Upon his exit, Weatherford shares where the role of government must go where cybersecurity is concerned.
In March, a key player at the U.S. Department of Homeland Security (DHS) announced that he would leave government for the private sector.
Mark Weatherford, deputy under secretary for cybersecurity, sent an email to colleagues stating that after “considerable thought and soul searching,” he had decided to leave his post in May for a security expert position with the Chertoff Group. His position will be filled by Bruce McConnell, counselor for the National Protection and Programs Directorate.
Over the past year and a half, the DHS’ first cybersecurity chief was credited with building relationships between federal agencies and private companies, and also facilitating President Barack Obama’s executive order directing DHS to comply with security standards and information-sharing rules.
In some ways, Weatherford said, his new position will be a continuation of the same work he's been doing with DHS. “I’ll be able to focus on working with many of the same companies we work with now, just in a different way," he said, "to help them understand where they need to put their resources and how best they can raise the security bar within their organization."
Looking back at his time with the DHS, Weatherford said the agency made huge strides. “For any type-A, high-achiever, you’re never completely satisfied with what you do," he said. "The good thing about the security business is there’s always more to do -- and the bad thing about the security business is there’s always more to do. We have accomplished a tremendous amount in the time I was there. Probably the biggest thing is we have built an incredible team right now.”
Weatherford says it's the DHS employees who responsible for his success -- and they don’t get enough recognition in the transformative work they’ve done for the agency. “We’re starting to get recognition,” he said. “I don’t mean recognition from a pomp and circumstance perspective, but recognition from a professionalism perspective."
When people need assistance or support from government, and when they don’t know who to call, they call DHS, he said. "We are becoming that one-stop shop for the nation for cybersecurity.”
Weatherford highlighted his work on the Continuous Diagnostics and Mitigation program, a revision of an automated process for monitoring online traffic and identifying unauthorized access to government networks. There’s still work to be done on the program, but he said much progress has been made since he began.
“When we first started talking about this a year ago, there were skeptics in every single corner,” he said. “Today, I would say most of those skeptics are converts; they are very, very supportive and can’t wait to take advantage of this program.”
Though there is always more work to be done in cybersecurity, Weatherford said more to the point is that the DHS has more work to do in changing the role of government where cybersecurity is concerned. “One of the growing topics in cybersecurity today is offensive cybersecurity and hacking back,” he said. “I don’t necessarily agree with much of the talk that’s happening, but I do understand the frustration from people who are experiencing it.”
Whether he agrees or not isn’t the point, he said, but on national and international levels, there needs to be increased conversation and cooperation in dealing with cyberthreats.
“How do we strike up these dialogs? How do we work on the international level with creating a consistent framework that people understand and know what the expectations are?” he asked. “In many respects we’ve been at the cybersecurity game for 20, 25 years now, but every day there’s something new. And I say it often, but the things I worry about today are not the things I’m going to worry about tomorrow -- just because the game changes that often.”
Photo of Mark Weatherford courtesy of utcinsight.org/Steven E. Purcell
* This story was updated on April 4, 2013 to correct an error regarding the name of the Continuous Diagnostics and Mitigation program.