Former U.S. CISO Gregory Touhill says the federal government must rethink how it hardens its workforce to prevent cyberattackers from succeeding.
"Innovative training such as gamification ... have a more lasting effect in a positive way than just one-and-done training," Touhill says in an interview with Information Security Media Group.
In the interview (click on player beneath image to listen), Touhill says:
- All information owners are responsible for better managing their risk;
- Organizations must conduct regular and frequent cybersecurity exercises to help build their cyber defenses;
- Board members and chief executives down to junior employees must participate in these exercises to build cybersecurity awareness.
Touhill teaches cybersecurity and risk management for the CISO certification program at Carnegie Mellon University's Heinz College. President Barack Obama in 2016 tapped Touhill to be the first U.S. chief information security officer, a post he held till the end of the Obama administration. Previously, he served as deputy assistant secretary for cybersecurity and communications and director of the National Cybersecurity and Communications Integration Center. Touhill is a retired Air Force brigadier general.
On Tuesday, June 20, Touhill is scheduled to deliver the keynote address - Risk Management: Lessons Learned from the First U.S. CISO - at the ISMG Fraud and Breach Prevention Summit in Chicago, which runs through Wednesday, June 21.