North Dakota names new CISO to lead state’s broad cyber operations
The North Dakota Information Technology Department announced Thursday the hiring of a new chief information security officer as it continues to implement a new policy that will see the state government handling cybersecurity for all levels of government.
Kevin Ford, currently the CISO for CyberGRX, a Denver risk-management firm, will fill a vacancy left by Sean Wiese, who now runs North Dakota’s new Cyber Operations Center.
In an interview, North Dakota Chief Information Officer Shawn Riley said Ford, who starts Nov. 20, will play a key role in executing the state’s new cybersecurity strategy.
“He’s going to help us apply the whole-of-government strategy across what we lovingly call the ‘seven branches of government,'” Riley said. “We have the strategic authority. He will be helping us to operationalize the strategy.
Much of Ford’s work will involve the implementation of a law enacted last April that places ITD in charge of cybersecurity for all public-sector entities across the state, including local governments, schools, courts and the legislative branch. In signing the measure, Gov. Doug Burgum made North Dakota the first state in the nation to adopt a “whole-of-government” approach to information security.
The new practice includes ITD conducting vulnerability assessments for local governments — many of which were already using the state’s shared network, STAGEnet — and training hundreds of teachers on cybersecurity education. Riley said the assessments involve government organizations completing a survey, followed by a review by the state’s cybersecurity team, a process that’s expected to last through June 2020.
Riley said more than 2,400 teachers have also gone through cybersecurity training.
The top-down approach is also expected to encourage more local governments to join the state’s IT bulk purchasing plans, in particular a cybersecurity toolkit that Riley said can be obtained at the 250,000-user pricing level, which is far less than what a government entity buying it individually would pay.
“As far as we can tell it’s the most comprehensive cyber capacity across the country,” he said.
In a press release, Ford said North Dakota is “taking meaningful and important strides to enhancing its statewide information security posture.” Before working at CyberGRX, Ford worked for Genex Systems, a federal IT contractor that advised the National Institute of Standards and Technology on the development of its cybersecurity framework, as well as Deloitte, where he advised the U.S. House of Representatives and the U.S. Department of Health and Human Services. Ford has a master’s degree in cybersecurity policy from the University of Maryland.
On top of Ford’s hiring, the North Dakota government is on a cybersecurity hiring spree. The $14.3 billion two-year budget the state recently adopted expanded ITD’s full-time cybersecurity staff to 19, an 80 percent increase from the agency’s previous level.