Think like a hacker, says former CISO

Gregory Touhill 

Gregory Touhill served as the first governmentwide chief information security officer at the tail end of the Obama administration.

Shared services, new hacker-like thinking and a clear and concise security strategy are some of the keys to protecting the .gov environment, said the former first governmentwide chief information security officer.

"We need to think like a hacker" to protect federal networks, Greg Touhill said at a March 30 cybersecurity conference in Washington. "We haven't even been thinking like an accountant" when it comes to federal IT, he said. "We need to do a bit of both" to maximize security and efficiency for the federal networking dollars.

Touhill, who was appointed to the new CISO position by President Barack Obama in September, stepped down on Jan. 17. In his remarks at the Billington Cybersecurity Summit on March 30, Touhill said he plans to begin a job search in April.

A retired Air Force brigadier general, Touhill has a long history in federal government, as a deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security before he got the call for the CISO job.

Now a month out of government, Touhill said the next person to hold the job has to offer up clear concise strategy to protect federal IT, as well as be able to articulate risk to senior-level agency managers and foster more consolidation among agency IT capabilities.

"As federal CISO, rather than come out with the big lengthy strategy document that no one will read, I focused defining the mission," he said. "What is the cybersecurity mission of the federal government?"

"We'll see when the executive order comes out," Touhill continued, "but when I was in the job I said here's the mission statement support an open and transparent govern that protects the people's information while protecting civil rights and civil liberties. Do you think the troops in the field and the folks in the server rooms and employees can get that? I think they can."

Touhill also said the government needs to stop its profligate spending ways with IT.

"'Be calm and buy everything' seems to be [the practice] when it comes to IT and cybersecurity in the federal government," he said. "We go out and we buy every damn tool that's out there. But we don't read the instruction books and we don't necessarily take the training…We don't use the tools that we buy very well."

Shared services, he said, can trim that spending, as well as boost data security. "I'm a big proponent of consolidation of IT services through .gov. It's silly that every single department and agency is doing their own thing."

Using shared services for more applications, Touhill said, would not only place data into a more uniformly secured, central environment, it would also free up federal CIOs to manage and prioritize their data more effectively. Mismanaged data in the wrong places is an issue currently, he said.

Additionally, Touhill said funding for "active hunt teams" that can track down and interdict attackers is needed. Cyber response teams are good, but they're "cleaning up on aisle six" while other threats could be roaming through the .gov environment. "We need to do a better job" hunting down those threats, he said.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group