Howard Schmidt on CSOs, Risks and Responsibilities

This is the first in a two-part Q&A with former White House Security

Advisor Howard Schmidt. Follow the rest of the story here.

A former White House security advisor turned corporate consultant says IT

security professionals have a bigger and more complicated job to deal

with than ever before. But he also says they’re more prepared and better

equipped to handle it.

Howard Schmidt is a man with a lot of experience in security — both in

the government and in the corporate field. He’s the type of man who

garners a great deal of attention when he speaks out on security issues,

whether they be corporate readiness to fight off virus attacks or the

country’s readiness to battle cyber terrorism.

Schmidt, who worked in the White House for 31 years, was appointed by

President Bush as Special Adviser for Cyberspace Security for the White

House just three months after the terrorist attacks of Sept. 11. In

January of 2003, he became the chair of the President’s Critical

Infrastructure Protection Board before retiring in May of the same year.

But his security work doesn’t begin or end with the government.

Schmidt once served as chief security officer for Microsoft Corp., and

was Vice President and Chief Information Security Officer and Chief

Security Strategist for eBay. During his military years, he was a

supervisory special agent and director of the Air Force Office of Special

Investigations (AFOSI) Computer Forensic Lab and Computer Crime and

Information Warfare Division.

And his retirement from the White House has not slowed him down.

He has assumed the position of Chief Security Strategist for the U.S.

CERT Partners Program for the National Cyber Security Division. Schmidt

also is president and CEO of R&H Security Consulting LLC, a company he

formed with his wife to focus on computer forensics and security

consulting. And he is co-founder of CSO Interchange, which holds

vendor-neutral meetings for CSOs to discuss issues and share information.

In a one-on-one interview with Datamation, Schmidt talks about

chief security officers’ growing status in the corporate world, whether

or not CSOs are trained enough to handle their jobs and what they need to

do a better job.

Q: A recent survey by CSO Interchange shows that CSOs say their jobs

are more difficult than they were a year ago. What is changing?

There are a few things changing. There are a couple good news stories.

CSOs are getting more authority and responsibility than they’ve ever had

in the past and that makes it more difficult. The second thing is we’re

seeing increased use of wireless and instant messaging, which is becoming

a corner stone of the way companies communicate. It’s all more

complicated, but we all feel we’re doing a better job than we’ve ever

done before securing the enterprise.

Q: IT managers and security professionals have been saying for years

that they need more authority to do their jobs well. Are they finally

getting their wish?

That’s one of the good news things — having increased responsibility and

the associated authority. The security officer who has the responsibility

but not the authority just becomes the person to blame when things go

wrong. Give us the responsibility and the authority to go ahead and

affect changes. If you look at the survey, we are feeling much more

comfortable with the level of security we’re able to implement. We’re

doing a better job because we have more authority.

Q: Your survey also showed that a lot of CSOs say their companies are

relatively safe from worms, viruses and Trojan horses. Are they as safe

as they think they are?

Yah, I think we are. We’re better equipped to handle it. It’s like

anything else. Once something rises to the level of being the most

pronounced threat out there, we work very hard at it. It’s not surprising

we think we’re best equipped to deal with it. It’s been such a problem in

the past that we work really hard to make sure it’s not a problem

anymore.

Q: When it comes to malware, are corporate networks safer today than

they were a year ago or two or three years ago?

I think we’re probably a factor of two to three times better protected

than last year. I have not gotten one malicious piece of code or phishing

in my inbox in nine months now. They wind up in my spam box or in my

anti-virus filter… We’re not going to sit back and rest on our laurels

but we are happy about it… During a particular outbreak of some sort,

you’ll read about this company being affected, but you don’t read about

the 6,000 companies that weren’t infected.

Q: You talk with a lot of CSOs. What are they worried about?

The whole issue of vulnerabilities and code we don’t know about yet. As

all the major vendors come out with new patches, it’s always on our minds

about what it’s going to take to fix the next one. That’s the

conversation we most often have. Looking at new methods of communication,

like IM, getting away from static user ID and passwords. The targets are

becoming the end users.

The rest of our one-on-one interview with Howard Schmidt will run tomorrow, Friday, July 8.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020