‘Going to a gunfight with a stick’

Tech conferences are littered with reminders that cybersecurity is a “team sport,” but during the National Association of State Chief Information Officers annual conference in Seattle last October, Washington CISO Vinod Brahmapuram offered up a deadly comparison, telling attendees that if their organizations aren’t committed and equipped with better tools and strategies, they risked finding themselves outgunned by malicious actors.

“If we are not united and don’t have robust solutions, can we be in the fight?” he said. “Are we going to a gunfight with a stick? I think we have been for a long time.”

Brahmapuram said that at the tail end of a talk on the direction of state governments’ cybersecurity policies. His own state this year began a statewide consolidation of information security operations, following a software vendor’s breach that affected more than 1.6 million people. When the process is complete, Brahmapuram will be responsible for setting standards that agencies would be required to follow, issuing annual compliance certifications and being the main point of contact for local governments seeking the state’s help.

“The purpose of cybersecurity has to move from doing the basics to protect to creating a community outcome where people know they’re safe,” he said at the event.