Even when you’re not quite qualified for a job, you can usually bluff your way through the interview if you can positively present the skills you do have. But when the job is White House Cybersecurity Coordinator, you really shouldn’t be bluffing—and if you are, it shouldn’t work. But Michael Daniel seems to have slipped through.
In an interview with GovInfoSecurity on Thursday, Daniel explained why his degrees in public policy from Princeton and Harvard and his 17 years of experience in the White House Office of Management and Budget make him a great fit for his job. He does presumably know a lot about policy and federal budgets. But when he says, “At a very fundamental level, cybersecurity is not just about the technology,” what exactly is he talking about?
As Princeton computer scientist Ed Felten told Vox, which first spotted this interview, it's strange that Daniel doesn't think he needs deep technical knowledge to do his job, given that attorneys, surgeon generals, and economic advisors are supposed to have specialized training, extensive knowledge of the field, and the ability to analyze new research. When Daniel says, “You need to be more of a generalist than having a lot of expertise particularly in the technological side in order to actually succeed well in this area”—well, that just doesn't sound reasonable.
It’s worth noting that Daniel's predecessor, Howard Schmidt, wasn't a trained computer scientist, either. But he did serve as the special adviser for cyberspace security for the White House for two years after the 9/11 attacks, and then went to work at eBay from 2003 to 2009. Even so, perhaps the White House should try a little harder to seek out Cybersecurity Coordinator candidates with some technical proficiency. This seems to be a common mistake in government hiring: The U.K.’s “Year of Code” educational initiative was criticized when its director Lottie Dexter admitted that she didn't know how to program.
“Being too down in the weeds at the technical level," Daniel says, "could actually be a little bit of a distraction ... you can get enamored with the very detailed aspects of some of the technical solutions.” And it’s true that many of Daniel’s policy and political skills are valuable and important to the job. But cybersecurity techniques are complicated. Having no knowledge of programming or the math that underlies cryptography makes it hard to evaluate which techniques the federal government should be adopting and recommending.
“The real issue is to look at the broad, strategic picture and the impact that technology will have,” Daniel says. But it's hard to have foresight about the long-term effects of the technologies you’re selecting if you don't really know how those technologies work.