The Influencers: Gregory Wilshusen

Director, Information Security Issues, Government Accountability Office
The Influencers: Gregory Wilshusen
The Influencers is a continuing series of profiles of the people who shape federal government information security and privacy policy.

Gregory Wilshusen
Director, Information Security Issues, Government Accountability Office

Why He's an Influencer
Wilshusen's investigations, audits and reports for the GAO, the investigative arm of Congress, and his numerous testimonies before Congressional panels help shape legislation and government policy on securing federal data and systems.

His Experience

Wilshusen has nearly three decades of auditing, financial management and information systems experience. Before joining the GAO in 1997, Wilshusen held a number of public and private-sector positions, including senior systems analyst at the Department of Education. He also served as the controller for the North Carolina Department of Environment, Health and Natural Resources, and held senior auditing positions at Irving Burton Associates, a professional and technical services firm, and with the U.S. Army Audit Agency. He's a certified public accountant, certified internal auditor and certified information systems auditor. Wilshusen earned a bachelor of science degree in business administration/accounting from the University of Missouri and a master of science degree in information management from George Washington University's School of Engineering and Applied Sciences.

In His Own Words

"One of the things I think has been proven over the years is the old adage: 'What gets measured gets done.'"

"Persistent weaknesses in information security policies and practices continue to threaten the confidentiality, integrity and availability of critical information and information systems used to support the operations, assets and personnel of most federal agencies. Recently reported incidents at federal agencies have placed sensitive data at risk, including the theft, loss or improper disclosure of personally identifiable information of Americans, thereby exposing them to loss of privacy and identity theft."

"An underlying cause for these (security) weaknesses is that agencies have not yet fully or effectively implemented key elements of their agency-wide information security programs. To improve information security, efforts have been initiated that are intended to strengthen the protection of federal information and information systems."

"Federal agencies have not adequately designed and effectively implemented policies for periodically testing and evaluating information security controls. Clarifying or strengthening FISMA (Federal Information Security Management Act) and its implementing guidance for determining the frequency, depth and breadth of security control tests and evaluations could help agencies better assess the effectiveness of the controls protecting the information and systems supporting their programs, operations and assets." Content Featuring Wilshusen

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.