This report first appeared on CyberScoop.
Retired Rear Adm. Robert Day, Jr., the man hired by BlackBerry last week to lead its federal certification and compliance efforts, knows all about the crisis in the cybersecurity workforce — and not just from his time as CIO of the U.S. Coast Guard.
When asked about the company’s plans for a new federal cybersecurity operations and compliance center, he said its location could be in the national capital region, or on the west coast — depending on where they can find the people to staff it.
Staffing “will be a driving factor” in the location decision, he told CyberScoop, “It’ll be very significant.”
The center, with Day at the helm, will guide the Blackberry product suite through the FedRAMP certification process, and provide a single point of contact for agencies for ongoing compliance monitoring, reporting and notification.
Day, who became an independent consultant after he retired from the Coast Guard in 2014, worked with Blackberry subsidiary AtHoc to get their products FedRAMP certified.
“We’re almost there,” he said of that process, “The final piece of paperwork went in this week,” and he expects the AtHoc cloud infrastructure to be certified FedRAMP compliant sometime in March or April.
“Bob Day has proven himself to be an invaluable asset to BlackBerry,” said company CIO Iain Kennedy.
AtHoc, which provides emergency notification and management communications to more than two-thirds of federal employees, was bought by BlackBerry last year — part of the company’s strategic turn from a failing handset maker to a security software play.
“BlackBerry realized that cloud initiatives in the federal government government are really taking off,” Day said, explaining the company’s decision to build out the center.
BlackBerry Enterprise Server 12 and WatchDox will go through the FedRAMP process after AtHoc’s compliance is approved.
The AtHoc certification has taken almost a year, he said. “It is a lengthy process and a significant investment” he said of FedRAMP.
Day retired from the Coast Guard after five years as the service’s CIO and commander of Coast Guard Cyber Command. He says the lessons he learned there have helped shape his approach to the new job.
“The first task I had was to stand up a Coast Guard Cyber Command [including] a [security operations center] for the service and its 75,000 endpoints,” he said.
“Over the next five years I learned two lessons: How critical cybersecurity was becoming as an overarching factor for the CIO … And how cloud is a mandate every CIO has to look at as budgets tighten.”
He said it would be several months before the center was up and running. “I want to get to [initial operating capacity] in May,” he said, adding he’s aiming for a head count of seven by that time and double that by the end of 2017.
“But that may change,” depending on how the certification process goes for the other products. “GSA does keep refining the process,” he said.