Anupam Srivastava, CISO of Ohio

What are the lessons from the pandemic you think will stick?

The coronavirus has been very transformative, for normal people and businesses. The state was not set up for any sort of remote work before. We looked at the kind of controls we’d need to implement to get the state workforce remote and secure. I think people have shown they can work remotely. It’s definitely something they’ll demand. It also gives the state a little bit of flexibility in recruiting the right talent. Before we were looking at people who could be in central Ohio. The option to work remotely, we’ll have to be competitive.

What does that mean in terms of tools, resources, things you’ll need to invest further in to give people that flexibility while they’re working securely?

Initially it was going to be three weeks. Then it went to six months. Here we are a year later. I think we’ve already tooled up sufficiently, distributed laptops to people. Initially, everyone had the option of using their home machines, but that was the thought when we thought this would be a narrow time frame. As things went month by month, we did end up getting a lot of laptops to distribute to our staff with configurations and tools so we could do remote monitoring and have the right endpoint protection. So I don’t think we’re going to miss a beat whether they’re coming back or continuing to work remote.

What are the big cybersecurity risks government leaders should think about the most?

Cybersecurity is all about risk management, right? So how much risk is the state going to tolerate? Because of the amount of sensitive data the state maintains, the answer is often a lot. It’s very important for us to continue to ensure we have the right controls in protecting that data.