IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New Michigan Cybersecurity Leader Emphasizes Collaboration

Meet Chris DeRusha, Michigan's new chief security officer — a former White House adviser who has been working for the state for about a year. DeRusha got his start under CIO David DeVries, who has since stepped down.

Chris DeRusha, Michigan's new chief security officer, comes to the job with a strong resume.

Chris DeRusha
A Boston-area native, DeRusha (pronounced De-Russia), 38, told Government Technology he spent most of his adult life in Washington, D.C., before relocating to Michigan with his wife, a native Michigander. According to his LinkedIn profile, DeRusha has a bachelor’s degree in international business and a master’s in national security policy studies. After a five-year stint as the associate of a business consulting firm in China, DeRusha was hired in 2009 by the U.S. Department of Homeland Security, first as a special assistant to the deputy secretary, then as a cybersecurity strategist and then advisor to the deputy under secretary for cybersecurity.

After nearly six years at DHS, he served as a senior cybersecurity advisor to the White House from 2015 to 2017. Then he went to Ford Motor Co. as an application security manager before joining the Michigan Department of Technology, Management and Budget in 2018. 

The state's CIO, David DeVries, stepped down Jan. 1, and DTMB spokesman Caleb Buhs said the state is conducting a nationwide search for his replacement.

DeRusha called Michigan’s cybersecurity outlook “pretty good,” commending the state’s centralized IT department as the best way to implement standard practices across other agencies. He also said Michigan is a state-level leader in the way it has organized specific teams in its security operations center, as well as in its security accreditation process which documents security requirements for every new project, a federal idea ported over by DeVries.

DeRusha said most states have robust security for their central agencies by now, but many are still working out the best ways to collaborate with local governments and private companies, and he believes Michigan has been forward-thinking on that front, too. Since about 2013, DeRusha said, he has been conducting monthly “CISO kitchen cabinet” meetings, involving a brain trust of about 40 CISOs or similar titles from Michigan companies and local governments who convene a few times a year to share best practices and information.

Between that, the Michigan State Police and the National Guard’s local resources, DeRusha said his task will be building around the strong core of cybersecurity already in place.

“It’s really about strengthening the whole ecosystem,” he said.

He pointed to one of DTMB’s leading initiatives in 2017, the Michigan Cyber Civilian Corps of about 100 volunteer experts, as evidence this is already underway.

“The concept there is, in a time of emergency, you can deploy these resources to the under-resourced to ensure that, if a local municipality is delivering an essential service or has a public utility, and they don’t have the resources or knowledge to get back up … these are some professionals who can do that,” he said.

Ben Miller is the associate editor of data and business for Government Technology. His reporting experience includes breaking news, business, community features and technical subjects. He holds a Bachelor’s degree in journalism from the Reynolds School of Journalism at the University of Nevada, Reno, and lives in Sacramento, Calif.
Special Projects
Sponsored Articles
  • Sponsored
    Smart cities could transform urban living for the better. However, in order to mitigate the risks of cyber threats that can be exacerbated by inadequately secured and mobile edge computing (MEC) technologies, government officials should be aware of smart cities security concerns associated with their supporting infrastructure.
  • Sponsored
    How the convergence of security and networking is accelerating government agencies journey to the cloud.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.
  • Sponsored
    Five Key Criteria for Selecting the Right Technology Solution for Communications and Notifications