Federal CISO Will Face Tough Challenges

The White House has yet to announce who will be the government's first chief information security officer, a position President Obama announced six weeks ago.

If that person is to be effective, the administration should act swiftly, says Mark Weatherford, a former Department of Homeland Security deputy undersecretary for cybersecurity who also served as CISO for California's state government. That's because the new federal CISO only has until next Jan. 20, when the next president is inaugurated, to make a mark.

"There needs to be a sense of urgency here ... the clock's ticking," Weatherford says in an interview with Information Security Media Group. "They need to get somebody into the role and they need to pick somebody who has experience and somebody who has respect to the community. If you put somebody in this job who is not a recognized security expert, then [the new CISO] probably is never going to have the kind of credibility ... needed to be successful."

The White House has not responded to ISMG's repeated requests for comment on when the federal CISO will be appointed.

In this audio report (click on player beneath image above), you'll hear:

Weatherford describe what the new federal CISO could do in shaping the federal government's cybersecurity agenda for the years after Obama leaves the White House; Former DHS Deputy Undersecretary Philip Reitinger, speaking with the Steptoe Cyberlaw Podcast, question how effective a federal CISO would be; and Federal CIO Tony Scott describe the responsibilities of the new federal CISO.

Weatherford is chief cybersecurity strategist at data center security provider vArmour. Besides his roles at DHS and in California state government, Weatherford also served as CISO for the state of Colorado and vice president and chief security officer at the North American Electric Reliability Corp. He also is a former principal at the security consultancy The Chertoff Group.

Reitinger leads the Global Cyber Alliance, a global, not-for-profit organization with a mission of helping to prevent malicious cyber activity.

Scott is the former CIO at Microsoft and The Walt Disney Co. and had been serving as CIO at the cloud and virtualization software and services company VMware when Obama tapped him to be federal CIO in February 2015.