Greg Touhill: How an Air Force Lieutenant Became One of Cybersecuritys Top Guns

  /     /     /  
Publicated : 22/11/2024   Category : security


Greg Touhill: How an Air Force Lieutenant Became One of Cybersecuritys Top Guns


Security Pro File: After leading cyber efforts in the military, DHS, and the federal government, the former Federal CISO now sets his sights on new security technology



It was a typical day at McChord Air Force Base in the early 1980s. A box had arrived at the command post. Lieutenant Gregory Touhill, a recent ROTC graduate on his first assignment, opened the box and looked inside. It was a desktop computer – still a new concept in most bases and businesses, not long after IBM introduced the first PC in 1981.
A skeptical colonel peered inside the box. What the hells that? he growled.
Its a computer, sir, Touhill replied.
Well, you take it, the colonel said. Youre in charge of it.
More than 30 years later, retired Brigadier General Greg Touhill is still following those orders. In fact, hes taken charge of some of the largest and most complex computer communications and cybersecurity programs in the world. As an Air Force officer, he became one of the services top communications and logistics leaders, earning three awards of the Legion of Merit and the Bronze Star. As a brigadier general, he was the CIO and Director of Command, Control, Communications, and Cyber Systems at U.S. Transportation Command – a $15.4B enterprise that won the NSAs Rowlett Award for the best cybersecurity program in the US government.
But he didnt stop there. In 2014, after his 30 years in the Air Force were complete, Touhill took his cyber skills to the civilian side of the US government. He was appointed to be the Department of Homeland Securitys Deputy Assistant Secretary for the Office of Cybersecurity and Communications. He also served as the Director of the National Cybersecurity and Communications Integration Center (NCCIC).
In 2016, Touhill once again took charge of a major cyber operation, becoming the first Federal CISO ever appointed by the US government. US CIO Tony Scott and then-Cybersecurity Coordinator J. Michael Daniel cited Touhills considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices.
In fact, he was uniquely qualified for the job, having worked with not only with all branches of the service and most federal agencies, but with thousands of private contractors during his career.
Earlier this year, with a new administration coming into office, Touhill stepped down from his post as Federal CISO – a position that remains unfilled – and is now president of Cyxtera Technologies Cyxtera Federal Group, where he is still leading efforts to break new ground in cybersecurity.
I feel like my mission hasnt changed across all of these roles, says Touhill, who will be the keynote speaker at Dark Readings INsecurity Conference later this month at National Harbor. Ive been in different positions, but Im still protecting data for America. Thats still what gets me going every morning.
Having held critical cyber roles in the US military, DHS, and in the federal government, Touhill has more than his share of CISO war stories – and, in his case, many of them are actual war stories. The U.S. Transportation Command had to protect information about the movement of supplies and equipment – key data that might tell the enemy where US troops were going. The organizations and systems he secured at DHS and the federal government were similarly attractive targets, where a bad mistake might cost not only sensitive data, but human life.
I have seen a lot of things happen, but one positive thing Ive learned is that as defenders, were not as bad as we sometimes think we are, says Touhill, who has an optimistic, open demeanor that suggests more teacher or coach than brigadier general. As professionals, we tend to focus on where we fail, and thats as it should be. But we also have to remember that the risk level is high, and its really not so much about protecting everything – its about managing risk. Touhill laid out his risk management strategy in Cybersecurity for Executives, a book he published in 2014.
The risk equation is one that is familiar to most military officers -- and perhaps separates military cybersecurity from enterprise cybersecurity, where some CXOs still cling to castle walls and network perimeters. Frederick the Great said that he who attempts to defend everything defends nothing, Touhill recalls from his Air War College training. A lot of companies dont know what assets they have, and so they are trying to defend everything. It just doesn’t scale.
At DHS, Touhill had a front-row seat to some of the most serious online threats posed to US interests – both in government and in private industry. He became a driver behind cyber simulations and exercises that help defenders practice for the very bad day thats going to happen, as he calls it. He helped to build and support federal cyber exercises such as Cyber Storm and GridEx, which allowed federal, critical infrastructure, and defense agencies to perform real tests of their cyber response systems, and identify weak spots that needed work.
Many companies have trouble with incident response because they fail to practice, Touhill says. Not only do they not rehearse the process, but they dont know all the participants. And I can tell you, the time to exchange business cards is not in the middle of a crisis. You need to know the people involved and the roles that they are going to play - before the bad day happens.
As the first Federal CISO, Touhill had a chance to begin building coordinated security initiatives across agencies, but he feels much more needs to be done.
I believe it is critical that the new administration take action to appoint a new CISO to capitalize on our cybersecurity initiatives, Touhill says. I believe cybersecurity is a non-partisan issue and we cant wait any longer for a Federal CISO. We need a highly qualified technical leader as the Federal CISO as soon as possible, because marking time in todays hotly contested environment is actually falling behind. I am hoping that Congress helps by making it a specified position in the next Federal Information Security Management Act (FISMA) as well.
Touhills time working with federal agencies also pointed up another key issue he sees in private industry: too much reliance on older technology. Touhills Law says one human year equals 25 computer years, he says. If you want an effective defense, you don’t rely on outdated technology. You dont fly a Wright Flyer against a MIG and expect to win.
That need for advanced, better technology was the primary reason why Touhill chose to take his new position at Cyxtera, an emerging technology vendor that is working on a wide array of next-generation security technologies, ranging from authentication to microsegmentation, deep analytics, and total fraud protection.
I had a bunch of opportunities when my position as Federal CISO was not renewed, but I left them at the altar when I saw what Cyxtera was doing, he says. The idea of a zero-trust model that can work anywhere, even in the cloud, is where we need to go. I feel like Im in the right place for what comes next.
 
 
PERSONALITY BYTES
Things Touhill has carried over from military life:
I walk fast. I eat fast. I dont sleep much. Im up by 0500 and I still work out for an hour every morning before work.
What his co-workers dont know about him:
I love Key lime pie. If you want to get me to do something, you can ply me with pie.
Electronic must-haves:
A phone loaded with my family photos, music, and the Major League Baseball app.
Favorite hangout:
Right next to my wife.
Comfort food:
My wifes chicken pot pie. There is nothing better.
In his music playlist right now:
I’m reliving my high school years. Queens Dont Stop Me Now is playing; ELOs Turn to Stone, and Journeys Dont Stop Believing were right before it.
Ride:
A BMW. My wife has always wanted one. She asked for one when I was a first lieutenant, but I couldnt afford it, so I got her a dog. Twenty-five years later, we got the BMW.
After hours:
I love baseball and writing. I have another book in the works.
Favorite team:
 The team that wears red, white, and blue: the Boston Red Sox.
Signature style:
I wear red socks every chance I get.
Actor who would play Touhill in film:
Thats easy – Tom Hanks. People tell me I look like him.
Next career after security:
Commissioner of Major League Baseball.
 
Meet Greg Touhill Nov. 29 at his keynote address for Dark Readings INsecurity Conference. See the full 
agenda here
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Greg Touhill: How an Air Force Lieutenant Became One of Cybersecuritys Top Guns