Certification - May 2008 - (Page 26)

JOB ROLES CISO: Getting Serious About Security LINDSAY EDMONDS WICKMAN The continual growth of the Internet has made it easier for hackers to spread computer viruses, increased the threat of identity theft and created the possibility of a virtual terrorist attack. With these intangible security risks comes the need for an expert in information assurance: the chief information security officer. “The fact that technology and the Internet [have] become so pervasive has created incredible opportunity for business, but it’s also created a whole new set of risks,” said Dan Lohrmann, the first CISO for the state of Michigan, who explained that the advantage of the Internet is it makes the world function “7 by 24 by 365.” “But guess what? The bad guys can work 7 by 24 by 365,” he said. “Why didn’t you see a chief [information] security officer 20 years ago? [Because back then] you couldn’t sit in Siberia, drinking vodka next to a snowdrift and hack into some business in Michigan. The Internet’s allowed that or at least the potential for that.” The CISO, which was a rarity five years ago, has become more pervasive in corporations as well as state governments. For Lohrmann, who has more than 20 years of technology experience, changing the culture of the government’s employees was a big part of this new role. “When I first got to state government, it was wide open,” Lohrmann said. “The biggest security problem was people were walking in off the streets, walking into cubes and stealing purses and leaving. It was a lax security environment here, but after 9/11, a lot of that did change [and] it [changed] the whole approach to cybersecurity in Michigan. For me, [it] made me realize that we [needed] to take security seriously. We needed an office of security, we needed a director of security and we needed a chief [information] security officer who [would] carry the baton and lead this effort.” ing and helped cultivate his managerial capabilities. He worked in many positions in several different areas before he was offered the C-suite position. Lohrmann earned both a bachelor’s degree and a master’s degree in computer science. His first foray into security was with the National Security Agency as a computer analyst in networking. Then he worked as a senior network engineer for Loral Aerospace in northern England and later became the technical director for ManTech International. Personal reasons led Lohrmann to Michigan. He became the chief information officer for the state’s Department of Management and Budget and eventually the senior technology executive for e-Michigan, the state agency responsible for digital government. Because of the events of Sept. 11 and the rise of e-government, Michigan realized the need to better protect its information. As a result, Lohrmann became CISO in 2002. Now he is on the senior executive staff, and his job is split between emergency management, daily operations and projects, and acting as a liaison between different agencies and groups. Getting Down to Business When you think of a blackout, tornado or flood, you don’t really think of the CISO, but Lohrmann said that’s one-third of his job. “There’s virtually nothing you can do in government that doesn’t have a technology component,” he said, explaining that these components become even more vital in the case of an emergency, when organizations in government suddenly need to do their jobs faster and more effectively. “So what are they going to need? They’re going to need their technology.” When emergencies do happen, Lohrmann’s typical working hours become twice as long, and his job becomes very hands-on. In 2003, when Michigan suffered a blackout, Lohrmann was front and center and spent four 18-hour days at the state’s emergency coordination center. One of the many issues he dealt with was food poisoning. Pathway to Success The road to CISO was not short, but Lohrmann’s experience gave him a greater depth of understand- 26 CERTIFICATION MAGAZINE May 2008 Table of Contents for the Digital Edition of Certification - May 2008Certification - May 2008Editor's LetterContentsData StreamTech CareersAcademic ConnectionDear TechieVirtual VillageTake a Bite Out of Data TheftInside CertificationCISO: Getting Serious About SecurityInterfaceSecuring Your Wireless Access NetworkEndtagAd IndexCertification - May 2008Certification - May 2008 - (Page Intro)Certification - May 2008 - Certification - May 2008 (Page Cover1)Certification - May 2008 - Certification - May 2008 (Page Cover2)Certification - May 2008 - Editor's Letter (Page 3)Certification - May 2008 - Contents (Page 4)Certification - May 2008 - Contents (Page 5)Certification - May 2008 - Data Stream (Page 6)Certification - May 2008 - Data Stream (Page 7)Certification - May 2008 - Tech Careers (Page 8)Certification - May 2008 - Tech Careers (Page 9)Certification - May 2008 - Academic Connection (Page 10)Certification - May 2008 - Academic Connection (Page 11)Certification - May 2008 - Dear Techie (Page 12)Certification - May 2008 - Dear Techie (Page 15)Certification - May 2008 - Virtual Village (Page 16)Certification - May 2008 - Virtual Village (Page 17)Certification - May 2008 - Take a Bite Out of Data Theft (Page 18)Certification - May 2008 - Take a Bite Out of Data Theft (Page 19)Certification - May 2008 - Take a Bite Out of Data Theft (Page 20)Certification - May 2008 - Take a Bite Out of Data Theft (Page 21)Certification - May 2008 - Take a Bite Out of Data Theft (Page 22)Certification - May 2008 - Take a Bite Out of Data Theft (Page 23)Certification - May 2008 - Inside Certification (Page 24)Certification - May 2008 - Inside Certification (Page 25)Certification - May 2008 - CISO: Getting Serious About Security (Page 26)Certification - May 2008 - CISO: Getting Serious About Security (Page 27)Certification - May 2008 - CISO: Getting Serious About Security (Page 28)Certification - May 2008 - CISO: Getting Serious About Security (Page 29)Certification - May 2008 - Interface (Page 30)Certification - May 2008 - Interface (Page 33)Certification - May 2008 - Securing Your Wireless Access Network (Page 34)Certification - May 2008 - Securing Your Wireless Access Network (Page 35)Certification - May 2008 - Securing Your Wireless Access Network (Page 36)Certification - May 2008 - Securing Your Wireless Access Network (Page 37)Certification - May 2008 - Securing Your Wireless Access Network (Page 38)Certification - May 2008 - Securing Your Wireless Access Network (Page 39)Certification - May 2008 - Securing Your Wireless Access Network (Page 40)Certification - May 2008 - Ad Index (Page 41)Certification - May 2008 - Endtag (Page 42)Certification - May 2008 - Endtag (Page Cover3)Certification - May 2008 - Endtag (Page Cover4)http://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.