This is the my scratchpad of posts that I might write in the future. Feel free to comment on what you’d like to hear me rant about.
This is the my scratchpad of posts that I might write in the future. Feel free to comment on what you’d like to hear me rant about.
How about talking about getting the services to actually make good defensive cyber policy that doesn’t let CIOs drive?
Cases in point:
Only DoD is running VRP – Thanks DASD-C (CS) =D
USCC delegated defense to “JFHQ-D” because it was the hard part
No one wants to touch config management with a 10 foot pole even though understanding our network is a prereq.
No one wants to entertain deception despite a strong imperative
I would love to see/read your updated thoughts on how a vendor can approach the CoN process when they have a fully developed product that needs testing. For instance, imagine if there was a individual vendor that had a complete grasp of an DoD organization’s requirements and developed something they feel could solve problems and/or gain significant efficiency. I know DIUx and app.gov are options, but what if the vendor needed assistance working through the CoN process. Thank you!