Government Information Security Podcast

Information security requirements and challenges change on a daily basis - and with them come growing opportunities for individuals with skills in digital forensics. Rob Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, discusses: the growing need for digital forensics skills; today's top challenges and how organizations are tackling them; career prospects for individuals in digital forensics. Lee has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he directly worked with a variety of government agencies in the law enforcement, Dept. of Defense, and intelligence communities where he was the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and led a computer forensic and security software development team. Rob also coauthored the bestselling book, Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University. Finally, Rob was awarded the "Digital Forensic Examiner of the Year" from the Forensic 4Cast 2009 Awards.

Interview with SRA International CEO Stanton Sloane Stanton Sloane read Gartner's projection that the information technology industry will fall under government regulation in another half-dozen years or so, a forecast he hopes will not occur. It's not surprising the chief executive of SRA International, one of the largest providers of IT and cybersecurity services to the federal government, has a distaste for regulation. Government shouldn't shower industry with rules but with ideas to battle cyber threats, Sloane said in an interview with GovInfoSecurity.com. "Government doesn't have to be very punitive in its approach to commercial industry," he said. "It's more about providing information and access to resources and assistance to help understand the nature of the problem and effective ways to deal with it. I don't think that requires a lot of legislation and kind of process rules; it can be done more collaborative fashion with industry associations, advisory groups ... those can be very effective." In the interview, Sloane also discussed the: Importance of a White House cybersecurity coordinator to get agencies as well as the private sector and foreign governments to collaborate on cybersecurity, regardless to whom the so-called "czar" reports to. Relationship between business and government in confronting global IT security danger. Challenge of finding professional employees with the right skills to build cybersecurity defenses. Sloane spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

Interview with SRA International CEO Stanton Sloane Stanton Sloane read Gartner's projection that the information technology industry will fall under government regulation in another half-dozen years or so, a forecast he hopes will not occur. It's not surprising the chief executive of SRA International, one of the largest providers of IT and cybersecurity services to the federal government, has a distaste for regulation. Government shouldn't shower industry with rules but with ideas to battle cyber threats, Sloane said in an interview with GovInfoSecurity.com. "Government doesn't have to be very punitive in its approach to commercial industry," he said. "It's more about providing information and access to resources and assistance to help understand the nature of the problem and effective ways to deal with it. I don't think that requires a lot of legislation and kind of process rules; it can be done more collaborative fashion with industry associations, advisory groups ... those can be very effective." In the interview, Sloane also discussed the: Importance of a White House cybersecurity coordinator to get agencies as well as the private sector and foreign governments to collaborate on cybersecurity, regardless to whom the so-called "czar" reports to. Relationship between business and government in confronting global IT security danger. Challenge of finding professional employees with the right skills to build cybersecurity defenses. Sloane spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

The targets are getting bigger, the fraudsters bolder, and we all have a whole lot more at stake to lose. This is the message from Mary Monahan, Managing Partner and Research Director at Javelin Strategy & Research. In a discussion of current data breach trends, Monahan touches upon: How breaches in 2009 are trending differently from 2008; What public and private sector organizations need to do to prevent breaches; What to watch for as we approach 2010. Monahan has 10 years of financial services industry experience. Her banking background includes extensive managerial experience working with growth businesses, strategizing and implementing cross-sectional financial plans to accommodate multiple projective scenarios. As a college educator, Ms. Monahan's work focused on current issues in accounting and economics. Javelin, based in the San Francisco Bay area, provides direction on key facts and forces that materially determine the success of customer-facing financial services, payments and security initiatives.

The targets are getting bigger, the fraudsters bolder, and we all have a whole lot more at stake to lose. This is the message from Mary Monahan, Managing Partner and Research Director at Javelin Strategy & Research. In a discussion of current data breach trends, Monahan touches upon: How breaches in 2009 are trending differently from 2008; What public and private sector organizations need to do to prevent breaches; What to watch for as we approach 2010. Monahan has 10 years of financial services industry experience. Her banking background includes extensive managerial experience working with growth businesses, strategizing and implementing cross-sectional financial plans to accommodate multiple projective scenarios. As a college educator, Ms. Monahan's work focused on current issues in accounting and economics. Javelin, based in the San Francisco Bay area, provides direction on key facts and forces that materially determine the success of customer-facing financial services, payments and security initiatives.

