Government Information Security Podcast

Career Insights from Srinvivas Mukkamala of New Mexico Tech. Education, skills, experience - what exactly does it take to make it in an information security career today? Srinivas Mukkamala, an educator and practitioner, offers unique insight on: The necessary mindset for an information security professional; What are the baseline skills? How to keep skills sharp. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerab

Former FBI CIO Zal Azmi, CACI International Senior Vice President for Global Strategic Law Enforcement and National Just as spy agencies have intelligence analysts, the government needs to develop technically savvy cyber analysts as IT threats from foreign nations and criminal organizations grow, says a former Federal Bureau of Investigation chief information officer. "We're moving into a cyber warfare environment (and) if you look at the two domains (intelligence and IT), they're very similar," Zalmai Azmi, now senior vice president for global strategic law enforcement and national security at the IT services firm CACI International, said in an interview with GovInfoSecurity.com. "The intelligence analyst relies on the number of information feeds they're getting from different intelligence agencies. They are drawing a common operational picture and then they decide how they're going to write a report and move it forward." Azmi told GovInfoSecurity.com's Eric Chabrow. "The same is true of cyber warfare.

Busy first week includes lots of meetings, but none with Obama. Howard Schmidt hit the road running last week as he started his new job as the long-awaited White House cybersecurity coordinator. In an impromptu interview with GovInfoSecurity.com Eric Chabrow and other reporters at the State of the Internet Conference in Washington, sponsored by the Advisory Committee to the Congressional Internet Caucus, Schmidt said there were no surprises in the busy first week on the job. President Obama promised when he created the job that he would meet periodically with the cybersecurity adviser, but no such meeting occurred the first week. Still, Schmidt had his hands full meeting with top IT leaders in government, key lawmakers and military cybersecurity brass. The "Chris" Schmidt refers to in the interview is Chris Painter, who had served as White House acting senior director for cybersecurity from September until Schmidt began his job. Also see Schmidt: Internet Safer Than in Past, our story on his debut spee

With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals. Richards has served on the ISSA International Board since 2003, initially in a global chapter relations capacity and then as the international vice president since 2007. A past president of the Chicago ISSA Chapter, Richards is an information security and risk management advisor for Crowe Horwath with more than 18 years of experience in information security, business continuity and enterprise risk management. His expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices.

Risk management today - it's less about pure technology, more about business acumen and pure communication skills. This is the position of Kenneth Newman, VP & Information Security Manager at Central Pacific Bank. In an interview about top risk management trends, Newman discusses: Scope of the risk management job in banking institutions today; Biggest challenges to getting the job done right; Necessarily skills for successful risk managers. Newman joined Central Pacific Bank as Vice President & Information Security Manager in February 2009. He oversees the bank's information security program and the protection of its information assets. Prior to joining CPB, Mr. Newman served as First Vice President & Online Risk Manager for Washington Mutual (WaMu) and has managed various global and regional security and risk functions for Deutsche Bank and Citigroup in New York. Central Pacific Bank is the main subsidiary of Central Pacific Financial Corp., a Hawaii based financial institution with $5.2 billion in ass

Former FBI CIO Zal Azmi, Senior Vice President, CACI International Attacks from China on Google and other corporate IT infrastructures just scratch the surface in regards to infiltration into America's critical information systems and networks, the former chief information officer of the Federal Bureau of Investigation says. "The kinds of intrusions may be just a prelude to determining some of the weak points in our national security programs related to cyber and that may become a point of exploitation for future intrusion into our systems," Zalmai Azmi, senior vice president for global strategic law enforcement and national security at the IT services firm CACI International, said in an interview with GovInfoSecurity.com. In the first of a two-part interview, Azmi also addresses: Employing tools and processes to improve situational awareness that could help alleviate a shortage of qualified IT security personnel. The need for IT organizations to pay more attention to their security-sensitive systems rat

What's the cost of a data breach? The Ponemon Institute is out with its 5th annual "Cost of a Data Breach" study, and in an exclusive interview Dr. Larry Ponemon discusses: The current cost of a data breach - and how it's risen since 2009; Data breach trends across industry; What organizations should do to respond to or prevent breaches. Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Co

