The Public Eye with Eric Chabrow

Pros, Cons of the Politically Appointed State CISO

Pros, Cons of the Politically Appointed State CISO

2010 is a big gubernatorial election year - 39 governorships are up for grabs - and at least 25 states will have a new chief executive come January. And, some of those states will be getting new chief information security officers as well. That's because in some states CISOs are political appointees, and their job security depend on who resides in the executive mansion.

No one, as far as I can tell, tracks the number of states with politically appointed CISOs. But already this year two highly visible politically appointed CISOs - California's Mark Weatherford and Colorado's Seth Kulakow - have moved on. Indeed, Kulakow cited the political nature of his job as a major factor in his resignation, saying he couldn't be fair to his family not knowing if the new governor would retain his services.

It's a factor Marilu Goodyear can appreciate. Goodyear is a professor of public administration at the University of Kansas - herself the university's former chief information officer - who co-authored a recently released survey of state CISOs. (My interview with Goodyear will be posted soon.) I asked her about the advantages and disadvantages of being a politically appointed CISO. On the plus side, she said:

"There's certainly a big pro in being a political appointee in the sense that you are that governor's person, and your access to the governor. Your ability to use that bully pulpit to help accomplish what you're trying to accomplish is certainly increased if you're that person's person, and if you're part of that political team."

On the other hand, Goodyear said:

"If you are not a political appointment, it's potentially easier to work with some of the agency heads because you might be there longer, be able to establish credibility with those agencies heads and to be somewhat independent of the political changes that are taking place; there's really an advantage of having that type of position as well."

One thing seems certain: the quality of a CISO, as a general rule, has nothing to do with political affiliations.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.