Everyone a Cyber Security Expert?

There seems to be some sort of confusion about who exactly should be considered an expert on cyber security.

Take for example a post by the ITAC (Identity Theft Assistance Center) that boasts:

Michael Brown was a “former Director of FEMA. Mr. Brown is an expert on cyber security and provides excellent insights into what our nation can do to better protect itself in this new era of cyber warfare.”

Remember how he was disgracefully removed from his position as FEMA Director after Hurricane Katrina?

CNN posted a more critical view of him; the sort of information that makes me wonder why the ITAC portrays him so favorably and whether we should really expect any “excellent insights”.

The e-mails Melancon posted, a sampling of more than 1,000 provided to the House committee now assessing responses to Katrina by all levels of government, also show Brown making flippant remarks about his responsibilities.

“Can I quit now? Can I come home?” Brown wrote to Cindy Taylor, FEMA’s deputy director of public affairs, the morning of the hurricane.

A few days later, Brown wrote to an acquaintance, “I’m trapped now, please rescue me.”

Sounds like Mr. Brown was trying to pull a Palin, and “former Director of FEMA” is an understatement.

The truth seems to be that this man doctored his resume and worked friends and connections to get into positions of authority. This unfortunately put people’s lives at unnecessary risk as Time has detailed.

Brown’s lack of experience in emergency management isn’t the only apparent bit of padding on his resume, which raises questions about how rigorously the White House vetted him before putting him in charge of FEMA. Under the “honors and awards” section of his profile at FindLaw.com — which is information on the legal website provided by lawyers or their offices—he lists “Outstanding Political Science Professor, Central State University”. However, Brown “wasn’t a professor here, he was only a student here,” says Charles Johnson, News Bureau Director in the University Relations office at the University of Central Oklahoma (formerly named Central State University).

[…]

According to FEMA’s Andrews, Brown said “he’s never claimed to be the director of the home. He was on the board of directors, or governors of the nursing home.” However, a veteran employee at the center since 1981 says Brown “was never director here, was never on the board of directors, was never executive director. He was never here in any capacity. I never heard his name mentioned here.”

The FindLaw profile for Brown was amended on Thursday to remove a reference to his tenure at the International Arabian Horse Association, which has become a contested point.

Brown’s FindLaw profile lists a wide range of areas of legal practice, from estate planning to family law to sports. However, one former colleague does not remember Brown’s work as sterling. Stephen Jones, a prominent Oklahoma lawyer who was lead defense attorney on the Timothy McVeigh case, was Brown’s boss for two-and-a-half years in the early ’80s. “He did mainly transactional work, not litigation,” says Jones. “There was a feeling that he was not serious and somewhat shallow.”

Why would anyone think today that he suddenly has become an expert with regard to technology, let alone anything to do with cyber security?

I read a few of his blog entries and once I got past his Palinesque trash talk about Obama, I found a few examples of his supposedly “excellent insights”. Here is his analysis of a recent disc reported missing:

We live in an electronic world of ones and zeroes. That data represents national security interests, personal interests, our lives and our safety. There has to be a better way to secure and protect this from human error. Why, for instance, isn’t the data archived on site at the White House Data Center (a secret location not yet revealed by Joe Biden insofar as I know – it is a cool place, though.) Why couldn’t that disc been archived or “processed” (whatever the National Archives was doing to it) at the White House data center and then transferred electronically to the archives. Seems a little archaic to actually deliver a hard drive from either the White House or the data center to the archives.

But then I’m a Mac person. What do I know?

Nothing, apparently. Ones and zeros? Sorry, but we do not live in a binary world although we make use of binary. Decisions are often vague and have shades.

He asks why a disc couldn’t be archived at a data center and then transferred electronically. What? A disc with data, almost certainly a duplicate of what is already in the archives, disappears. So he asks if it could instead be sent over a network to protect against human error. Bzzzt. Fail.

And what kind of conclusion is his personal choice of an operating system? A Mac has nothing to do with this topic.

I say without hesitation this is *not* an expert on cyber security.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.