Michael Gregg, a longtime cybersecurity practitioner who’s been the serving director of cyber operations for the State of North Dakota Information Technology Department, was named Monday as the state’s new chief information security officer, state Chief Information Officer Shawn Riley said.
Gregg, who’s worked in and out of the public sector over a two-decade career, is taking over for Kevin Ford, who stepped down in September to become CISO of the mapping software company Esri. According to state officials, Gregg has extensive experience conducting risk assessments and security audits, and has also published 25 titles on IT and information security. He had been serving as interim state CISO in the weeks since Ford’s departure.
“North Dakota is leading the nation in cyber defense with a whole-of-government approach, and Michael will ensure that we continue to expand our capabilities to make safe the data of every citizen and resident,” Riley said in a press release. “He continues to be a great asset to our team by assuming this new role and we are looking forward to the growth of the cybersecurity team under his leadership.”
North Dakota, with a population of about 780,000, takes a top-down approach to public-sector cybersecurity and risk management, with the statewide IT department responsible for the entire public sector, including local governments, schools, courts and the legislative branch.
In the press release, Gregg said he will begin his tenure by focusing on the “basics,” like endpoint protection, vulnerability management, third-party risk management and user awareness training.
Gregg’s appointment is one of several recent leadership changes at North Dakota ITD. The agency recently named a new chief data officer and chief customer success officer, a role focused on user experience.