Government Information Security Podcast

It's one of the newest and most popular stops on the Washington, D.C. tour, and its artifacts of history leave clues for how information security professionals should approach their future. The International Spy Museum has just celebrated its 7th year and its 5 millionth visitor, says Executive Director Peter Earnest, a former CIA officer who's run the museum since its inception. In an exclusive interview, Earnest discusses: the museum's goals and growth plans; who visits the museum and what they get from the experience; lessons to be learned by today's information security professionals. Earnest is a 35-year veteran of the Central Intelligence Agency (CIA). He served 25 years as a case officer in its Clandestine Service, primarily in Europe and the Middle East. He ran intelligence collection and covert action operations against a range of targets including Soviet Bloc representatives and Communist front organizations. As Museum director, he has played a leading role in its extraordinary success as

Interview with Lisa SwanDeputy DirectorBiometrics Task Force, U.S. Army American combat forces deployed in Afghanistan and Iraq employ biometrics to tell our friends from insurgents and terrorists. Back home, the Defense Department uses similar fingerprint, iris and facial recognition tools to manage access to military bases and IT systems. Coordinating Defense Department efforts to find new uses of biometrics on the battlefield and back home is the Army's Biometrics Task Force, which leads Defense Department efforts to program, integrate and synchronize biometric technologies and capabilities. The task force also operates DoD's biometrics database that supports the nation's security strategy. In an interview with GovInfoSecurity.com's Eric Chabrow, Deputy Director Lisa Swan discusses the: Synergy between the use of biometrics in combat and in the office; Best situations to employ biometrics as a tool to authentic user access to IT systems; and Evolution of biometrics as an authentication tool and where

Interview with Lt. Col. Gregory Conti of West Point Army Lt. Col. Gregory Conti is a man on a mission, not only to educate the next generation of Army officers on cybersecurity, but to change the culture of the military to put cybersecurity on the same footing as an Air Force pilot, a Navy ship officer or an Army combat leader in career advancement. In an interview with GovInfoSecurity.com, Conti, an academy professor of computer science at West Point who coordinates the United States Military Academy's cyber warfare curiccula, discusses the: Importance of cybersecurity training at the academy, not just to computer science majors, but to all cadets; Differences between cybersecurity and cyber warfare; and Idea of creating a fourth military branch dedicated to defending the nation's IT assets. Conti earned a bachelor degree in computer science at West Point in 1989, a year before laptops became standard issue to all cadets. Since then, Conti has earned a master and doctorate in computer science from Joh

Interview with Charles Croom Determining how best to secure the nation's critical IT infrastructure must be a collaborative effort by the federal government and the private sector, says Charles Croom, vice president of cybersecurity solutions at defense contractor and IT integrator Lockheed Martin. A retired Air Force lieutenant general, Croom is an astute observer of government-private sector cooperation, having served as director of the Defense Information Systems Agency and commander of the Joint Task Force for Global Network operations. In an interview, Croom discussed the: Teamwork needed for government agencies to help develop federal cybersecurity policy regardless of the role the Department of Homeland Security plays; Research and development efforts at Lockheed Martin that emphasize proactive cybersecurity solutions; and Incentives government should provide businesses to comply with cyber regulations. Croom spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

We've emerged from a global financial crisis, and now regulatory reform is coming to financial services. What do these events mean for the financial regulatory agencies - especially in terms of securing access to sensitive data? John Bordwine, Public Sector CTO at Symantec, tackles this question, discussing: The critical need to secure access to sensitive data; The business benefits of enhancing security; Key takeaways for non-financial organizations. As the Symantec Public Sector CTO, Bordwine currently serves as a trusted advisor, providing guidance on the development of products and solutions that meet government requirements and certifications specifically focused on the Public Sector markets. His responsibilities also include all technical activities related to Public Sector customers, which includes federal, state, and local government agencies, and education industries. In addition to these responsibilities, he also provides guidance to other Symantec business units around specific requireme

Organizations are doing a good job protecting their operating systems, but they're leaving their critical applications vulnerable to dangerous cyber threats. This is the key takeaway - and to some extent the surprise - of the new Top Cybersecurity Risks report released on Sept. 15 by TippingPoint, Qualys, the Internet Storm Center and SANS Institute. In an exclusive interview about the report, Alan Paller, Director of Research at SANS, discusses: The key messages to organizations about cyber risks; Trends to watch in the coming months; What organizations can do now to minimize their vulnerability. Paller founded SANS in 1989 to provide graduate-level education to cybersecurity professionals. In the intervening years, more than 80,000 people have learned their technical security skills - from forensics to penetration testing to intrusion detection, in SANS courses. Today he focuses on identifying the tipping points that can turn the tide against the growing wave of cyber crime and cyber espionage. He h

