Seattle CISO announces retirement

Andrew Cushman, Seattle’s citywide chief information security officer since 2019, announced last week that he plans to retire later this year.

In a LinkedIn post, Cushman wrote that he will be hiring and training a replacement to take over IT security for the roughly 10,000-employee city government when he steps down in the third quarter of this year.

Cushman joined the city government in August 2019, following nearly two decades as a security director at Microsoft, including several years with the tech giant’s video-messaging subsidiary Skype. He was brought on not long after his predecessor as CISO, Andrew Whitaker, disclosed to city IT leaders that there were roughly 21,000 unpatched “critical” vulnerabilities on systems across Seattle’s 37 municipal agencies. Those holes were discovered as a result of Seattle’s IT consolidation process, though it fell to Cushman to close them.

“I worry about all of them,” Cushman told Crosscut, a Seattle news website. “Whether that number is 21,000 or whether that number is 10 depends on the attacker and how skilled that attacker is and how motivated that attacker is.”

Cushman has otherwise kept a low profile as CISO, though last October, he was one of the first city cybersecurity chiefs to join the new Coalition of City CISOs.