US-CERT Chief Way Overpaid
I know Andy Purdy. I like him, and he is a capable manager, but as the article below mentions, he does not have a stranglehold on cyber issues facing government and critical civilian infrastructures. And he is way overpaid for what he is supposed to do.
From the AP here:
Deal for cybersecurity chief questioned
WASHINGTON – The Bush administration’s cybersecurity chief is being paid $577,000 under a two-year agreement with the university that employs him and also does extensive business with the federal office he manages.
Donald “Andy” Purdy Jr. has been acting director of the
Homeland Security Department’s National Cyber Security Division for 21 months. His contract, which has drawn attention from members of Congress, is paying him more than the $175,000 annual salary that Homeland Security Secretary Michael Chertoff earns.Purdy is employed by Carnegie Mellon University in Pittsburgh, which has loaned him to the Homeland Security Department in exchange for the government paying nearly all of his salary. Meanwhile, Purdy’s cybersecurity division has paid Carnegie Mellon $19 million in contracts this year, almost one-fifth the unit’s total budget.
Purdy said he has not been involved in discussions over his office’s business deals with the school.
Some lawmakers who oversee the Homeland Security Department questioned the decision to hire Purdy as acting cybersecurity director. They noted enduring criticism by industry experts and congressional investigators over the department’s performance on cybersecurity matters.
So DHS is giving Carnegie Mellon University 19 million bucks. In exchange, DHS gets the US-CERT website, cyber advisories, about a dozen or so staffers from CMU’s old CERT CC unit. And, they get Andy Purdy. Stubborn refusal to change outmoded procedures and resistance to using capable COTS cyber monitoring and correlation products? That’s free.
There is obviously a huge potential conflict of interest here too. Purdy is leading an organization, and his salary is paid by its largest contractor? Purdy says that he is not involved in any negotiations with CMU. This may be true. While Purdy may not be trying to influence decisions on whether to increase the DHS grants and contracts to CMU, he is certainly doing nothing to deter them either.
See previous articles about US CERT here.