Beth Cappello, the Department of Homeland Security (DHS) deputy chief information officer who is set to leave her post later this year, this week talked about the agency’s tech to-do list for 2024 and indicated that further work to mature agency security, and to boost its cybersecurity workforce, are prominent on the horizon.
During the Washington DC SASE Summit event hosted by Netskope on Jan. 24, Cappello said DHS is focusing on moving forward with zero trust security work across the highly federated agency, and in particular the identity pillar in the Zero Trust Maturity Model.
“We’ve already started with a lot of legwork on zero trust and its pillars,” she said. “I think for this year, we’re going to really be focused on the identity piece. I think that’s a critical area for us.”
She also pointed to progress on ongoing network modernization efforts at the agency, and said that work also includes improving the security posture.
Pointing to the highly federated nature of DHS, Cappello explained that agency components are in different phases of technology maturity.
“If you look at the Department of Homeland Security, we’re big and we are uneven in our maturity levels across the components. Some components have got way out ahead on cloud adoption,” she said.
“Whereas we have other components that maybe didn’t have the funding or didn’t have the expertise of their legacy environments for such a runway. They need a lot more runway” to make more progress on maturity, Capello said.
On the workforce front, Cappello said, “I think everyone in here is competing for the same technical resources, the same cybersecurity professionals. We’ve put some things in place at DHS that I think are helping,” including the agency’s Cyber Talent Management System (CTMS).
“CTMS allows us much greater flexibility in attracting training and retaining cybersecurity professionals,” she said. “It’s been a great asset. We’ve got about 150 people in it right now.”
“We also have our cybersecurity internship and cybersecurity apprenticeship program,” she continued. “So we’re looking at our priorities around security, and it’s got to start with the workforce … with the people and then the risk management and then everything else that falls underneath that.”
