“Matthew Shallbetter has an unusual job in government. He actually goes out and meets with cybersecurity vendors.”
“As the director of security design and innovation at the Department of Health and Human Services, Shallbetter is on the lookout for the next great cybersecurity technology or tool. He often is attracted to those that have grabbed the attention of venture capital groups.”
“Shallbetter said this approach helps HHS make better decisions for how to protect its technology networks and data, because sometimes failure is a good thing…”
“One of the big challenges Shallbetter and his office faces is the federated nature of HHS and the assortment of devices ranging from Apple computers at the National Institutes of Health and the other scientific communities, to executives using tablets.”
“’When you begin to put some of this newer technology on that hasn’t been tested, we just realized, there’s too much variety at the very end of our network to deploy those kinds of tools, if they’re heavy at all on the endpoint. Putting things in the cloud, making it shareable and accessible, mean that our federation is less of an issue. We can put that on the vendor or the product suite or the integrator, we can offload that challenge to somebody else. And I think that someplace where our failure early on, definitely led to us looking or led to me looking at that cloud browsing as a solution,’ he said.”Bringing HHS components together
“The lessons from the cloud isolation browser test now is helping HHS launch a full on pilot with a technology that meets their needs. Shallbetter said he is working with the Defense Information Systems Agency on the CBII effort after DISA awarded a five-year, $199 million contract to move the technology into full-production last summer.”
“The other part of his job beyond meeting with vendors and testing products is to help the component agencies understand what is possible around cyber. The HHS CIO only controls about 20% of the agency’s $6.4 billion IT budget with a majority of it tied to programmatic efforts…” Read the full article here.
Source: For one HHS office, a cyber failure isn’t always bad news – By Jason Miller, February 19, 2021. Federal News Network.