Booz Hacks Fed IT, Makes It Incompetent, Insecure, Bankrupt
By Duane Thresher, Ph.D. November 15, 2018
Booz Allen Hamilton (a.k.a. Booz) was just awarded a $2.5 billion 10-year IT (which includes cybersecurity) contract by the Securities and Exchange Commission (SEC), with the help of the IT incompetent SEC Chief Information Officer (CIO) Chuck Riddle and the IT incompetent SEC Chief Information Security Officer (CISO) Andrew Krug, who are both former Booz employees (a.k.a. Boozers). High school dropout and traitor Edward Snowden, who hacked the National Security Agency (NSA) then fled to Russia to avoid capture and execution for espionage, was also a Booz employee at the time. IT incompetent Jeanette Manfra, Department of Homeland Security (DHS) Assistant Secretary for Cybersecurity, is also a former Booz employee. All, except possibly Snowden, are in line to be rewarded with high-paid executive positions at Booz after they go through the government-business revolving door once again.
In what has been called the worst espionage incident, and data breach, in U.S. history, Edward Snowden, a Booz employee at the time, purposely went to work for the National Security Agency (NSA) so he would have access to top-secret documents to compliment the top-secret documents he had already stolen from the Central Intelligence Agency (CIA) while working there as an employee of Dell. In short, Booz hacked the NSA. And Snowden is only the most notorious example; there were other Booz/NSA employee hackers as well.
Snowden is an extreme IT incompetent. He not only has no IT college education, he is a high school dropout. He should not have been hired to do IT for his high school, never mind for Booz, NSA, Dell or the CIA (whose CIO, John Edwards, is also an extreme IT incompetent like Snowden, although Edwards used to work for Accenture, not Booz). Tellingly, Snowden fled to Russia, not some other non-extraditable place, to avoid capture and execution for espionage. It seems obvious Snowden won't be rewarded with a high-paid executive position at Booz, but with a system as screwed up as this, who knows. Booz brags about being global, so maybe Booz does work for the Russians too.
Before continuing, executive IT job titles should be explained. Given the plague of data breaches due to IT incompetence, business/government organizations try to obscure responsibility when a data breach inevitably occurs by playing "musical titles" with the executive IT job titles, frequently changing them. CIO, CISO, CTO (Chief Technology Officer) -- see whose title seems closest to being responsible when the data breach inevitably occurs. After being hacked, Booz itself now has no CIO, CISO, or CTO, unless you count Chief Innovation Officer Susan Penfield or Chief Transformation Officer Angela Messer. Penfield and Messer are both IT incompetent and I would add them to my Business and Government IT Incompetents Hall of Shame wings but I seriously have no idea what they actually do (Booz wins!), although it seems IT related. According to Booz's website, their jobs seem to be just being cheerleaders for women in executive IT jobs like they are, regardless of their IT incompetence.
For years the SEC has been warned that it was vulnerable to cyberattack. Last year the SEC had a data breach (it probably had others before and since but they were not made public). The SEC provides oversight of stock markets, i.e., publically traded corporations. It was created after lack of oversight caused the Great Depression in the 1930's (just like the lack of oversight of who is qualified to do IT is destroying America). Obviously then, publically traded corporations, like Booz, would love to hack the SEC to subvert oversight. But why remotely hack the SEC when you can just make your employees CIO and CISO of the SEC like Booz did?
Chuck Riddle is SEC Chief Information Officer (CIO). Riddle held the "musical titles" title of SEC Chief Technology Officer (CTO) during the SEC data breach. He has no IT education, only a BA in communications (the dumb jock major not telecommunications) and an MBA (Master of Business Administration). He is a former Booz employee and a future Booz executive.
Andrew Krug is SEC Chief Information Security Officer (CISO) and was during the SEC data breach. He almost certainly has no IT education. The only information about Krug that can be found is on his LinkedIn page. For education he gives two second-rate universities but no degrees or majors for them. That almost certainly means he has no IT education -- if he had any he would advertise it on his LinkedIn page, the most important place for workers to connect for government and business jobs. (Interestingly, no photo can be found of Andrew Krug. That is a good IT security measure but scoundrels need good security too.) Krug is a former Booz employee and a future Booz executive.
Update: An FOIA request to the SEC finally revealed that, as predicted, Krug only has a BA in economics and an MS in management.
Jeanette Manfra is Department of Homeland Security (DHS) Assistant Secretary for Cybersecurity. She has no IT education, only a BA in history and an MA in international relations. Manfra is part of DHS's National Protection and Programs Directorate (NPPD), which is tasked with protecting America's physical infrastructure, particularly its electrical grid, and its cyber infrastructure, particularly its Internet. I've written about her in Handing Over America's Electrical Grid to the Russians. She has probably already risked national security by letting Facebook and its hackers read all her email. She doesn't know enough about cybersecurity to protect her own family -- she posts her maiden name, location, photos of her children, and a list of her parents/siblings/cousin, with photos, on her Facebook page. Manfra is a former Booz employee and a future Booz executive.
Booz recently bought eGov Holdings, a holding company of companies providing IT services to the U.S. Government. Booz now has many more employees in place in Fed IT. (Why remotely hack U.S. Government IT when you can just make your employees Fed IT workers?) When you are an IT incompetent company, you try to buy up companies with IT competence (same is true in all fields). Remember Yahoo? Trouble is that these bought companies are also IT incompetent, pulling the same scam as Booz. It's all just one giant pyramid scheme of IT incompetence and it will end the way all pyramid schemes end -- collapse, bankruptcy, and jail time (this means you Horacio Rozanski, Booz President and CEO).
That Booz is IT incompetent is further shown by the fact that, as mentioned, Booz itself has been hacked, exposing tens of thousands of military emails and hurting national security, just like with Boozer Snowden. Booz doesn't know enough about cybersecurity to protect themselves, never mind the U.S.
All these IT incompetent Boozers are going to be going through the revolving door out of government and back into Booz at about the same time. How is Booz going to rename the executive IT job titles to accommodate their payoffs? Maybe finally reuse CISO, making it stand for something else? Chief Income Supplementing Officer?
Tragically, in the end, the U.S. Government, so the American people, will be left IT incompetent, insecure, and bankrupt. Indeed, Booz will kill ya.
A demand for an investigation of this matter was sent to Carl Hoecker, SEC Inspector General, as well as SEC Chairman Jay Clayton, and SEC Commissioners Kara Stein, Robert Jackson, and Hester Peirce (Commissioner Elad Roisman does not allow email contact).