Aaron Call, a Minnesota Information Technology Services (MNIT) executive, has been named interim chief information security officer (CISO) as the state’s first-ever CISO Chris Buse returns to the Office of the Legislative Auditor (OLA).
MNIT made the announcement on Tuesday, Nov. 7 via news release, pointing out Call’s background in IT, the law and criminal justice which leave him “uniquely positioned” to implement enterprise security architecture for the state.
Buse, who is poised to become deputy legislative auditor for OLA’s financial audit division, must first be confirmed by the state Legislative Audit Commission. If successfully confirmed, he’ll transition to his new position at the end of November, a MNIT representative said in an email to Government Technology. As a 19-year former OLA executive, his return to the agency appears likely.
Call, pictured at left, has been the director of information security for MNIT since September 2014 according to his LinkedIn profile, managing the Enterprise Security Office and a cybersecurity team that fends off more than 3 million attempted cyberattacks per day.
State Chief Information Officer Thomas Baden said Call has already been a “tremendous asset to the state,” adding: “State systems and Minnesotans’ data are increasingly under attack, and those attacks are growing more sophisticated.”
Buse, who became CISO in June 2007, agreed Minnesota has to be “vigilant and nimble” to counter ongoing attempted cyberattacks. The state, Buse said, is in “great hands” with Call. “His expertise and dedication fully equip him to move the state forward as we work together to protect all Minnesotans,” Buse said.
As the state’s inaugural CISO, Buse was instrumental in forging its strategic plan and vision, guiding cybersecurity and developing state-of-the-art threat intelligence capabilities. A MNIT representative said his leadership "built the cybersecurity foundation for the state."
Buse also helped spearhead consolidation of Minnesota executive branch IT under the CIO, following passage of the 2011 IT Consolidation Act.
The consolidation, which began in late 2011, has met its primary goals of “consolidating people, dollars and assets, delivering cost-savings and improving efficiency,” the state said in a report earlier this year. As of 2016, the consolidation had also yielded a cost avoidance of $60 million.
MNIT, officials said, has fully consolidated staff and resources and has achieved a more than 90 percent financial consolidation. Its plans for the next five years are to achieve full financial consolidation, allowing it to begin building “centralized records of technology investments,” directly manage and monitor costs and anticipate needs and future demand.
In the months and years ahead, the department intends to invest in modernization, which will include increased cloud migration and other infrastructure updates.
The report’s authors called these plans “a fundamental necessity to building a digital government that is responsive to citizen needs and secure by design.”