Government Information Security Podcast

Interview with Dr. David Dampier on Mississippi State's Unique Program Mississippi State University's 'Wounded Warriors' program is all about providing digital forensics training for soldiers and sailors transitioning home from Iraq, Afghanistan and elsewhere in the world. In an exclusive interview, Dr. David Dampier, associate professor in the university's department of computer science and engineering - and an Army veteran - discusses: Details of the 'Wounded Warriors' program; Job prospects for returning veterans; How this program has impacted other training opportunities at Mississippi State. Dampier is an Associate Professor in the Department of Computer Science and Engineering and serves as the Director of the National Forensics Training Center at Mississippi State University. The NFTC is a USDOJ-funded center that provides law enforcement officers free training in digital forensics. He is a retired Army officer with over 20 years of service. His research interests are in digital forensics and sof

Opportunities - and Salaries - are up for the Right People with the Right Skills The economy has been down, but job opportunities are up for information security professionals with the right skills. This is the posture of David Foote, CEO and chief research officer of Foote Partners, an IT workforce research firm. In an exclusive interview, Foote discusses: The hottest IT security skills and certifications; Hiring trends and areas of growth in the coming months; Complementary skills that also are in high demand. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives,

Most state chief information security officers manage information security from the 35,000-foot level, guiding government cybersecurity policy but not being involved in the day-to-day, hands-on implementation of safeguards. And, that presents a big challenging to state CISOs charged with protecting their governments' IT assets. Just ask Mark Weatherford, chief information security officer and director of the Office of Information Security in the nation's largest state, California. "We're so decentralized that it's hard to have your finger on the pulse of what's going on in every agency," Weatherford says, in an interview with GovInfoSecurity.com. "We face the same kind of threats as everyone, whether it's a virus of a DDOS (distributed denial of service) or an identify theft. Your ability to respond to those threats and identify those threats is really the biggest issue." Weatherford, in the second of a two-part interview, addresses the challenge and also discusses privacy concerns, cloud computing and th

Gartner: IT Regs Will Be Enacted in 5 Years Like the airlines, automotive, financial services, pharmaceutical and telecommunications industries, the government will soon - probably within the next half decade - begin to regulation the IT industry, IT adviser Gartner predicts. "There's a trajectory that industries tend to follow; when an industry is extremely successful - that is to say that when an industry succeeds in moving its products and services right into the heart of daily life, regulation tends to follow. in the 20th century," Richard Hunter, a Gartner fellow and vice president, says in an interview with GovInfoSecurity.com. "We saw the Food and Drug Administration, we saw regulation of telecom, we saw regulation of the airlines industry, we saw regulation of the automobile industry," he says. "I think the information technology industry has been extraordinarily successful in the last 40 to 50 years in increasing the importance of its products and services to almost every aspect of modern life.

One challenge federal and state chief information security officers face when trying to recruit information security professionals is the lack of governmental occupation classification for IT security specialists. They just don't exist. Most IT security professionals are classified under various information systems occupation categories, which means they don't identify security skills, explains Mark Weatherford, director and chief information security officer of California's Office of Information Security. But Weatherford, in an interview with GovInfoSecurity.com, explains that he's working with other state CISOs and the Department of Homeland Security to develop IT security occupation categories as well as career paths that should help recruit and retain information security pros in government. In the interview, Weatherford also discussed the impact of California's budget crisis on safeguarding the state's IT assets as well as his role as head of an office that like the federal Office of Management and B

Little wonder that Howard Schmidt's name is on every list of prospective White House cybersecurity czar. In the field of IT security, Schmidt has done it all. He spent more than 30 years in public service, including a stint as a White House special adviser on cyberspace security and as chief strategist for the US-CERT Partners Program at Homeland Security. He serves on an IT privacy board that advises the National Institute of Standards and Technology, the Commerce Department and White House. In the private sector, Schmidt has held top IT security posts at Microsoft and eBay. An author of two IT security books, Schmidt has academic affiliations with Georgia Institute of Technology, Carnegie Mellon and Idaho State University. Schmidt is the first and current president of the Information Security Forum, an independent, not-for-profit association aimed harnessing the brainpower of public and private-sector experts in IT security and risk management. In an interview with GovInfoSecurity.com's Eric Chabrow, Sc

With the heightened focus on cybersecurity - and increased incidents of insider crimes - the digital forensics practice has also gained a higher profile in both the private and public sectors. Keith Barger, a forensics veteran, currently serves as a director in KPMG's forensics practice in Houston, TX. In an exclusive interview, Barger discusses: Myths and realities about forensics; How businesses and government agencies are employing forensics today; Tips on where your organization can acquire forensics skills. Barger joined KPMG in 2006 after six years as a Special Agent and Digital Forensics and e-Discovery Western Regional Coordinator and Project Manager with the Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Keith has extensive experience with e-Discovery, the Amended Federal Rules of Civil Procedure, digital forensic investigations, forensic methodologies, computer evidence recovery, and data analysis. Barger specializes in electronic data discovery, data

