Meet Chris DeRusha, Michigan's new chief security officer — a former White House adviser who has been working for the state for about a year. DeRusha got his start under CIO David DeVries, who has since stepped down.
Chris DeRusha, Michigan's new chief security officer, comes to the job with a strong resume.
After nearly six years at DHS, he served as a senior cybersecurity advisor to the White House from 2015 to 2017. Then he went to Ford Motor Co. as an application security manager before joining the Michigan Department of Technology, Management and Budget in 2018.
The state's CIO, David DeVries, stepped down Jan. 1, and DTMB spokesman Caleb Buhs said the state is conducting a nationwide search for his replacement.
DeRusha called Michigan’s cybersecurity outlook “pretty good,” commending the state’s centralized IT department as the best way to implement standard practices across other agencies. He also said Michigan is a state-level leader in the way it has organized specific teams in its security operations center, as well as in its security accreditation process which documents security requirements for every new project, a federal idea ported over by DeVries.
DeRusha said most states have robust security for their central agencies by now, but many are still working out the best ways to collaborate with local governments and private companies, and he believes Michigan has been forward-thinking on that front, too. Since about 2013, DeRusha said, he has been conducting monthly “CISO kitchen cabinet” meetings, involving a brain trust of about 40 CISOs or similar titles from Michigan companies and local governments who convene a few times a year to share best practices and information.
Between that, the Michigan State Police and the National Guard’s local resources, DeRusha said his task will be building around the strong core of cybersecurity already in place.
“It’s really about strengthening the whole ecosystem,” he said.
He pointed to one of DTMB’s leading initiatives in 2017, the Michigan Cyber Civilian Corps of about 100 volunteer experts, as evidence this is already underway.
“The concept there is, in a time of emergency, you can deploy these resources to the under-resourced to ensure that, if a local municipality is delivering an essential service or has a public utility, and they don’t have the resources or knowledge to get back up … these are some professionals who can do that,” he said.
Never miss a story with the daily Govtech Today Newsletter.