Phil QuadeChief Information Security Officer
Phil brings more than three decades of cyber, security and networking experience working across foreign, government, commercial and critical infrastructure sectors at the National Security Agency (NSA). As Fortinet’s CISO, Phil serves as a strategic consultant to Fortinet’s C-Level customers and partners, has responsibility for Fortinet’s enterprise and product security, and leads strategy and expansion of Fortinet’s Federal and Critical Infrastructure business. Prior to Fortinet, Phil was the NSA Director’s Special Assistant for Cyber and Chief of the NSA Cyber Task Force, with responsibilities that included foreign intelligence, Defense Department security, the White House relationship and critical infrastructure engagement. Previously, Phil served as the Chief Operating Officer of the Information Assurance Directorate at the NSA, managing day-to-day operations, strategy, and relationships in cybersecurity for classified systems. He held a variety of roles earlier in his tenure at the NSA, including as the head of the Information Operations Technology Center’s Advanced Technology Group, as a professional staffer to the U.S. Senate, at the Office of the Director for National Intelligence, and as cryptanalyst, developer, evaluator and computer scientist..
Prosperous nations sometimes take for granted the safe and reliable critical infrastructures that underpin our economies, governments, and personal well-being; it’s our responsibility to plan and execute key enablers that will secure our future. Similar to how we marvel today at the Roman Empire’s roads and aqueducts, the 3rd millennium will likely do the same with today’s critical infrastructures - that is, if they don’t lead to our downfall. The scope and scale of the critical infrastructure security challenge has frozen ambitions to take on this problem; this presentation will describe a plan and its first several steps.
•Explore a light-touch governance or orchestration board to establish some enduring procedures where such things are helpful.
•Take on the issue of automated information sharing within and among critical infrastructures. The goal is to enable the sharing of threat intelligence and even best practices, and otherwise get people to start working together to create relationships while simultaneously moving the needle.
•Begin to pilot the most promising strategies and capabilities, such as consequence-based engineering. “Test” capabilities to create the most meaningful increases in security and to enrich partnerships. Promote research and innovation on the right challenges, experiment and push the envelope, and fail fast, but on the most important priorities. This approach helps build institutional muscle memory so that responses to actual attacks are quick and effective.
•Rethink the cyber workforce. This will involve creating an environment in which professionals in IT, OT, and Physical security regularly collaborate and rotate job assignments, in recognition that the design of critical infrastructure solutions cannot separate these professions.