But a few weeks ago I saw more news about GCA that grabbed my attention and interest. Philip (Phil) Reitinger was named as GCA’s first president and CEO. I have known Phil for many years and have always been impressed with his knowledge, experience, leadership actions and thought-leading work. One example is this important 2011 white paper on: Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action.
Reitinger is well-known for his influential years of service as deputy under secretary of the National Protection and Programs Directorate and director of the National Cybersecurity Center at the United States Department of Homeland Security (DHS). Prior to serving at DHS, Reitinger was an executive with Microsoft with the title of Chief Trustworthy Infrastructure Strategist.
While I was learning more about GCA, I came across the fact that Will Pelgrin is one of the co-founders and the current chair of GCA. Will is well-known to “Lohrmann on Cybersecurity” blog readers. I interviewed Will last May as he was stepping down from his role with the Center for Internet Security (CIS) and the Multi-State Information Sharing & Analysis Center (MS-ISAC). I encourage you to read that interview to learn more about Will’s outstanding professional career and accomplishments.
Which leads me to this exclusive interview with Phil Reitinger and Will Pelgrin on the details behind GCA’s mission, activities and plans. Enjoy.
Interview with William Pelgrin: Co-founder of the Global Cyber Alliance (GCA)
Dan Lohrmann: Will — thank you for your continued leadership!
Will Pelgrin, chair of GCA: Thank you for the compliment. It was working with incredibly passionate cyberprofessionals, such as yourself, that makes this an amazing team effort. It is a true pleasure to be your friend and colleague.
Dan: The last time I interviewed you, you were stepping down as the president and CEO of the Center for Internet Security. What have you been working on over the past year?
Will: Over the last year, I have been working with the District Attorney for New York County, Cyrus Vance Jr., the London Commissioner of Police and my former organization the Center for Internet Security, on an effort to help improve the global cybersecurity posture in a substantial way. The effort is known as the Global Cyber Alliance (GCA). GCA is a unique, cross-sector, transnational, not-for-profit organization dedicated to eradicating cyber-risk and improving the safety and security of our connected world.
GCA will work across the globe in collaboration and cooperation with world leaders and global organizations and governments in a common approach to improve cybersecurity. GCA is focused on the top cyber-risks and not on individual cyberthreats. It is first and foremost a solutions farm — an action-oriented community initiative to tackle the risks and measure our outcomes.
The concept is simple — to treat cyber-risks as a global epidemic by confronting the top risks with the mission of implementing solutions to improve our connected online world. I realize that the execution will not necessarily be simple but I truly believe that collectively we can make a significant positive impact.
We are fortunate to have received an angel investment by the District Attorney Cyrus Vance Jr., to provide the initial capital for GCA to move quickly in implementing its mission.
Dan: Why did you see the need for the Global Cyber Alliance (GCA)? How did the organization come about?
Will: For those of us who have been in the cybersecurity business for a while, we have seen many organizations doing amazing things in the cyberarena. However, even with the current efforts and increased awareness about cyber-risks, there is much that still can be done to improve our security posture.
There are many reasons for this current situation. One is that our behaviors haven’t changed significantly. I was searching through some files recently and came across a speech I gave in 2003 about cybersecurity threats and mitigation strategies. Many of the same issues and concerns I raised then still hold true today. But it’s 13 years later, and we haven’t institutionalized these practices. We’re still not using strong passwords, we click on practically every link in sight, our users aren’t sufficiently trained, our systems go unpatched ... and the list continues.
Being a cybervictim is almost a rite of passage; something that is inevitable. The global impact on the economy, society and on a very personal level is devastating. Cyber-risks require an unparalleled response. The time for talk is over; it’s time to act — to act tactically to achieve measurable results. That is the goal of GCA.
Dan: Where do you see this going over the next five years? What is the vision?
Will: That we will make measurable gains in confronting cyber-risks. That in five years, our world partners grow and that GCA, as a collective global effort, has made a significant contribution to this cyber-risk epidemic.
Dan: Would you describe GCA as similar to the MS-ISAC — only global?
Will: GCA is not an ISAC or a CERT. These organizations are critically important to the missions and sectors that they serve. GCA has a fundamental principle that we will not duplicate existing efforts. GCA is focused on confronting cyber-risks by working closely with entities like the ISACs to eradicate risks. Many of the ISACs are already partners of GCA.
Dan: Does GCA include public and private organizations or only governments?
Will: Yes, GCA is created to be as inclusive as possible. We already have over 70 private-sector organizations and governments.
Dan: Is there anything else you would like to add about GCA, or your professional plans for 2016?
Will: Yes, GCA is seeking more Partners in the effort to confront cyber-risks. If any organization or person is interested to help collectively confront cyber-risks, please contact us at info@globalcyberalliance.org.
Interview with Philip Reitinger: President and CEO of Global Cyber Alliance (GCA)
Dan Lohrmann: You've had an amazing career, can you tell us any secrets to your past success?
Phil Reitinger, CEO and president of GCA: Dan, I’ve been in many roles. My advice to anyone would be this. Don’t worry about your next job — worry about doing something that you are passionate about, and that allows you to learn every day. Do that and the rest will take care of itself.
Dan: How did you get involved with the GCA? Why is this work important to you?
Phil: I became involved as Will was organizing GCA. I gave him my best advice on the organization and what it should do. That grew into GCA offering me the honor of being its president and CEO, and I accepted.
This work is important to me because I have been in cybersecurity for a long time, and I have worked for a number of large organizations. I have come to the conclusion that the most important cybersecurity initiative is to “do something.” I think I first heard that from Scott Charney of Microsoft. Do something, see whether it works, and tell people about it so they can learn from your experience. Repeat. That’s what GCA will do.
Dan: What are the goals of the organization in the first year or two?
Phil: To do things. First, to identify several systemic cyber risks that GCA and its partners think can be mitigated through the right solution, and then to actually implement that solution and measure its effect. Second, to develop the means to measure systemic risk — above the level of individual enterprises — and to provide information on systemic risks to our community.
Dan: Who is involved? What countries and organizations are partners?
Phil: Will talked a bit about this. Organizations from all over are interested in establishing partnerships with us. We have offices in both New York and London, two of the world’s financial capitals, and our founders were the New York County District Attorney, the City of London Police, and the Center for Internet Security. We expect to release more information on partners soon.
Dan: Given your vast global experience, what would you say are the top two or three biggest challenges facing the security industry around the world?
Phil: Dan, that is a difficult question to answer, because you can talk about high-level or low-level challenges, and technical or policy issues. What I worry about these days are building the means to enable automated collective defense to cyberattacks, which is a topic in and of itself; turning cybersecurity into a science, moving cybersecurity practitioners from being very good medieval barbers into cybersecurity doctors; and increasing the number of trained cybersecurity experts to help protect us for the next 20 years.
Dan: How can readers get involved with GCA? What opportunities are there to partner and connect in 2016?
Phil: We are actively seeking partners. Anyone can get more information by emailing us at info@cybersecurityalliance.org.
Dan: Is there anything else you would like to add about GCA's strategy or approach?
Phil: We do not want to own anything. What we learn, we will share. Our goal is to implement solutions, to prove they work, and then move on. If doing something excites you, please join us.
Dan: My sincere thanks to Will Pelgrin and Phil Reitinger for their sharing their insights and helping us understand more about the Global Cyber Alliance (GCA). Best wishes to you both and to GCA in 2016 and beyond!