Vermont's New CISO Comes with Years of High-Level Experience

The state has tapped Nicholas Andersen, a 12-year industry veteran who has helped with cybersecurity work in partnership with a number of U.S. military organizations. Andersen took over the role earlier this month.

by / December 19, 2018
Shutterstock/Felix Lipov

Vermont has hired Nicholas Andersen, 12-year cybersecurity veteran who has worked with a number of U.S. military organizations, as the new chief information security officer for the Agency of Digital Services.

Andersen’s experience in cybersecurity has a homeland security bent. He most recently served as vice president for Invictus International Consulting LLC, as well as co-founder of Pueo Business Solutions LLC. Since assuming that role in 2017, Andersen has participated in cybersecurity partnerships with a wide range of government groups, including the Defense Intelligence Agency, the Federal Aviation Administration, the U.S. Department of Homeland Security, the U.S. Army, the Coast Guard, and the U.S. Marine Corps Forces Cyber Command.

Andersen has also received accolades for his work. This year he received the U.S. Government Information Security Leadership Award in connection with incident response, penetration testing and other risk assessment services conducted across the federal government. Before his recent stint with Invictus, Andersen was chief information officer and senior cyber-risk executive for U.S. Naval Intelligence, as well as for the U.S. Coast Guard Intelligence.

He started work this month, taking over the job from interim CISO Scott Crabtree, who will remain part of Vermont’s cybersecurity team.

Perhaps the biggest project for Andersen moving forward will be the Vermont Security Operations Center (SOC), which is being built via a public-private partnership with Norwich University. The center is a concentrated effort by the state to combat and reduce cybersecurity risks. It will also help educate Norwich students by providing hands-on experience involving real threats and new cybersecurity technologies. The center is expected to be fully operational in the spring.