German cloud-based software giant SAP is hiring a chief information security officer for National Security Services, its independent subsidiary headquartered in Rockville. The position would be based in Herndon.
This is the first CISO National Security Services has hired, according to chief executive Mark Testoni. He or she would be responsible for implementing an information security governance program, policies, standards and budgets, among other tasks.
Testoni talked with Capital Business about the position.
What new security challenges will the CISO face?
The position is really to codify expertise around the security challenges we face today that are different than they were even five years ago. The CISO would make sure we are in compliance, and that we’re designing our capabilities and customer solutions in a way that meets federal and other standards.
There is state-sponsored cyber-activity going on, criminal cyber activity. The threats are evolving, and the challenge for the government and companies like ours is to leverage what we know ... to protect ourselves. Cybersecurity, which is probably the focus of the job, is thought of as an external threat ... but it is potentially an inside threat.
How much time will this person spend managing a team?
Initially it will be more on the policy side, and then we will evolve to the management, not only of the direct staff but of indirect staff — for example our internal IT function, our cloud operations. Eventually, the CISO would work with our government customers as a thought leader to provide insight, so we evolve policy on a federal and national level.
Is the company entering any new markets?
When we set up this company, we didn’t really realize at the time that today we’d be serving the financial services industry, doing product support. ... I often remind my team that even a year ago, we wouldn’t have thought we were doing certain things today. Eighteen months ago, no one had a secure cloud [network node] on the horizon, and we’re basically going to go live with an operational piece of it later this month.
Describe the company culture.
We are committed to the business of national security. National security isn’t any longer the traditional, “Oh, it’s just DOD or the government.” We also look at things like the power grid and telecommunications infrastructure.
Beyond the work, we established a nonprofit or charitable organization around training veterans ... We bring in a class for 12 weeks, and we train them in very deep technical skills.