February 2023 CISO Forum Ask Me Anything
Recorded in February 2023, this edition of the monthly CISO Forum Ask Me Anything session features ISPG Director and Chief Information Security Officer Rob Wood and guest co-host Teresa Proctor, ISPG Division of Implementation and Reporting Director, answering a wide variety of security-related questions. Check the timestamp list below to go straight to the questions that interest you.
TIMESTAMPS
00:02:08 Any thoughts or guidance on the use of ChatGPT inside of CMS?
00:04:36 Does CMS see their RMF (Risk Management Frameworks) implementation as complete? How much of the security compliance process is automated now?
00:09:22 Are there plans to use vishing as Spam Tests?
00:12:39 Can you go over the acceptance criteria for systems entry into the continual authorization program and number of systems your team can accept yearly?
00:14:16 Who is the best POC to reach out to engage in getting systems considered for that program?
00:14:53 Will CyberGeek be replacing CFACTS as a data source?
00:16:33 What are your thoughts on the New York Times article about the development of Microsoft Bing’s AI chatbot Sydney?
00:18:50 In your opinion, what is it about CMS that resulted in the amount of success the team has had with modernizing, with many agencies tending to be behind the curve with tech? Have you had to fight for budget and approvals within CMS or has the agency made it easy to innovate and work with industry?
00:26:23 CMS has some post-incident historic analytics in place with the Tableau dashboard. What would be the top five areas or metrics that come to your mind when visualizing some dashboards in the area of live, modern analytics, especially in an age of SDL (Security Data Lake)?
00:31:06 My team of about 20 would like some basic training on various relevant cybersecurity topics such as Wi-Fi and phishing. Do you know of anyone in CMS I can contact to request this training?
00:33:43 What trends in data collaboration have you all noticed? What is the approach to addressing risk in this area, and is there communication with partners overseas about greater collaboration?
00:38:30 What is an industry buzz term that is most confused or least understood that you’d love to remove or fix?
00:43:53 Where is CMS now in terms of Zero Trust Architecture maturity? Where does a transition to Zero Trust Architecture fall as a priority relative to the other major security initiatives?
00:47:42 Any comments on CMS and CISA’s post-quantum cryptography initiative?
00:49:10 What are your thoughts on our VDI? Are you a fan?
00:51:20 Mac vs PC?
00:56:37 Who do you recommend we reach out to in order to get involved in CMS exploring GRC (Governance, Risk and Compliance) alternatives?
00:56:57 What is your single best piece of career advice for somebody in cybersecurity?