Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Frank Taylor: Better Processes Lead to Tighter Security
If the now-retired Air Force Brigadier General and first-ever GE CSO ever got the memo about career specialization and 'nichey' expertise, he apparently forgot to read it.
Terry Sweeney, Contributing Editor
July 15, 2019
7 Min Read
If Frank Taylor ever got the memo about career specialization and 'nichey' expertise, he apparently forgot to read it. Just look at his background: He's an expert in physical security and cybersecurity; a career military guy who also dove into the deep end of the private sector as General Electric's first CSO; and someone who's as comfortable talking process details as he is big-picture policy goals.
These complementary skill sets were more a by-product of opportunities presented than any kind of calculated career plan or time table, according to Taylor, officially retired from his title of Air Force Brigadier General but unofficially still working hard.
"I've been lucky enough to be assigned all these different kinds of places and, through them, was able to learn more of the secret sauce to developing my leadership philosophy," he says.
Taylor's diverse background ensures his insight and expertise are still sought out on security policy and process issues. He surfaced recently at the RSA Conference in February to speak about the need – and tremendous challenges – associated with information-sharing to protect and defend critical infrastructure such as the national electrical grid.
Information-sharing is a team sport, he said during a panel session. As such, it "takes team players, especially when our adversaries are very good at what they do," he added.
In other words, there's no going it alone, especially when critical infrastructure is at risk.
For Taylor, being part of the military was a lifelong passion; he was active in ROTC during his undergrad years at Notre Dame in the late '60s. Unsure what he wanted to do in active duty, Taylor applied for a position at the Air Force Office of Special Investigations (OSI), whose mission is to identify, investigate, and neutralize criminal, terrorist, and espionage threats to the Air Force and the Department of Defense (DoD).
Taylor was accepted as a trainee in 1970. (Of note, OSI is one of the most requested career choices for Air Force officers, second only to pilot training.) While he had no experience as an investigator, he did have a degree in international studies. "That started my career in counter-intelligence," Taylor says.
Figure 2: Photo: Francis X. Taylor
He describes his tenure at OSI as both formative and destiny shaping. OSI's Taylor served as head of assignments and learned the organization's development process. A subsequent role as executive assistant to the commander helped him with management and leadership skills.
And given it was the mid- to late '70s, Taylor became immersed in Total Quality Management (TQM) and the work of its high priest, Jonathan Deming. One cornerstone of TQM addresses standardizing processes for tasks, measuring outcomes, and ensuring continuous improvements. While he learned to test and refine his own approaches in the military, TQM proved pivotal for Taylor over the rest of his career. Long before the Internet was a gleam in Vint Cerf's eye, Taylor and his OSI colleagues accurately foresaw the need for cybersecurity investigators as computers were emerging as a new battleground for terrorism and war.
"I began working on cybersecurity in 1994, and we hired computer experts and taught them how to be investigators," Taylor explains.
While the FBI takes credit for uncovering the Moonlight Maze incident in 1999 – one of the first reported cyberattacks on the US by the Russians – it started as an OSI investigation in 1996. Taylor says the investigation helped establish processes to uncover how enemies exploited US computer systems – and how to prevent such infiltration.
"Issues, process, tools … that's how I've approached security in my career," Taylor says.
Taylor eventually became the commander of OSI; from there, he took a higher profile in counter-terrorism after 9/11 and subsequently joined the State Department to handle diplomatic security. As he was preparing to leave that job in 2004, his resumé made its way to General Electric. That same year, the Indonesian tsunami rocked the Asia-Pacific region and the international economy. The disaster also amped up concerns within GE that it lacked a proper global view of security, couldn't efficiently assess its risk, and lacked a crisis management strategy.
