A shift from the public to private sector isn't as dramatic as it seems, especially in regard to cybersecurity methods and strategies, said Alissa Johnson, Xerox Corp. CISO and former deputy CIO of President Barack Obama's White House. At the recent Gartner Symposium in Orlando, Fla., Johnson spoke with SearchCIO about how her current position at Xerox compares to her time in the White House and her experiences when transitioning from a CIO to a CISO role.
Johnson emphasized that the speed of technological change is fast whether in the public or private sector and that although the nature of the data she is protecting is certainly different, the cybersecurity methods she uses to protect that data are generally the same.
Editor's note: The following interview has been edited for clarity and length.
What does working in the private sector feel like after a stint in the White House?
Alissa Johnson: I'll just be honest with you -- I left the White House thinking everything else was going to be a vacation and that actually ended up not being the case. [The private sector] is very, very different, but a lot of the same as well. Everything is still so fast-paced because we're still in technology. This is technology regardless of whether it's private sector or public sector. The influence is there whether it's private sector or public sector. The speed of change is there no matter whether it's private sector or public sector.
Alissa JohnsonCISO, Xerox
But from a cybersecurity perspective, what I've learned is that the same hacker methods and tools that they were using when I was in the White House are the same ones that they're using against Xerox. They are not going after the same data, however. Xerox is not holding any nuclear secrets or special sauce, other than our proprietary information. But [hackers] are trying to get that information and they're using the same tools and methods to do that, so I think there's some synergy in public-private partnerships. It's like when we think about the differences between the financial sector and the auto industry; there's some synergy there because the basic [cybersecurity] methods, understanding and the tools that [hackers] are using are the same, but the data that they're trying to get is different. That's the difference and the feeling that I've been getting so far in differences from the White House to here.
How did you transition from deputy CIO to CISO?
Johnson: My transition was actually pretty smooth. I am a certified cryptologic engineer through the [National Security Agency] and I have been in that security space off and on. I've had one foot out and one foot in in the technology and security space. I think you can't know one without the other. A great technologist is going to take cybersecurity into consideration. A great cybersecurity expert is going to remember to take technology and innovation into consideration. It was a smooth transition for me because I've been able to play a little bit in both of those roles, but [those] are two areas that have a lot of synergy.