Mike Brown elevated over the summer to a new role of vice president and general manager of the global public sector at RSA, the security division of EMC Corp., after serving as VP and GM of RSA’s U.S. federal operations.
The retired Navy rear admiral joined RSA after a nearly three-decade career in the military that concluded with service as cybersecurity coordination director at the Department of Homeland Security, where he worked to build up interdepartmental collaboration in cybersecurity.
In this conversation with ExecutiveBiz, Brown discusses his new position title and what that change means for RSA’s strategy in the U.S. market, trends in cybersecurity and how GovCon firms and agencies can work closer together to protect critical infrastructure.
ExecutiveBiz: Tell us about your new role and responsibilities at RSA.
Mike Brown: The new role is as vice president and general manager of RSA’s global public sector, and it’s basically recognition that a lot of the things that we as a company were doing in the federal business and with the critical infrastructure here inside the United States were applicable around the world.
A lot of the dialogue with global companies, as well as the governments from various countries around the world, was about overall strategy, technology and capabilities. We recognized that was something we needed to put a little bit more focus on, and therefore just about a month ago, we set up the global public sector.
Priorities are pretty much focused on making sure that the various elements that make up that public sector – whether it’s here inside the U.S. with the federal, state, local governments, or with the critical infrastructure, or those overseas in the global companies – understand what our capabilities are as a company, how that applies to the best practices and strategy, some of the major things that the U.S. government have put in place, and how those capabilities, and our products, can in fact meet those requirements.
ExecutiveBiz: What role does RSA play in EMC’s strategy in the federal market?
Mike Brown: A very big role. We have a combination of both the EMC and its various products and capabilities that we provide to the government, as well as what we do here from a RSA perspective.
If you look at the overall EMC strategy and vision for being able to operate in today’s world, it’s built around big data, built around cloud, and built around trust. RSA is very much a critical, key component of that trust vector that we look at for the federal government, and obviously that is part of the overall EMC approach to the federal market.
Mike Brown: I think there are a couple of big things. A lot of work has been done, both in the federal marketplace as well as commercial marketplace, on looking at and defending from the perimeter, but there’s recognition that that is not enough.
It has been recognized over the past year, year-and-a-half, that the more sophisticated threats have a larger attack surface for which they can target their efforts, and therefore we need to be smarter as cybersecurity professionals, and as a community in the products and services that we deliver.
A couple of things directly tie to that. One is the fact that we really need an intelligence based capability to recognize where the threat vectors are going, and how they are executing their tactics, techniques, and procedures so that we can be more predictive in our ability to counter them.
The second piece is to recognize that you’re not going to be able to keep out most of the sophisticated threats 100 percent of the time, so cybersecurity professionals and the business community at large need to identify the high priorities and specific risks that are associated with your particular business and focus the cybersecurity efforts and analysis to ensure that adversaries are not capable of affecting your business operations.
Therefore you must work to be ahead of the adversary as they attempt financial fraud or theft of intellectual property, or whatever it is, to remain to the left of them in the success curve, and are, in fact, defeating their efforts.
Mike Brown: I think it’s something that I learned very early on that in order for us to be successful, and this is the big us, that both the private sector and the government really need to be working together in a real operational information sharing partnership to be able to be successful against those adversaries. That includes inside the government, the services, and in my particular case, the Navy.
We rely on each other to begin with. From an RSA perspective, we have been very much pushing the need for various things inside the federal government that will make both of us, the public and the private sector, better.
Information that is shared needs to be operationally relevant and actionable by both parties. There needs to be a better understanding where the federal government – or more specifically, the services in the United States Navy – where they are going, what their hard problems are, what are their challenges and what capabilities they’re looking for.
RSA, from both a product and services perspective, can look at how we can meet those requirements, but I think that the only way we’re going to be successful in the rapid change of technology and the rapid change in the adversary is by working very closely together in the public and private sectors.
ExecutiveBiz: What are some ways that those partnerships can be enhanced to protect our critical infrastructure?
Mike Brown: There are a couple of things that we really need to have happen. Legislation is one of the things. There’s been a lot of work done, the president released his executive order back in February, and for the last six months or so, a lot of the work has been done on the cybersecurity framework led by NIST.
But, a lot of the work that’s being done is being led by the private sector for the critical infrastructure, looking at what the critical infrastructure needs are.
That is a prime example of how the work that can be done between the public and private sector can raise the level of security for critical infrastructure.
It allows the private sector to really articulate what the situation is with respect to current capabilities, and then in the future, should gaps be identified during this process, it gives the private sector, the business community, and perhaps others the ability to prioritize resources to be able to meet some of those gaps.
The legislation to allow for greater information sharing and the work that’s been done as a result of the executive order are just two things that highlight how important public private partnership and cooperation is when looking at how to secure the critical infrastructure.
Hear more from Brown by watching this RSA video from a 2012 conference.