Skip to content

So, Now We Have a Federal CISO...

    
application_security_federal_ciso.png

So, now we have a federal CISO, Brigadier General [Retired] Gregory J. Touhill, as part of the Office of Management and Budget (OMB.) But, what does that really mean?

application_security_federal_ciso.pngWe have had a series of leaders who have played a similar role over the years. Do you remember our first “Cyber Czar,” Richard Clarke? Clarke later wrote a book called “Cyber War: The Next Threat to National Security and What to Do About It.” The George W. Bush administration had a whole series of short-term appointments, underscoring the difficulty of this role. Some other appointments include Rod Beckstrom, who became head of the National Cybersecurity Center and Howard Schmidt, who served as the White House Office of Cybersecurity Coordinator.

I think it’s great that we once again have someone with the responsibility to tackle cybersecurity for the country. Having a leader means there’s now a single person to fire when something goes wrong. Hopefully that means he’s motivated to get organized about protecting our nation’s information infrastructure. But it’s also possible (likely?) that this is yet another short-term appointment that makes it feel like we are doing something--anything--without ever making any real progress.

This article first appeared as a guest blog post for TechCrunch. Click here to read the rest >>

continuous-application-security

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.