Apparently the White House doesn’t already have a CISO.
Yesterday, the White House announced that it is now searching for its first ever chief information security officer. I’ll admit that I was under the impression that the White House already had a CISO, but it turns out the closest it has to it are the special assistant to the president for cybersecurity, the Department of Homeland Security’s deputy undersecretary of homeland security, and the information assurance directorate within the National Security Agency.
A strong move forward, albeit a bit late
The White House appointing a CISO is most definitely a good thing, but it surprises me that this move only comes now – after all, the White House has been pressing private organisations to get their cybersecurity defences updated for a while now.
White House representatives have said that the CISO will be in charge of ensuring government employees are getting basic cybersecurity right, such as patching software and using two-factor authentication.
While these responsibilities are basic, I imagine they’ll help prevent further government breaches – especially the recent one involving 9,000 DHS employees in which a member of staff fell for a social engineering scam and handed over a token that gave an unauthorised party access.
Good enough for the job?
Even though there isn’t a job description available at the time of writing, I predict (hope) that whoever is successful will have years of experience and plenty of information security certifications under their belt.