The Heartland data breach and July's denial of service (DDoS) attacks against government agencies are among the biggest information security incidents of the year. And they've pushed incident response into the spotlight. Peter Allor is on the Steering Committee of the Forum for Incident Response and Security Teams (FIRST.org), and in this interview he discusses: Key incident response issues facing organizations today; What we've learned from the Heartland and government DDoS incidents; How to prepare for a successful career in incident response. Allor is a member of the Forum for Incident Response and Security Teams (FIRST) Steering Committee, a forum for security and incident information exchange between teams international. He also is the program manager for cyber incident & vulnerability Handling for IBM, where he is responsible for guiding the company's overall security initiatives and participation in enterprise and government implementation strategies. In addition, Allor is a member of: The Infor

Interview with Alan Berman of DRI International and AnneMarie Staley of NYSE The H1N1 threat has put business continuity and disaster recovery (BC/DR) in the headlines. But behind the scenes, the discipline has long been active in helping global organizations respond to myriad natural and man-made disasters. In a discussion about H1N1 and other BC/DR issues, Alan Berman of DRI International and AnneMarie Staley of NYSE touch upon: The biggest threats and regulatory challenges facing global organizations; How to apply "Think Global, Act Local" to BC/DR; What organizations must do now to respond to the H1N1 threat. Berman, the Executive Director of DRI International, is a CBCP, a member of the ASIS BS25999 technical committee, a member of the Committee of Experts for ANSI-ANAB, a former member of the NY City Partnership for Security and Risk Management and the co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the US Private Sector Preparedness Act (PL 110-53). Over a

Not only is Capella University one of the NSA's accredited Centers of Academic Excellence (CAE), the school also offers undergraduate, graduate and post-graduate programs in information assurance - and 100% online. In discussing Capella's unique programs, Dr. Steven Brown touches upon: How Capella's information assurance programs have developed; Where students live, work, and what they bring to the programs; The future of information security education. Dr. Brown is an experienced professional with more than 25 years of technical and business experience. His work both domestically and internationally has been in telecommunications, data networks, strategic communications, electronic commerce, business management, and security. He has authored several publications and presented at conferences around the world. Dr. Brown is currently serving as a Capella core faculty member teaching graduate courses in information assurance and security. He is responsible for ensuring that the information security and net

FISMA has been somewhat maligned this year as a paper-pushing law that prompts chief information security officers to file the right documents rather than truly secure the IT their charged to safeguard. But Gil Vega sees a lot of good in the seven-year-old Federal Information Security Management Act. The CISO at the Department of Homeland Security agency known as ICE - Immigration and Customs Enforcement - credits FISMA with getting secretaries and agency heads to recognize the importance of regularly monitoring IT security. Still, Vega says the time is right for a new law that requires the continuous monitoring of IT systems for potential threats. Vega, in an interview with GovInfoSecurity, shares his thoughts on how FISMA should be reformed as well as the actions ICE is taking in anticipation of FISMA reform to implement continuous monitoring of the agency's information assets. He also discusses the steps ICE takes in recruiting IT securing personnel and the need to find more technically skilled staffers.

Cybersecurity is the buzzword these days, and in terms of education ... Carnegie Mellon University is all over it, and has been for nearly a decade. In an exclusive interview, Pradeep Khosla, dean of the College of Engineering at Carnegie Mellon, discusses: The school's current cybersecurity programs; Hot career opportunities for graduates; Advice for those looking to start or jump-start a cybersecurity career. Khosla is currently Dean of the College of Engineering and the Philip and Marsha Dowd University Professor at Carnegie Mellon. His previous positions include: Founding Director, Carnegie Mellon CyLab; Head, Department of Electrical and Computer Engineering; Director, Information Networking Institute; Founding Director, Institute for Complex Engineered Systems (ICES); and Program Manager, Defense Advanced Research Projects Agency (DARPA), where he managed a $50M portfolio of programs in real-time systems, internet enabled software infrastructure, intelligent systems, and distributed systems.

