With the coronavirus pandemic continuing to provide a stubborn barrier to full-fledged office workplace returns for many Federal agencies, the Commerce Department’s chief information security officer (CISO) spoke on August 17 about paying attention to human-centric aspects of security in the development of next-generation workplaces.
Ryan Higgins, the Commerce Department’s CISO and Deputy CIO, said at an event organized by GovLoop that one of the most important elements “is a need to communicate continuing education to our staff about cybersecurity, not just for the government-issued devices, but on their home environments as well.”
“Using effective cybersecurity practices needs to be an effective feature of everyday lives,” he said. “For example, within Commerce, we’ve been working on updating our policy framework to ensure that we are able to shape our cybersecurity posture in the context of the new reality that we’re faced with,” he said.
Higgins discussed at length ongoing and planned progress toward zero trust security policies at Commerce but came back to the importance of the human element.
“The key thing … is it’s not just about the technology,” when moving toward better security regimes, he said, adding, “it’s critical that we consider the people aspect.”
“I think what you’ll see are agencies leveraging the lessons learned over the past 18 months to really revisit efforts and approaches on recruiting, training, and retaining people but also reengineering processes to account for how we do business,” he said.
Cyber Workforce Recruiting
Higgins also said he was excited to help in governmentwide efforts to recruit and train new Federal cybersecurity workforce members outside of the more traditional avenues.
“One area of particular interest to me is workforce development over the last several years” in the face of growing shortages of talent for the government, he said.
“Recruiting, retaining, and training our workforce is one of the most important things that I feel we can do as leaders to address this shortage,” Higgins said. “It’s critical that we explore opportunities for identifying and training capable individuals outside of those traditional areas.”
“Cybersecurity benefits greatly from individuals having diverse disciplines and backgrounds, so I’m eager to do my part to help build that pipeline of new talent coming into the government,” he said. “We need to further infuse our workforce with new ideas, and new energy, and tap into the most talented individuals we can find. I’m rather excited to see the focus on bolstering our cybersecurity workforce, and that it’s a shared priority across all levels of government.”
On the management front, Higgins said that managing his staff mostly remotely has been a challenge, but with an upside for creative management techniques. He took over the CISO position in March 2020 at the dawn of the mass-scale work-from-home effort.
“Like everyone in this discussion,” he said, “I’ve gravitated toward using video calls to keep pace with everyone.”
The lack of constant face-to-face interaction, however, “affords us an opportunity as leaders to really be more empathetic [and] creative about how we engage and communicate to ensure that individuals don’t lose that connection back to the mission and the work that we do.”
“I can’t speak highly enough about the professionalism, dedication, and commitment of everyone in Commerce” throughout the pandemic, he said, adding, “this has been a challenging period.”