Community Outreach: The Need for Information Security Pros
This is the message from John Rossi, professor of systems management/information assurance at National Defense University.
In an exclusive interview, Rossi discusses:
Rossi is a Professor of Systems Management/Information Assurance in the Information Operations and Assurance Department at the National Defense University (NDU) Information Resources Management College (IRMC). Prior to joining the NDU/IRMC faculty, he was a computer scientist for information security, research, and training with the U.S. Federal Aviation Administration Headquarters. He was Security Division Manager of the U.S. Department of Energy's Nuclear Weapons Production Security Assessments Program and National Program Manager for Computer Security Certification and Accreditation (C&A) with the U.S. Department of Defense during Desert Storm.
TOM FIELD: What are ways that information security professionals can give back to their communities? Hi, I'm Tom Field, Editorial Director with Information Security Media Group and we are going to go over that question today with John Rossi, Professor of Systems Management and Information Assurance at the National Defense University.
John, thanks so much for joining me again today.
JOHN ROSSI: Oh it's great to be here, Tom; thanks for having me back.
FIELD: John, we have talked before, and so our audience certainly knows you. Why don't you just quickly update us on what sort of projects you are involved in these days?
ROSSI: Yeah, it is good to be back with this audience. What I am doing here at the National Defense University is running classes and often certificate programs in the field of information assurance, or what we might call now cybersecurity/computer security/telecomm. Most of the students are military, but we also have civilian federal government and internationals as well. The area that we are really moving into now is a lot more outreach, globally well as locally, so this is a very timely topic.
FIELD: Well, you suggested the topic, and it is one that fascinates me. So the premise is that security professionals should practice more outreach; what exactly do you mean by that?
ROSSI: It is probably no secret that information technology professionals and security professionals specifically tend to be a little bit on the "geeky" side. We hide in our offices, and we generate code or we write policy; we will do telecommunications software, and we kind of tend toward "leave us alone and let us do our thing." But I think where we really need to move is to integrate ourselves better into the community.
We have seen years ago that CEO's needed to have a place at the corporate table; well, now we are saying that Chief Information Security Officers also need a place at that table. And not only at the corporate table, but I believe that it is very important, professionally and personally, to reach out to the community at large; our own local communities, our libraries, our high schools, our junior high schools, our colleges. And so what I mean is that the security professional should get out and inspire, motivate, mentor individuals and groups in the community.
FIELD: Well, you make a good point here, John. You know these are stretching some new muscles for a lot of people in the profession, so what are some effective ways that security professionals can share their expertise?
ROSSI: Well, I will share with you what I have done, and that way if I have walked the walked, then there are others who can do it as well. There is nothing special about me.
What I have done is I have raised my hand to speak at conferences, so security professionals that come to conferences, security conferences, will get to hear whatever I happen to be thinking of at the moment, whatever the topic is, and that is one way.
Maybe a little more grassroots, though, is to get to the youth of the community and speak in some of the inner city schools. I have gone out to local inner city Washington, D.C. high schools and spoken about fields, about careers in the information technology field and the information assurance field, and it kind of gives those youngsters something to look up to, look forward to, see how they can contribute to the community.
Another way is writing. Some people have a skill in writing, and they don't like to speak, they are very uncomfortable. My wife would probably rather die than have to give a presentation in front of an audience. So there are many people who are nervous about that. Perhaps we can write, and if we can write there are plenty of newsletters and magazines that would love to publish well thought out articles in the security field.
FIELD: So, John, for people like yourself that are at academic institutions, what are some ways that these institutions can encourage more of this outreach you have described?
ROSSI: Well one thing that we do here at the university is we have an office that handles outreach,, and so that outreach office prints brochures about the college and about the programs, not just telling people about our programs, but telling people about the importance of information security and information technology. So that office prepares fliers, they will rent a booth at conferences, they go out and have a presence at different types of activities.
We also host activities here, we get speakers here and we advertise fairly broadly amongst not just our students, but also the community, and invite them to come and listen to some world-class speakers. We have had authors in here and people who are experts in terrorism and a variety of different things like that to bring people in.
FIELD: Now you talked about being out in the community at conferences, at high schools, etc.. Where do you see the greatest need for this outreach now?
ROSSI: You know, Tom, the older I get (I am in my upper 50's now), the more I realize that the future of our country lies with the young people in our country, the teenagers and even preteens, the people in college and just out of college, especially in the difficult economic times that we are having. It is rather discouraging to a lot of young people when they study hard in school and they don't see a place to go when they get out.
So what I am seeing now is I really want to spend some effort in reaching down to the young folks and inspiring them to stay in school, get degrees, be a contributing member of the society regardless of the fields that they choose. I happen to think that information technology and security is a very important field that we will be needing for many years in the future.
FIELD: Now as you look across industry, do you see models somewhere, maybe in other professions that we can look at for best practices in this type of outreach?
ROSSI: You know there are community organizations -- ISSA for example is the Information Systems Security Association, and that is a community of people in the field. What I am seeing is within academia, government, industry and non-profit organizations like these birds of feather type communities, they are trying to reach out in a horizontal way to communicate their goals and missions and encourage people to support it.
FIELD: John, one last question for you. For someone that might be listening to this interview and thinking this is something I would like to do, what advice would you give them just to get started? How do you start?
ROSSI: Well, you know something that probably everyone in this audience can do is think about their own expertise. Everyone has an area that they are very good at, and that area that they are very good at is an area that could be an inspiration to some youngster.
If someone in our audience has children at the elementary school, junior high school, high school, they could offer by talking to the principal, talking to the guidance office, they could offer to give a little brown bag or a luncheon presentation at the school, and they might get anywhere from five to 25 or more, depending upon the subject, people to come and listen to them and they can inspire--even if just one or two people come into that field, they have leveraged their skills into the next generation to help to make our country a better place.
FIELD: John, as always, wonderful insight and it's a pleasure to talk to you.
ROSSI: Thanks a lot, Tom.
FIELD: We have been talking with John Rossi with National Defense University. For Information Security Media Group, I'm Tom Field. Thank you very much.