The idea is simple, the HoCo CISO gives Howard Tech Council members, the opportunity to receive security consulting advice and resources from trained security professionals. A very handy resource given the tight budgets that most startups face and major security risks firms could face if they don't consider cybersecurity.
Patrick Wynn is the Director and Jason Taule is a board member on the Howard Tech Council. They were both instrumental in the launch of the HoCo CISO program. I sat down Wynn and Taule for GovLoop's State and Local Spotlight Interview. I asked them what was the impetus for the creations of the CISO in residence program.
"At the Maryland Center for Entrepreneurship we have an incubator. The incubator has about 100 companies in it. As young entrepreneurs are growing their companies they are interested in gaining access to capital and clients, but one of the things we have noticed is there is a weakness in their security posture, because they don't have anyone dedicated to making sure they are protecting the intellectual property. They are not using good practices to assure that their crown jewels stay within their organization and are not siphoned off by other companies," said Wynn.
- Key Insight: "Information security, risk management and assurance is all I have done for 30 years. I watched several revisions of corporate company development. One of the lessons I took away, was that for all the brilliant ideas that organizations has they still need organizational capabilities. It doesn't matter how big or how small your company is you still have questions about information risk and you need that type of council. If you don't handle security correctly, everything you have worked for could be done overnight," said Taule.
Where does the HoCo CISO program in residence stand now?
"We did a soft launch with Cyber Maryland's contingent that went to the RSA conference two weeks ago. The conference provided an opportunity to show leadership and let folks know from a road-mapping perspective what we are doing. By the end of the week we will have our website up and running. One the website we will be giving members an opportunity to pose questions and we will actually have a sheet of questions that companies probably should be asking. We also hold in-person monthly hours at the incubator to allow people to pop in and ask questions of these chief information security officers in-person," said Wynn.
"We are operational now. For many years we have provided our members the opportunity to discuss issues that they have. So, members could always bring security questions forward. We didn't wait for the HoCo CISO program to be 100% baked, we started with just an email address, so if you had questions you could engage through that mechanism," said Taule.
Why create this program?
- Key Insight: "From my experiences, there is a core number of things that you have to do every time over and over again. But we recognize that what one member has as a question, although we can't give anything away that would be proprietary, much of the guidance would be broadly applicable. By capturing that information in a knowledge base we will be able to provide our members another way of informing themselves of security capabilities," said Taule.
Lessons learned so far?
"One of our big takeaways is that when you start talking to people about the concept of a chief information security officer in residence, they say, 'That's brilliant.' It is amazing to me that no one has ever thought about this type of program before. We are providing a high level of service back to the community on a volunteer basis. It is great for the community, it is great for us to help these young, growing companies, and ultimately to protect the critical infrastructure because we are looking to change the mindset from a security perspective, if you can start early and you can build in a security, privacy and risk profile into your organization, you are going to be better off down the road," said Wynn.
If you enjoyed our GovLoop's State and and Local Spotlight interview, you can more interviews under keyword "emily's corner."