author photo
By Bruce Sussman
Mon | Jul 15, 2019 | 9:38 AM PDT

Helen Patton is the Chief Information Security Officer at The Ohio State University.

We've been following her on Twitter long before she delivered one of this year's keynotes at SecureWorld Cincinnati.

Helen Patton keynote stage - SWCIN19

Patton has hit on something that has her Twitter feed lighting up. She posed this question:

"So, if you were a presidential candidate representing the #cybersecurity party, what policies would you promote?"


Now, here's a shocker: people in InfoSec have lots of opinions on this. Let's look at some examples.

The cybersecurity president: what is your platform?

Here are some of the responses to Patton's question about the policies a "cybersecurity president" should have:

Ann Johnson @ajohnsocyber says:

"There is an entire list of items that need to be evaluated but let’s start with a requirement for mandatory proactive intrusion detection service to determine who is already in the environment and where with a deadline for completion tied to some type of funding.

From there I would focus on enforcement of existing standards and development of new standards to address common remediation topics. Enforcement of MFA, privileged admin workstations, encryption, data classification, least privilege standards etc.

One of the challenges (if this were truly a political campaign) is normalizing the language so non IT security folks understand the concepts and the importance without terrifying them."

‏KKeevvvvyygg @kevvyg posted:

"You cannot release a product without a Software Bill of Materials nor can you make a product that can't be reasonably patched. Dan Geer's keynote at @BlackHatEvents 2014 was so spot on."

Chad Loder @chadloder wrote:

"A fundamental human right to privacy in the Constitution. 4th Amendment does not go far enough."

Jason Halley @JasonRHalley would approach things like this:

"Ban companies from advertising their product as #unhackable"

Jeff Nathan @JefNathan was talking elections:

"Ensure our democratic process by securing campaigns at all levels, regardless of party, and utilizing voting technology is fully auditable in hardware, software, and the votes themselves."

University of Wisconsin-Madison CISO Bob Turner @UWMadisonCISO also chimed in: 

"If it were a more conservative leaning party I would want our candidate to promote self reporting and honesty in dealing with data breaches (which given the etymology of Cyber works well). If it were a more liberal party I would expect incentive programs to promote cybersecurity."

And CISO Helen Patton, who started this conversation, has a number of ideas herself:

"I’ll start: mandate MFA for all transactional websites

Revoke the CFAA and legalize bug hunting activities through registered organizations

Sales tax free consumer security products"

Read her entire thread here.

What would you add to the 'cybersecurity president' platform?

So let's say you are running for president of the "cybersecurity party." What would your platform be?

Let us know in the comments below or tweet us @SecureWorld.

[RELATED: Trump-Kim Handshake and a Spike in Malware]