This content is written by Jim Richberg, the public sector CISO for Fortinet Federal.
I spent a lot of years working for the Federal government. Long enough that I can tell stories about technology few people even remember. (Anyone recall Wang or Kaypro?) The fact is that if you work in any organization for a long time, it can be a bit insular. You don’t know what you don’t know in terms of what’s happening beyond the walls of your work. And government agencies are no exception.
Since I’ve moved to the private sector, I’ve discovered some underappreciated elements of cybersecurity that I wasn’t as aware of before. Although I don’t have a custom DeLorean with a flux capacitor, if I could go back now, sit myself down and have a conversation with a younger me, here are three things I’ve learned about cybersecurity that I’d tell my former self.
1. Platforms are transforming cybersecurity.
Ecosystems or platforms that offer interoperability are an often under-appreciated element of the cybersecurity landscape. They address some significant cybersecurity problems, including:
The growing attack or vulnerability surface
The workforce shortage (numbers and skills) and insufficient resources
Data and solution overload
If you instrument the key parts of the attack surface with devices that are both sensors and controls, you end up with a security ecosystem or platform. But you’d also drown in data, unless you take advantage of the power of artificial intelligence (AI) and machine learning (ML).
Integration powered by AI and ML turns one of our greatest vulnerabilities–the size and complexity of the attack surface– into an advantage. The platform approach transforms disparate devices and connections into a virtual antenna or an integrated network of sensors. This intersection of increasingly mature AI/ML with platforms is a potentially transformational element. The platform sensors are the source of data and AI/ML is the engine that can make sense of that data. The platform devices are also controls that can be directed to take action at scale and in real time.
Unless you are part of the cybersecurity industry, it is easy to overlook how broadly used and how transformational the impact of AI and ML have been across the disciplines and functions of cybersecurity. The use of AI and ML ranges from detecting and assessing potential malware in real time to parsing the nearly 2 billion websites on the Internet, keeping up with ever-changing web apps, and assisting security teams with behavioral analysis to spot user activity that is atypical and potentially malicious.
Since the AI-enabled platform approach also enables dynamic and real time zero trust operation, it both minimizes the likelihood of penetration and can limit the damage whenever a breach does occur. I recognize that many of us have long focused on “the two Ps” of performance and price when evaluating procurement options. It’s time to add a third P. We need to recognize that security platforms exist and are increasingly powerful. Failing to do so ignores the benefits of synergy between different parts of our security architecture.
2. Software-defined networking is the future.
Much as “plastics” was the theme of an iconic scene in the classic movie “The Graduate”, I’d tell my former self to look to software defined networking. Software defined networking is an increasingly important tool of network topology and operational resilience. The adoption of software defined networking, especially in the form of Software Defined Wide Area Networking (SD-WAN) has allowed countless businesses to save money while increasing performance and operational flexibility. Yet even when agencies see the operational and cost value, they still sometimes face significant challenges implementing this technology under the “government conditions” of lengthy budget and procurement cycles.
However, one thing to watch out for is that many organizations have implemented SD-WAN solutions that don’t even have basic firewall protection. An alternative is to combine networking and security into a single solution: secure SD-WAN. A secure SD-WAN device can replace separate products ranging from network routers to firewalls. This combination product can reap the higher network performance and lower costs of SD-WAN and offer a better user experience in terms of connection speed and flexibility. It also improves security by offering greater visibility and control of vulnerability and potential threats. In other words, a software-defined network is also a security-driven network.
3. Partnerships and new perspectives can yield great rewards.
Although the other two pieces of advice focus on technology, I would be remiss if I didn’t mention the value of developing and leveraging partnerships and getting perspectives outside of your immediate peers. In IT and security, we are very focused on dealing with the immediate challenge, whether it is a security breach or figuring out how to implement an upgrade efficiently and with minimal disruption to operations. It can be difficult to carve out time and a mechanism to look beyond the immediate problem while in the midst of day-to-day work, but it’s important.
Having trusted sources of outside perspectives and counsel that can serve as a sounding board and a source of advice about technologies and best practices is key. Participating in peer activities such as public-private sector working groups and collaborative exchanges was a good way to develop these relationships pre-pandemic. While remote work may have impeded this invaluable face-to-face social networking, it didn’t foreclose virtual options. For example, I’d recommend finding a blog that stimulates your thinking, even if you don’t always agree with the pundit. There is no magic answer to attaining this broader situational awareness and advice, but remember: many of the most difficult aspects of cybersecurity aren’t technical; they’re related to creative problem solving and communication.
Focus on the big picture
To wrap up my chat with my younger self, I’d encourage striking a balance between short and long-term thinking. It’s easy to get caught up in focusing on solving immediate problems, but the ability to maintain a strategic perspective is what separates exceptional security leaders from the merely average. Although both can manage current problems, exceptional leaders have already thought about how to address the next set of problems as well. Seek out mentors and trusted sources of information to stimulate your thinking and ensure that part of your time is spent focusing on the big picture and longer timeframes.
Cybersecurity for government: everywhere you need it. Learn more about protecting the possibilities with Fortinet Federal.