CISA OCIO — Virtual Mini-Industry Day

Written February 16th, 2022

Post Tags: cybersecurity, thoughtleadership

I recently had the opportunity to join over 500 participants for CISA’s (Cybersecurity and Infrastructure Security Agency) OCIO (Office of the Chief Information Officer) Virtual Industry Day as a representative of NetCentrics.  

virtual zoom meeting.
Photo Credit: @Sigmund via Unsplash.

This event allowed CISA the opportunity to give potential partners information on various requirements, and provides an open avenue for partners to ask questions of CISA representatives.  

The January 26th session provided key insight into CISA’s current and future IT technology challenges, with emphasis on 4 areas: engineering, information assurance, information technology operations and records management. 

Stop the threat, harden the terrain, drive security by default 

Attending this event underscored CISA’s plans to take a novel approach to working with the industry at large. CISA wishes to actively hear from current and potential partners, meet with them regularly, and share requirements, with the intent of building transparent, strong relationships.  

Matt Hartman (Deputy Executive Assistant Director for Cybersecurity at CISA) outlined 3 major areas of focus for the years ahead: 

    Reduce reaction time, internalize past lessons learned and take notes from cyber industry peers.  
    • Limit impact of threat campaigns through rapid info sharing between organizations.
    • Develop a comprehensive ops visibility strategy. 
    • Reduce time to remediate newly exposed vulnerabilities.    
    • Strive for coordinated and timely vulnerability disclosure. 
    • Create a national hub for joint cyber planning to drive collaborative action within broader cyber community.  
    Make it harder for cyber threats to be effective and continue adapting new strategies, as necessary.  
    • Strengthen long-term partnerships. (Whether federal, state, or local.)
    • Gain a better understanding of the current state.  
    • Commit to using all influence levers available to drive progress.  
    • Utilize Federal Enterprise Improvement Teams/Enterprise Improvement Plans.  
    • Where actions cannot be influenced, state-of-the-art cyber services will be provided.  
    Bring security to the forefront of all cyber thought processes and decision making.  
    • Take concrete steps to shift advantage over time to defenders
    • Work closely with product certifications and product developers.  
    • Stamp out vulnerabilities before they exist.  
    • Nationalize the cybersecurity ecosystem and work to automate and improve sharing – not just within CISA – but from org to org.  
    • Advance the national cyber work force.  

Key Takeaways

I joined the IT Operations break-out discussion where speakers highlighted their ultimate need to implement consistent, reliable, 24/7 customer-centric IT services across the board. I.e., End users require the ability to contact the help desk, and always receive top tier technical and ops support, from all locations, in all situations.

CISA is actively looking for fresh, spicy enterprise solutions to hybrid work environments, in both the federal and private space; with one speaker advising attendees, “we’re looking for new and innovative, we might not even know about it yet.”

“we’re looking for new and innovative, we might not even know about it yet.”  

Collaboration + Cooperation = Securing Our Nation

CISA’s emphasis on improved transparency reflects the idea that cybersecurity is a team sport, and, as a result, I would not be surprised to see other agencies align with or adopt this posture in the coming years. Virtual Industry Day events like these are a defining step towards creating and embracing a more collaborative future within the cyber industry and ultimately, securing our nation.