After working for 12 years in the intelligence arena, primarily supporting the National Security Agency, JR Reagan decided to give the private sector a shot. With some additional security work under his belt and after having experienced a few start-ups during the dot-com era, he got back into cybersecurity. Today, Reagan is the cybersecurity leader for Deloitte’s Federal Government Services. In an interview with ExecutiveBiz, he talked about the challenges in his role, what cyber projects he is working on, and some of the major cyber threats he has seen recently.
ExecutiveBiz: What are some of the challenges you’ve met in your current role?
Reagan: The challenges in my current role involve big, hard multinational global issues around cybersecurity, which at this time are largely undefined. The world of cybersecurity, for example, doesn’t have any borders and the rules change constantly. Additionally, our response and what or how we need to deal with these changes is in a constant state of flux.
ExecutiveBiz: As you mentioned, cyber crime is borderless in nature, what measures should be implemented to work toward an international collaboration to fight it?
Reagan: One of the most important measures we need to take is an international agreement that says ‘here’s the conduct that we expect on a global stage around cybersecurity.’ We have that with things such as free trade. And we have international agreements in place on how we interact globally in the sea, airspace, and military arenas. We don’t have that in cyber. Getting our neighbors in the global community to agree on our interactions in this new space is very important.
ExecutiveBiz: Where do you find top talent?
Reagan: At Deloitte, we recruit talent from various sources. Certainly we find qualified candidates from former military and government personnel, which gives us a lot of the experienced talent that we look for. But we are also finding a significant amount of talent coming out of universities. These days, the Millennials are very well-versed in technology, and a lot of them are skilled in issues such as cybersecurity.
ExecutiveBiz: What makes a good cybersecurity expert?
Reagan: A good cybersecurity expert is someone who can think about the challenges first, and the issues around the technology second. Right now, one of the challenges in cybersecurity is attribution. Knowing who’s on the other end of this network and who is causing the problems is a challenging issue. An expert in the field of cybersecurity should be someone who can think about that problem from different dimensions; an organizational, sometimes a human dimension. It may involve borrowing from different disciplines like cyber forensics, but not just pulling out hard drives and adding up different events. There’s a lot of things that go on in problem solving versus just kind of looking at it from bits and bytes.
ExecutiveBiz: How do you think the new Cyber Command will affect the government-contracting field?
Reagan: I would anticipate that the Cyber Command will bring more opportunities to the government contracting market. When we look at standing up an entity that’s going to coordinate the cyber efforts of the Department of Defense, and how we interface with the intelligence community, DHS, public and private sectors, that’s kind of a new day. That’s not unlike wrestling with the organizational challenges after 9/11. Because of that, we see that no one entity has all the answers, no one person has all the solutions. It will be a collective partnership between government and industry that’s going to help address the issues around cybersecurity, and that’s where I think the contracting opportunities will come from.
The world of cybersecurity … doesn’t have any borders and the rules change constantly. Additionally, our response and what or how we need to deal with these changes is in a constant state of flux.
ExecutiveBiz: What are some of the cybersecurity projects you’re currently working on?
Reagan: At Deloitte, we manage the big government programs, for a number of different agencies. But we are also very much on the leading edge of innovation, which is required to address the cybersecurity issue. Things such as developing a cyber-awareness campaign, developing forensics and different types of forensics, capabilities for some of our clients, and risk-based programs for other clients. We also address the new field of threat intelligence. We’re really trying to look at the organization from the outside in; viewing an organization as the bad guys might see it and then being able to work backward from there to help protect the organization.
ExecutiveBiz: What are some major threats you’ve seen lately?
Reagan: Lately, we’re seeing threats from global players. The type of distributed threats where cyber intruders can unwittingly harness and marshal thousands, if not millions, of computers to attack an organization’s systems. There’s just a lot of unsuspecting victims out there that suddenly become part of somebody else’s scheme to attack DoD computers or other government agency systems. Some of the other threats are the insider threats, which we wrestle with a lot. How do you make change the culture at an organization that makes their employees feel they are part of the solution, and not again, an unwitting part of the problem. And lastly, I think is the threat that a lot of these infected computers pose to the network at large, and the inability of network providers to legally quarantine these threats from infecting more of the network. There isn’t a mechanism in place that says, ‘you’ve got an infected computer, you need to stay off until we can fix you.’ So it’s open gates, open arms, open doors, it just continues to spread the threat.
ExecutiveBiz: What do you do in your spare time?
Reagan: Reading is what I do when I’m trying to relax. It forces me to take my mind to another place to learn something else. I always keep three different types of books on my desk: something that’s historical, something related to business, and then something that’s kind of fun, like travel. Do I have a favorite book? It’s an oldie but a goodie: All Creatures Great and Small. I love that book, I love the series. It’s something that can instantly take me to another place. And sometimes, that’s what we need to take our mind off things.