To be effective, security has to come first

The keys to good IT security are doing your homework early and being prepared, said Keith Young, security manager for Maryland's Montgomery County.

"Security is like a Yugo with a sunroof," Young said in a presentation at the FOSE 2003 trade show. "Eventually something is going to leak through." A good security manager should plan ahead to put off the inevitable for as long as possible, and be ready for it when it occurs.

Montgomery County had the lead in last year's Washington, D.C., sniper investigation and had to share information securely with a variety of agencies within the county as well as local, state and federal organizations in the District of Columbia and two states. At the same time, traffic?and attacks? on the county's Website increased 1000-fold, Young said.

He found there was no one effective solution for securing the multitude of links that was put into use.

"Montgomery County is using everything right now," Young said. That mix, which supports about 2000 users, includes virtual private networks, site-to-site IPSec encryption, Secure Sockets Layer encryption for Web applications and public key infrastructure. None is perfect, he said. For every solution there are problems with interoperability, the need to support client software for a variety of platforms and the threat to internal networks should malicious code breach the perimeter.

To make security work managers must spend time and money up front evaluating vendors and their products, paying attention to company financials as well as to technology. This groundwork might slow down the process of change, he warned. "Sometimes, sticking with your current product might be a good choice."

Another piece of advice was to keep a big bottle of antacid on hand. "I take it on a daily basis," Young said.

About the Author

William Jackson is a Maryland-based freelance writer.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.