A Shame for InfoSec Transparency
The CISO of Pennsylvania was apparently fired after discussing a breach while serving on a panel at the recent RSA conference. The removal appeared in several articles including this SCMagazine report. The information provided by Bob Maley was a clear description of a threat that some states may face, an appropriate discussion for this panel. However, it seems Maley didn’t get explicit permission to talk about this issue and was terminated for this breach of protocol.
There may be other personnel issues involved but the timing of this is certainly suspect. While Maley should have been disciplined for violating communication protocol, the end result appears to be disproportionate to the offense.
The RSA panel was a great opportunity to share information and lessons learned. Instead of embracing that level of transparency, we see a SCMagazine CISO of the Year finalist losing his job by trying to help others learn from his experience. If others fear such action for sharing sanitized lessons learned then our field has taken a step backward in transparency and communication. That’s a shame.
Tags: information security, security awareness, security mistakes
Awareness and Education | Paul March 13, 2010
RSS feed for comments on this post. TrackBack URI