I know I'm late to this party, but we have a new (but not really) Cyber-Something (not czar/tsar or anyone with authority to inflict papercuts much less beheadings), Howard Schmidt- and I have a few opinions to inflict, and an "open letter" of sorts to offer.
There were nice people who offered nice Open Letters to Mr. Schmidt in the face of ugly cynicism about the appointment, including these from Adam Shostack and Chris Hoff. Adam had some very good suggestions, and Hoff made a genuine and altruistic offer.
I just happen to think Howard Schmidt is not the right guy; he could be, he has the credentials and experience, I just don't think he's going to move us forward. He talks about InfoSec leadership from our paralyzed and dysfunctional federal government as being needed to solve the problems of private industry. The phrase
"We're from the government, and we're here to help you"
has brought out the literal and figurative shotguns from concerned citizens throughout history, and in hindsight, that was often an under-reaction.
He talks about the relationships he's built and his experience. He does not talk about the powerlessness of the position (although he did improve this dramatically before accepting the job). Largely missing is talk about transparency, and completely missing are direct challenges to those in the way of progress. Schmidt has the connections to make some things happen- but more importantly he has connections he can burn if they get in his way. That's what it will take to get power into this feeble position, a willingness to pick fights, even with old friends, and publicly call out the worst obstructionists. Schmidt is in a unique position, he does not need this, he can go live happily on his mountain, maybe sit on some boards for entertainment- so a few burned bridges aren't career limiting for him.
With these things in mind, here's my "open letter" to Howard Schmidt, I really hope he has better things to do than read this nonsense, but...
Dear Mr. Schmidt,
I'm not sure you are really the best person for the job. It is not that you aren't qualified, but I think you are unlikely to burn bridges that you have spent a lifetime building- unfortunately, calling out people who obstruct security is one of the few powers you have.
I hope I am wrong.
As a matter of fact, I so sincerely hope I'm wrong that if you ever get desperate enough to ask me for help, I will do whatever I can to help you prove me wrong (I prove myself wrong regularly, I'm pretty good at that). I'm not sure what skills I have to offer, but I'll try whatever you need. I do have a talent for offending people which may be handy.
Your Humble Curmudgeon
There, that's it.
Jack
