[ISN] Fired CISO says his comments never put Penn.'s data at risk

From: InfoSec News <alerts_at_private>
Date: Fri, 19 Mar 2010 00:13:02 -0600 (CST)

By Jaikumar Vijayan
March 18, 2010

Robert Maley was fired from his job as the chief information security 
officer for the state of Pennsylvania earlier this month after he spoke, 
without proper authorization, about security incidents involving the 
state during a panel discussion at the RSA trade show.

References he made to a security incident involving the online driving 
test system at the Pennsylvania Department of Transportation in 
particular were believed to have led to his termination. A state 
spokesman has not commented, citing privacy rules, except to confirm 
that Maley is no longer employed by the commonwealth. In this interview, 
Maley gives his side of the events that led to his dismissal.

What exactly happened?

They terminated me. I was specifically asked not to talk about anything 
in Pennsylvania without explicit permission and to have everything that 
I would say to be completely reviewed before I said it. So yeah, they 
told me that, and, yup, I was wrong ultimately doing that. As far as the 
official reason, that's why. It's not because of the PennDOT incident. 
It was because I did not have permission to speak. Not just at RSA, I 
wasn't permitted to speak anywhere. I was on vacation when I went there. 
I went out there on my own time.

What prompted you to do that?

Pennsylvania is facing a lot of significant challenges with the economy, 
as are a lot of other states, with budget cuts, training cuts. It just 
made things very difficult. I don't presume to be the know-all expert 
about anything, and I need to get myself around the type of experts that 
they have at these conferences so I can learn what's going on so I can 
take that information back and share it with the staff.

I was the one that was responsible for information security at 
Pennsylvania, so being exposed to the caliber of the people that I find 
at these conferences and the education that I can get [was important].


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Thu Mar 18 2010 - 23:13:02 PDT

This archive was generated by hypermail 2.2.0 : Thu Mar 18 2010 - 23:18:41 PDT