The federal government should concentrate less on new policies and more on optimizing organizational architecture and culture to support what exists, recommends former Federal Chief Information Security Officer Gregory Touhill in a farewell letter posted Jan. 19.
Tapped in September 2016 as the first U.S. CISO to drive cybersecurity policy, planning and implementation across the federal government, Touhill focused on aligning best practices and the CISO Council to launch a risk management construct that has produced measurable results.
"For example, we bought down our collective risk by raising implementation of multi-factor authentication on privileged user accounts from just over 30 percent to nearly 99 percent by the end of 2016," said Touhill in his blog post.
To further improve cybersecurity, Touhill emphasizes the need for shared services capabilities, accountability and ownership, intelligently leveraging cloud computing and mobility solutions for effective, efficient and secure results, as well as regular training, exercises and risk assessments across each department and agency.
Thanking (now former) CIO Tony Scott, the OMB cyber team, Michael Daniel and the NSC cyber team, Dr. Phyllis Schneck and Dr. Andy Ozment and the DHS cyber team, as well as all department and agency CISOs, Touhill commends those committed to government transparency and the protection of information, privacy, civil right and civil liberties.
"As I depart, I've left in place a solid flight plan and a great team of innovative professionals in the CISO Council and OMB who will follow through and execute what it takes to better manage our cyber risk. As they do so, I will remain a faithful wingman, ready to help as needed," said Touhill.
The entire letter can be read on LinkedIn.