Directives by both a former U.S. president and the current one have kept Mark Fabro very busy.
Fabro, an information security and cyber-terrorism expert, helps clients in the critical infrastructure sectors probe the security of their networks and information environments and then eliminate vulnerabilities. He helped found Terrasec Corporation in early 2001 to help organizations in transportation, energy, utility, communications, and other crucial sectors respond to federal information-security mandates such as Clinton's Presidential Directive Decision 63 and, later, Bush's Homeland Security Presidential Directive 7. After Sept. 11, 2001, Fabro's lifelong passion took on a newfound importance.
"The real threats against critical infrastructure are probably not going to be from the mom-and-pop hacker shops or from 15-year-olds," he explains. "We know for a fact that there are foreign entities, which in some cases may be state-sponsored, looking into ways to attack the computer systems of critical infrastructure in North America."
Fabro, who has worked with more than 150 government agencies around the globe, believes that simulated cyber-attacks, like the exercise he recently conducted for the state of Texas, serve as one of the most effective tools an organization can use to understand its state of readiness.
"They wind up with a deluge of information that outlines the organization's strengths and weaknesses," he explains. "And then it becomes almost trivial to fix the problem."
Posing as a hacker, Fabro admits, is a particularly enticing aspect of his work, but he says that a deeper reward comes from knowing that the world is a safer place as a result of his collaborations with clients.
"Listening is vital," he says, contradicting the traditional notion that "you're not a good technology consultant unless you pull out all of your technology Kung Fu" and wow everyone in the room. "That does nothing for the client," he adds. "Unless you truly listen to your client, you fail in your responsibility to empower them with the knowledge."
A former CB and ham radio enthusiast, Fabro believes that his InfoSec passion began at a young age (though, he notes, the date of his first e-mail account, 1986, qualifies him as a late bloomer by certain standards) and drove his involvement in creating one of the world's first operating system firewalls. Today, Fabro seeks also to also channel that passion into developing a more concrete understanding of information security risk.
"Right now, we in the space understand the threats and the vulnerabilities very, very well," he notes. "But we have trouble understanding how to provide a monetary value to the information assets inside the organizations that we're assessing. I would like to provide a much more cognitive picture to the business manager: If this asset is unavailable or stolen, what is the actual cost to you?"
The quest for that type of knowledge, along with the constant search for InfoSec vulnerabilities in governments, military networks, and industries that are crucial to national security, stokes Fabro's appreciation of his work. "I enjoy learning, which is what this job is all about," he adds. "It's very humbling."
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.