CISOs take center-stage

The nature of IT security has raised the stakes for and profiles of these players in government technology

Of the myriad executive-level positions that have entered and moved up the organizational charts of government agencies, the chief information security officer (CISO) ranks as one of the newest and, increasingly, one of the most complex.

The CISO job is largely an outgrowth of the Federal Information Security Management Act of 2002, which requires each federal agency to develop a plan for securing the information and systems within its purview and file annual security reports with the Office of  Management and Budget.

By 2005, most agencies had created the CISO position to essentially serve as the chief compliance officer for FISMA. The main responsibilities included developing and maintaining an enterprise information security program, certifying that security controls are implemented and working as intended, and serving as the agency’s principal adviser on IT security matters.

But the nature of IT security matters — brought to high alert by episodic breaches and ongoing cyber threats — has raised the stakes for and profiles of these now-pivotal players in government technology. Their job is not just about filing compliance reports anymore.

The typical CISO must now maintain relationships with a range of stakeholders inside and outside the agency, beginning with the chief information officer and IT security operations staff and moving on to facilities managers, privacy officials, disaster recovery and business continuity planners, enterprise architecture working groups, and personnel management departments.

Outside the agency, the CISO works with the CIO Council, OMB, Congress, the National Institute of Standards and Technology, the FBI, the Homeland Security Department and private-sector partners.

All of which further raises the question: What makes a successful government CISO? Do they have the authority and resources they need to tackle the increasing loads they are asked to shoulder? What kinds of skills and attributes now constitute the ideal candidates?

Contributing editor John Moore put these and other important questions to six experts — one former and five current government CISOs — who came together for a virtual roundtable discussion.

Also in this week’s issue, we are pleased to present a small taste of an important new book, “If We Can Put a Man on the Moon: Getting Big Things Done in Government.” The authors, government reform experts William D. Eggers and John O’Leary, say big things start with big ideas, and they offer six tips for generating those ideas.

About the Author

David Rapp is editor-in-chief of Federal Computer Week and VP of content for 1105 Government Information Group.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.