The trials and tribulations of a CISO working on the state level were discussed at a morning session at SC World Congress Wednesday.
Bob Maley, former CISO of the state of Pennsylvanian who founded consultancy Strategic CISO, reviewed some of the major projects he undertook while CISO of the Keystone State, something he was forbidden to disclose while under restrictions to not discuss state matters.
Unshackled from those edicts, he told the crowd of a number of projects he accomplished while there, beginning with a determination that anti-virus, firewalls and compliance checklists were insufficient to secure the state network.
One of the biggest challenges he faced was needing to justify expenses by proving cost savings. Otherwise, he said, projects would not continue to be funded.
Another impediment he found, despite urgency in protecting systems, implementations could take two years to work their way through the bureaucratic process. It is vital, he said, to go from an adversarial stance to a cooperative mindset in order to work with legislators.
Maley, who was forced from his position following his disclosure of state matters during a session at this year's RSA Conference in San Francisco, indicated that because a new administration is taking control in Pennsylvania, the door might be open for his return to his former post.
He said he'd like to fix things that he didn't get fixed first time around.