Matt Coose spent the last seven years of his government career watching the evolution of the Homeland Security Department’s cybersecurity capabilities.
Coose, who became the sixth senior official to leave DHS’ National Programs and Protections Directorate (NPPD) in the last 18 months, said during the past few years the agency made the biggest jump in both people and skills. Coose was the director of NPPD’s Federal Network Service (FNS) for the past four years, worked at DHS for the past seven years and served as an officer in the Army before leaving government service July 14.
“I’ve seen an evolution,” Coose said in an interview with Federal News Radio. “Cyber only in the last few years has been funded more robustly and gotten the attention of leadership that it needed to, and that includes from Congress and the like. I think that emphasis and funding has enabled us to mature this organization. It was a pretty small shop in 2007 and it was trying to do large mission, which was not a recipe for success.”
But Congress and the White House has given DHS NPPD tens of millions more dollars than ever before to hire more cyber experts, provide oversight and help to civilian agencies through capabilities such as Red Team and Blue Teams.
The improvements to NPPD’s capabilities led Congress to want to give it more authority over some critical infrastructure and to oversee civilian networks.
But Coose said the changes at DHS mirror the broader transformation of the federal cyber landscape.
“The Veterans Affairs loss of data of 26 million veterans was a big milestone. But what has amazed me is that the focus that came from that incident has persisted,” Coose said. “There is better collaboration and visibility about what is going on, which is step one in solving and understanding the challenges.”
He added the government has done a better job in collaborating with each other, with the private sector and with academia.
“The biggest challenge for anyone in this space is getting that depth and breadth of knowledge to come aboard,” he said. “That goes back to why it’s important to have a collaborative element of cyber. You will not be able to hire the talent you need, and share information more broadly.”
Coose said the next big area agencies need to focus on around cyber is how to manage, secure and analyze the tremendous amounts of data the government owns.
He said this includes unstructured data, but also information about what’s happening in real time on their networks. DHS recently released the requirements for agencies to implement continuous monitoring.
Along the lines of continuous monitoring, Coose said the changes in the way agencies implemented the Federal Information Security Management Act (FISMA) to move toward continuous monitoring is one of his proudest achievements while at the FNS.
“We tried to make FISMA very practical and focused on improving security by driving particular capabilities,” Coose said. “Once it was clear what was important to implement continuous monitoring, DNS security, two-factor authentication for logical access, the encryption of devices and a lot more, the improvements chief information officers and chief information security officers made in two years or less blew me away.”
He said the continued senior level management attention to cyber across most agencies also surprised him.
“One of the things we pushed with FISMA was how often the agency briefed its secretary or deputy secretary on cyber threats. And we saw that frequency increasing in the last few years,” Coose said. “It was to the point that we are seeing briefings on a weekly basis or at least reports going up weekly, and face-to-face meetings on cyber monthly.”
As for the future, Coose is starting his own company, called Qmulos, a cyber consulting firm to help governments improve their security postures, mature security programs and introduce them to potentially helpful products.
“I had a fantastic job at FNS, it was my favorite ever, but it’s time to move on to the private sector and see what I can do from that side,” he said.
As yet another senior official leaves NPPD, questions remain whether the organization can maintain the gains of the last few years.
Coose said the cyber jobs within NPPD are challenging, difficult and time consuming, but rewarding at the same time.
He said some of the departures weren’t random events.
“They were scheduled retirements or were laid out at the beginning that the person would do so many years and head out. I think some of those were not unexpected,” he said. “It might send the wrong message about people leaving, but the more they can be transparent about why they are leaving the more people will understand.”