Teddra Burgess, senior vice president Public Sector at cybersecurity technology provider Tanium, is still relatively new to the company, but hardly so to the Federal marketplace. Throughout her career, she has held numerous leadership roles at high-profile organizations like ASG Technologies, Micro Focus Government Solutions, and Hewlett Packard Enterprise, to name a few.
We recently connected with Burgess to talk about the blizzard of Federal government actions this year aimed toward improving cybersecurity, the view from state and local governments on those efforts, the Biden administration’s cybersecurity executive order, the long road to zero trust security migration, and what organizations can do right now to get a handle on better security.
MeriTalk: What are the best steps that Federal IT leaders – along with state, local, and educational institutions (SLED) – can take over the next 12 months to improve security?
Burgess: In general, I think that Federal as well as SLED leaders can leverage a platform strategy that really does enable them to bridge the gap between security and operations teams, particularly within government’s most complex environments. Leveraging that platform strategy would allow for a real unified view of endpoints across the enterprise in general.
Specifically for state leaders, they absolutely can get behind passing stronger cybersecurity legislation, and specifically requiring that devices have sufficient memory and data storage so that action can actually be taken to handle security updates that are necessary.
MeriTalk: There is $1 billion of state and local cyber grant funding in one of the current infrastructure bills moving through Congress, and that’s up from an initial figure of $500 million when separate legislation was first introduced. On the state level and elsewhere, is the legislative environment for security improvement fairly robust?
Burgess: What we’ve seen over this last 15-16 months is that it definitely varies from state to state, and then certainly even at a local level.
But what we’re seeing in the market in general is that no one is safe from attacks. For instance, recently there was a ransomware attack on Howard University networks, and there is no shortage of these incidents that are happening to school systems. They’re happening to private sector entities, public sector entities, and all over.
So I do think that the states are looking for that that leadership at the Federal level, but they absolutely have a stake in the game and can take that initiative at the state level as well.
MeriTalk: Let’s turn to the administration’s cybersecurity executive order and the security mandates coming out of that. What is your view generally, and what are the most important starting places for agencies to think about and get working on?
Burgess: At a high level, what agencies can focus on is strengthening their enterprise-wide visibility and control, and really taking the initiative to remove those internal silos to create a single source of truth within their organizations.
The only way to remediate, to fix, to patch, to control, and manage your risk in any way shape or form is by gaining that visibility and control. And it really does start with cyber hygiene and looking at it at that level. Then you’re able to take the right steps to properly articulate and manage the cyber risk that you’ve got out there.
MeriTalk: How about the EO’s push to zero trust – a concept that’s been out there for a long time but is now getting some real support from the order?
Burgess: I’m not going to trivialize zero trust in any way, shape, or form, but it’s almost become a series of buzzwords where it means different things to different folks – not unlike what we had seen with cloud. Depending on who you’re talking to, you may get a different perspective about it.
I think that with our platform approach to the market we are well positioned to help our customers to take that strategic initiative to prevent, and to identify where they’ve got vulnerabilities before they become a problem.
MeriTalk: Can you talk about the importance of collaboration between the government and the private sector, which gets discussed a lot but can seem a little murky from an outsider’s view. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) in August unveiled the Joint Cyber Defense Collaborative (JCDC), which seems like a real step forward.
Burgess: I’ll point to one great piece of data – Harris Poll data told us that 84 percent of Americans say that government agencies, the military, and private companies should share information and partner to together to prevent these cyberattacks.
I think to your point, it’s a lot easier said than done, but 84 percent of their respondents said this is an important thing that we need to accomplish. Just because it’s complex or difficult doesn’t mean that we shouldn’t get it done. I believe that we can and we will, but we absolutely have to remove the barriers to the right information sharing between government and private sector. That’s certainly one of the main things that the cybersecurity executive order points to – we need to enhance our crisis communications, and letting folks know when a breach has occurred.
Everyone has heard it’s not a matter of if, but when, your organization will be attacked and we all know that. And yet it’s still a stigma and embarrassment to say that you you’ve been breached. But think about what we lose by not sharing – we could have a much better opportunity to get in front of these types of attacks that we see in the news every day if we collaborate.
MeriTalk: Do you see the JCDC as a real advancement towards that goal?
Burgess: I think it’s an excellent step forward. It’s real, it’s tangible, and it’s not just something that we are aspiring to. It’s great to see this has been put together, and done so quickly. It remains to be seen what exactly comes from it, but the initiative itself, I believe in that strongly, and I think that’s a widespread belief.
MeriTalk: We’ve been covering Federal cybersecurity for many years, and this cybersecurity executive order strikes us too as much less aspirational than previous ones, and more concrete in its directions. Is that how you see it as well – that we are getting past aspirational, and onto actual?
Burgess: I think we’re absolutely getting to actual, and I think that’s evidenced by the level of detail in the order. There is an awful lot for agencies to unpack, but there is no disagreement on the fundamental goals, and on taking a proactive approach to make things happen. I think we are moving far past aspirational, and merely defining the problem.
MeriTalk: You’re still relatively new to Tanium, having joined the company in June. How is everything going so far?
Burgess: I’m here because I believe in the Tanium point of view, the strong base of engineering, and the passion behind the outcomes that we deliver. There’s a very strong leadership team here, and with that, an emphasis on diminishing cyber risk across the enterprise. We have an intense focus on working to integrate security and operations teams onto one platform, and providing them that ability to make better decisions, faster decisions, more confident decisions. That’s why I decided to come to Tanium.
I’ll also say that the creation of the integrated Public Sector Group here at Tanium – that is new as a result of my coming on board into this role – has filtered out across the company now, which is wonderful. I have worked in public sector organizations, I’ve worked in Federal, I’ve worked SLED, so all sides of the business as well as commercial, and I’m really excited about what we’re doing here at Tanium in this regard. Forming a Public Sector group and doing so holistically, and focusing on the customer in that manner, really is a demonstration of our commitment to their mission. There are an awful lot of synergies, and bringing them all together under one Public Sector umbrella unifies our organization, and internally aligns us to the purpose of the customers that we were serving.