CEO and consultant Richard Clarke took his inspiration from President John F Kennedy and turned it into the first cybersecurity position in federal government. Determined to help change the mindset of war, Richard went to work for the Department of Defense at the Pentagon following college during the Vietnam War. From Assistant Secretary of the State Department, he moved to the White House to work for President George W. Bush's administration where he kept an eye on Al-Qaeda and was tasked to take on cybersecurity. Lacking any books or courses to give him a basic understanding of cybersecurity, Richard made it his mission to raise the level of cybersecurity knowledge. Currently as Chairman and CEO at Good Harbor Security Risk Management, Richard advises CISOs. We thank Richard for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
You're listening to the Cyberwire Network, powered by N2K. When it comes to ensuring your company has top-notch security practices, things can get complicated fast. Vanta automates compliance for SOC 2, ISO 27001, HIPAA, and more, saving you time and money. In Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center. Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and prove security in real time. Our listeners can claim a special offer of $1,000 off Vanta at vanta.com/cyber. That's V-A-N-T-A.com/cyber for $1,000 off Vanta. This is Dick Clark. I'm the CEO of Good Harbor Security Risk Management. I grew up at a time when John Kennedy was president, and his call to ask not what your country can do for you, ask what you can do for your country, resonated a lot with me. And so I think from the very beginning, I wanted to serve in government, to serve in the federal government. I remember going to the White House as a kid, standing outside and saying to my father, "I'm going to work there." Well, when I got out of school, the Vietnam War was still raging. It was the number one issue that he dominated my life as an undergraduate. And I made a counterintuitive response to that. I decided I wanted to go work in the Pentagon. My reason for thinking that way was if only people who wanted to have wars, if they were the people who populated the Pentagon, then we would always have more wars. But if we had people who believed in alternatives to war, it might make a difference 20 years later. So I put my sights on the Pentagon and I got a training job, an internship job in the office of the Secretary of Defense. I got to the White House from the State Department, I had been in the Assistant Secretary. So I went to the White House at a fairly high level in the Bush administration. Almost from the beginning, I thought we were not paying enough attention to a new phenomenon that I smelled, I detected, and some other people did too. And that phenomenon turned out to have a name, and that name was Al Qaeda. So I always kept Al Qaeda under watch beginning, well, probably in 1992. In 1997, they added to my portfolio this new thing called cyber security. And when they insisted I take it on as an additional responsibility, I tried to learn about it, tried to get books on the subject. And there really were not any good books then that were an introduction to the topic. And so I used the fact that I was a Special Assistant to the President to call up Microsoft and Cisco and Symantec and the big names of the day and say, "I'm from the White House, I really need to understand your company and this issue. So I want to meet with Bill Gates, I want to meet with John Chambers." And that worked. Before 9/11, in the early months of the Bush administration, Bush II, it was pretty clear to me that they were not going to pay enough attention to Al Qaeda. And I really didn't want to be left holding the bag. And I also wanted there to be a full-time position worrying about cyber security. So I think in June, before the September attacks, I went to the National Security Advisor and said, "I want to move from the terrorism portfolio since you don't pay enough attention to it. You're not doing what I recommend. I want to work full-time on cyber security and I want to create a new position to do that." Eventually, it happened and we did create the first cyber security policy position in the White House. I had quite a good staff and we wrote a national strategy for cyber security, which I've read the other day, and 20 years on, it's still pretty good. My job is one of being a consultant, but it's a consultant to a diverse group of things. I try to work for corporate boards and corporate leadership to explain the importance of cybersecurity to them. And I try to work with CISOs to be their advocate and coach and validator. When I started in cyber security, looking for that book, it would be the good introduction. It didn't exist, and when I started looking for university courses, they didn't exist, and so I wrote the book, and I got a lot of universities to start the courses. I got a lot of federal money to help universities start cyber programs. So a lot of what I wanted to learn then, one couldn't easily learn that, and can much more easily learn that. This September 18th and 19th in Denver, a tight community of leading experts is gathering to tackle the toughest cybersecurity challenges we face. It's happening at M-Wise, the unique conference built by practitioners for practitioners. Brought to you by Mandiant, now part of Google Cloud, M-Wise features one-to-one access with industry experts and fresh insights into the topics that matter most, right now to frontline practitioners. Register early and save at mwise.io/cyberwire. That's M-Wise.io/cyberwire. [MUSIC]
