John Wood of Telos Corporation provides an inside look into the Virginia Cyber Security Commission, established by Gov. Terry McAuliffe in 2014.


Shortly after taking office in 2014, Gov. Terry McAuliffe signed an Executive Order establishing the Virginia Cyber Security Commission “to bring public and private sector experts together to make recommendations on how to make Virginia the national leader in cyber security.”  It was my privilege to serve as a member of the Virginia Cyber Security Commission for the past two years, and I want to commend my fellow commissioners for their contributions, particularly Co-Chairs Richard Clarke and Secretary of Technology Karen Jackson, as well as our executive director, Rear Adm. Bob Day (Ret.).  With the Commission’s two-year authority ending this spring, it’s a good time to look back on what was accomplished and to see what’s next.

Being on the Commission was an eye-opener in many ways. The Commonwealth faces numerous and evolving challenges in the battle to secure state and local government networks, and to help protect the private sector and citizens of Virginia.  I was incredibly impressed with how open and honest our discussions were as we explored many complex issues.  This includes not only commissioners but the Governor’s appointees and other state employees who were party to our discussions – they were remarkably candid with us about the serious threats Virginia faces in cyber space and what actions are needed. We heard from and worked with representatives from state and federal law enforcement, the Virginia chief information officer, and other state government information security professionals. It was refreshing to hear such blunt assessments of our vulnerabilities – there was no “bureaucratic” caution, probably because the threat is so real and so immediate.

The Commission served to shine a bright light on the challenges facing Virginia. We made a number of recommendations that led to subsequent actions by the Governor and General Assembly, improving Virginia’s cyber security posture.  Moreover, our activities have better positioned Virginia’s cyber security sector to be a vibrant national leader. These results are consistent with the Governor’s desire to “grow this key industry, keep Virginia’s cyber assets safe and create new, good jobs here in the Commonwealth.” 

I urge everyone to read the report issued last summer by the Commission.  It notes some of the recommendations that were already accepted by the Governor and adopted by the General Assembly, such as new laws to help prosecute cyber crime and put in place other policies to better protect Virginians.  More importantly, the report raises a number of issues that require further work.  The effort must continue – there is much to be done, and Virginia’s public and private sectors must continuously work together to illuminate the changing threats we face and to swiftly take appropriate actions to address them.

It was gratifying to see how easy it is to get things done when people work together to find consensus.  The Commission explored problems and made recommendations, and the Governor and General Assembly took action.  That’s the way government is supposed to work.

At the same time, I saw how difficult it is to get things accomplished when competing agendas battle for the same limited pool of resources. That was my biggest disappointment.  In our report, we identified a real need for dedicated funding to promote collaborative cyber security research and development between the higher education community and private sector. That course was endorsed by the members of the General Assembly’s own Joint Commission on Technology & Science (JCOTS), which recommended $5 million to fund this effort. But this bi-partisan recommendation was set aside in Richmond, at least for now, because there were simply too many R&D agendas fighting for the same pool of money and attention.  I am hopeful the Governor and General Assembly will return to this because I firmly believe, as do many of my fellow Commissioners and the members of JCOTS, that collaborative R&D will be a key element in our drive to grow the industry and make Virginia THE leader in cyber security.

One final note: cyber security does not recognize man-made, political boundaries.  In that light, we in the technology sector should be looking at where other companies and other states are making investments (like in R&D), and see where we might do the same. Similarly, I hope the Commission’s work will set an example for other states, and help to chart a path for Gov. McAuliffe to pursue greater cooperation among the states.  I know he is interested in making intrastate and interstate cyber security a major focus during his upcoming term as chairman of the National Governors Association, and Virginia’s cyber security leaders in the private sector should support his efforts in any way we can.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, Jim McCarthy of member company AOC Key Solutions Jim McCarthy of member company AOC Key Solutions shares suggestions for not only surviving, but also thriving amidst the occasional dysfunction in government contracting.


When you win, government contracting is among the most satisfying of careers. Unfortunately, the crucible we call a Proposal Center can, at times, degenerate into a witches’ brew of dysfunction. One where there exists a dark confluence of long hours, suboptimal working conditions, relentless deadlines, hidden agendas, political infighting, rampant egos, intractable issues, morose review teams, cranky bosses, and cold pizza. No wonder proposals sometime magnify the worst in us. But, when handled correctly, dysfunction can also spark the finest in us. Here are suggestions for not only surviving, but thriving, amidst the occasional toxicity endemic to Government Contracting.

1. Be a Part of the Solution, Government Proposals are hard enough. Commit from day one not to be part of the problem. Be part of the solution—a breath of fresh air in the war room. Offer constructive suggestions.  Be a problem solver, not a problem compounder.

2. Regard It As an Opportunity to Learn. Get metaphysical. Discern why you are going through this time of adversity and testing. What lesson are you being taught? Be open.

