CISO Compass: One-WaTech approach to security services

In my interim role as the state Chief Information Security Officer, I wanted to touch base on our efforts to improve and maintain our cybersecurity posture.

The Office of Cybersecurity (OCS) is an essential division within WaTech and provides critical enterprise security services to the state and our agency partners. However, like any enterprise service WaTech provides the state, OCS cannot operate or be effective in a silo. It is important to take a One-WaTech approach to OCS and our security services.

What does that look like? It means everyone at the agency is pulling together, bringing the collective expertise, experience and skills needed to improve WaTech's security posture as an agency and assist OCS in assessing and improving statewide enterprise security services.

A good example is the collaboration between WaTech's OCS and the Network Services teams in developing an architecturally sound distributed denial-of-service (DDoS) solution that meets the needs of the state both near term and long term as state agencies adopt more cloud solutions. Also, in the effort to improve and streamline the Security Design Review process, executive leadership and multiple teams - including representation from the Office of Privacy and Data Protection, Enterprise Architecture and OCS - are invested in making the process work better for the state and will own and be accountable to the result.

We can't be successful in securing the state infrastructure and protecting our residents' data without working together in our agencies and as a community. I've been impressed by the energy shown by our agency partners in the new Enterprise Security Governance committee to develop policy and strategy and make decisions that serve the state.

I'm looking forward to working with all of you all to address and improve our state security posture.

Bill Kehoe

State CIO and acting state Chief Information Security Officer