Last week, I had the honor of being a part of the Hack the Port conference in Fort Lauderdale. We heard from national leaders including Alejandro Mayorkas, Secretary of the Department of Homeland Security (DHS); Jen Easterly, Director of Cybersecurity and Infrastructure Security Agency (CISA); and Chris Inglis, National Cyber Director. While all three face the same brutal facts of cyberwarfare that we do, they each offered pragmatic and effective techniques, along with strong positions on the United States’ national cyber posture. It was exciting to hear them clearly and cogently stress what is being done—in industry and in academia—to secure our nation. It was even more exciting, even heartwarming, to hear the consistency and agreement between these three different agencies in the federal government.
For me, my favorite presentations of the event start with Chris Inglis, who emphasized three things: as a country, we must have cogent cybersecurity doctrine, clear talent development, and the technology to implement both. Inglis comes from a career at the NSA and now is tremendously instrumental in building the cybersecurity voice within the White House, so for him to press the importance of doctrine strikes me as incredibly important. There’s a reason why those of us in the cybersecurity industry continually ask, ‘What’s your strategy? What policies and procedures are you using to guide people’s approved behaviors, and defend your security?’ Beyond that, he also emphasized the necessity of developing talented individuals who can critically think, ask the right questions, and collaborate with others to retain firm cybersecurity boundaries. If there is commonality in standards and in capacity to critically work together towards shared goals, we have the potential of reducing duplication of efforts across organizations. We need to prepare people with deep technical expertise and foundational knowledge of information technology to go into this challenging field, even as we race to build the technology which can undergird our national interest in cybersecurity. In the effort to specifically secure our critical infrastructure, Inglis’ message on “Collective Defense” was timely and delivered in a remarkably humble way—his priority is to do what’s best for our nation. In his words, “You must beat all of us to beat some of us.” As someone who strives to tell it like it is, I have the utmost respect for Chris Inglis and what he has to say.
The second presentation that was near and dear to my heart was a panel discussion on which I served, surrounded by incredible leaders and professionals in cybersecurity. On either side of me were people like Karen Wetzel, Manager of the NICE Framework, NIST; Toni Benson, Cyber Education & Training Lead at CISA; Dr. Ronald Sanders, Staff Director at the Florida Center for Cybersecurity University of South Florida; and Read ADM (ret) Mark Montgomery, Senior Director of the Center on Cyber and Technology Innovation. While each of these individuals are enormously talented, with Montgomery even walking at the highest levels of national defense and security, a leading voice regarding our national cybersecurity strategy and investments, we were all able to sit together and discuss what we can do better to prepare men and women of character to land entry-level jobs in cybersecurity. The fact that cybersecurity leaders are actively connecting with individuals like me who are “feet-on-the-ground” cybersecurity trainers is encouraging enough, but we were able to think together about the importance and possibilities of pre-apprenticeships, (e.g., apprenticeships when you’re in high school for college credit); a thoughtful program to develop your technical skills, your professional skills, and what we refer to as essential life skills; and even the opportunities to insert apprentices into real corporations through a work study program. Bringing all of these together around common language and structure, like the NIST NICE Framework, accelerates innovation and happens in almost every other professional discipline, whether its engineering or medical, or anything else.
In the end, ‘we’ is stronger than ‘me,’ and this year’s Hack the Port conference was a powerful reminder of this truth. Congratulations to the Team at MISI and their DreamPort project. As so many strong voices in cybersecurity are asking, let’s come together to accelerate innovation around talent development and cybersecurity. I’m honored to be a part of this call and this mission.