Yet another US Government cyber tsar at US-CERT resigns


randy-vickers-170Do you hate your job in IT security?

Imagine being responsible for safeguarding the entirety of the United States against cyber attacks.

Sure, it is a high-profile role, and you probably get a lot of free lunches out of it, but the stress must be impossible to swallow. Particularly now, when the likes of LulzSec and Anonymous are exposing cyber weaknesses both in and out of government.

So, perhaps it is no wonder that Randy Vickers, Director of the U.S. Computer Emergency Readiness Team (US-CERT), resigned from his post on Friday, effective immediately.

Now, it has to be said that this job has been a bit of revolving door. In the last seven years, six different people have held this job title. One departee – Mischel Kwon who left in 2009 – was rumoured to have blamed her resignation on “obstacles and a lack of authority to fulfill [the] mission”.

Vickers was appointed to the role in August 2009, having first joined Department of Homeland Security (DHS) in December 2007.

i-quit-postnote-on-keyboardA brief email about Vickers’ resignation was sent to staff, stating that Lee Rock, who has been with US-CERT since 2006 (serving as deputy director for US-CERT for the past year), will be the interim replacement to Vickers until a new director is formerly appointed.

The email is reported to have phrases like “We are confident that our organization will continue its strong performance under [Lee Rock’s] leadership.”

I don’t have any idea how the US-CERT measure its employees’ performance, but I imagine that the job of late must have looked a lot like firefighting.

In 2011 alone, we have seen numerous large scale attacks, such as the potential theft of US weapons system plans, the CIA website attack, the IMF hack, not to mention the RSA data theft and subsequent attack on US military contractors.

Vickers’ resignation also nips at the heels of another high-profile US-CERT resignation: Deputy Under Secretary Philip Reitinger left in May this year, just days after the White House released comprehensive plans for a new cybersecurity policy.