Keith Tresh, a former state chief information security officer for California and one-time commander of the California Cybersecurity Integration Center, left retirement last week to take a new role as CISO for the State of Idaho.
A former U.S. Army colonel who also served as the CISO of Orange County, California, Tresh started in his new role with Idaho last Thursday, filling a vacancy created in April when Lance Wyatt stepped down.
Tresh told StateScoop he moved to Idaho in 2018 to begin consulting, with the idea of retiring from public service.
“It really wasn’t my cup of tea and I was missing being a civil servant, if you will, and serving the public and doing that kind of stuff because I’ve been a civil servant my whole life,” Tresh said. “So when this role came open I was like wow this is perfect because I enjoy being able to help people, because they’re really doing a lot of new things and doing some consolidation and so I really was attracted to the fact I might be able to help move this program forward and work for a professional like Jeff Weak.”
As state CISO, Tresh joins Idaho Information Technology Services, an IT division headed by department administrator Jeff Weak and Chief Information Officer Greg Zickau. Idaho Gov. Brad Little is currently directing a statewide “IT modernization” initiative that will consolidate eight initial agencies’ technology functions and personnel into ITS.
Tresh said the effort presents a chance to build partnerships between the technology agency and the other state agencies that rely on it to set IT security policy, protect their data and watch for upcoming threats.
“Instead of trying to be that overarching figurehead, I want to be out there helping those folks to do what they can and showing them and helping them mature their programs without being heavy handed,” Tresh said. “A lot of folks like to come in and try to be that zero to hero and I’m looking to just come in and help folks and get their priorities down and help them mature their programs within the state.”
In 2018, Idaho’s systems were compromised twice in three days, first when a tax commission employee clicked on a phishing link, exposing the personal information of 36 Idaho taxpayers. Hours later, websites operated by the state legislature and courts were compromised by an Italian hacking group. Last year, the state turned its attention to elections, when Idaho Secretary of State Lawerence Denney said he would hire a cybersecurity specialist to help safeguard the democratic process.
Tresh, who is also an adjunct cybersecurity professor at Boise State University, said that protecting the state’s critical data is of course important, but that initially his focus will be on people — forming relationships and creating a pipeline of talent the state can rely on. The Idaho state government competes with organizations like Boise-based Micron Technology and the U.S. Energy Department’s Idaho National Laboratory for fresh technical talent.
“I’m really looking forward to creating a close relationship with all the universities for not just education and awareness but workforce development, developing the new cyber warriors that we can get into state service and creating that bench of cyber professionals that really willing and able to come on to help the state in the future,” he said.
Tresh said he wants to attract more women and minority groups to technology fields to widen the state’s pool of potential candidates. In Idaho, a state with a population of just 1.75 million, meeting the demand for top cybersecurity talent is perhaps even more challenging than in more populous states, where officials likewise report difficulty filling out IT rosters.
“I want to stimulate diversity in our cyber workforce,” Tresh said. “I’ve taught IT and IT security for many, many years and I’m always seeing the female population in this career field is way small. And then when you look at the diversity of it, it’s getting better but that’s something you want to push for because there’s a lot of smart people out there and you want to give them the incentives to come in next.”