Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.
This week on Federal Tech Talk, host John Gilroy speaks with John Harrison, senior cyber security solutions architect at Criterion. He has boots-on-the ground experience as a Marine and an M.B.A. from Georgetown University. He shares his thoughts on the challenges of handling cybersecurity in a federal environment during a pandemic.
Harrison begins by contrasting compliance to risk management. The federal IT world does not lack guidelines for compliance. Some have suggested that there are over 1,000 data points that a typical system must take into consideration. We all can go through the litany of FISMA, OMB, NIST, DHS, as well as OIG. Add this to a rapidly expanding use of remote connections, and a system administrator can focus on compliance details rather than the main issue: security.
Another concern that Harrison brings up is the capability of doing appropriate risk mitigation on a static system vs. looking at dynamic systems. His argument is that risk governance at scale requires a different skill set than a standard system.
What makes the process unique is if there are no continuous or repeatable processes, an IT leader cannot identify and prioritize opportunities for improving this process. Proper risk management would include establishing a repeatable process for monitoring, maturing and improving the organization.