CISO Forum: Ask Me Anything - September 2022
Director of ISPG and Chief Information Security Officer Rob Wood and Deputy Director of ISPG Frank Domizio explore answers to September 2022's CISO Forum Ask Me Anything. Click the link to watch the entire video or consult the timestamps below to go straight to the questions you’re interested in.
00:02:08 What is your most and least favorite part of being in the CISO role?
00:07:15 Does CMS have a specific security stance on unattended Robot Process Automation (RBA) bots?
00:10:08 How do you secure a position with the government as a graduate with a cybersecurity/programming degree? Is there an internship program?
00:13:31 How do you transition a legacy agency to become more agile, security-focused, and get to zero trust?
00:17:41 Would you like to give an overview of the Security Data Lake platform at CMS, how are you consolidating all the data, and what is your approach to detection engineering at CMS?
00:21:57 Do you think we’ll ever go back into the office?
00:23:32 Do you see potential privacy risks to CMS that keep you up at night?
00:26:19 Are there discussions happening on ways to better secure remote work environments other than EUA passwords?
00:28:14 With the change to remote, have you hired resources across the U.S.?
00:28:42 Can you name three metrics enterprise-wide you would want to know as quick facts when you log in for the first time in the day?
00:32:07 What are your thoughts on making the applications security documents shareable among the different ADOs?
00:36:03 What security QASP metrics would you like to see included in CMS’s development contracts?
00:38:58 With all the incidents and breaches occurring, do you think CMS is prepared for a major breach?
00:43:34 Where do you go for innovation, to expand your thought processes, and to look for the next key capabilities in security?
00:48:11 Given the tight labor market for security folks, especially experienced and/or skilled ones, what can/should CMS and its contractors do to improve the pool of security folks available to help us?
00:52:39 Paper-based compliance process?
00:53:03 Where do we go for guidance and standards?