Jerred Edgar’s 24 years in the U.S. Army shape his work as Idaho’s Chief Information Security Officer in ways both intangible and practical. Early in his Army career, he focused on combat arms and military intelligence, then shifted to IT and cybersecurity. Over the years, Edgar gained experience in problem solving at every level, from individual teams to U.S. Central Command.
“It was essentially one problem after another, and it instilled in me this unique perspective that I bring to everything I do,” Edgar said. He also picked up some good tools for building cyber resilience. The art of resilience, he said, comes down to core principles around planning, execution and communications. In particular, he uses the Army’s seven Mission Command Principles as a framework (see below). Edgar sees the first three as foundational pieces for cyber efforts:
- #1 — Competence
- #2 — Trust
- #3 — Collaboration
These principles can help cyber teams simplify their approach to cybersecurity, which reflects another lesson Edgar learned in the Army: Simplicity survives, while complexity dies.
BUILDING BLOCK #1 — Executing With Competence
Definition:
Edgar defines competency as the ability to execute a mission with discipline and initiative: “Are we exceptionally good at what our role requires us to do?” Cyber tools and tactics don’t amount to much if employees do not have the experience and skills to wield them effectively, Edgar said. “Socrates said that a disorderly mob is no more an army than a pile of rubble is a building,” he said. In the same way, “you can buy stuff, but it’s just a pile of stuff. It’s up to you to turn it into that house you’re going to live in.
Key Enablers:
- Governance. Standards, definitions, guidance and related documents provide employees with “compass north,” Edgar said, ensuring that everyone understands the organization’s goals and their role in achieving them.
- Training. Once the goals are clear, cyber leaders must help employees develop the skills they need to carry out their roles and align with the standards and guidance defined as part of governance.
- Ownership. To be effective, both governance and training require meaningful support from the organization, said Edgar. “Are we investing our time, our leadership and our [resources] to support that?
Case Study
Idaho Readiness Training After Hurricane Andrew hit Florida in 1992, the Defense Department (now the War Department) created the Innovative Readiness Training program through which military personnel help local communities rebuild after disasters. In the process, those military members receive on-the-job training in skills that support military readiness, such as operating heavy equipment.
About 26 years later, the department expanded IRT to include cybersecurity work. Edgar, still in the military at the time, helped build a strategic partnership with the state of Idaho to put this idea into practice, eventually becoming Director of Cyber IRT for the Idaho Army National Guard.
Now, as Idaho’s CISO, he has built on the IRT to create the Idaho Readiness Training initiative, which advances cyber competencies for state and local governments, critical infrastructure owners, and other key players statewide. The initiative is part of a larger program called Operation Cyber Idaho.
Watch for articles exploring Building Block #2 (Trust) and #3 (Collaboration).
This article is an excerpt from GovLoop’s guide titled “Preparing Agencies for Cyber Disruptions.” Click below to download the full guide.