I write this with both great anticipation and great sadness. Most, when leaving work, author an email telling everyone how much they've enjoyed working with them, leaving behind one parting message to their teammates as they head out into the sunset. I didn't do that. In fact, for the last month or so, I've prepared my team as best I can, with written turnover guidance and a RACI chart for the next Director. If he/she is new, I want them to at least know the battle rythm and who to talk to during the course of normal business, and if they find themselves in crisis mode. I think it's a holdover from my Navy days when officers created turnover guides for their successor. I like the practice, and left a binder with the 5Ws for the next guy on my desk.
That said, while I am extremely happy about moving on, I'm also saddened about leaving my current job. You see, for the last three years I've run a group of analysts at one of DoD's hidden jewels -- the DoD Cyber Crime Center (DC3 for short). DC3 is about as large as the lunch staff in one of the larger organizations, but cranks out some of the most amazing digital/multimedia forensic, cyber analysis, cyber training, R&D and outreach work that I've seen. This is by far, one of the best jobs I've ever had, and for all of you geeks, one of the best places to work if you want to bury yourself in data and want to have the flexibility to run with your own ideas. It's an amazing place! My piece was as the Director of the DoD/DIB Collaborative Information Sharing Environment (DCISE --an acronym only DoD could come up with.. say 'dice' for short). DCISE is comprised of the Defense Industrial Base-Computer Emergency Response Team (DIB-CERT), two other deep analysis technical teams, and an intrusion analysis section in the lab of about 20 malware analysts and forensic examiners. Since 2008, DCISE analyzed and published findings on over 1000 APT-focused incident reports and produced over 21,000 early warning, or indicators of compromise to 36 of the largest defense contractors, a dozen or so of the largest banks and DoE labs.... over 7 million computers are managed by the partnership we served! Wow! I had the opportunity to build this.. my way. What a ride! It's now operating smoothly, and a few months ago, went through the appraisal for CMMI. It's going, stable, funded, and well positioned for the future!
So, what's next for me? I like fixing broken things and building new.
Tomorrow I'm traveling to Japan to talk to the JPCERT about the benefits of sharing cyber information, and about the Red Sky Alliance. The Red Sky Alliance is a closely woven group of trusted incident responders and security pros sharing and comparing notes on intrusions they're seeing.. all in real time in the privacy of their own portal. It's still early, and the portal has some growing to do, but we've got several companies participating today, and have about a dozen more in the pipeline heading toward the membership process. While that gets off the ground, I'll be working part time for a company called Delta-Risk where I'll be authoring anti-APT strategies, working with Infosec teams, and whatever else comes along. Regardless, next week is JPCERT. The following week is a speaking engagement at Georgetown and then, Mad River Glen for some 'Ski it if you can!" time with the kids!
So, by the time this posts later today, I'll no longer be Jeff Stutzman, DCISE Director, DAFC. I'll be Jeff Stutzman, CIO and VP Collaborative Research and Analysis at Red Sky Alliance. I look forward to talking with many of you about joining over the coming days, weeks and months.
Jeff