The finalists for WashingtonExec’s Pinnacle Awards were announced Oct. 8, and we’ll be highlighting some of them until the event takes place virtually Nov. 12.
Next is Cybersecurity Industry Executive of the Year (Public Company) finalist Jim Richberg, who serves as field chief information security officer at Fortinet Federal. Here, he talks about achievements, focus areas and how he helps cultivate next-generation leaders.
What key achievements did you have in 2019/2020?
I spent the last year helping government organizations implement effective and affordable cybersecurity to address critical organizational and national problems. I’ve also focused on driving improvement in organizations’ ability to measure their cybersecurity performance.
Some of my most significant contributions include helping federal agencies and corporations understand and apply technologies such as artificial intelligence and software-defined networking to improve their IT and cybersecurity.
The COVID pandemic led to the rapidly expanding need for digital services for citizens and secure remote work for government employees. I identified key technologies and best practices to help government organizations “do more with less” without sacrificing security.
I also identified the need for a vendor-agnostic industry working group to help state, local, tribal and territorial governments meet the enduring IT and cybersecurity problems precipitated by COVID. This group was chartered in June, and I currently lead it in developing options ranging from identifying key technologies to shaping policy recommendations and identifying best practices.
What has made you successful in your current role?
In my role as a Fortinet Federal field CISO, I combine my nearly 35 years of experience leading and driving innovation in cyberthreat intelligence, strategy and policy in government with an understanding of the state of the art in private sector cybersecurity capabilities and how they can be applied to solve difficult customer problems.
My government career and focus on creating and implementing strategy and in setting integrated priorities helped me develop an enterprise-level focus on cyber problems that aligns well with Fortinet’s broad portfolio of cybersecurity products and services.
My years of engaging with audiences ranging from heads of state and CEOs to analysts and IT staff, coupled with my broad operational experience, give me practical insight into some of the most difficult cyber problems government organizations face. My background as an analyst and my knowledge of advanced threat capabilities, insider threats and supply chain integrity helps me identify the most critical elements of a problem and to formulate effective solutions for Fortinet’s customers.
What are your primary focus areas going forward, and why are those so important to the future of the nation?
As agencies conduct IT modernization efforts, enhancing network and data security across the federal government is paramount. For example, the recent Trusted Internet Connection 3.0 guidelines defines connection options between federal networks and the outside world.
To help expedite the government’s adoption of new network security technology, Fortinet has partnered with a public-private sector consortium (ATARC) to establish a TIC 3.0 Demonstration Center that provides agencies with a space to test and evaluate emerging technologies to ensure that solutions align with their requirements.
However, these federal digital transformation efforts lead to an increase in applications and expansion of the network, creating millions of new network endpoints that have to be managed and protected. This leads to another focus area — educating federal and especially state and local governments on options for security-driven networking, which brings security and networking into a single solution that is more effective, affordable and secure.
This is especially important for state and local governments, which are facing a challenge in resources due to COVID’s impact on tax revenues — at the same time that the demand for digital services has skyrocketed. Convergence ensures that as government network infrastructures evolve to meet these new demands, security is an integrated part of the solution.
Lastly, the increased demand for absentee/mail-in voting in the wake of COVID heightens existing complexity in the voting ecosystem. Elections happen every year, and I will continue to work with other leading commercial firms, government partners and non-profit organizations to brainstorm creative solutions to addressing the technical, security and resource challenges associated with conducting secure and safe elections.
How do you help shape the next generation of government leaders/industry leaders?
There is a systemic cyber workforce shortage and skills gap that affects every part of the government’s cyber posture — from configuring technology to staffing the Security Operations Centers that deal with thousands of potential threats per day. This workforce and skills gap has been a factor in many of the intrusions and breaches detected over the past year in both government and private sector networks.
To help close this skills gap, Fortinet’s Network Security Expert Institute has designed an Information Awareness and Security program to help government and industry IT professionals refresh their cybersecurity skill sets, educate new cybersecurity staff, and increase their employees’ cyber awareness.
The critical need for more cybersecurity talent presents an opportunity to recruit individuals from nontraditional backgrounds to help fill this skills gap. The Fortinet veterans program helps transitioning veterans develop the skills they can use to defend federal government networks after their military service.
What’s your best career advice for those who want to follow in your footsteps?
Be flexible! While it is good to have a goal and a plan for your career, in my experience, it is better not to let that become so rigid that it blinds you to other opportunities. For example, although I worked in nearly a dozen disparate occupations during my government career, I only initiated three of these job changes. But every change, whether self-directed or the result of external circumstances, presented me with the opportunity to learn something that diversified and augmented my skills.
If you are already leading a cybersecurity program, try to strike a balance between solving the immediate problem and maintaining a strategic perspective. The difference between average and exceptional security leaders is that, while both can manage current problems well, the exceptional ones are also thinking about how to address the next set of problems.
My recommendation is to find at least one person you regularly consult — or at least a favorite blog or website you visit routinely — to stimulate your thinking and ensure that part of your time is spent focusing is on the big picture and longer timeframes.