 |
|
|
|
Government Leader home > news stories
02/21/07
Treasury security specialist’s training program a big hit
By Nora Macaluso
Special to Government Leader
Edward Roback’s security-training program at the Treasury Department was so good he took the show on the road.
Last December, Treasury held its first governmentwide training session, with more than 125 people registered for the course. “I think a lot of agencies appreciated it,” said Roback, the department’s associate chief information officer for cybersecurity and chief information security officer.
In recognition of his contribution to security awareness in the federal government, Roback won an International Information Systems Security Certification Commission’s 2006 award for developing the training program, which featured lecture series and online courses.
“We’ve been doing a number of things here at Treasury to try to improve the degree of cybersecurity awareness and cybersecurity training to meet federal requirements,” Roback said. “We’d been doing pretty well on general awareness training,” but found training in more specialized areas lagging, he said.
To improve security awareness at Treasury, Roback and his team worked in partnership with the Industry Advisory Council to set up a series of training lectures and panel discussions on key topics. “We also worked very hard in terms of bureau CIOs, and others were well aware of this requirement to have training conducted, and encouraged them to meet this requirement,” including tracking results monthly to ensure compliance, he said.
The program proved popular with employees, Roback said. Perhaps the best measure of its success was that Treasury reported a 98 percent completion rate for its training requirement when it submitted its yearly performance statistics to the Office of Management and Budget. That, he said, “was a really nice improvement from where we had been.”
Now, he said, Treasury is leveraging what it learned, partnering with the Department of Health and Human Services and the General Services Administration to offer courses to employees across the federal government.
The training sessions generally feature panel discussions, with speakers ranging from academics to government and private-sector technical experts. The aim, according to Roback, is to help staffers understand why security is important, give them a general idea of how their systems work and provide them with information about where to go for further resources. Information, he said, is “out there, but you have to make people aware of the importance of it and what’s available.”
One hot topic covered by the sessions is configuration management, which guards against holes in security settings. “There are literally hundreds of settings that can impact security,” he said. Yet “this isn’t something you just sort of get divine inspiration and know. You have to be trained in what these settings mean, and how they can help or hurt security.”
Roback praised Ira Hobbs, who retired last month as Treasury CIO, for coming up with the idea of bringing in speakers from outside the federal government. Hobbs had worked with industry groups that had the ability to provide private-sector security experts — not advertisers or salespeople looking to sell a product.
“I give an awful lot of credit to Ira,” said Roback. “He set the ball in motion and put me in touch with the right industry folks.” Hobbs’ discussions with other government CIOs also led to the idea of expanding the training beyond Treasury, he said.
“You have to take it to heart that security really is everyone’s responsibility,” Roback said. “Once people understand that they personally have responsibility for security, they’re receptive to going out and getting training, because it’s part of their job.” For people in government, it’s especially important to realize that because “we have important information that has to be protected.”
|
|
|
![Government Leader[happiness]](/images/govleader_smlogo.gif "Government Leader [happiness]"){kind=small}
