Home > IT Blogs > Security Bytes > Robert Maley dismissal, in retrospect, not surprising
>>VIEW ALL POSTS  

Security Bytes

« Static source code analysis turned on its head
Estonia defense minister talks about 2007 cyberattacks »
Mar 17 2010   2:32PM GMT

Robert Maley dismissal, in retrospect, not surprising



Posted by: Eric Parizo
Web application security, laws investigations and ethics, Robert Maley

As first reported last week in the The Patriot-News of Pennsylvania and other outlets, Pennsylvania CISO Robert Maley was either fired or resigned under pressure following an appearance at RSA Conference 2010.

It’s been widely reported that the man credited with building Pennsylvania’s information security program from scratch lost his job because at RSA he revealed a design flaw in the commonwealth’s driver’s exam-scheduling Web application. SearchSecurity.com alum Dennis Fisher writes on ThreatPost.com that Maley’s firing is bad for the industry, and while it’s hard to argue any of Fisher’s points, there are some important details that have thus far been overlooked.

At RSA, Maley not only spoke on a panel with other state CISOs, but he also led his own session on changing the culture of application securitySearchSecurity.com was at that session, and the first thing Maley noted was that a travel ban was in place for Pennsylvania officials due to the state’s economic troubles, which barred him from speaking in an official capacity. He then said he was at RSA on “vacation” but considering that the content of his talk was entirely focused on his work as Pennsylvania CISO, it’s not a stretch to believe that alone would have been grounds for his dismissal.

In addition to the exam-scheduling application issue, Maley also discussed a number of other security issues within his organization that may not have pleased officials back home, including past SQL injection attacks on state websites, a control for an open Lotus Notes system that could have led to a system compromise, and a 2008 cross-site scripting vulnerability in a voter registration website that exposed voters’ personal information.

Yet what’s especially odd about the timing is that Maley delivered a similar presenation at the RSA Conference in 2009. Why did the talk cost Maley his job now? Sources speculate that it was a combination of violating the state travel ban and choosing to discuss the issue with the exam-scheduling application, which is still under investigation. Maley himself has discussed at length the political upheaval his state-wide security policy changes have caused, and as a result he surely wasn’t in the business of making friends in Harrisburg. It’s easy to see how once word of his RSA appearance got out, there were plenty of people there ready and waiting to drop a dime on him. So it stands to reason that even in information security, politics is still politics.

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

Rgmoon  |   Mar 24 2011   9:13AM GMT

Now innovation in technology with every passing day are not interesting for me. But it is positive thing that we can learn many things from the increasing use of technology. Thanks for providing this info for us.

cherokee county herald


 

Outlet  |   Apr 12 2011   3:58AM GMT

The most stylish and high quality Louis Vuitton is the best seller now. If you want to buy Louis Vuitton,just come to our Louis Vuitton Outlet Store, the best Louis Vuitton and the good service we would supply you. Cheap Louis Vuitton for sale now! Back to Louis Vuitton Outlet and choose the Louis Vuitton you prefer.
Every nobby woman all hope to have a world famous brand goods.Louis Vuitton items of Louis Vuitton Outlet Online is one best choice for you. These new design Louis Vuitton that come in unique styles. It is easy to see that Louis Vuitton Online store listed in our Louis Vuitton online that you can find the luxury Louis Vuitton products.


 

Rgmoon  |   May 13 2011   8:50AM GMT

This post is full of updated info and adds a lot into my info store. This is very useful info you have provided here. Thanks for such an amazing stuff, Keep it up
cars for sale colorado


 

Ahmadferi  |   May 24 2011   6:17AM GMT

Hey, just looking around some blogs, seems a pretty nice platform you are using. I’m currently using Wordpress for a few of my sites but looking to change one of them over to a platform similar to yours as a trial run. Anything in particular you would recommend about it?

hobbs shoes