Legal Insights on Data Privacy Trends and Breach Response Your organization has been breached - how should you immediately respond? How should you not respond? Alysa Hutnik, attorney with Kelley Drye in Washington, D.C., specializes in information security and privacy, counseling clients on what to do after a security breach. In an exclusive interview, Hutnik discusses: Do's and don'ts following a data breach; Privacy legislation trends for 2010; What organizations can do today to prevent privacy/security challenges tomorrow. Hutnik is an Associate with Kelley Drye whose practice includes representing clients in all forms of consumer protection matters. In particular, she specializes in advertising, privacy, and data security law. She frequently conducts workshops and gives speeches on advertising, privacy, and data security compliance. She is often quoted on these issues in major business and law journals and newsletters, and has authored numerous advertising, privacy, and data security articles. Ms. H

Schools are back in session in the U.S., the weather is cooling, and the fall flu season is close at hand. So, how should businesses and government agencies prepare for the expected widespread return of the H1N1 virus? Regina Phelps, a noted expert in pandemic preparedness, updates us on H1N1, discussing: What we have learned so far about the pandemic; Good - and bad - examples of pandemic preparedness; How individuals and organizations can take steps today to ensure effective response to H1N1. Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety.

Interview with David Matthews, Deputy CISO, City of Seattle David Matthews, like other government information security officials, knows the security problems social networks present. And like his cohorts in municipal, state and federal governments across the nation, Matthews - deputy chief information security officer of the city of Seattle -has little choice but to support social networks, especially considering the city's top elected officials use them. "The first thing we had to admit was that the horse is long gone out of the barn and there's really nothing we can do about it at this point," Matthews says in an interview with GovInfoSecurity.com. "Users including council members, the mayor, everybody else are using social network, either personally or for city business. There are a few of them that have bothered to ask about what we thought about it on the security side of things, but the vast majority has just gone ahead and done it." Social networks is one of the challenges Matthews discussed in this

Information security requirements and challenges change on a daily basis - and with them come growing opportunities for individuals with skills in digital forensics. Rob Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, discusses: the growing need for digital forensics skills; today's top challenges and how organizations are tackling them; career prospects for individuals in digital forensics. Lee has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he dir

Interview with SRA International CEO Stanton Sloane Stanton Sloane read Gartner's projection that the information technology industry will fall under government regulation in another half-dozen years or so, a forecast he hopes will not occur. It's not surprising the chief executive of SRA International, one of the largest providers of IT and cybersecurity services to the federal government, has a distaste for regulation. Government shouldn't shower industry with rules but with ideas to battle cyber threats, Sloane said in an interview with GovInfoSecurity.com. "Government doesn't have to be very punitive in its approach to commercial industry," he said. "It's more about providing information and access to resources and assistance to help understand the nature of the problem and effective ways to deal with it. I don't think that requires a lot of legislation and kind of process rules; it can be done more collaborative fashion with industry associations, advisory groups ... those can be very effective." In

The targets are getting bigger, the fraudsters bolder, and we all have a whole lot more at stake to lose. This is the message from Mary Monahan, Managing Partner and Research Director at Javelin Strategy & Research. In a discussion of current data breach trends, Monahan touches upon: How breaches in 2009 are trending differently from 2008; What public and private sector organizations need to do to prevent breaches; What to watch for as we approach 2010. Monahan has 10 years of financial services industry experience. Her banking background includes extensive managerial experience working with growth businesses, strategizing and implementing cross-sectional financial plans to accommodate multiple projective scenarios. As a college educator, Ms. Monahan's work focused on current issues in accounting and economics. Javelin, based in the San Francisco Bay area, provides direction on key facts and forces that materially determine the success of customer-facing financial services, payments and security initiat

Ten years ago, the National Security Agency (NSA) started up the Centers of Academic Excellence program to encourage stronger information assurance programs at colleges and universities. Initially, there were 7 designated CAE schools. Today, the ranks have swollen to over 100 CAE-designated schools, and information assurance professionals are much better prepared to tackle the cybersecurity challenges we face. Dickie George, Information Assurance Technical Director within the NSA, discusses: The CAE program's core mission; Benefits of the program for participating schools and students; What to expect from CAE in its second decade. George began at the National Security Agency in August 1970 after graduating from Dartmouth College. He started in the Crypto-Math Intern Program, having tours in Research, the SIGINT Directorate, and the Information Assurance Directorate's (IAD) predecessor organization. Except for a tour in the Signals Intelligence Directorate (SID) and one at the Center for Communications

