New Michigan Cybersecurity Leader Emphasizes Collaboration

Meet Chris DeRusha, Michigan's new chief security officer — a former White House adviser who has been working for the state for about a year. DeRusha got his start under CIO David DeVries, who has since stepped down.

by / February 15, 2019

Chris DeRusha, Michigan's new chief security officer, comes to the job with a strong resume.

A Boston-area native, DeRusha (pronounced De-Russia), 38, told Government Technology he spent most of his adult life in Washington, D.C., before relocating to Michigan with his wife, a native Michigander. According to his LinkedIn profile, DeRusha has a bachelor’s degree in international business and a master’s in national security policy studies. After a five-year stint as the associate of a business consulting firm in China, DeRusha was hired in 2009 by the U.S. Department of Homeland Security, first as a special assistant to the deputy secretary, then as a cybersecurity strategist and then advisor to the deputy under secretary for cybersecurity.

After nearly six years at DHS, he served as a senior cybersecurity advisor to the White House from 2015 to 2017. Then he went to Ford Motor Co. as an application security manager before joining the Michigan Department of Technology, Management and Budget in 2018. 

The state's CIO, David DeVries, stepped down Jan. 1, and DTMB spokesman Caleb Buhs said the state is conducting a nationwide search for his replacement.

DeRusha called Michigan’s cybersecurity outlook “pretty good,” commending the state’s centralized IT department as the best way to implement standard practices across other agencies. He also said Michigan is a state-level leader in the way it has organized specific teams in its security operations center, as well as in its security accreditation process which documents security requirements for every new project, a federal idea ported over by DeVries.

DeRusha said most states have robust security for their central agencies by now, but many are still working out the best ways to collaborate with local governments and private companies, and he believes Michigan has been forward-thinking on that front, too. Since about 2013, DeRusha said, he has been conducting monthly “CISO kitchen cabinet” meetings, involving a brain trust of about 40 CISOs or similar titles from Michigan companies and local governments who convene a few times a year to share best practices and information.

Between that, the Michigan State Police and the National Guard’s local resources, DeRusha said his task will be building around the strong core of cybersecurity already in place.

“It’s really about strengthening the whole ecosystem,” he said.

He pointed to one of DTMB’s leading initiatives in 2017, the Michigan Cyber Civilian Corps of about 100 volunteer experts, as evidence this is already underway.

“The concept there is, in a time of emergency, you can deploy these resources to the under-resourced to ensure that, if a local municipality is delivering an essential service or has a public utility, and they don’t have the resources or knowledge to get back up … these are some professionals who can do that,” he said.

Andrew Westrope Staff Writer

Andrew Westrope is a staff writer for Government Technology. Before that, he was a reporter and editor at community newspapers for seven years. He has a Bachelor’s degree in physiology from Michigan State University and lives in Northern California.