John Lamboy has been an information security specialist for more than 20 years. Working as the information assurance officer at TRICARE, his duties involved protecting military health systems and providing security solutions. It was at TRICARE Lamboy discovered there was an opening at Vangent for a position as the chief information security officer. “I applied, interviewed and was accepted,” Lamboy said, explaining how he ended up in his current position.
TheNewNewInternet: What do your current duties entail?
John Lamboy: My current duties include overall security and information assurance. I also oversee confidentiality and integrity issues for our federal and state and local customers.
TNNI: What draws you to the security field?
Lamboy: The security field is ever-changing. It“™s very dynamic. Every day, you have a new virus, or new threat, or something is always changing in the environment. I“™ve always been drawn to that, and being able to help customers achieve operational security.
TNNI: Can you tell me a little bit about Vangent“™s core capabilities when it comes to cybersecurity?
Lamboy: We operate under the defense in-depth model, so in our approach, we apply layered security to all of our customers. We“™ve adopted the Federal Information Security Management Act security control standards to our overall architecture. That includes as many as 350 controls and established a security operations center, which monitors all security events on a 24/7/365 basis. We provide what is now called cloud computing, but it“™s something that we“™ve been doing all along“”virtualized computing, storage, and networks to segment environments for our customers, so that they can operate in secure enclaves. We proactively monitor the network, looking at security events. We are in the process of deploying data-loss protection, which looks for PHI and PII on the network.
TNNI: What do you see as the most pressing cyber threat today?
Lamboy: The most pressing cyber threat today is always loss of data–corporate data, or personally identifiable data, or health data.
TNNI: How do you see the threat landscape evolving?
Lamboy: It always evolves. People always try to find a backdoor into something. The hackers understand that there is always a layered approach to defenses, so they are always trying to penetrate by layers. They know they can“™t just get in with one bullet, but they try to attack by layers. We mitigate that threat by conducting security scans, vulnerability management, and continuous monitoring of our systems. We also perform a regular scan of our network from the outside as if we were a hacker and try to see what they see and then take appropriate actions to mitigate the risk.
TNNI: In your role, what is the most challenging task?
Lamboy: The most challenging task is to ensure that we not only operate securely, but that security doesn“™t hinder operational requirements. You can never mitigate everything 100 percent. When you work on a network, you bring risk down to an acceptable level. You set that little portion of the risk as part of your operational requirements. That“™s the difficult task ““ balancing security requirements with operational requirements.
TNNI: October is National Cyber Security Awareness Month. What“™s your best advice to web users?
Lamboy: Be aware of what you see on the Internet. Often people will visit a web page, and they don“™t realize that that web page has actually been spoofed by some hacker, or some other organization looking to get their personal data. We educate our employees about phishing and web scams, so that when they browse and look at these sites, they understand the risk. That“™s the best advice: Be aware of web security.
TNNI: If you weren“™t doing security, what would you be doing? Do you have a dream job?
Lamboy: I“™d be an astrophysicist.
TNNI: Have you taken any courses in the past, or is that just something you would like to do?
Lamboy: It“™s always been an interest of mine. I have a hobby, too, and I am a DJ on the side. I“™ve been doing that since I was a teenager. I did it for free for so long that I finally decided to make it into a business and have fun with it.