(US and Canada) Kirk Herath, Cybersecurity Strategy Advisor at the Office of the Governor, State of Ohio, speaks with Jenna Fullenkamp, Senior Account Executive at GuidePoint Security, in a video interview about his role and responsibilities, his experiences as a teacher, and the need for cybersecurity capability and maturity assessment.
According to Herath, Ohio's capabilities in the space excited him, and his post-retirement role was the perfect match after 35 years of service. He had been the chairman of the CyberOhio Advisory Board and was already in contact with the state administration.
Sharing his experiences as a professor, Herath says he tries to bring practicality to the classroom, bringing students closer to real-world decision-making. He says that just like there is no perfect cybersecurity, he tries teaching students that there is no perfect answer and they need to move their organization forward.
A baseline assessment of a company's cybersecurity is fundamental, Herath continues. The State of Ohio has a wide range of cybersecurity capabilities, and the first step was to hire an independent third party to provide a high-level maturity assessment. It provided visibility which led to an array of projects.
As a part of the assessment, Herath’s team is building a GRC (Governance, Risk, and Compliance) function that will constantly assess and provide visibility to the senior management.
When asked how he aligns and brings in resources, Herath says that government procurement differs from the private sector. The private sector can hire any consultant or contractor, but the state requires a lengthy RFP or will work with vendors already doing business with the state.
Concluding, he says that while procurement is somewhat constricted in the government space, it is very transparent.
CDO Magazine appreciates Kirk Herath for sharing his insights and data success stories with our global community.