Page 9 - Publication6
P. 9
Infosec in the enterprise and at the federal government Committee, is an SME for the Governors Infrastructure
level tends to dominate the headlines and security sector Cyber Security Working Group, a member MS-ISAC, and
conversations, but there are several more layers of US-CERT.
government at the state, county, and municipal level that
are routinely overlooked – yet these entities cumulatively Security and Arlington
present a massive attack surface with far reaching Arlington County is arguably one of the most important
implications. in the nation due to the large federal government presence,
and Jordan is incredibly passionate about his responsibility
But it�s not just risks posed by would be attackers that are for protecting critical networks under his dominion.
of concern, because systemic weaknesses are caused by a
cocktail of issues, like budget constraints, lack of skilled �I take my position very seriously, not just because of these
security professionals, regulatory compliance, the need for government agencies are hosted by Arlington but because
access to actionable threat intelligence, and vulnerabilities Washington D.C. is also my hometown. I was born two
inherent in the advent of the Internet of Things (IoT). blocks from the US Capitol. IT and OT Security for me is
personal. My town, my water supply, my SCADA and PLC
We talked with Dave Jordan, CISO for Arlington County controls, my traffic system, etc., get me�,� Jordan said.
– which hosts the lion�s share of Washington DC – about
the challenges local governments are facing with regards �I don�t like the criminals stealing an elderly person�s
to securing networks, sensitive data, and their citizens trust identity, nor do I like an elected official who thinks they
and confidence. have a right to place their convenience over cybersecurity
best practices.�
Jordan was the first CISO Arlington ever hired, assuming
the role back in April of 2001 – quite an impressive tenure Jordan says Arlington�s efforts started to evolve rapidly
considering that in today�s environment, CISOs tend to be after the 9/11 terrorist attacks, and that�s when technology
the security scapegoats and last on average only a few years began to play a larger role in public safety issues, acting as
with the same organization. the perfect catalyst for cybersecurity funding measures.
�If you are frustrated easily, you don�t want to be a CISO
in any government. If you worry about stability of your “I’ll tell you that
career you don�t want to be a CISO,� Jordan said. �There
is a second meaning the acronym for CISO being used more when I started
and more over the past few years: Career IS Over.�
here, the PCs
Prior to assuming his role at Arlington, Jordan was one of
the founders and the head of the Systems Integrity didn’t even have
Technical Security department at MCI for ten years, which
was perhaps the first of only a few American corporations an operating
to adopt inherent product integrity, according to Jordan.
He holds several U.S. and International patents used to antivirus”
prevent telecommunications fraud, and is the vice-chair of
the National Capitol Council of Governments CISO
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3