SC World Congress: A budget crisis is a terrible thing to waste

By on

Even faced with tough budget times, there is still an opportunity, says one CISO.

Even faced with tough budget times, there is still an opportunity, says one CISO.

Though the country is currently facing an economic downturn, the state of Michigan has been in a recession since 9/11. That cloud has had a silver lining for the state's CISO, Dan Lohrmann, who optimistically claims that “a budget crisis is a terrible thing to waste.”

Lohrmann was part of an SC World Congress panel discussion Wednesday entitled “Cybersecurity from the eyes of an executive” with other panelists, Howard Israel, corporate security officer of Fidessa Corporation and Dave Cullinane, CISO of eBay.

Lohrmann said that he has had to deal with some pretty dramatic budget cuts. When he became CISO in 2002, he was hoping for US$30 million to do several major security projects.

“I was thinking I was going to go to the Governor's office and get US$30 million,” Lohrmann said. “Well, guess what? It didn't happen.”

The Michigan Department of Information Technology recieved US$6.5 in Homeland Security grant money for security initiatives. Not the US$30 million Lohrmann hoped for, but with that money his operation was able to complete more than 30 cyber projects, as well as develop partnerships with other states and federal departments to get things done, Lohrmann said.

Forced to do things with less money, Lohrmann started evaluating, “What can I do, what relationships do I have?” The answers were building trust with others, being a deliverer, thinking outside the box and looking for opportunities. That meant getting on the right committees, seeking grant money and looking to establish partnerships with the private sector or other organizations, Lohrmann said.

As for other recommendations, Cullinane said establishing a relationship with the key leadership of your company and their underlings is important.

“You need to be able to go in and explain to the business managers what the value of security personally means to them, and get them to understand what you can do for them.”

That means explaining their risk profile, Cullinane said.

Lohrmann said that it's also important to work from the bottom up, instead of just top down -- to get the front-line workers excited about security.

See original article on scmagazineus.com
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?