Rhode Island's information security staff consists of two people - the chief information security officer and the deputy CISO - which shouldn't be surprising considering the state is the smallest one in the nation, at least geographically. But size can be deceiving. In reality, many of the IT specialists working in the various agencies also have been charged with securing the state's IT assets. In an interview with GovInfoSecurity.com, CIO Jack Landers and CISO Ernie Quaglieri discuss how cybersecurity is integrated into the state IT operation. They also discuss their working relationship as well as how a recent move to centralize IT functions in state government is proving beneficial. Landers and Quaglieri spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

Identity theft is a growing concern for governments, businesses and citizens alike. "We're in the middle of a national identity crisis," says Neville Pattinson, VP of Government Affairs & Standards, NA., Gemalto. In an exclusive interview, Pattinson discusses: The case for credentialing; Practical applications of credentialing in the government and healthcare industries - and how other industries can benefit; Good first steps toward secure, effective solutions. Pattinson is a leading expert on smart cards and using the microprocessor chip to keep identity credential data and biometrics secure and private. Pattinson has been heavily involved in planning and implementing a number of federal government security initiatives including the Department of Defense Common Access Card (CAC); the State Department's electronic passport; the Western Hemisphere Travel Initiative cards; the Department of Transportation's Transportation Worker Identity Credential (TWIC) and the Transportation Security Administration's Regis

Interview with Prof. N. Paul Schembari, East Stroudsburg University Information security - it's now a major national priority, and it's also the subject of a new Master's of Science program at East Stroudsburg University. This unique, online graduate program debuts on Aug. 31, and in an exclusive interview ESU professor N. Paul Schembari discusses: The program's unique characteristics; Educational and career opportunities for prospective students; How to quickly take steps toward enrollment.

Interview of Will Pelgrin, New York State Director of Cybersecurity and Critical Infrastructure Money's tight everywhere in this recession, and New York State - like other governments - need to be innovative in how to secure its information assets. For Will Pelgrin, the director of the state Office of Cybersecurity and Critical Infrastructure Coordination, that means keeping key executive branch officials - from the governor on down - and lawmakers informed about the threats to the state's information systems is key in getting the needed backing to support his efforts. Such briefings are crucial, Pelgrin says, because those who control state coffers don't perceive cyber threats as IT professionals do. Not only briefing them, but putting cybersecurity in a context they understand - i.e.: if you don't have a break-in, you don't remove your locks - is critical. In the second of a two-part interview with GovInfoSecurity.com, Pelgrin discusses the need to make new technologies such as social networks secure fo

Interview of Will Pelgrin, New York State Director of Cybersecurity and Critical Infrastructure Coordination Will Pelgrin is a CISOs CISO. Minnesota Chief Information Security Officer Chris Buse describes Pelgrin - director of New York State's Office of Cybersecurity and Critical Infrastructure Coordination - as "cool testament" to the type of leaders emanating out of state government. Pelgrin chairs the Multi-State Information Sharing and Analysis Center - MS ISAC - a 50-state consortium that collects information on cyber threats to government and critical infrastructure IT shares that information among the states and local governments. He also served as a member on the Commission on Cybersecurity for the 44th Presidency. In New York, he heads the New York State Public/Private Sector Cybersecurity Workgroup that consists of representatives from federal, state and local governments, academia and business and ensures cyber readiness in the state. In the first of a two-part interview with GovInfoSecurity.co

Larry Kettlewell is Kansas' chief information security officer, but has no direct authority over individual state agencies' implementation of IT security. But Kettlewell isn't without influence. He chairs the state IT Security Council and heads the Department of Information Services and Communication's Enterprise Security Office, which coordinates incident response and oversees the state's IT infrastructure as it relates to security. In an interview with GovInfoSecurity.com, Kettlewell discusses: Kansas' uncommon approach to IT security governance; Major obstacles the state faces in securing IT; How cybersecurity policy being developed in Washington will have an impact on states; and Challenges in recruiting an IT security workforce. Eric Chabrow, GovInfoSecurity managing editor, interview Kettlewell.

If the choice were between an intriguing job or higher a higher salary, what would you choose? Minnesota Chief Information Security Officer Chris Buse thinks many information security pros would choose the challenge over money. The ranks of state IT security employees has a number of people who were attracted to government service by the challenges of creating and maintaining secure IT in an environment that most businesses cannot replicate, says Buse, in the second of a two-part interview with Information Security Media Group's GovInfoSecurity.com. Buse describes government work as "a feel-good job," especially for those who have spent years "grinding out money for the stockholders. ...We have a lot of people who have done some pretty remarkable things in their career, but come in here and took pay cuts to be part of our organization." In the interview, Buse explains how he's looking to find bright, talented computer science graduates from regional universities to join the state's IT security team. He a

Interview with Chris Buse, Minnesota Chief Information Security Officer Minnesota, like nearly all other states, can't count on overflowing coffers to fund fully crucial programs, such as IT security. But Chris Buse, Minnesota's chief information security officer, says limited funds is no excuse for not properly safeguarding the state's information assets. "Absolutely not," Buse responded to a question about whether sufficient funds exist to fully secure IT. But it's incumbent on government leaders like Buse to figure out how to work with one another to stretch those dollars to provide the security the state needs. "It's difficult, especially if you're a taxpayer to hear somebody in government say, 'Oh, that's not enough money to provide adequate security,'" Buse said in an interview with Information Security Media Group's GovInfSecurity.com. In the interview, the first of two parts, Buse also addresses efforts to shift to a hybrid IT security management approach from a decentralized one while allowing ag