Ridge, Schmidt Don't Agree on Everything
Ex-DHS Secretary, Cybersecurity Coordinator Create PartnershipSeeing eye to eye on every facet of a venture isn't required to be business partners; agreeing on long-term goals of the collaboration is a must. Just ask Tom Ridge and Howard Schmidt.
See Also: How to Unlock the Power of Zero Trust Network Access Through a Life Cycle Approach
Ridge, the first Homeland Security secretary, and Schmidt, the onetime White House cybersecurity coordinator, announced this week that they've formed a consultancy to be called Ridge Schmidt Cyber LLC. In a statement announcing the venture, the two former high-ranking government officials say their partnership will provide strategic and advisory services to help business and government leaders "navigate the increasing demands of cybersecurity."
Where Ridge and Schmidt differ, at least based on their public comments and actions, is on the role the federal government should perform in defining which cybersecurity best practices industry should follow.
Ridge, testifying on behalf of the U.S. Chamber of Commerce, came out strongly against any form of IT security government regulation over the private sector - even the creation of security best practices that industry could leave or take [see Partisan Showdown over Cybersecurity Bill]. Ridge told Congress last year that the so-called "light-touch" approach to developing standards could easily morph into onerous regulations. "A light touch can turn into a stronghold," he said. "It's a slippery slope that I'm most concerned about."
Schmidt, as special assistant to the President Obama for cybersecurity, helped formulate a "light-touch" approach in proposed legislation in which government, working with business, would develop IT security best practices that the mostly private owners of the nation's critical infrastructure could voluntarily accept or reject. [see Obama Cybersecurity Packaged Praised, Criticized]
But such differences don't matter. Creating policy and law are not the same as providing advice. What they offer is a wealth of experience of knowing how government works and approaches that need to be taken to build cyberdefenses.
Their experiences complement one another. Besides being Homeland Security secretary, Ridge was a former Pennsylvania governor and congressman. Schmidt is a hands-on IT security specialist who also served in the Bush White House as a key cybersecurity adviser and as the onetime chief information security officer at Microsoft and eBay.
Both men previewed their new partnership, unbeknownst to the audience, at last week's RSA Conference in San Francisco, comfortably bantering back and forth during their hour-long presentation entitled 10 Years Later: The National Mission to Secure Cyberspace. They reminisced about their days in the Bush administration, creating cybersecurity policy.
The new consultancy, for now, won't be a fulltime gig for either partner. Ridge runs another consultancy, Ridge Global, that offers strategic and risk management consulting services in a wide-range of fields. Schmidt recently took the job as executive director of the Software Assurance Forum for Excellence in Code, known as SAFECode.
They're joining a growing field of ex-government officials who have opened up consultancies with a focus on cybersecurity. One such consultancy is the Chertoff Group, headed by Ridge's successor as DHS secretary, Michael Chertoff.
With C-suite executives becoming more interested in information security and risk management, and the interaction between government and business in protecting key IT systems set to intensify, there should be plenty of work for all.