People v. Process

Philip Reitinger, deputy undersecretary of the National Protection and Programs Directorate at the Homeland Security Department, claims people are more important than process when it comes to protecting America's cyber infrastructure. Is he right? The answer, subjective to be sure, largely toes the philosophical line of the two elements he pits against each other. Process and competent people to fulfill that process are not mutually exclusive, but they don't work without each other, either. In my view, Reitinger, isn't wrong.

"If you have the right people, technology processes and other things don't matter that much," he said. "If you don't, technology processes and other things don't matter that much. It's really about the people."

But he does miss the point. Though good process is created often by competent people, the process doesn't always translate to competent execution. And so the process of cybersecurity begins to take on a new meaning. That is, the best process is one that can stand alone, one that can persevere despite inadequate technological training throughout the federal government. Good people and proper training will always be more important than anything, exactly what Reitinger means. But he devalues good process at a time when the federal government is light years away from having enough people to properly protect its systems.