John Zangardi
, CEO Redhorse Corporation, Board Member,
and former CIO of DHS
discusses:
1. What’s critical for cybersecurity
as an aviator in the US Airforce
2. Why “resilience” is a top priority
for CIOs/CISOs as companies shift
to a work for anywhere model
3. Advice for security vendors to
better serve CIOs/CISOs
Transcript:
1. The theme that I'm going to hit as we go through this today is the theme of resilience. So let me explain other than I know you're all admiring my very cool patch here from the squadron commander, I flew P threes P threes were designed in the 1950s. It was the last large propeller plane designed for commercial use other than a Lockheed Electra. We flew it for anti-submarine warfare, intelligence, surveillance and reconnaissance. But the real point about the p3 is that it was the airframe and the engines, the hydraulic system, very mechanical, very manual. We spend an awful lot of time practicing training, memorizing emergency procedures. So when that bad thing happened, a fire on an ancient hydraulic system going up. It was rote memory, we really didn't have to think we built resilience into how the aircrew responded to mishaps or problems in flight, it was all about ensuring safety of flight that we get home safely. So today, things are different. You jumped in a modern car, and we have a brand new Audi. The thing today is, wow, everything's automated. It tells you when a car is on your left or right-hand side, there's a mirror for backing up. Aviation is a lot like that. Automation is building in resilience into a lot of products. And I think that's the path that we need to start thinking about as you look forward. And where cybersecurity goes, says those CIOs, the team that sits in the sock is getting overwhelmed by the amount of information, you can't hire enough people either. The ability to have resilience built-in through automation is incredibly important as we go forward.
2. DHS being the CIO, there was probably the most challenging job I've ever had. I entered the job, there was a huge technical deficit, not unusual in government. And I had to do a refresh of it. Remember, that's just not a small network. It's a global network of 300,000 plus, and use your devices. We had to figure out a way forward to build in resilience. The first year I was there that very first winter, in fact, it was one of the first two months, large snowstorm hit DC and a lot of folks couldn't make it into work, which is pretty standard in nation's capital, even when you get less than an inch. What we had to figure out after that was how do we ensure that our employees could work in an unclassified environment from home during a snowstorm. So we went about refreshing the network to build in resilience and that capability to handle capacity, from people dialling in from endpoints from wherever their Hallberg place was that they were doing it. That was the key thing that we built them while I was at DHS, we built it into our data centers, we built it into our network, we built it into the tools and systems we looked at, we tried to make sure that if something went down, we had a backup ready to go. So when COVID hit, we were prepared to go home and work remotely. I think that's really one of the key learning lessons I had from that job was that resilience is so important to how you as a CIO or Sousa ensure that your organization could whether a breach couldn't whether ransom attack could just weather a pandemic.
3. One of the problems you have nowadays, when you're looking at managing your security operation center, or you're managing your IT operations department is finding staff that is technically competent and sufficient numbers to do what you need to do. I would encourage those folks to consider moving forward with a degree of automated cyber resiliency that can be applied to how you manage things. I think what's important here is how do we get the workload reduced so that people can focus on more important things. I think the future includes artificial intelligence and machine learning, to help reduce that burden on the workforce so they can be more productive, and focus on those things that are critical. I would also add that I think endpoint security is becoming much more important. As you look through what we went through with the pandemic. A lot of people working from home. In fact, in my current role, we have a large office in DC and on an average day, there's three or four people there, including me, which means most of my people are at home or in a Starbucks or somewhere else doing their work. I have to ensure that those endpoints are protected because we're we're still working on information and solutions for our government that We need to protect. So my view is we have to move increasingly towards automation to ensure we have cyber resilience that the future is more dependent upon artificial intelligence and machine learning to support a distributed workforce.
8 июн 2022
