Besides out-of-network networks, another concern is the multitude of devices that were never even conceived when CAC and PIV standards were written. Today we have smart phones, tablets, even a plethora of sensors from the Internet of Things. We must consider other options for identity that go beyond CAC and PIV.
Peter Tran, general manager and senior director of RSA’s Worldwide Advanced Cyber Defense Practice, joined Federal News Radio on the program “Federal Identity Governance” to address these issues.
In a perfect world, a network would consist of desktops in a normal office environment with appropriate personnel able to use the system. In the real world, however, networks aren’t as structured. For example, consider a network in a forward position. You may have DoD personnel, non-governmental organizations, contractors, intelligence workers, even civilians all accessing the network from a number of devices.
Because of the rapid change of devices and networks, federal identity governance must be re-evaluated. The status quo allows for individuals like Reality Winner and Edward Snowden to fall through the cracks and allow federal systems to be vulnerable.
One approach may be to consider a federal identity governance system that takes into account risk management. Perhaps this can go beyond older CAC and PIV identification to assess risk of the data and the individual.
John Gilroy, Host of Federal Tech Talk, Federal News Radio
John Gilroy has been a member of the Washington D.C. technology community for over twenty years. In 2007 he began weekly interviews on Federal News Radio called “Federal Tech Talk with John Gilroy.” His 428 interviews provides the basis for profitable referral business. In 2009 he created a successful breakfast club of previous radio guests called The Technology Leadership Roundtable. He has been instrumental in two of his guests forming their own radio shows: Derrick Dortch with “Fed Access” and Aileen Black and Gigi Schumm with “Women in Washington.”
In 2011 he began teaching a course in social media marketing at Georgetown University; in March of 2014, John won the Tropaia Award for Outstanding Faculty. John conducts monthly corporate training for large companies on how to leverage social media to generate revenue.
Peter Tran, General Manager and Senior Director, Worldwide Advanced Cyber Defense Practice, RSA
Peter M. Tran is the GM & Senior Director for RSA’s Worldwide Advanced Cyber Defense (ACD) Practice. He is responsible for global cyber defense strategy, security operations design, implementation, intelligence and proactive computer network defense solutions and services. Prior to RSA, Peter led Raytheon’s commercial cyber professional services and solutions business as well as its global enterprise security operations and cyber threat programs for intelligence, APT threat analysis, technical operations, exploitation analysis, adversary attack methodologies research and tools development. He possesses over 18 years of combined government, commercial and research experience in the field of computer network forensics, exploitation analysis and operations . He is a Six Sigma Qualified Specialist and holds numerous technical certification to include the Certified Information Systems Security Professional (CISSP), Paraben’s Handheld Device/GPS Signals Examination and the SANS Institute GIAC Reverse Engineering Malicious Code Certification.
He has held senior technical leadership roles with Northrop Grumman and Booz Allen Hamilton supporting various Department of Defense (DoD) Intelligence agencies as well as commercial enterprises. Peter is a recognized expert within the commercial and public sector industries on technical matters relating to computer forensics, malicious code, foreign counterintelligence, technology transfer, network security and cyber espionage. Peter has authored several periodicals and journals published for his field work involving advanced cyber threat analytics, distributed computer forensics and biometric technology applications. His research and technical experience is applied to predictive threat analysis, automated comparative forensics and applied data analytics technology. Peter has defended some of the top commercial brands and public organizations and is a subject matter expert frequently appearing on Fox News, Fox Business, NBC, CBS, Reuters TV, SkyNews, Wall Street Journal, Boston Globe, LA Times, USA Today, Fast Company and The Harvard Business Review.
He holds a BA from the University of California at Santa Barbara, a Master of Forensic Sciences from the George Washington University and is a graduate of the Harvard Kennedy School Executive Program in Cyber Security Technology/Policy, MIT Sloan School of Management Executive Programs in Strategy and Innovation, Technology Operations and Value Chain Management.
Peter is also a graduate of the FBI Cyber Training Program, the U.S. Federal Law Enforcement Training Center (FLETC) and the John E. Reid Technique ® for interview and interrogation.
His professional experience includes work as a Federal Law Enforcement Special Agent, forensic analyst, systems/security engineer, software product designer, consultant in both technology prototyping/production and as an early stage venture mentor/advisor.