Michael Baker, staff vice president and chief information security officer for General Dynamics Information Technology, has been appointed as chair of the WashingtonExec CISO Council for 2021-2022.
“Being chairperson of the CISO Council is a great opportunity for me to apply the lessons learned throughout my career, along with my personal values across this industry, and lead a group of cyber professionals in effective conversations on things that are going to increase the efficacy of our programs,” Baker said, “which in turn increases our national security, and increases the ability in which we can counter the adversary that we face every day.”
Baker’s nearly 20 years of experience in cyber leadership, talent development and risk management in the aerospace and defense industry as CISO have taught him the importance of building a strong cyber community and fostering collaboration. That’s what he hopes to bring to the CISO Council.
Baker has had two jobs in his life. He started his career as a consultant with EY, where he worked with a variety of clients across the defense, retail, banking and technology sectors — which included 12 years across General Dynamics’ businesses providing cyber and IT services.
“It was an unbelievable place to start a career and learn the value of teamwork, the importance of effective communication, and the essential nature of collaboration across large groups and global industries,” Baker said.
When he came to GDIT as CISO in 2015, he was quickly invited to join a collaborative group of CISOs serving similar companies across the industry that shared common challenges. From day one, this experience taught him the importance of collaboration across the CISO position and industrywide, and that it shouldn’t be feared or held as a competitive advantage.
“It should be something in which we continue to support each other and build each other up for the common defense of our customers and our companies,” he said.
Baker learned a lot from jumping into the role of CISO with a community of support and collaboration, and found a similar atmosphere within GDIT. He described General Dynamics as a community in and of itself across many different companies that produce different products and services.
“I believe the career experience working within that community, within our company, provides a lot of expertise on managing large cyber risks across a diverse portfolio of companies, cyber teams and business needs,” Baker said. These experiences lay the foundation for how Baker engages with the council and the topics he wants to explore.
The nation has seen an unprecedented number of sophisticated cyber events over the past couple of years, and to truly protect public sector customers’ information, Baker believes industry and government must work together. He plans to discuss the recent SolarWinds hack in the effort to improve supply chain risk management and software supply chain practices.
In addition to recent incidents, Baker also wants to discuss the growing threat of ransomware, zero trust architectures, and emerging government compliance frameworks.
“We also need to continue to focus on compliance aspects as well,” Baker added. The Cybersecurity Maturity Model Certification and President Joe Biden’s recent cybersecurity executive order impacts all of GovCon and how it works to serve government customers.
Facilitating these discussions with the council goes back to building a sense of community within industry so members can get to know each other on a deeper level and feel comfortable reaching out to one another for assistance.
“Having that network is something that is extremely valuable to the CISO role,” Baker said. “In this job, you are striving every day to assess risk and apply capabilities as part of your cyber program. The ability to take a quick pause and talk to another team working towards the same goal, or aligning with your customer about those expectations, provides tremendous returns in ensuring our industry is continuously improving to meet our current threats.”
Cyber is a complicated subject matter; it’s highly evolving, and capabilities and suppliers change daily. Making meaningful connections with peer companies helps to better understand customer expectations and roadmaps.
And because the government is setting the tone for national defense, requirements and cybersecurity execution, connecting with government officials is valuable.
“Anytime that we can get in front of our customers or other government officials to see where they’re going is another opportunity to validate that we are headed in the right direction with our own programs,” Baker said.
To facilitate these connections, Baker intends to foster a more social atmosphere in the council meetings and hold conversations that transcend cybersecurity tools and trends.
“We’re a fellowship as a group of people who experience the same stresses of the job, and the same unique demands,” Baker said. He wants to focus on the human elements of the CISO role, like what it means to lead, retain and drive a team within the D.C. GovCon market, and how to foster a diverse and inclusive workforce.
Ultimately, Baker’s end goal as CISO Council chair is to form a trusted community in which CISOs can feel comfortable asking their peers any question, and hold transparent, collaborative discussions. The nation is facing an adversary that is motivated, highly funded and very sophisticated. A breach of one company is a breach of national security, and according to Baker, it takes a full industry effort to truly secure the nation.
“People who are in this group will feel supported in this highly demanding role, and have a network of people to lean on when they need extra assurance or help with a certain problem, regardless of company affiliation,” he said.