CISO Exchange no more

Industry Advisory Council could create forum for chief info security officers

Steve O’Keeffe’s defense of a for-profit forum for government and private-sector chief information security officers (CISOs) ended April 14 when he decided to disband the initiative.

O’Keeffe, principal of public relations firm O’Keeffe and Co., had spearheaded the CISO Exchange, an effort announced by House Government Reform Committee Chairman Rep. Tom Davis (R-Va.) in February.

Participants cut ties to the exchange when government and industry officials charged that the organization appeared

to sell access to policy-makers. A select number of companies were to pay $75,000 for full memberships, while others could have paid $5,000 or $25,000 for restricted memberships.

O’Keeffe said last week that he is releasing “any organizations that have made commitments to the CISO Exchange, whether contractual or financial,” a few hours after CIO Council officials announced they would end any relations with the exchange. Council members said they will establish a new, open and accessible forum for the public and private sectors.

Council officials recommended the organization’s Best Practices Committee begin addressing ways to improve agency grades on an annual federal cybersecurity score card. Among the possibilities they are discussing is issuing a general call for white papers on cybersecurity and holding a symposium on the best ones.

Industry Advisory Council board members voted unanimously to create a forum for public- and private-sector CISOs if the CIO Council requests it. Such a forum would be supported by IAC’s Information Security and Privacy Shared Interest Group, said Bob Woods, IAC’s chairman.

Nothing from O’Keeffe’s structure would remain if IAC sets up a cybersecurity forum, Woods said. “It’s not a hand-off deal.”

Two companies, Computer Sciences Corp. and NetSec, had committed to full participation in the exchange, agreeing to pay the $75,000 membership fee, O’Keeffe said earlier this month. CSC, however, withdrew from the initiative early last week.

“Any time there is a question or a perception of buying client access, we’re not going to be involved,” said a spokesman for Austin Yerks, CSC’s president of federalsector business development.

NetSec let the project’s abrupt end speak for itself. “It’s our understanding that it has dissolved, so there’s nothing to withdraw from,” a company spokesman said April 14, adding that company officials are disappointed that the CISO Exchange did not come to fruition.

A major cause of the controversy surrounding the exchange was a plan to publish an annual report. CISO Exchange publicity materials had listed Melissa Wojciak, staff director of the House Government Reform Committee, and Vance Hitch, the Justice Department’s chief information officer and the CIO Council’s privacy and security liaison, as co-chairpeople of the group’s advisory board.

Given the involvement of senior members of Davis’ staff and the CIO Council, many feared the group’s report would be perceived as representing government policy.

O’Keeffe and Co. would not have profited from the exchange, O’Keeffe added. Money collected for the exchange would have gone to O’Keeffe’s holding company, Bonaparte Holdings, “which is used to maintain a distinct identity to ensure there is no potential for mixing the funds,” he said.

Security forum’s circle of life

Feb. 16: Rep. Tom Davis (R-Va.) announces the formation of the Chief Information Security Officers (CISOs) Exchange, “a public/private initiative focused on empowering CISOs.” The effort is led by Steve O’Keeffe, principal of marketing firm O’Keeffe and Co.

April 5: O’Keeffe announces two $75,000 industry board members — Computer Sciences Corp. and NetSec — and six nonpaying government board members.

April 7: A Davis spokesman says the congressman “is in the process of re-evaluating his relationship to the program.” A picture of Davis on the exchange’s Web site is removed.

April 8: Davis will withdraw any official participation in the exchange, his spokesman says.

April 12: Vance Hitch, the Justice Department’s chief information officer and an exchange board co-chairman, says he is “uncomfortable with the form that the original proposed exchange has.” CSC withdraws from the exchange, a spokeswoman says. Industry Advisory Council Chairman Bob Woods says government officials have approached him about creating a CISO forum.

April 13: The CIO Council votes to recommend its complete withdrawal from the exchange. IAC board members vote unanimously to create a forum for public- and private-sector CISOs if the CIO Council requests it.

April 14: CIO Council Chairwoman Karen Evans issues a statement accepting the council’s recommendation. O’Keeffe disbands the exchange. A NetSec spokesman says it is unnecessary for the company to withdraw from the exchange because it has been dissolved.

— David Perera

About the Author

David Perera is a special contributor to Defense Systems.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group