December 11, 2008

SC World Congress: A budget crisis is a terrible thing to waste

Though the country is currently facing an economic downturn, the state of Michigan has been in a recession since 9/11. That cloud has had a silver lining for the state's CISO, Dan Lohrmann, who optimistically claims that “a budget crisis is a terrible thing to waste.”

Lohrmann was part of an SC World Congress panel discussion Wednesday entitled “Cybersecurity from the eyes of an executive” with other panelists, Howard Israel, corporate security officer of Fidessa Corporation and Dave Cullinane, CISO of eBay.

Lohrmann said that he has had to deal with some pretty dramatic budget cuts. When he became CISO in 2002, he was hoping for $30 million to do several major security projects.

“I was thinking I was going to go to the Governor's office and get $30 million,” Lohrmann said. “Well, guess what? It didn't happen.”
 
The Michigan Department of Information Technology recieved $6.5 in Homeland Security grant money for security initiatives. Not the $30 million Lohrmann hoped for, but with that money his operation was able to complete more than 30 cyber projects, as well as develop partnerships with other states and federal departments to get things done, Lohrmann said.

Forced to do things with less money, Lohrmann started evaluating, “What can I do, what relationships do I have?” The answers were building trust with others, being a deliverer, thinking outside the box and looking for opportunities. That meant getting on the right committees, seeking grant money and looking to establish partnerships with the private sector or other organizations, Lohrmann said.

As for other recommendations, Cullinane said establishing a relationship with the key leadership of your company and their underlings is important.

“You need to be able to go in and explain to the business managers what the value of security personally means to them, and get them to understand what you can do for them.”

That means explaining their risk profile, Cullinane said.

Lohrmann said that it's also important to work from the bottom up, instead of just top down -- to get the front-line workers excited about security.

Related Articles
Related Topics

Sign up to our newsletters

More in News

Bitcoin mining botnet has become one of the most prevalent cyber threats

Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.

House Intelligence Committee OKs amended version of controversial CISPA

House Intelligence Committee OKs amended version of controversial ...

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

Judge rules hospital can ask ISP for help ...

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.