3. Remember the Mission. Your company is bidding an important contract. By helping it win, you help your company help others. Take solace that you are part of something worthwhile that matters.

4. Focus on Positives, Not Negatives. Radiate enthusiasm. Don’t be a black hole absorbing all light and energy from the proposal. Count continuously the things going right.

5. Help a Colleague. Make it about others, not you. Volunteer. Help those sharing the foxhole with you. Look for another person—perhaps younger than you, and commit to making him or her a success. Helping others animates even the most grueling proposal.

6. Support Your Boss. Under pressure? Imagine what confronts your leader. Help ease the hard times squeezing the boss. Be loyal. Give the boss the benefit of the doubt. Speak highly of him or her.

7. Don’t Take It Personally. Problems are endemic to life, business, and proposals. Check your ego at the reception desk. Be objective rather than internalizing the dysfunction.

8. Examine Yourself First. Before playing the blame game, reflect on how you may be part of the problem. Anger, resentment, frustration, and finger-pointing are infectious. Often, we are most critical of others in the very areas where we are weakest.

9. Change What Is Under Your Control, Accept the Rest. Stress and worry contribute not one iota to solving anything. Fix what you can. Change how you think about everything else. Shifting one’s attitude typically brings about altered behavior.

10. Watch Your Mouth.  Don’t whine, gossip, backbite, nitpick, rumor monger, second-guess, engage in character assassination, question another’s motives, or utter any comments that erode the sense of the proposal team. Don’t pour gasoline on the fire. Bad karma in a proposal center eventually dooms your efforts.

11. Take the Pause That Refreshes. As you near a crescendo or breaking point, leave. Take a walk. Grab a cup of coffee. Sit in your car. Breathe. Use a quick break to center yourself. Once renewed, rejoin the fray and redouble your efforts.

12. Maintain Work Life Balance. You cannot perform your best when you feel your worst.  Diet, exercise, spirituality, family involvement, quiet time, hobbies, reading, healthy sleep habits—first take care of yourself. Only then are you equipped for the proposal grind.

13. Set a Good Example. People are watching you. You are either a good role model or a bad one.  It really does come down to the choice you make.

14. Sweat Not the Small Stuff. And, as author Richard Carlson says on occasions, “it’s all small stuff.”

15. Invoke Your Pressure Release Mechanism.  Tamp down on the valve to discharge steam when needed.  Keep your outlook positive, not pressurized. If you don’t have a release mechanism, find one.

16.  Act Gently and Cultivate Empathy. Never pile on. Don’t tread on those are already weighed down. Lighten another’s load. Observe your teammates, allies, critics, and rivals–you may think you know what they are going through, but you don’t. Like you, everyone is on a private journey with rocky patches. Everyone stumbles—if not today, then soon. Be an encourager.

By applying these suggestions, you emerge from adversity, stronger, more resilient, and better equipped to handle the next challenge. Surely, it will come—not if, but when.


Jim McCarthy is the Founder & Principal of AOC Key Solutions, a proposal consulting firm dedicated to helping companies win government contracts. Mr. McCarthy’s career spans over 30 years of proposal development, market strategy, and oral presentation coaching to federal contractors. Learn more at www.aockeysolutions.com

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Top Technology Trends for 2015

March 17th, 2015 | Posted by Sarah Jones in Guest Blogs - (Comments Off)

This week on NVTC’s blog, Davis Johnson, senior director of Public Sector Sales and Business Development at Riverbed, shares his top tech trends of 2015. 


Technology has always been, and will always be an ever-evolving landscape. A decade ago the trends and policies we saw in the private sector greatly differed from those taking shape in the government, but heading into 2015 it is clear that those siloes have been broken down.

With a national focus on cybersecurity, increased usage of the cloud, and a push towards consolidating IT resources to improve efficiency and save money, we can expect the lines between these groups to continue to blur.

Federal CIOs Will Achieve A Broader View Into Cyber Threats
Unless you have been living under a rock you have probably heard about the Sony hack. If you haven’t, chances are you have heard the President at one point or another talk about cybersecurity and its growing importance as it relates to our national security. In fact, at a February 2015 Stanford University appearance the president signed an executive order requesting public sector IT join forces with the federal government and the military in an effort to strengthen overall security across both groups. During this same meeting the president highlighted some alarming statistics—one of which being that overall cyber threats since he took office in 2009 have impacted more than 100 million individuals and businesses.

Given the importance, and emphasis being place on cybersecurity by both government leaders and businesses, it is safe to say that the cyber conversation will only increase, and evolve in the coming years. With that evolution will come increased usage of tools that allow agencies and companies to look across their entire network for abnormalities and catch suspicious behavior before it escalates. These visibility tools will allow network operators and CIOs to see who is accessing what information and when, and if that information is protected or should not be viewed by the user, allows them intervene before any potential leak or hack occurs.

