CISOs take center-stage

The nature of IT security has raised the stakes for and profiles of these players in government technology

Of the myriad executive-level positions that have entered and moved up the organizational charts of government agencies, the chief information security officer (CISO) ranks as one of the newest and, increasingly, one of the most complex.

The CISO job is largely an outgrowth of the Federal Information Security Management Act of 2002, which requires each federal agency to develop a plan for securing the information and systems within its purview and file annual security reports with the Office of  Management and Budget.

By 2005, most agencies had created the CISO position to essentially serve as the chief compliance officer for FISMA. The main responsibilities included developing and maintaining an enterprise information security program, certifying that security controls are implemented and working as intended, and serving as the agency’s principal adviser on IT security matters.

But the nature of IT security matters — brought to high alert by episodic breaches and ongoing cyber threats — has raised the stakes for and profiles of these now-pivotal players in government technology. Their job is not just about filing compliance reports anymore.

The typical CISO must now maintain relationships with a range of stakeholders inside and outside the agency, beginning with the chief information officer and IT security operations staff and moving on to facilities managers, privacy officials, disaster recovery and business continuity planners, enterprise architecture working groups, and personnel management departments.

Outside the agency, the CISO works with the CIO Council, OMB, Congress, the National Institute of Standards and Technology, the FBI, the Homeland Security Department and private-sector partners.

All of which further raises the question: What makes a successful government CISO? Do they have the authority and resources they need to tackle the increasing loads they are asked to shoulder? What kinds of skills and attributes now constitute the ideal candidates?

Contributing editor John Moore put these and other important questions to six experts — one former and five current government CISOs — who came together for a virtual roundtable discussion.

Also in this week’s issue, we are pleased to present a small taste of an important new book, “If We Can Put a Man on the Moon: Getting Big Things Done in Government.” The authors, government reform experts William D. Eggers and John O’Leary, say big things start with big ideas, and they offer six tips for generating those ideas.

About the Author

David Rapp is editor-in-chief of Federal Computer Week and VP of content for 1105 Government Information Group.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.