Ten years ago, the National Security Agency (NSA) started up the Centers of Academic Excellence program to encourage stronger information assurance programs at colleges and universities. Initially, there were 7 designated CAE schools. Today, the ranks have swollen to over 100 CAE-designated schools, and information assurance professionals are much better prepared to tackle the cybersecurity challenges we face. Dickie George, Information Assurance Technical Director within the NSA, discusses: The CAE program's core mission; Benefits of the program for participating schools and students; What to expect from CAE in its second decade. George began at the National Security Agency in August 1970 after graduating from Dartmouth College. He started in the Crypto-Math Intern Program, having tours in Research, the SIGINT Directorate, and the Information Assurance Directorate's (IAD) predecessor organization. Except for a tour in the Signals Intelligence Directorate (SID) and one at the Center for Communications Research in Princeton, he has worked in the IAD since 1973, and has served as the Technical Director of the IAD since 2003.

Ten years ago, the National Security Agency (NSA) started up the Centers of Academic Excellence program to encourage stronger information assurance programs at colleges and universities. Initially, there were 7 designated CAE schools. Today, the ranks have swollen to over 100 CAE-designated schools, and information assurance professionals are much better prepared to tackle the cybersecurity challenges we face. Dickie George, Information Assurance Technical Director within the NSA, discusses: The CAE program's core mission; Benefits of the program for participating schools and students; What to expect from CAE in its second decade. George began at the National Security Agency in August 1970 after graduating from Dartmouth College. He started in the Crypto-Math Intern Program, having tours in Research, the SIGINT Directorate, and the Information Assurance Directorate's (IAD) predecessor organization. Except for a tour in the Signals Intelligence Directorate (SID) and one at the Center for Communications Research in Princeton, he has worked in the IAD since 1973, and has served as the Technical Director of the IAD since 2003.

Interview with Patrick Howard, CISO, Nuclear Regulatory Commission The problem with Federal Information Security Management Act, says Patrick Howard, is that its original intent of the seven-year-old law that governs federal IT security isn't about compliance. "The legislation requires risk management, but it has been interpreted as a piece legislation that requires compliance, so we kind of lost sight of risk management ... and that's the biggest problem I see with FISMA today," Howard, chief information security officer at the Nuclear Regulatory Commission, says in an interview with GovInfoSecurity.com. In the interview, Howard also discussed the NRC's five-year information security strategic plan and the biggest and the top cyber threats NRC IT systems face. Howard spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

Interview with Patrick Howard, CISO, Nuclear Regulatory Commission The problem with Federal Information Security Management Act, says Patrick Howard, is that its original intent of the seven-year-old law that governs federal IT security isn't about compliance. "The legislation requires risk management, but it has been interpreted as a piece legislation that requires compliance, so we kind of lost sight of risk management ... and that's the biggest problem I see with FISMA today," Howard, chief information security officer at the Nuclear Regulatory Commission, says in an interview with GovInfoSecurity.com. In the interview, Howard also discussed the NRC's five-year information security strategic plan and the biggest and the top cyber threats NRC IT systems face. Howard spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

Interview with Dr. David Dampier on Mississippi State's Unique Program Mississippi State University's 'Wounded Warriors' program is all about providing digital forensics training for soldiers and sailors transitioning home from Iraq, Afghanistan and elsewhere in the world. In an exclusive interview, Dr. David Dampier, associate professor in the university's department of computer science and engineering - and an Army veteran - discusses: Details of the 'Wounded Warriors' program; Job prospects for returning veterans; How this program has impacted other training opportunities at Mississippi State. Dampier is an Associate Professor in the Department of Computer Science and Engineering and serves as the Director of the National Forensics Training Center at Mississippi State University. The NFTC is a USDOJ-funded center that provides law enforcement officers free training in digital forensics. He is a retired Army officer with over 20 years of service. His research interests are in digital forensics and software engineering, and he has over 50 technical publications to his credit, including 5 book chapters and 11 journal papers. He has also given invited talks to both national and international audiences on software engineering, digital forensics and information assurance.