Credit reports, social networks and international background checks - these are three of the hottest topics in employment background screening, according to Employment Screening Resources (ESR), a CA-based firm. In an exclusive interview, Lester Rosen, President and CEO of ESR, discusses: The top 10 trends in background screening in 2010; Specific challenges for information security leaders; How to improve your organization's background screening process. Rosen, a retired attorney, founded ESR in 1996. In 2003, that firm was rated as the top screening firm in the US in the first independent study of the industry in research report prepared by the Intellectual Capital Group, a division of HR.com. He is a consultant, writer and frequent presenter nationwide on pre-employment screening and safe hiring issues. His speaking appearances have included numerous national and statewide conferences. He has qualified and testified in the California, Florida and Arkansas Superior Court as an employment screening e

Interview with Lydia Parnes, Former Director of the FTC's Bureau of Consumer Protection Privacy, data security and consumer protection - three of the top concerns to organizations everywhere. And they are three of the topics nearest and dearest to Lydia Parnes, former director of the Federal Trade Commission's (FTC) Bureau of Consumer Protection. Now a partner in the Washington, D.C. office of Wilson Sonsini Goodrich & Rosati, Parnes works with organizations to ensure their privacy and security policies. In an exclusive interview, Parnes discusses: Current trends in privacy, data security and consumer protection; The greatest challenges to organizations entrusted with ensuring these protective measures; How the public and private sectors are likely to work together to tackle these challenges this year. Parnes' current practice focuses on privacy, data security, Internet advertising, and general advertising and marketing practices. The former director of the Bureau of Consumer Protection (BCP) at the

James Lewis, Senior Fellow, Center for Strategic and International Studies James Lewis likens the Internet to the Wild West, an untamed environment with few restraints to inhibit innovation. It's a popular vision held by many in business and government, an impression that Lewis - senior fellow at the Center for Strategic and International Studies - believes puts cyberspace at risk. "I just heard somebody from White House say that we want cyberspace to be unrestrained and uncontrolled, and to be like the Wild West because the Wild West was best for innovation and we need to keep the free and untrammeled Internet to allow for continued innovation. And, the Internet community would itself eventually come up with the solution to cybersecurity." said Lewis, who also serves as project leader for the Center's Commission on Cybersecurity for the 44th Presidency, which produced a report 13 months ago that served as a roadmap for the Obama administration in developing its cybersecurity policy. Lewis, in an intervi

James Lewis, Senior Fellow, Center for Strategic and International Studies Imagine James Lewis as Barack Obama's teacher and it's report-card time. How well did Obama do in Lewis' class? "I'd probably give him a B, B-plus," said Lewis, senior fellow for technology and public policy program at the Center for Strategic and International Studies, the public policy group that hosted the Commission on Cybersecurity for the 44th Presidency, in which he served as project director. Think of the commission's report as the primary textbook Obama and his aides studied in preparation for the president's first big cybersecurity test: the issuance last May of the administration's Cyberspace Policy Review, the map the White House is following as it tackles cybersecurity challenges. What prevented the president from getting an A? The commission report proposed a more higher-ranking Office of Cyberspace director than the cybersecurity coordinator Obama eventually appointed. "The issue that the people have fixated on has

Information security is the hot career option for professionals in 2010 and beyond. This is the prediction of David Foote of Foote Partners, the FL-based consultancy that tracks IT skills and competencies. In a look ahead at 2010 and beyond, Foote discusses: the security careers "bubble" and how it began; the wave that has driven the surge in security jobs; predictions for 2010-2012. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives, in advising governments and corporations worldwide on increasing performance and managing IT's impact on their businesses and custome

Einstein is an intrusion detection - and soon an intrusion prevention - system the government is deploying to safeguard government IT systems. Some cybersecurity experts contend Einstein has the potential to intrude on the privacy of individual Americans, a concern Philip Reitinger dismisses. Reitinger, deputy undersecretary of the Department of Homeland Security's National Protection and Programs Directorate and director of the National Cybersecurity Center, says the only purpose of Einstein is to protect government networks. "To that end, it is not our intention to go out and seek things like personally identifiable information," Reitinger said in the second of a two-part interview with GovInfoSecurity.com. "Our intent is instead, say, what constitutes an attack? What is malicious traffic? And when we see something that is malicious traffic, that is an attempt to compromise a government system, and quite conceivably impair the privacy of Americans who data is held or the people who are working on those g

