http://threatpost.com/en_us/blogs/why-bob-maleys-firing-bad-all-us-031110 By Dennis Fisher Threatpost March 11, 2010 The news that Pennsylvania CISO Bob Maley lost his job for publicly discussing a security incident at last week's RSA Conference really shouldn't come as a surprise, but it does. Even for a government agency, this kind of lack of understanding of what actually matters is appalling and it is a glaring example of the sickness of secrecy that's infected far too much of the security community. Maley was the Pennsylvania CISO for four years and essentially started the state's information security program from scratch when he took the job. He brought the dozens of state agencies and thousands of employees into the 21st century with a massive project to install intrusion prevention and an identity and access-management system. When he got there, Pennsylvania didn't even have a standard desktop OS image. And this is a network that was seeing more than a billion security events a month in 2007. As a result of his success in transforming the state's infrastructure, Maley became a sought-after speaker and interview subject, a fact that led directly to his firing. At RSA, Maley was on a panel that discussed security issues facing state governments. During the session he talked about a recent incident in which the owner of a driving school in Pennsylvania allegedly figured out a way to game the state's motor vehicle exam scheduling system in order to get his students to the head of the line. That's it. Maley didn't give explicit details on the problem and didn't even really describe it as a security issue, according to news reports. He simply cited it as an example of the issues he deals with every day. And as a result he no longer has a job because, as Jaikumar Vijayan reports in Computerworld, Pennsylvania has a policy requiring employees to get explicit permission to discuss state business publicly. [...] ___________________________________________________________ Register now for HITBSecConf2010 - Dubai, the premier deep-knowledge network security event in the GCC, featuring keynote speakers John Viega and Matt Watchinski! http://conference.hitb.org/hitbsecconf2010dxb/Received on Thu Mar 11 2010 - 22:12:15 PST
This archive was generated by hypermail 2.2.0 : Thu Mar 11 2010 - 22:19:31 PST