Interview with Dr. David Dampier on Mississippi State's Unique Program Mississippi State University's 'Wounded Warriors' program is all about providing digital forensics training for soldiers and sailors transitioning home from Iraq, Afghanistan and elsewhere in the world. In an exclusive interview, Dr. David Dampier, associate professor in the university's department of computer science and engineering - and an Army veteran - discusses: Details of the 'Wounded Warriors' program; Job prospects for returning veterans; How this program has impacted other training opportunities at Mississippi State. Dampier is an Associate Professor in the Department of Computer Science and Engineering and serves as the Director of the National Forensics Training Center at Mississippi State University. The NFTC is a USDOJ-funded center that provides law enforcement officers free training in digital forensics. He is a retired Army officer with over 20 years of service. His research interests are in digital forensics and software engineering, and he has over 50 technical publications to his credit, including 5 book chapters and 11 journal papers. He has also given invited talks to both national and international audiences on software engineering, digital forensics and information assurance.

Opportunities - and Salaries - are up for the Right People with the Right Skills The economy has been down, but job opportunities are up for information security professionals with the right skills. This is the posture of David Foote, CEO and chief research officer of Foote Partners, an IT workforce research firm. In an exclusive interview, Foote discusses: The hottest IT security skills and certifications; Hiring trends and areas of growth in the coming months; Complementary skills that also are in high demand. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives, in advising governments and corporations worldwide on increasing performance and managing IT's impact on their businesses and customers. Prior to co-founding Foote Partners in 1997, David was an analyst and consultant with Gartner and META Group, co-founding and directing META's executive service for Chief Information Officers and leading the firm's IT Human Capital Management and Compensation research practices.

Opportunities - and Salaries - are up for the Right People with the Right Skills The economy has been down, but job opportunities are up for information security professionals with the right skills. This is the posture of David Foote, CEO and chief research officer of Foote Partners, an IT workforce research firm. In an exclusive interview, Foote discusses: The hottest IT security skills and certifications; Hiring trends and areas of growth in the coming months; Complementary skills that also are in high demand. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives, in advising governments and corporations worldwide on increasing performance and managing IT's impact on their businesses and customers. Prior to co-founding Foote Partners in 1997, David was an analyst and consultant with Gartner and META Group, co-founding and directing META's executive service for Chief Information Officers and leading the firm's IT Human Capital Management and Compensation research practices.

Most state chief information security officers manage information security from the 35,000-foot level, guiding government cybersecurity policy but not being involved in the day-to-day, hands-on implementation of safeguards. And, that presents a big challenging to state CISOs charged with protecting their governments' IT assets. Just ask Mark Weatherford, chief information security officer and director of the Office of Information Security in the nation's largest state, California. "We're so decentralized that it's hard to have your finger on the pulse of what's going on in every agency," Weatherford says, in an interview with GovInfoSecurity.com. "We face the same kind of threats as everyone, whether it's a virus of a DDOS (distributed denial of service) or an identify theft. Your ability to respond to those threats and identify those threats is really the biggest issue." Weatherford, in the second of a two-part interview, addresses the challenge and also discusses privacy concerns, cloud computing and the impact of the economy on IT security. In Part 1 of the interview, Weatherford champions an initiative to create occupational classifications for IT security professionals, a categorization he contends would make it easier to recruit and retain infosec experts. Weatherford spoke with Eric Chabrow, managing editor of GovInfoSecurity.com

Most state chief information security officers manage information security from the 35,000-foot level, guiding government cybersecurity policy but not being involved in the day-to-day, hands-on implementation of safeguards. And, that presents a big challenging to state CISOs charged with protecting their governments' IT assets. Just ask Mark Weatherford, chief information security officer and director of the Office of Information Security in the nation's largest state, California. "We're so decentralized that it's hard to have your finger on the pulse of what's going on in every agency," Weatherford says, in an interview with GovInfoSecurity.com. "We face the same kind of threats as everyone, whether it's a virus of a DDOS (distributed denial of service) or an identify theft. Your ability to respond to those threats and identify those threats is really the biggest issue." Weatherford, in the second of a two-part interview, addresses the challenge and also discusses privacy concerns, cloud computing and the impact of the economy on IT security. In Part 1 of the interview, Weatherford champions an initiative to create occupational classifications for IT security professionals, a categorization he contends would make it easier to recruit and retain infosec experts. Weatherford spoke with Eric Chabrow, managing editor of GovInfoSecurity.com