Cybersecurity is government IT's number one priority, and its importance is only growing. So who are the people charged with protecting government's information? We gathered data on 158 state CISO terms to find out.
We know that a new governor usually means a new CIO, but what does it mean for the CISO?
As it happens, CISOs are much more sheltered from the political winds — it's when there's a new CIO that a CISO is more likely to leave.
To get a better look at those dynamics, we calculated the "survival rates" when a new governor or CIO takes office — in other words, how often does a CISO stick around when there's a new leader?
We found that CISOs are about twice as likely as CIOs to stay put when there's a new governor, though that number does change depending on whether the governor's seat has changed parties. But whereas CISOs stay in the job 68 percent of the time when a new governor comes in, they only stay 57 percent of the time when a new CIO comes in.
We also found that the average tenure of a state CISO is three years and 10 months.
The longest-serving CISO we found was Agnes Kirk, who led cybersecurity for the state of Washington for 13 years, from 2005-2018. The shortest-serving CISO was Nicholas Andersen, who was in that role with the state of Vermont only nine months from December 2018 to August 2019.
Since this article was first published in the magazine, another state CISO has also left after about nine months: Ronald Buchanan of Washington.