Though the country is currently facing an economic downturn, the state of Michigan has been in a recession since 9/11. That cloud has had a silver lining for the state's CISO, Dan Lohrmann, who optimistically claims that “a budget crisis is a terrible thing to waste.”
Lohrmann was part of an SC World Congress panel discussion Wednesday entitled “Cybersecurity from the eyes of an executive” with other panelists, Howard Israel, corporate security officer of Fidessa Corporation and Dave Cullinane, CISO of eBay.
Lohrmann said that he has had to deal with some pretty dramatic budget cuts. When he became CISO in 2002, he was hoping for $30 million to do several major security projects.
“I was thinking I was going to go to the Governor's office and get $30 million,” Lohrmann said. “Well, guess what? It didn't happen.”
The Michigan Department of Information Technology recieved $6.5 in Homeland Security grant money for security initiatives. Not the $30 million Lohrmann hoped for, but with that money his operation was able to complete more than 30 cyber projects, as well as develop partnerships with other states and federal departments to get things done, Lohrmann said.
Forced to do things with less money, Lohrmann started evaluating, “What can I do, what relationships do I have?” The answers were building trust with others, being a deliverer, thinking outside the box and looking for opportunities. That meant getting on the right committees, seeking grant money and looking to establish partnerships with the private sector or other organizations, Lohrmann said.
As for other recommendations, Cullinane said establishing a relationship with the key leadership of your company and their underlings is important.
“You need to be able to go in and explain to the business managers what the value of security personally means to them, and get them to understand what you can do for them.”
That means explaining their risk profile, Cullinane said.
Lohrmann said that it's also important to work from the bottom up, instead of just top down -- to get the front-line workers excited about security.