This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
By Robert Westervelt
Timothy S. McKnight is on the front line against cybercriminals tied to organizations with anti-American interests. He's not that far removed from his previous life at the FBI, where, as a special agent he investigated bank robberies and corporate corruption. Now, as vice president and chief information security officer at government contractor Northrop Grumman, McKnight's perpetrators are less tangible, but just as crooked.
"That's what's exciting about security--it's constantly changing," McKnight says. "It's not like we're doing the same job every day--those days are gone. Today we need to get way ahead of threats, anticipate the business needs and reduce the risks to the company."
To reduce those risks, McKnight developed an extensive security metrics program that measures the effectiveness of the enterprise's security initiatives.
Each organization within Northrop Grumman reports on policy compliance, progress on security projects, critical patch response and implementation times, and mitigation of issues found during vulnerability scanning and penetration testing. As many as 50 metrics are rolled into a dashboard viewable by management.
The program helped the company become more efficient, improving patch-management and antivirus capabilities for all servers and desktops, says Keith Glennan,
| Northrop Grumman's chief technology officer. Not long ago, it took 45 days to deploy patches to 150,000 company devices. Today it takes about 48 hours, Glennan says.
"The threat tempo has obviously picked up, but the foundation Tim helped us put into place is directly attributable to our successes today," says Glennan. "Tim has helped to really frame security as a risk need as opposed to just a cost of doing business."
McKnight oversaw the deployment of disk encryption for Northrop Grumman-owned laptops to mitigate consequences of lost or stolen laptops.
To minimize the probability of virus and worm infections, he removed computers that were not Northrop Grumman-owned or supported from its internal network, and he reduced the risk of sending company-sensitive information to non-employees by removing those email addresses from the company's global address list.
McKnight also helped form the Cyber Threat Analysis and Intelligence group within Northrop Grumman. Comprising former intelligence community experts, military personnel and analysts, the group helps assess threats and is focused on competitive intelligence.
Its work has led to an intellectual property protection and counterintelligence program at Northrop Grumman.
Outside Northrop Grumman, McKnight helped create and served four years as a board member of the TransAtlantic Secure Collaboration Program, which developed the CertiPath PKI Bridge, a third-party identity broker that links commercial contractors in the aerospace and defense industries with government agencies.
McKnight says today's CISO helps shape a company's overall strategic planning.
"The CISO [was] embedded in network organizations a decade ago and now we're getting seats at the table," McKnight says. "The role is becoming less technical and more about leadership and talking the business language in terms of risk."
This was first published in October 2007