Robert F. Lentz has served as the President of Cyber Security Strategies, a cyber-security consulting company, since October 2009. Mr. Lentz also serves as Board Director of LogRhythm, a leader in Security Intelligence and Analytics since December 2012.
Over the preceding 34 years, Mr. Lentz held various public-sector defense positions, including serving as the Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance (CIIA) in the Office of the Assistant Secretary of Defense, Networks and Information Integration/Chief Information Officer and Chief Information Security Officer (CISO) for the U.S. Department of Defense (DOD), Chief of Network Security in the National Computer Security Center at the National Security Agency. In his CISO capacity at the DOD, Mr. Lentz oversaw the department’s 3 billion dollar Information Assurance & Cyber Security programs. He transformed the programs, to include establishing the first comprehensive IA/Cyber Architecture, supple chain risk management strategy and operationalizing the world’s most robust Identity Management System, and played a key role in leading the United States National Cyber Initiative.
Mr. Lentz holds a B.A. in History and Social Sciences from St. Mary’s College and an M.S. in National Strategy from the National Defense University.
Cyber Security Leadership and Risk Management - How to Achieve Resiliency in the Face of Escalating Threats.
The state of an organisation’s IT security posture is too important to be fully delegated to the CIO and CISO. A serious cyber attack can have a material adverse effect on an organisation’s well being, financially and otherwise. This places cyber security into the category of a business risk that warrants CEO and Board attention. Getting the Board of Directors engaged and identifying key metrics to operationalise the needed risk and resource decisions will minimise successful attacks and achieve mission resiliency.
As organisations evolve their security posture, two key metrics for measuring their security capabilities are its Mean-Time-to-Detect (MTTD) threats that present an actual risk and its Mean-Time-to-Respond (MTTR) to fully analyse the threat and mitigate any risk presented. Each organisation needs to assess for itself the appropriate level of maturity based on its own risk tolerances and establish a robust cyber security scorecard to drive successful operations.