William Lay: Well Jim, thanks to [00:00:01] leadership. The state’s been at this about 5 years or more now.
JIm Flyzik: Okay.
William Lay: We do have a lot of lessons learned and we’ve grown quite a bit over especially the last 3 years as we mature our program. I think the biggest lesson learned is to ensure that we’re communicating effectively what we’re trying to achieve and do. Once you have a continuous monitoring program in place, people start to make assumptions just like, “Oh, well what is our tool telling us?”
JIm Flyzik: Right.
William Lay: Well, we want to make sure we’re providing accurate information. We’re not giving them a false sense of security. So we want to make sure that—one, when we say we have a good, as we used the term earlier, a high level of cyber hygiene, that’s actually the case; that our tools are monitoring a high percentage of the devices that are out there on the network. So we’re not missing or we don’t have huge gaps.
JIm Flyzik: Right.
William Lay: Also, it has to be focused on the data. The data has to be useful. As we add censors, as we add monitors—it becomes an exponential data problem. And if we did not have solid standards in place, it all falls apart very rapidly and it gets completely untenable. You have to have a fairly strong, centrally managed approach. Governance is critical.
Speaker 2: Sure.
JIm Flyzik: But everybody has to be onboard. It can’t be just the coalition or the willing; everybody out doing their own thing.
Speaker 2: Right, right.
William Lay: It’s got to be very coordinated, very planned. Your execution has to be precise or you’re just wasting a lot of time, effort, and money.
JIm Flyzik: Yeah, I’m sure…
[END OF AUDIO 00:01:43]
…Read more
Less…