Remembering a Great Cyber Leader

John Lainhart, a leader and influencer of great impact in the Federal IT security world, sadly passed away last week.  John’s remarkable career spanned both civilian and military leadership roles as a government official, as well as nearly two decades as a successful industry executive that included service as the IBM Center for The Business of Government’s Cybersecurity Fellow.  It is with the highest respect and admiration that we remember John’s great influence in the Federal cybersecurity and audit communities.

John led IBM’s Public Sector Cybersecurity and Privacy Services practice for many years. He oversaw the work of hundreds of cyber and privacy professionals who served public sector clients over his 14-year tenure at IBM; John then joined Grant Thornton in their Cyber Risk Advisory practice. John also served as an executive in numerous industry associations, including the Board of George Washington University’s Center for Cyber and Homeland Security, where I had the privilege of serving with John.  

John’s industry tenure was preceded by a highly successful government career.  He became the first Inspector General (IG) of the U.S. House of Representatives in 1993, and was reappointed by bipartisan leaders in Congress until his departure from government in 1999.   John also served in the Federal Senior Executive Service as the Department of Transportation’s Assistant IG for Policy, and led the Government Accountability Office’s audit group overseeing the Departments of Education, Labor, Health and Human Services, and Veterans Affairs.   John paired this civilian service with military leadership as a Captain in the U.S. Navy later in the Navy Reserves.

John combined a tremendous understanding of cybersecurity policy, governance, and auditing.  He was dedicated to advancing security concepts throughout the government to protect sensitive data in a highly technical world, leading initiatives and innovative thinking to helping agencies protect the citizens they served.  John was a mentor to me and to many colleagues – he possessed outstanding skills as a “servant leader,” who brought humility and grace to all of his interactions with clients, co-workers, superiors, or employees. 

John co-authored a Center report, Managing Advanced Threats in a Digital Age, with IBM Security executive colleague Christopher Ballister.  This report assessed the impact of cybersecurity breaches in the Federal government, and developed an action plan based on case studies for government executives in responding to future cyber threats. 

John also wrote multiple blogs and articles from his post as a Center Fellow, including:

• "Protecting Privacy and Security,” which in 2016 addressed how agencies can integrate cyber, privacy and risk management to improve their data protection programs
• “Predictive Security Intelligence: Achieving Holistic Cybersecurity,” a guide for bringing together all aspects of a cyber program co-authored with Chris Ballister in 2016
• “Our Partnership with the Center for Cyber and Homeland Security (CCHS) at George Washington University,” where he wrote about the GW Center in 2016
• “National Cybersecurity Center of Excellence (NCCoE) – Accelerating the Deployment and Use of Security Technologies,” a 2016 piece about the then-new NIST Center that had achieved great success in working with government and industry on new cyber solutions.
• “Improving IT Security Through Implementing Sound Enterprise IT Governance,” which we co-authored and was later published by Federal Computer Week (FCW) in 2014
• “How Agencies' Security Efforts Can Drive Economic Growth,” also a co-authored piece later posted in FCW
• “Achieving Enterprise Security to Support Agency Services,” an early discussion of what has become the Department of Homeland Security’s Continuous Diagnostics and Mitigation program
• “A Framework to Improve Management of Cyberspace,” about a 2013 report on managing cyber as a military-type domain similar to land, sea, and air.

John also co-authored two books on information systems auditing -- System Development Auditor and Computerized Information Systems (CIS) Audit Manual, and a National Institute of Standards and Technology special publication on systems development life cycle auditing.

The Center sends our deepest condolences to John’s family on his passing.  We salute John’s great career, and we will recognize his service as a Center Fellow by retaining a special section of our website with his biography and writings.