What does the nation's first cyber security coordinator do for an encore on leaving government service?
First, one would believe that Howard Schmidt (right), a 40-year veteran of the discipline, will be penning another book, this one detailing the three years he spent serving in the Obama administration as the United States' top computer security adviser. He stepped down at the end of May.
One knows for a fact, however, that he has joined the board of security and compliance firm Qualys, where his main role will be advising on governance, strategic direction for the company and providing guidance to Philippe Courtot, the chairman and CEO. “It's all about being part of a team as opposed to an individual effort,” Schmidt said.
And, it's more than simply contacts in the government that Courtot expects. “Howard is technical enough, he knows the problems very well,” he said. “It's more about, ‘How do you present and package, where should we focus our energy so we can essentially play a bigger role with the federal government.' So, having Howard, it's very welcome and timely.”
could be saved off the annual IT budget if federal agencies got aggressive about the cloud
The two also plan to revive an initiative they co-founded in 2004, the CSO Interchange, which brings security chiefs together from all sectors to discuss problems they are facing. “It's really an environment to bring CSOs together to make things move forward, as opposed to a meeting where people just want to sell something,” Schmidt said.
When they first began the international series of roundtables and breakfasts, there was a lot of resistance from the government sector in applying cloud technologies, as they wanted to control the data, Courtot recalled. “But today, we're at the point where necessity and the growth of attacks have become more pervasive,” he said. “They are now looking for solutions that work and that are cost effective as well, because you can't throw millions of dollars at the problem.”
Speaking of his time at the White House, Schmidt said, “Like any security position, it takes a lot of work. There's a lot of stuff that needs to be discussed. What works for one company, may have less than a positive impact on another one.”
His role, he said, was to bring everybody together to look for solutions. He points to the National Strategy for Trusted Identities in Cyberspace, or NSTIC, a White House initiative to foster collaboration between the government and private sector to better the privacy, security and convenience of online transactions, as one of the administration's major successes. The point, he said, was to look at ways to move away from an environment of user IDs and passwords and get something the private sector can build – an ecosystem where users can migrate to systems that are less likely to be compromised.
He also oversaw advancements in international cyber strategy. “Working with a great team across the government and with international partners, the International Strategy for Cyberspace [a policy document that sets an agenda for partnering with other nations] was looking at several things – from prosperity to economics to military action to peaceful activity,” he said.
It's very difficult to stop the threats, Schmidt said. “What you can do is stop the threats from being successful. And that's making sure everything that you're doing – in the cloud, on the desktop, browser, server environment – you can reduce the vulnerabilities so that no matter what someone throws at you, it's less likely to be successful.”