Tiffany Jones joined Symantec Corporation eight and half years ago to stand up its office in Washington, D.C., and the government relations public policy and government relations team, which she ran for about seven years. More recently, she become director of Public Sector Strategy and Programs teams. In her role, she manages Symantec’s relationships with the major systems integrators and the company’s program’s business, capture and proposal management function and business development teams. Prior to Symantec, Jones was a Coast Guard officer, with her most recent assignment belonging with Coast Guard Congressional Affairs. Other assignments include Ops officer on a ship out of Newport, R.I.; executive officer of a patrol boat out of Gloucester, Mass.; and deputy chief of staff for Richard Clarke in the White House. As deputy chief of staff, Jones was part of standing up the President’s Critical Infrastructure Protection Board and Cybersecurity Office, as well as releasing the President’s National Strategy to Secure Cyberspace.
TheNewNewInternet: How do you think your background in the Coast Guard helped you in your current position?
Tiffany Jones: I think in a number of ways. First and foremost, my experience has provided me the ability to lead and manage large groups of people, especially in high-pressure situations. It allows you put things into perspective and create a solid management experience to work from. Second, my background provides me the ability to multi-task and manage large projects and programs, which is critical in my job today. Third, [having had] the opportunity to work in the federal government and more specifically for a military service has really helped me better understand and be close to our public-sector customers’ needs and requirements.
TNNI: What are some unique core competencies Symantec brings to the table when it comes to cybersecurity?
Jones: The overarching theme with Symantec is that we want our customers to have confidence in a connected world. Every facet of life today revolves around being connected in some way, and whether it’s work, life or personal life, you cannot secure that which you don’t manage well. That is everything from our own personal identities to the important and sensitive information that we might have residing on our laptops to the information traversing the Internet on a daily basis that’s work related, whether it’s sensitive intellectual property from other companies or classified information in the government world. It’s all about making sure we have resiliency built into our operations and missions in an effective way. You can’t secure those things and have a resilient mission without managing it appropriately.
TNNI: What do you perceive as the biggest cyber threat right now?
Jones: I think one of the biggest cyber threats our public sector customers are extremely focused on today is what we call the APT (Advanced Persistence Threat). Those are the threats that we consider low and slow; threats that don’t make a lot of noise are often difficult to identify and track, very difficult to attribute where they are coming from. [Those threats] may reside within your network or sit silently for a long period of time in order to track what’s going on within an environment and later be used for very malicious purposes, whether it is to steal important information, launch an attack, et cetera.
TNNI: How do you think the cyber-threat landscape will evolve in the future?
Jones: We are seeing some evolvement now. First, as indicated by President Obama, cybersecurity is now a tier-one priority for the administration due to the increase in awareness of the threats out there today. As a result, [there is] broader awareness across critical infrastructure and many companies. Secondly, the government itself is trying to restructure around the importance of cybersecurity, whether that’s through legislation–we have some 45-50 bills now on Capitol Hill focused on one or more aspects of cybersecurity– functionally, or organizationally. For example, we have seen the standup of Cyber Command and a number of other important offices in order to organize our resources and our assets appropriately to address the mission and the threat landscape. Lastly, the Advanced Persistent Threat will continue to force us in government and industry to think differently about how we secure and manage important information within our environments. It is no longer enough simply to secure an infrastructure or system. We must also secure the information and interactions we have in cyberspace.
TNNI: When it comes to your customers, how can they establish a good balance of securing the Internet and safeguarding privacy?
Jones: At the end of the day, it is all about risk management. We have created many capabilities as a society or industry that have increased efficiencies in the environment, whether it’s getting access to more information, utilization of social networking, P to P sites, etc. Those improved efficiencies and access to more information also comes with some increased risk. It’s really important that organizations look at their risk posture and weigh those things appropriately, balancing the mission and what they deem to be highly critical information within those environments and making sure that that information is protected. No longer is it sufficient just to protect the infrastructure of our environments. We must continually move more towards protecting the information that resides within our environments and secure the transactions that occur. This will result in increased privacy of that information, whether it is PII or other sensitive information. Not all information is created equal. My laptop, for example, may be considered less critical than other information that I may have that pertains more to a particular project that I may deem as more necessary or sensitive information that I have about our company, etc. It’s making sure we know where that information is, how we are managing that information, and how we are protecting it from getting into the wrong hands.
TNNI: October is National Cybersecurity Awareness Month. What’s your best advice for consumers who are conducting their business online?
Jones: The exciting piece for me about National Cybersecurity Awareness Month is that I actually helped stand [it] up when I was back at the White House. And for the last several years, Symantec has been one of the founding sponsors of awareness activities with the National Cyber Security Alliance. This October is going to be a really great awareness campaign. We are working closely with the White House and the Department of Homeland Security to establish a PSA campaign this year for consumers. I can’t tell you exactly what the campaign slogan and the best practices are, but it’s going to be a really great step forward to take consumer awareness to the next level. Go to www.StaySafeOnline.org to look at the best practices for home users, children, higher education, and small businesses. There are very simple kinds of best practices, like making sure you are running security software on your computer at home, such as anti-virus, firewall and anti-spyware technologies. Most of those technologies can now be bundled into one piece of software, so it’s a really easy thing for consumers to do, just plug and play. We have to make it easier for the average home user to follow simple practices. They should not have to be an expert on cybersecurity, or the latest phishing threat. We must enable them to understand generally the things they can and should do to protect their part of cyberspace.