Malware is increasingly sophisticated, and social media are the common new venues for attacks. These are the headlines from the latest Cisco Annual Security Report. Patrick Peterson, Cisco senior fellow, offers highlights of the report, discussing: Top trends and threats; The risks to specific vertical industries and government agencies; The message to information security professionals looking to stay ahead of the threats. Peterson, Chief Security Researcher, is also a Cisco Fellow -- a position that is reserved for individuals whose technical contribution has made a material impact not only within Cisco, but also in the industry as a whole. As a security technology evangelist, Peterson leads research projects to understand cutting-edge criminal attacks and business models and developing the technologies to combat them. Peterson chairs the technical committee for the Messaging Anti-Abuse Working Group (MAAWG) and the authentication committee for the Authentication and Online Trust Alliance. He is a frequ

The Advanced Persistent Threat - what exactly is it, and how are organizations vulnerable? Ron Gula, CEO of Tenable Network Security, explains the threat and the challenges to mitigating it. In an exclusive interview, Gula discusses: Why some organizations are especially vulnerable; Strategies and solutions that are most effective against the threat; Where to start if you feel your organization is exposed.

Mischel Kwon, Former DirectorU.S. Computer Emergency Readiness Team The growing role of the Department of Homeland Security in governing federal cybersecurity has its limits, says Mischel Kwon, who until this summer served as director United States Computer Emergency Readiness Team, the DHS agency that analyzes cyber threats and vulnerabilities in federal networks, disseminates cyber threat warnings information and coordinates national incident response activities. Some lawmakers seek to give DHS additional authority, including the coordination of cybersecurity initiatives and review other agencies IT security budgets, but Kwon - now vice president of public sector security solutions at the security firm RSA - says that would be unadvisable. "DHS has lot on plate right now in regards to cybersecurity. It's a new department and has a lot of growing and maturing to do, and I'm not sure it's the right thing to put all eggs in one basket," Kwon, now a vice president at the security firm RSA, said in an interv

Marcus Ranum has a unique take on the biggest information security threats to organizations and individuals. A renowned expert in secure systems and design, Ranum, currently the CSO of Tenable Network Security, offers a new look at topics such as the risks of cloud computing and what he calls the myth of cyber warfare. In an exclusive interview, Ranum discusses: The biggest security concerns of 2010; Which threats get the least attention; Why penetration testing is often a waste. Ranum, since the late 1980s, has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, h

Rep. David Wu isn't reluctant to speak his mind, even when he expresses views that differ from people he highly respects. Take, for instance, President Obama, who he praises for his cybersecurity initiatives. Wu, the Oregon Democrat who chairs the House Science and Technology's Subcommittee on Technology and Innovation, characterized the White House cybersecurity coordinator Obama wants to hire as a "eunuch," saying the position needs more authority than the president wants to give it. Wu, who's panel shepherds legislation relating to the National Institute of Standards and Technology, has kind words for new NIST director Patrick Gallagher, but disagrees with him on the creation of a Computer Security Laboratory. In a wide ranging interview, Wu also discusses the: Increasing role Congress seeks to give NIST on cybersecurity. Ill-fated reorganization plan of NIST's IT Lab. Characteristics of a cybersecurity "czar." GovInfoSecurity.com's Eric Chabrow interviewed Wu. Wu is finishing his 11th year repres

Myra Powell - as deputy for the Mission Assurance and Network Operations Program, Executive Office, Defense Information Security Agency - helps coordinate the recruitment and training of Defense Department cybersecurity professionals. "I wouldn't say it's easy, but we have attracted some very bright professionals to our organization," Powell said. In an interview with GovInfoSecurity.com, Powell discusses the Skills sets DoD seeks in infosec professionals. Competition among agencies and the private sector for a limited supply of cybersecurity experts. Benefits of working as an IT security professional for DISA. Powell was interviewed by Eric Chabrow, managing editor of GovInfoSecurity.com

Interview with Jay Foley of the Identity Theft Resource Financial scams and incidents of medical identity theft are on the rise - and they're among the main threats to business and consumers in 2010. This is the warning from Jay Foley, executive director of the Identity Theft Resource Center. In an exclusive interview, Foley discusses: The major ID theft threats and trends for 2010; The industries most at risk; What information security professionals can do to help prevent ID theft. Responding to an explosive rise in identity theft crimes, Jay and Linda Foley established the Identity Theft Resource Center (ITRC) in 1999 in order to provide education and victim assistance to consumers and businesses. As Executive Director of the ITRC, Jay is today recognized nationally as an expert on identity theft issues. Frequently addressing national, state and community organizations, Jay travels throughout the United States providing training for businesses, consumers and law enforcement. He has appeared befo