Knowledge Consulting Group’s (KCG) Paul Nguyen, has the heart of an ethical computer hacker. As the company’s vice president of cyber solutions, Nguyen manages commercial and federal accounts, including the Departments of Justice and Treasury.
We asked Nguyen what his biggest security challenge has been when implementing enterprise mobility, his view on Bring Your Own Device (BYOD) policies, how he sees budget constraints impacting federal mobility programs and what keeps him up at night.
WashingtonExec also asked Nguyen about KCG’s recent FedRAMP 3PAO status.
WashingtonExec: Can you tell us a little about your background and what you do at KCG?
Paul Nguyen: I’m the Vice President of Cyber Solutions in charge of our Federal Civilian and commercial business. I manage our Department of Justice and Department of the Treasury work, as well as a number of other civilian accounts. In addition, I also oversee our rapidly growing commercial business. The commercial sector has been a growth area for KCG over the last few years. Part of my charge is identifying the cyber needs of the commercial and government sectors in key areas, such as mobility and the cloud, and developing new solutions and service offerings for serving those markets.
In terms of my background, I came from a hacker’s think tank years ago, a company called @stake. I’m a bit of a hacker at heart – an ethical hacker, of course.
WashingtonExec: How has earning FedRAMP’s 3PAO status impacted KCG?
Paul Nguyen: The impact has been a very positive one for us. Our phone has been ringing off the hook! And with good reason – the 3PAO opportunity aligns nicely with the work that our Cyber Attack and Penetration Division – a group we call CAPD – has been doing for quite some time in the federal space, and increasingly more so in the commercial sector. Supporting FedRAMP as a 3PAO allows KCG to draw upon our experience providing readiness and assessment certification work for agencies and apply that expertise to the commercial sector. We are able to do some of the work we do best for our core client base, while at the same time expanding our footprint in the commercial sector. It’s a win all the way around.
WashingtonExec: What is the biggest security challenge for enterprise mobility?
Paul Nguyen: The biggest challenge that is top of mind today is BYOD (Bring Your Own Device). Organizations must build mobile architectures to manage these devices and enforce policies that are in alignment with what the corporate risk policy needs to be. BYOD introduces the potential for risks from our personal lives to cross over into the corporate environment.
That leads to another aspect of mobile applications that we’ve seen: people building mobile applications quickly without adequately addressing security risks. Applications that are being published to various apps stores. Some of those apps aren’t necessarily vetted from a security perspective, which could introduce risks to corporate environments.
WashingtonExec: How should a BYOD policy maker address some of those issues?
Paul Nguyen: The first step is to understand how mobility is going to be leveraged from a work perspective, and what that mobile device is going to be enabling for the enterprise. Next the policy maker should focus on what the risks are and conduct a thorough threat assessment to see what the potential issues could be, and what policies need to be pushed down to those devices. For example, a lot of these devices don’t have screen locks or password enabled authentication. Those are some of the policies and decisions that need to be made from a corporate perspective. We need to look not only at their business perspective, but also at how it is an enabler of the business. That way, the policy doesn’t become so restrictive that it loses its pertinence to the business operations overall.
WashingtonExec: How do you balance cyber security and innovation?
Paul Nguyen: What we really look at in terms of mobility is, how is this an enabler of the business? I think you really need to take a hard look at how it is being used for the business, and maybe ensure that it is restricted for that purpose only. That’s a struggle with the BYOD side now.
WashingtonExec: What do you think the potential impact of budget cuts on developing cyber defenses for the mobile federal market might be?
Paul Nguyen: Security is always a major concern for any IT initiative. Mobility itself is a major initiative. I think the funding for the security aspects will go hand and hand with the initiatives.
“I think the biggest enablers of security are really people, because at the end of the day we, as individuals, are enforcing the policies and also acting everyday with security in mind. That is the biggest lever of any security program: the empowerment of the people to make those secure decisions everyday as a part of their job.”
WashingtonExec: What is some advice you have for agency employees to keep enterprise information secure?
Paul Nguyen: For anyone, it’s having the awareness of what the risks are and making conscious decisions as they are executing their job function to be aware of those risks. I think the biggest enablers of security are really people, because at the end of the day we, as individuals, are enforcing the policies and also acting everyday with security in mind. That is the biggest lever of any security program: the empowerment of the people to make those secure decisions everyday as a part of their job.
WashingtonExec: How did you enjoy your Labor Day weekend?
Paul Nguyen: My wife and I went to Seattle for a wedding. I had never been to Seattle, so it was very exciting us.
WashingtonExec: On my phone I have a mobile banking app. Do you think security is up to par for current mobile banking and cyber security standards?
Paul Nguyen: I think it depends. From my experience financial services as an industry is pretty mature from an overall security standpoint. As you can imagine any security impact on those types of businesses – any second lost for them – could be millions, if not billions of dollars lost revenue. I’ve worked with a lot of them, and they do have some of the top-notch security priorities in my opinion.
With some of the other apps there is a little less assurance. Anyone can really develop an app nowadays; you never know what type of security is built into those. That’s kind of the concern that a lot of folks are looking at right now.
WashingtonExec: What is something that keeps you up at night in terms of your job?
Paul Nguyen: This technology has created a lot of positives with an interconnected world, but at the same time we’ve introduced things that we don’t even know about. There are probably a million different ways you can attack any given company, device or application, and it is not necessarily feasible to address all those different variations. It is a continual battle – almost a chess match between the offensive and the defensive side to come up with best defenses against attacks that are constantly evolving.
“But like most things, mobility is great in moderation and requires discipline to minimize impacts to anyone’s personal life.”
WashingtonExec: There is more concern these days about a work-life balance. Is mobility a good thing, or a bad thing for keeping that balance?
Paul Nguyen: I think it depends on the individual circumstances, but mobility at least gives us the option to be productive in situations we traditionally have not been able to. I personally believe mobility is a good thing for my own personal productivity as an executive and having information at my fingertips to be able to make business decisions. But like most things, mobility is great in moderation and requires discipline to minimize impacts to anyone’s personal life.
WashingtonExec: Who is someone you admire?
Paul Nguyen: This is certainly a tough question. Identifying any single person as someone I admire the most is not easy to answer. I prefer to focus on traits from various people I admire and try to emulate them in my own personal and professional life. But if you made me choose I’d have to say my wife who tolerates my 24/7 “connected” lifestyle, which is of course enabled by today’s great mobility innovations and my various devices.