My name is Claire Bailey, the Vice President of Government Affairs at Veracode.
My team recently asked me to describe technology policy, and given my current obsessions with Wordle, I thought I’d take a gamified approach to my explanation.
Much like Wordle, the answers will be five letters and pertain to security. We will call this game, Securidle!
Let’s get started…
First, what is the most consistent technology policy on the NASCIO Top Ten?
Cyber security has been in the NASCIO Top Ten for quite some time. My first NASCIO event was a Security Summit following 9/11. My team and I flew into Washington, D.C. Heavily armed security forces patrolled the mostly empty airport. We were on hand to protect our government infrastructure, systems, and people from cyber threats.
That mission continues today. I have walked the halls of the US Capitol and briefed congressional members on the need to fully fund cyber initiatives. Every step we have taken to work with our government leaders and raise the call for action for cybersecurity funding has paid off. Federal, state, and local entities are finally getting the funds they need for cybersecurity experts and tools.
In the early 2000s, governments raced to build amazing state-based data centers. Today, the race is on to build the strongest Cybersecurity Command Center in partnership with state and federal Homeland Security resources.
Ready for another Securidle challenge?
What is the top operational technology priority for State CIOs in 2022?
Cloud adoption is the top operational priority for NASCIO state leaders in 2022.
Now, the final Sercuridle Game challenge …
What blends cybersecurity and cloud services to meet the evolving cyber threat landscape?
Hint: It’s more than five letters.
The answer is, VERACODE.
You might know Vercacode as the industry-leading, US-based application security company. Its founder and CTO, Chris Wysopal, was part of a hacker group that raised this issue to the United States Congress in 1998. Chris was asked to testify again to Congress five years later, this time as director of research and development at @stake, an information security consulting company. On the 18th anniversary of his 2003 testimony, Wysopal noted that we still have a long way to go to build secure software.
In May 2021, President Biden issued an Executive Order on Cybersecurity that focuses on systemic risk in the software supply chain. The EO notes that the development of commercial software often lacks transparency, sufficient focus on the ability of the software to resist attack, and adequate controls to prevent tampering by malicious actors.
The order mandates that the Federal Government adopt security best practices, advance toward zero trust architecture and secure cloud services, and improve access to cybersecurity data needed to drive analytics and manage cybersecurity risks.
Later that year, in October, the US House of Representatives passed a bill that would require the Department of Homeland Security to establish a process for identifying materials used in software to mitigate future supply-chain cyberattacks.
Veracode has the tools needed to meet these evolving cyber needs.
- The Veracode Platform gives customers a 360-degree view of their security posture, providing analysis at every phase of development.
- Veracode brings security and developers together to deliver secure software faster via the largest selection of the most popular development languages, frameworks, and tool integrations. Developers easily connect to development tools and security teams access powerful reporting and analytics.
- Our cloud-native SaaS architecture aggregates anonymized customer data in order to provide the latest vulnerability insight. Veracode’s customers have scanned trillions of lines of code and fixed nearly 100 million flaws.
What is the next Securidle Game challenge? SHIFT. As in “shift left” and catch your application security vulnerabilities before they hit production and put your citizen services at risk.
Stay tuned for the next Securidle Game challenge and more on shifting left in my next blog.