Technology as a Substitute for the IT Security Pro

Filling the Gap Caused by Dearth of Skilled Government Staffers

By , February 5, 2010.
Technology as a Substitute for the IT Security Pro


See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

an technology replace the IT security professional to safeguard government information systems?

Zalmai Azmi, the former Federal Bureau of Investigation chief information officer, thinks so, at least in some situation, and could fill the gap caused by a shortage in government of qualified IT security personnel.

The amount of data governments need to monitor is massive, so tools are available to not only monitor but help analyze the data to identify vulnerabilities. "We are providing a technical solution that will eliminate the need for a lot of cyber professionals because we just don't have enough of them," Azmi, senior vice president for global strategic law enforcement and national security at the IT services firm CACI International, said in an interview with

Azmi said resource-poor agencies are faced with the dilemma of deciding, say, which two of 10 vulnerabilities to address. Technology and the right methodology can help, he said. "If you have limited funding, then the decision is pretty much made for you where you spend that security money," Azmi said. "You can't spend it on all 10 vulnerabilities but you have adequate money that actually enables you to address those two."

In the first of a two-part interview, Azmi also addresses:

  • How the attacks from China on Google and other corporate IT infrastructures just scratch the surface in regards to infiltration into America's critical information systems and networks.
  • The need for IT organizations to pay more attention to their security-sensitive systems rather than treating all information systems equally.
  • The effectiveness of the Federal Information Security Management Act.

In the Part 2 of the interview, Azmi discusses the use of milestones and matrixes to effectively manage agency cybersecurity initiatives.

Azmi joined CACI in November 2008 after serving five years as CIO of the FBI where he guided the bureau through its largest-ever technology upgrade. Before joining the FBI in 2003, Azmi served as CIO for the Executive Office of the United States Attorneys, where he created the organization's first IT security office. A Marine veteran - he served as a communications and intelligence specialist - Azmi has been twice deployed to Afghanistan as well as detailed to an intelligence agency.

Azmi holds a master in information systems from George Washington University, a bachelor in IS from American University and several IT certifications including information security management and program management.'s Eric Chabrow interviewed Azmi.

ERIC CHABROW: We are speaking a week after Google and other companies revealed attacks emanating from China on their IT infrastructures, including the hacking of Gmail e-mail accounts of active and supporting human rights in China. How serious of a threat do these attacks pose the federal government and the nation's critical IT infrastructure?

ZALMAI ASMI: Eric, actually this is a very serious threat to our national security, mainly because we are seen these types of acts in different areas of our infrastructure. We have seen it in power grids, we have seen it in our financial systems, we have seen it in the federal government systems and now we see this intrusion in Google, which is a major ISP.

Since all of the networks are interconnected, it is a serious threat to other programs, other organizations, other systems that are connected to the Google network. I personally view this as a serious threat posture, also concerned that these kind of intrusions may be just a prelude to determining some of the weak points in our national security program related to cyber and that may become a point of exploitation for future intrusion into our systems.

CHABROW: How seriously do you think government leaders are taking cybersecurity and will the Google/China episode be a wake up call for them?

ASMI: I believe we are leaning a lot about our adversaries' capabilities so I think the senior leadership, senior management is taking this very seriously. Now that we do have a cybersecurity coordinator, I think in his new role he will be making sure that different government entities, departments and leaderships are fully aware of the threats that cyber poses to our national security and Google should be a wake up call and this is one intrusion that is probably not going to stop here. Adversaries will continue to go after other sectors of our computer grids and try to find more vulnerability and more ways to actually get into our systems.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Wanted: 800,000 Security Pros

India currently has 22,000 information security professionals, but needs 800,000 by 2020. Can the...

Latest Tweets and Mentions

ARTICLE Wanted: 800,000 Security Pros

India currently has 22,000 information security professionals, but needs 800,000 by 2020. Can the...

The ISMG Network