Left to Our Own Devices: Rick Driggers’ Journey from Combat Control to Infrastructure Cybersecurity - Geektime

2 years ago 42
multinationals

Looking retired for the American radical and his teammates is thing Rick Diggers has committed himself to since the infinitesimal helium turned 18.

Guest Contributor / 30 Oct 2022 4 min read

 Rick Driggers’ Journey from Combat Control to Infrastructure Cybersecurity

After enlisting successful the U.S. equipped forces consecutive retired of precocious schoolhouse and choosing the challenging way of a Combat Controller, Diggers went connected to beryllium a cardinal subordinate successful mounting up the Department of Homeland Security’s postulation absorption apparatus. From there, helium moved to the CISA for 15+ years, performed cardinal positions with the U.S. aerial force, and is present the Critical Infrastructure Cyber Lead astatine Accenture Federal Services.

Rick Diggers successful his aboriginal days successful the U.S Armed Forces

Driggers worked with federal, state, and section offices to recognize the information posture of America’s infrastructure, astir of which operates connected bequest exertion that was ne'er initially intended to beryllium connected to online networks. Securing these infrastructures has taken time, and the manufacture is opening to consciousness the momentum. “If I'm looking astatine an organization’s cybersecurity posture done a maturity and a readiness lens, that truly allows maine the flexibility to marque adjustments based connected emerging threats and risk,” said Diggers, “That's a batch amended than, you know, playing whack a mole with vulnerabilities, which unluckily a batch of organizations do.”

When drilling down into what makes the agile and cybersecurity mindset possible, Driggers says it comes down to people, process, and technology, not conscionable tech operating connected its own– and that’s lone 1 of the 3 apical challenges to securing organizations.

3 Top Challenges organizational cybersecurity challenges

Diggers speaking astatine the CyberTech Europe 2022 conference

Today’s cybersecurity gaps are particularly challenging for organizations that spot their systems and operations taken offline. When moving with governmental organizations, a hack whitethorn spell beyond ransomware to exposing the idiosyncratic accusation of a idiosyncratic of involvement oregon adjacent authorities secrets.

When the stakes are truthful high, it becomes a squad effort to guarantee that specified important information is lone accessed by authorized users. To execute this, organizations should absorption connected the following:

Culture

From the start, it’s important to admit that securing IT networks and OT (Operational Technology) networks are not the same. While IT practitioners are often focused connected securing backstage data, OT cybersecurity professionals are much focused connected operational uptime and availability. They person antithetic problems to tackle and attack them from antithetic angles.

Executives indispensable admit this and promote opportunities for them to collaborate connected sorting organizational problems successful a mode that allows them to amended recognize 1 another.

People, process, and policy

Working towards a communal extremity demands that each squad subordinate is successful a relation that is successful enactment with their skills. Employees should beryllium successful the close spot astatine the close time, capable to recognize challenges and enactment connected them accordingly, without having irrelevant decision-makers holding things back.

Visibility

Streamlining processes demands a wide knowing of what each section and squad subordinate does, successful bid to let them to enactment arsenic efficiently arsenic imaginable portion creating opportunities to admit their ain cybersecurity vulnerabilities. In addition, this creates opportunities for teams to trim duplicated efforts.

“I deliberation gaining visibility goes a agelong mode to helping negociate galore method aspects. That'll assistance escaped up resources to use to existent information practices to trim risk,” said Driggers. “In my mind, it truly each starts with visibility. If you can't spot it, you can't support it.”

Protecting infrastructure into the future

Rick Diggers connected C-SPAN erstwhile moving for Homeland Security

The archetypal measurement successful securing immoderate portion of exertion is by having cybersecurity beryllium portion of aboriginal development, not an afterthought wherever discovered vulnerabilities whitethorn marque a instrumentality insecure, oregon adjacent unusable.

For example, the committedness held by 5G exertion and being capable to link fleets of devices to cellular networks increases onslaught surfaces to unprecedented levels. How bash we unafraid these spaces connected specified a wide scale? “Future information challenges successful this space, peculiarly arsenic it applies to the improvement of caller oregon existing captious infrastructure, is to continuously germinate our information solutions to not lone guarantee the integrity, reliability, and information of each of these connected technologies, but we besides request to guarantee the information and privateness of our people,” said Driggers.

A ample portion of that is the Biden administration’s enforcement bid 14028, which laid the groundwork for the cybersecurity documentation and yet overmuch of the advancement that we are seeing contiguous with Software Bill of Material (SBOM) documentation. What’s more, is that it was each done from a proviso concatenation perspective– not lone for bundle proviso chains but besides for bundle improvement environments. It gives guidance connected connection and wide hazard guidance to manufacturers connected however to talk with their customers.

To execute this, SBOMs are captious successful identifying imaginable vulnerabilities, gaining insights into mitigation techniques, and securing organizations successful an organized manner. Ultimately, the greater visibility and connection astir imaginable threats that beryllium wrong an organization's culture, whether it beryllium done meetings oregon documentation, the much unafraid it volition be.

Click here to perceive to the afloat episode.

Written by David Leichner (CMO), Shlomi Ashkenazy (Head of Brand) and Rafi Spiewak (Director of Content) astatine Cybellum

Subscribe to Geektime

Get the latest posts delivered close to your inbox

Great! Check your inbox and click the nexus to corroborate your subscription.

Please participate a valid email address!

Tags

Picture of Guest Contributor

Guest Contributor

Guest Writer @ Geektime

Read Entire Article