SC World Congress: A budget crisis is a terrible thing to waste

Share this article:

Though the country is currently facing an economic downturn, the state of Michigan has been in a recession since 9/11. That cloud has had a silver lining for the state's CISO, Dan Lohrmann, who optimistically claims that “a budget crisis is a terrible thing to waste.”

Lohrmann was part of an SC World Congress panel discussion Wednesday entitled “Cybersecurity from the eyes of an executive” with other panelists, Howard Israel, corporate security officer of Fidessa Corporation and Dave Cullinane, CISO of eBay.

Lohrmann said that he has had to deal with some pretty dramatic budget cuts. When he became CISO in 2002, he was hoping for $30 million to do several major security projects.

“I was thinking I was going to go to the Governor's office and get $30 million,” Lohrmann said. “Well, guess what? It didn't happen.”
The Michigan Department of Information Technology recieved $6.5 in Homeland Security grant money for security initiatives. Not the $30 million Lohrmann hoped for, but with that money his operation was able to complete more than 30 cyber projects, as well as develop partnerships with other states and federal departments to get things done, Lohrmann said.

Forced to do things with less money, Lohrmann started evaluating, “What can I do, what relationships do I have?” The answers were building trust with others, being a deliverer, thinking outside the box and looking for opportunities. That meant getting on the right committees, seeking grant money and looking to establish partnerships with the private sector or other organizations, Lohrmann said.

As for other recommendations, Cullinane said establishing a relationship with the key leadership of your company and their underlings is important.

“You need to be able to go in and explain to the business managers what the value of security personally means to them, and get them to understand what you can do for them.”

That means explaining their risk profile, Cullinane said.

Lohrmann said that it's also important to work from the bottom up, instead of just top down -- to get the front-line workers excited about security.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.