DHS Job Opening for Cyber Security CTO

There’s been much press attention to the promised new position of “Federal Chief Technology Officer” in the new Obama Administration, but the government has another vitally important CTO opening, and the job advertisement just got posted.

Agency: Department Of Homeland Security, DHS Headquarters
Sub Agency: National Cyber Security Center
Job Announcement Number: CHCO-08-055DHS
Title: Chief Technology Officer
Salary Range: 117,787.00 – 177,000.00 USD
Series & Grade: [Senior Executive Service] ES-2210-00/00
Duty Location: Washington DC Metro Area, DC

   – USAJOBS.com listing 

 

I received an email last week from a DHS friend quietly asking that I “publicize” the listing once it was posted, which was scheduled to be last week.  I checked for it online Friday – the first day applications were to be accepted – but must have looked too early for I didn’t see it listed.  That’s understandable, given the holidays, so I checked again last night, prompted by a note from Bob Gourley of CrucialPoint, and the listing was live.

The listing has an application deadline of Thursday, January 15, 2009, so if you’re interested in applying you had better get cracking.

Let’s look at a couple of the specific points mentioned in the job announcement.

JOB SUMMARY: In today’s interconnected world, our country’s security challenges are constantly evolving….

The first two paragraphs of the announcement are government boilerplate, although I would emphasize the line about “answering the noble call to public service.”  In these troubled economic times, when the tech industry like others is seeing a wave of layoffs, there could be a number of outsiders who might consider applying for this job.  My four years of government service in the intelligence community were just about the most professionally challenging and personally rewarding years of my life, and I think Homeland Security in the Obama era is going to be a vitally active and interesting arena.

The Chief Technology Officer (CTO) reports directly to the Director and Deputy Director, National Cyber Security Center (NCSC) and is responsible for all technology activities of the Center.

One important thing to keep in mind is that the NCSC is a new office, created just last year, and separate from the longer-standing “National Cyber Security Division” within DHS.   There have been some organizational challenges to making that odd structure work well.   I have written before about the challenges (“Roadmap for Innovation: From the Center or the Edge?”), and the wise applicant will try to talk with insiders about the state of play internally among the groups.

For a critical view on the lack of departmental harmony, and for a broader look at DHS cyber efforts, you can thank the General Accounting Office, which conducted a 14-month-long performance audit of DHS in their cyber mission. After the study ended in July 2008, GAO issued a fascinating report: “Cyber Analysis and Warning: DHS Faces Challenges in Establishing a Comprehensive National Capability.”  You can read the full report here, but I’ll note a couple of findings and critical observations:

NCSC vs. NCSD, the bureaucratic angle: In bureaucratically muted language where you can read between the lines, the GAO report  points out that “DHS established [the] new National Cybersecurity Center at a higher organizational level, which may diminish the Assistant Secretary of Cyber Security and Communications’ authority as the focal point for the federal government’s cybersecurity-related critical infrastructure protection efforts, and thus US-CERT’s role as the central provider of cyber analysis and warning capabilities across federal and nonfederal critical infrastructure entities.”

Take a look at this DHS org chart, included in the GAO report, which I’ve highlighted to emphasize GAO’s point.

 

NCSC is still very young: The GAO report notes “the efforts to … implement the National Cybersecurity Center are in their early stages and have not yet been fully planned or implemented,” and that its full progress “is not known at this time.” For a potential CTO candidate seeking long-term stability, that may not be so good. For an entrepreneurially-minded change-agent who wants to make a real difference, that could be ideal.

Big DHS may not fully recognize the need for improvement: GAO concluded its report with a set of 10 thoughtful recommendations to improve DHS’s capabilities in the cyber arena.  The tenth of those reads:

We also recommend that the Secretary address the challenges that impede DHS [… by] ensuring that there are distinct and transparent lines of authority and responsibility assigned to DHS organizations with cybersecurity roles and responsibilities, including the Office of Cybersecurity and Communications and the National Cybersecurity Center. 

That’s the money shot, of course, the one recommendation which will enable the other nine to take place without organizational confusion and cross-purposes.  Unfortunately, DHS accepted the first nine and rejected the tenth. As GAO points out in its summary, “DHS took exception to our last recommendation [emphasis added], stating that the department had developed a concept-of-operations document that clearly defined roles and responsibilities for the National Cybersecurity Center and NCSD. However, this concept-of-operations document is still in draft, and the department could not provide a date for when the document would be finalized and implemented.”

One last point on the GAO report: there’s an almost comic tidbit buried in it which captures the essence of a bureaucracy responding to criticism. As GAO puts it,

DHS also commented on the report’s description of US-CERT as “the center.” Specifically, DHS was concerned that referring to US-CERT as the center might lead to confusion with the department’s newly established National Cybersecurity Center. DHS requested that we remove references to US-CERT as the center. We agree with this comment and have incorporated it in the report where appropriate.

Well, now that we have that settled perhaps we can move on to actual national policies on cyber security.

I’ll make one last point on the CTO job description, which includes the following line:

The candidate will be responsible for the management of the collaboration architecture, tools and technology of the Center and leading efforts to employ new cybersecurity strategies and processes across the Department of Defense, Intelligence Community, and the rest of the Federal Government.

It’s important to note that, in reporting to NCSC Director Rod Beckstrom, the CTO will be recommending technologies to one of the smartest tech minds currently serving in Washington.  I’ve written about Rod before (see “Expect Some New Thinking on Cyber Security“), and I believe he’d be a great boss.  We had dinner together along with some other rebellious types in DC just before Christmas, and I expressed the hope that he’ll stick around in the new administration.   So, get your application in to be his new CTO.

Email this post to a friend