Tag: Security

When I decided to move US Citizenship and Immigration Services (USCIS) into the cloud, I had a number of discussions with others in the federal IT community about cloud security. As the Authorizing Official—the person who had to sign off on the security of each system—for a component agency of the Department of Homeland Security, […]

When meeting with security, risk, and compliance executives who have yet to start their cloud transformation or who already have multiple cloud workloads in AWS, I am often asked a version of the following question: “While we agree that the cloud is the new normal, it is different than running security on premise in the […]

In an earlier blog post, I discussed the importance of building a culture of security rather than thinking of security as just the job of the CISO’s team. In this post, I’d like to discuss some ideas on how to build such a culture, drawing on my experiences at USCIS. As CIO, I was the […]

It is no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It is not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. […]

“It takes 20 years to build a reputation and five minutes to ruin it.” — Warren Buffett I’ve supported compliance and security requirements throughout my technology career. In some cases, these requirements were extremely burdensome — for example, when my team was preparing for a Department of Defense audit, which consumed more than 50% of our time for months […]

“We don’t do load balancers anymore, we just do load balancing.” -Bruce Kantor, Talen Energy I don’t often get the opportunity to learn how the cloud is helping the energy industry rethink the way it delivers IT. There’s obviously a lot of great science behind power generation, but getting to hear about the technologies and […]

“Too many people are thinking of security instead of opportunity. They seem to be more afraid of life than death.” – James F. Bymes Security is a broad topic, and applies in some way to everything that happens in IT. In all of my time working in technology, I’ve found it to be the one […]