Not all the skills cyber pros need are technical.
Cybersecurity professionals will need more than their technical abilities to tackle government challenges, according to two agency IT security officials.
Jeanette Hanna-Ruiz, NASA’s associate chief information officer for IT security and senior agency information security official, sees her role as helping agency employees understand why her team does certain things, like swap an employee’s Mac for PC.
“Our challenge going forward is to talk to our peers at these organizations who don’t necessarily know about security,” she said Tuesday at Fedstival’s The Next Tech event hosted by Government Executive and Nextgov. “I want to speak to them in a language they understand.”
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Translating cyber speak also is a priority for Office of Personnel Management Chief Information Security Officer Cord Chase. He has weekly meetings with agency leadership and other CXOs to keep them on the same page when it comes to risks and initiatives.
One of Chase’s challenges since starting his position four months ago has been shutting down shadow IT, the devices, processes and workarounds employees use that the agency never authorized. He said it took a while to convince people he wanted to protect them, not necessarily shut them down.
CISOs should worry about security, but other employees need to be able to focus on doing their jobs, Hanna-Ruiz said.
“We need to automate security so it’s the white noise of their life,” she said. “We need to have empathy and compassion about that.”
Such “cyber translation” skills aren't just for talking to internal employees. Agencies need people such as lawyers, communications professionals and procurement specialists for less technical, cyber-related roles. For example, Hanna-Ruiz said the government needs “a procurement brain married with a cyber brain” to help agencies address supply-chain concerns.
“In order to come and work at OPM, you not only need to have an operational background; you need a governance background,” Chase said.