I'll Do it!

I am a total jerk when it comes to security. I would be perfect for the job. Once when working with an ex-military type and setting security for a key retrieval system he commented "we don't even secure launch codes that well, what are you trying to protect?" to which I replied "nothing, it's just the best way". I am just a trust no one and have witnesses kinda guy ;)

If POTUS wants me he knows where I am.

Intentional delay?

Make no mistake, the delays in filling these positions are manufactured (as are the qualifications for those who are appointed). The goal is to allow a large infrastructure attack as the pretext for increasing our surveillance society. You think the Patriot Act was bad, just wait until they unveil the TCP/IP Act (Take Control of Packets/Internet Pwnage Act).

Mine's the one with the ham packet radio in the pocket.

Failure

He couldn't even secure his own campaign's - brand new - webservers, with the result I (and presumably many others) received spam sent through his unsecured mailer CGI. His campaign wasn't bound by Congressional oversight, Inspector-General audits or anything of the sort, and didn't even have multi-year-old legacy systems to integrate, just their own web content. I suspect his team was just too seduced by "ooh, shiny!" syndrome, plugging their stuff into Facebook, Twitter and whatever else they could find, rather than tending to the basics of running the website competently.

I don't think yet another "czar" would help, though. Proper, fully authorised and monitored, pen-testing (maybe by DHS or the NSA, they should know a thing or two about it) with published reports ("name and shame") and deadlines for vulnerabilities to be patched, perhaps.

That or just take the shiny toys away from the departments which can't be trusted with them. Did his campaign really need a ready-made spambot backdoor for people to email each other with, rather than using a proper email client like everyone else? How many more unsecured CGIs (or equivalent) are lurking out there on .gov servers waiting to be exploited, which could just be deleted without anyone really losing out?

@AC 20:07

Umm... Sorry to burst your Hate Bush bubble, but Hathaway was the person who launched Bush's cyber-security initiative. Kwon accepted her role in June of 2008. Based on your quote,

"At least these people didn't sit on their rear end to play politics for a couple of years which makes a change."

It looks like Bush was the one making the right decisions. And it looks like in THESE cases, they were all too willing to "give up their power without a fight, regardless of how much it continues to hurt US credibility."

Knowing that in advance, I am sure your comment would have gone quite differently. Probably something along the lines of "These former bushites knew that they weren't going to be able to play the same games they did under Bush's empire, so got out before they were forced out." Too late to play that card after you just complimented them though.

May take another incident

Unfortunately, it may require a real security incident before a position like this is granted the funding and authority necessary to keep people around, e.g., a power outage, stock exchange DoS, disabled flight control system cag, etc. Usually reactive, not proactive, the price of politics