenges and new forms of attacks for external bad guys.
Srini Subramanian discussed the need for enterprise privacy officers in states as he discussed the recent Deloitte Survey of States. He quoted one response which described their cybersecurity challenges as being, "an over-the-top suspense movie" that few would believe.
David Taylor said that CISOs obviously need more resources around the country, and he asked Randy if the federal CISO model and/or FISMA was the answer.Randy responded by saying that FISMA had its problems and the federal space still was not best practice. Still, FISMA 2010 was much better.
Will emphasized the importance of collaboration and reporting, and suggested that more command and control was not the answer. He encouraged an approach to win over agencies and gain respect by actions. He did say that some policies must be mandatory - but encouraged giving 18 months to implement them.
Randy basically agreed, but he also responded by saying that we all need "sticks and carrots." He said, "CISOs must have the authority to protect networks from attack."
David Taylor stated that security policies in Florida have the effect of law, and Florida has taken an approach to partner with auditors and assessors to certify systems statewide. Srini added that 80% of states have a good plan, but the implementation of security programs were struggling. In addition, 90% want a singular approach similar to FISMA.
A discussion on scorecards and grading cybersecurity offered a mixed view - with several panelists stating that scorecards offer a good "snapshot of the past." Will suggested that states pick an approach and go with it.
The panel wrapped up with a refocus on shared services within cybersecurity. Randy emphasized the need to work together across state/local/federal boundaries. Cyberstorm III was an example of a good activity to gauge readiness and overall progress.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.