Analytics will also play a major role in future of cybersecurity by offering increased visibility and proactively alerting security teams to potential suspicious activity.  Currently, Intelligence Advanced Research Projects Activity, which conducts research for the U.S. intelligence community, is using public information and Big Data in an effort to actually predict cyberattacks before they occur. This proactive vs. reactive approach is something we can expect to see more of as the public and private sector solidify and sharpen their cyber processes.

The Cloud Will Continue To Mature
Within the government there has been a notable shift from debating on whether or not to move to the cloud, to picking which cloud option best suits an agency’s needs. While Gartner’s “Private Cloud Matures, Hybrid Cloud is Next” report states that hybrid cloud is today where the private cloud market was three years ago, we can expect to see agencies weighing all of their cloud options in 2015 and beyond.

In fact, one cloud option that has long been popular in the public sector and is now gaining popularity in the government is the public cloud. With the Defense Information Systems Agency’s newly released guidelines, the Department of Defense (DoD) now has a clear outline for what they are able to place in the public cloud, as well as what must to be housed within a virtual environment, among other things. With these guidelines we can expect to see a deeper conversation and openness to public cloud offerings within the government and information from both sides housed in the same place.

IT Center Consolidation
With increased virtualization throughout the government, data center consolidation will continue to a hot topic in 2015 and beyond. By consolidating data centers agencies have the ability to reduce costs, improve their security and streamline overall IT processes. In fact, a 2014 U.S. Government Accountability Office report found that of the 24 agencies participating in the Federal Data Center Consolidation Initiative, 19 agencies collectively reported achieving an estimated $1.1 billion in cost savings and avoidances between fiscal years 2011 and 2013.

While there are obvious benefits that data center consolidation brings, the shift also means that applications are now hosted farther away from employees or federal workers that rely upon them every day. That distance, and the increasing complexity, require networks to keep pace. So federal CIOs and companies will look for tools to assist in consolidating their datacenters over the next few years. These tools will be ones that empower visibility into app and network performance issues, and those that help solve bottlenecks to make sure workers have access to the apps they need so productivity doesn’t suffer. To ensure that consolidated data centers are providing maximum benefits for IT leaders on both sides, we can expect to see them implement optimization tools moving forward as data center consolidation is definitely here to stay.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Notes from the Silicon Valley Cybersecurity Summit

September 23rd, 2014 | Posted by Sarah Jones in Guest Blogs | Uncategorized - (Comments Off)

NVTC is inviting members to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. Kathy Stershic of member company Dialog Research & Communications shares her insights below.


I was fortunate to attend Silicon Valley Cyber Security Summit over the summer, where I spent four hours indulging in the subject. The panel discussions were excellent, bringing perspectives from security technology providers, pundits, the Department of Homeland Security, congressmen, senators and executives from the outstanding Silicon Valley Leadership Group (#SVLG).

The first discussion centered around progress to date with Obama’s Executive Order (EO) issued in early 2013, and the potential for more formal cyber policy or regulation coming from the Congress. The cybersecurity problem offers a rare opportunity for the public sector to lead in a critical technology domain, but all of the day’s speakers emphasized the requirement for public-private partnership in addressing the challenge. There has actually been some good news around the Cybersecurity Framework, an outcome of the EO being driven by NIST, in which participation is voluntary but to which 3,000 private sector representatives have actually contributed. While governments actively push such information to the citizenry, companies need to share a lot more about what’s happening to them, what they’re learning and how they’re defending themselves – competitive concerns are keeping this constrained to date. Still, some progress is being made.

One of the biggest eye openers was the claim by several speakers that the public is just not engaged in this issue and therefore practices poor digital ‘hygiene’. I found this surprising and uncanny in the aftermath of the Target and Nieman Marcus’s attacks last fall, and the Aug. 5 revelation that a Russian crime ring had stolen 1.2 billion user name and password combinations and more than 500 million email addresses.

Senator Saxby Chambliss (R-Ga.) extolled the virtues of his and Senator Dianne Feinstein’s (D-Calif.) Cybersecurity Information Sharing Act bill, which made it through the Intelligence Committee but still faces stiff opposition from privacy advocates. Everyone agreed that what would spur Congressional action would be a real crisis – a big attack that causes a real national issue. We hope that we don’t have to endure a crisis to make progress, however. It is also possible for Federal agencies like HHS, DHS, the SEC and others to impose cyber regulations within their domains – some are already doing so. And states are stepping up too, with a plethora of unique policies. Beyond the U.S., each country will have its own policies as well.

In my opinion, the core issue behind the discussion was trust – citizens don’t trust the government, businesses don’t trust each other or the government, and the government doesn’t trust other governments. One speaker even joked that in the Silicon Valley, the NSA is seen as an ‘advanced persistent threat.’  Everyone is waiting for a cybersecurity crisis, which I believe will sooner or later. Let’s hope later.

My next post will discuss the country’s shortage of skilled cybersecurity workers.


Contributed by Kathy Stershic, Principal Consultant, Dialog Research & Communications

kstershic@dialogrc.com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS