After 10 months of delays, President Obama has finally chosen a cybersecurity coordinator, filling the so-called "cyber czar" position he had long promised to create to shore up the nation's defenses against hackers and cyberspies. His pick: Howard Schmidt, head of the Information Security Forum, a non-profit cybersecurity research consortium.
But the last ten months weren't necessarily spent finding the perfect candidate for Obama's top cybersecurity job so much as finding someone willing to accept it.
At least three other candidates had been privately offered the position and turned it down, as Forbes reported in July. Cybersecurity industry watchers told Forbes at the time that was because the position had been stripped of much of its power in an effort to ensure that new cyber regulations didn't hamper economic recovery.
In a campaign speech at Indiana's Purdue University in July of 2008, Obama promised to "declare our cyber-infrastructure a strategic asset, and appoint a national cyber advisor who will report directly to me." In the year that followed, cybersecurity has only grown as a public issue following a steady drumbeat of foreign hacking incidents that have allowed foreign hackers to steal military information and breach the power grid.
But Schmidt will hardly report directly to Obama. Instead, according to a report that resulted from a 60-day government cybersecurity review ending in May, the cyber coordinator position will be "dual-hatted," reporting to both the National Security Council and the National Economic Council under Obama's economic advisor Larry Summers.
"It's not unreasonable that the NSC and NEC ( NIPNY - news - people ) both oversee the cyber czar's activities, but a powerful person may not want to be in that position," Alan Paller, the director of the security-focused SANS Institute told Forbes in July. "It's hard to work for two bosses."
Indeed, both Tom Davis, head of government affairs for consulting firm Deloitte, and Scott Charney, head of Microsoft's Trustworthy Computing division were both offered the position and turned it down. Cybersecurity insiders say that Paul Kurtz, who led the Obama transition team's cybersecurity efforts, was also privately offered the position and turned it down. In a February interview with Forbes, he argued that the position would require a "rock star:" a CEO, a former senator, or a former Secretary of Defense.
Howard Schmidt technically fits that description: In addition to his role leading the ISF, He's the chief executive of R&H Security Consulting and serves on the board of several security companies including PGP, Fortify, and BigFix. He's served as vice chair of the President's Critical Infrastructure Protection Board and as chief security strategist for the US CERT Partners Program under the Department of Homeland Security.
But given the Obama administration's difficulty in filling the role and the long line of candidates who preceded him, Schmidt may not have been chosen for his "rock star" status. He may have been the only qualified candidate left to ask.