DHS Set to Tap New Cybersecurity Leader
Phyllis Schneck's Road to Deputy UndersecretaryPhyllis Schneck, the next deputy undersecretary for cybersecurity at the Department of Homeland Security, comes to the job with a different set of experiences than her predecessors - and that could prove valuable.
See Also: Preparing for New Cybersecurity Reporting Requirements
Schneck will leave her job as chief technology officer for the public sector at security provider McAfee to become the top cybersecurity policymaker at DHS, a senior DHS official confirms.
Unlike her predecessors, Schneck has a strong academic and research background, having earned a Ph.D. in computer science from Georgia Tech. She holds three patents in high-performance and adaptive information security and has six research publications in the areas of information security, real-time systems, telecom and software engineering. Before becoming McAfee's public sector CTO, Schneck served as the company's vice president of threat intelligence.
"Her underpinning background is in security, which gives her credibility," says Chris Buse, chief information security officer for the state of Minnesota. "She is very poised and is an excellent communicator [who] has experience dealing with the political processes, something that is vital to this job."
Schneck will take over the job Bruce McConnell has held on an acting basis since April, when Mark Weatherford resigned to join the consultancy The Chertoff Group [see DHS's Mark Weatherford Resign]. McConnell is leaving DHS at week's end after four years as the department's senior counselor on cybersecurity [see Another Senior Cybersecurity Leader to Exit DHS].
Awaiting Official Announcement
DHS has not officially announced Schneck's appointment, first reported by The Hill newspaper. Schneck has not commented publicly on her new job. A spokeswoman for Schneck says she will not say "anything about any potential job change unless it were to be official."
The appointment does not require Senate confirmation.
Schneck's academic and research background reflects an out-of-the-box thinking about IT security. She champions, for example, developing IT security technology to emulate a human body with a strong immune system to battle infections.
"Just as your body defends against thousands of colds every year and you only maybe only get one, that's what these systems are designed to do: push off the enemy and push off malicious traffic, without it having to have a name, and certainly without it having to have a signature - just understanding what is good or legitimate and what is not well intended or not needed and being able to defend against that and get smarter as you do so," Schneck said in an interview with Information Security Media Group [see Infosec Evolution Mimics Immune Systems].
Hefty Curriculum Vitae
Her resume is filled with mostly private-sector jobs, but early in her career she worked at the NASA Goddard Space Flight Center and the University Of Maryland's Department of Meteorology. Her corporate life has been consistently intertwined with government. As McAfee's public sector CTO, she oversees the company's technical vision for public-sector applications of security and global threat intelligence.
Schneck served as vice chair of National Institute of Standards and Technology's Information Security and Privacy Advisory Board, a panel charged with identifying emerging managerial, technical, administrative and physical safeguard issues as they relate to cybersecurity and privacy. She was the working group co-chair for public-private partnership for the Commission on Cybersecurity for the 44th Presidency, a panel that produced a report that served as the outline for President Obama's cyberspace policy.
"She has experience dealing with the political processes, something that is vital to this job," Minnesota's Buse says.
Dwayne Melancon, chief technology officer for risk-based security and compliance management solutions provider Tripwire, says Schneck's experience should prove vital as DHS reconfigures itself. "Her technology background will be well-received by those in the information security industry - a kindred spirit is always more welcome," he says.
And that spirit will be challenged as DHS implements Obama's cybersecurity framework being developed by a public-private partnership under NIST's auspices [ NIST Unveils Draft of Cybersecurity Framework ].
Major Challenge
Melancon says the public-private partnership is not fully realized, and that presents Schneck with one of her biggest challenges as she assumes her new role.
"This effort hasn't yet delivered on its promise, and I believe our national security will pay the price if this isn't solved," Melancon says. "The problem isn't the lack of capability - it's our inability to actually get that capability delivered to the places where it's most needed, which is securing our critical cyber-infrastructure in both the public and private sectors. ... Dr. Schneck can't just commission new efforts; she must also take a critical eye to existing programs and decommission those which aren't delivering."
Schneck comes aboard as the leadership within cybersecurity and infrastructure protection at DHS is in flux. Secretary Janet Napolitano, one of the administration's chief spokespersons on cybersecurity, will leave in September, and the deputy secretary, Jane Holl Lute, resigned this spring. President Obama nominated Alejandro Mayorkas, director of DHS's Citizenship and Immigration Services, to be deputy undersecretary, but his nomination is stalled in the Senate.
Rand Beers, undersecretary for the National Protection and Programs Directorate, is serving as DHS acting deputy secretary, and could become acting secretary if neither Mayorkas nor Napolitano's successor is confirmed by the time she leaves. Beers will leave DHS when either the new secretary or deputy secretary is confirmed. Suzanne Spaulding, deputy undersecretary for infrastructure protection, has been nominated as undersecretary to replace Beers; she's now serving as acting undersecretary. Schneck will report to Spaulding.
Making the Transition
Schneck's presence at DHS could provide some stability to a department experiencing much tumult in its higher ranks in recent months [see Another Leadership Shakeup at DHS ]. But Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security at Purdue University, wonders about Schneck's adjustment to government bureaucracy, coming from McAfee, which he describes as a more diverse and security-focused environment than DHS.
"I'm not sure how much exposure she will have had to the kinds of pressures and trade-offs likely to be found in DHS, especially given some of the churn there in recent months," Spafford says.
"Phyllis does like to get things done, so that could be a problem when inside DHS," Spafford says. "Or, it could be a good thing - we will have to wait and see. If she is frustrated about getting things done, she's not likely to stick around for a long time."