C-Suite Research

Navigating the muddy waters of enterprise infosec

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Information security finally has executives’ attention, but aligning with business needs is still challenging.

Executives at Booz Allen Hamilton learned the importance of information security the hard way back in 2011 when the hacker group Anonymous claimed that it had penetrated one of Booz Allen’s servers and had deleted 4GB of source code and released a list of more than 90,000 military email addresses and encrypted passwords.

The breached server turned out to be a development environment containing test data, “but that didn’t really matter; it was a wakeup call,” says Michael Waters, director of information security at the consulting firm and government contractor. “It was a pretty unpleasant experience, but it did galvanize substantial investment — both capital and HR — in getting things done. The firm looked around and said, ‘We have been working on this, but we need to put more toward it.’”

Over the next year, Waters’ information security staff grew from 12 to 70 employees, budgets increased, and processes and governance improved significantly. But a security plan is never “finished,” and in 2013 Booz Allen received a second jolt — this time in the form of an insider threat — when recent hire Edward Snowden, working under contract to the NSA, leaked highly classified documents describing government surveillance programs.

To continue reading this article register now

Join the discussion
Be the first to comment on this article. Our Commenting Policies