After four interviews, GE hired Taylor as its first chief security officer, and he immediately merged the physical and cybersecurity functions. He worked to identify risks, then mitigate or eliminate them. The tools and processes he added were tested soon enough with Hurricane Katrina (2005). Whereas just the year before, it took GE almost three weeks to measure the impact of disasters on its employees and businesses, Taylor reports the changes he spearheaded helped reduce that calculation to an hour.
His last federal appointment was Under Secretary for Intelligence and Analysis in the Department of Homeland Security, which he left in early 2017. Since then, he has worked part-time with Cambridge Global Associates as a senior adviser, advising the DoD and contractors around issues of security and policy. He has also written a few opinion pieces on 9/11 and cybersecurity and 5G's security problems.
"I also teach a course at Notre Dame; I go there once a week," he adds.
For Taylor, the ongoing challenge for security professionals of all stripes is how to continue to apply the basics of security and protect whatever you're trying to protect with the tools that are available.
"You're not Wyatt Earp anymore guarding Tombstone – the risks are global," he observes. "The world we operate in and the tools we use are new and require a certain degree of ingenuity. The bad guys understand the vulnerabilities as well as we do. Our job is to work hard to stay ahead of them."
Next Page: Taylor gets personal.
(Image: Adobe Stock)
• Things Taylor has carried over from military life: Everything is still square … be in uniform, be 15 minutes early, and be prepared for your meetings! That's Military 101. GE used to talk about it, but my say/do ratio is 100%. I do everything I say I'm going to do.
• What his co-workers don't know about him: I'm shy. I'm an introvert and really have to work hard to be the extrovert leader to be effective. A quality of introversion is to listen and to hear and contemplate what you're hearing and turn it into knowledge. From the Nicomachean ethics of Aristotle, we know contemplation is the route to knowledge, and knowledge is the route to happiness.
• Electronic must-haves: I get Google, CNN, and MSNBC alerts all the time on my iPhone. The new normal for security executives requires you to know what happened and assess the impact on the organization.
• Favorite hangout: Home. But also a sporting venue since I have season tickets for basketball and football.
• Comfort food: Fried chicken. My wife won't fix it – I only get it on my birthday.
• On his music playlist right now: I do Motown. There's a channel on Sirius XM called Soul Town. That's what I listen to.
• Ride: Right now, I'm driving a 3 Series BMW that I originally bought for my wife. But it's too low to the ground for me, so I just ordered a new Toyota Avalon.
• After hours: Gardening. Gardens respond to tender loving care. They also tell you when you screwed up.
• Favorite team: Notre Dame, my college team. But when Bobby Mitchell became the first African-American player for the Washington Redskins in 1962, I had the opportunity to interview him for my junior high school newspaper. That cemented me to the Redskins for life.
• Signature style: Black suits and white shirts. I don't think I'd be seen as a fashion icon – it's like a uniform … not trying to stand out. And I love that business casual is the way businesses operate now. I wish the government were moving in that direction.
• Actor who would play Taylor in film: Denzel Washington. I like the seriousness in which he approaches every endeavor he's involved in.
• Next career after security: Grandparenting. Your children never leave you so it's about continuing to be a good parent and good grandparent and helping the next generation to get ahead.
About the Author(s)
Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, Network World, InformationWeek and Mobile Sports Report.
In addition to information security, Sweeney has written extensively about cloud computing, wireless technologies, storage networking, and analytics. After watching successive waves of technological advancement, he still prefers to chronicle the actual application of these breakthroughs by businesses and public sector organizations.
You May Also Like
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
Securing the Software Development Life Cycle from Start to FinishMar 06, 2024
Latest Articles in The Edge
Redesigning the Network to Fend Off Living-Off-the-Land TacticsFeb 23, 2024|7 Min Read
Privacy Beats Ransomware as Top Insurance ConcernFeb 23, 2024|5 Min Read
Library Cyber Defenses Are Falling DownFeb 20, 2024|3 Min Read
Enterprises Worry End Users Will Be the Cause of Next Major BreachFeb 16, 2024|2 Min Read