Interview with Patrick Howard, CISO, Nuclear Regulatory Commission The problem with Federal Information Security Management Act, says Patrick Howard, is that its original intent of the seven-year-old law that governs federal IT security isn't about compliance. "The legislation requires risk management, but it has been interpreted as a piece legislation that requires compliance, so we kind of lost sight of risk management ... and that's the biggest problem I see with FISMA today," Howard, chief information security officer at the Nuclear Regulatory Commission, says in an interview with GovInfoSecurity.com. In the interview, Howard also discussed the NRC's five-year information security strategic plan and the biggest and the top cyber threats NRC IT systems face. Howard spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

Interview with Dr. David Dampier on Mississippi State's Unique Program Mississippi State University's 'Wounded Warriors' program is all about providing digital forensics training for soldiers and sailors transitioning home from Iraq, Afghanistan and elsewhere in the world. In an exclusive interview, Dr. David Dampier, associate professor in the university's department of computer science and engineering - and an Army veteran - discusses: Details of the 'Wounded Warriors' program; Job prospects for returning veterans; How this program has impacted other training opportunities at Mississippi State. Dampier is an Associate Professor in the Department of Computer Science and Engineering and serves as the Director of the National Forensics Training Center at Mississippi State University. The NFTC is a USDOJ-funded center that provides law enforcement officers free training in digital forensics. He is a retired Army officer with over 20 years of service. His research interests are in digital forensics and sof

Opportunities - and Salaries - are up for the Right People with the Right Skills The economy has been down, but job opportunities are up for information security professionals with the right skills. This is the posture of David Foote, CEO and chief research officer of Foote Partners, an IT workforce research firm. In an exclusive interview, Foote discusses: The hottest IT security skills and certifications; Hiring trends and areas of growth in the coming months; Complementary skills that also are in high demand. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives,

Most state chief information security officers manage information security from the 35,000-foot level, guiding government cybersecurity policy but not being involved in the day-to-day, hands-on implementation of safeguards. And, that presents a big challenging to state CISOs charged with protecting their governments' IT assets. Just ask Mark Weatherford, chief information security officer and director of the Office of Information Security in the nation's largest state, California. "We're so decentralized that it's hard to have your finger on the pulse of what's going on in every agency," Weatherford says, in an interview with GovInfoSecurity.com. "We face the same kind of threats as everyone, whether it's a virus of a DDOS (distributed denial of service) or an identify theft. Your ability to respond to those threats and identify those threats is really the biggest issue." Weatherford, in the second of a two-part interview, addresses the challenge and also discusses privacy concerns, cloud computing and th

Gartner: IT Regs Will Be Enacted in 5 Years Like the airlines, automotive, financial services, pharmaceutical and telecommunications industries, the government will soon - probably within the next half decade - begin to regulation the IT industry, IT adviser Gartner predicts. "There's a trajectory that industries tend to follow; when an industry is extremely successful - that is to say that when an industry succeeds in moving its products and services right into the heart of daily life, regulation tends to follow. in the 20th century," Richard Hunter, a Gartner fellow and vice president, says in an interview with GovInfoSecurity.com. "We saw the Food and Drug Administration, we saw regulation of telecom, we saw regulation of the airlines industry, we saw regulation of the automobile industry," he says. "I think the information technology industry has been extraordinarily successful in the last 40 to 50 years in increasing the importance of its products and services to almost every aspect of modern life.

One challenge federal and state chief information security officers face when trying to recruit information security professionals is the lack of governmental occupation classification for IT security specialists. They just don't exist. Most IT security professionals are classified under various information systems occupation categories, which means they don't identify security skills, explains Mark Weatherford, director and chief information security officer of California's Office of Information Security. But Weatherford, in an interview with GovInfoSecurity.com, explains that he's working with other state CISOs and the Department of Homeland Security to develop IT security occupation categories as well as career paths that should help recruit and retain information security pros in government. In the interview, Weatherford also discussed the impact of California's budget crisis on safeguarding the state's IT assets as well as his role as head of an office that like the federal Office of Management and B

Little wonder that Howard Schmidt's name is on every list of prospective White House cybersecurity czar. In the field of IT security, Schmidt has done it all. He spent more than 30 years in public service, including a stint as a White House special adviser on cyberspace security and as chief strategist for the US-CERT Partners Program at Homeland Security. He serves on an IT privacy board that advises the National Institute of Standards and Technology, the Commerce Department and White House. In the private sector, Schmidt has held top IT security posts at Microsoft and eBay. An author of two IT security books, Schmidt has academic affiliations with Georgia Institute of Technology, Carnegie Mellon and Idaho State University. Schmidt is the first and current president of the Information Security Forum, an independent, not-for-profit association aimed harnessing the brainpower of public and private-sector experts in IT security and risk management. In an interview with GovInfoSecurity.com's Eric Chabrow, Sc