Washington CISO to leave state government
Washington State Chief Information Security Officer Vinod Brahmapuram plans to leave state government for a private-sector role at the end of the month, he told StateScoop Monday.
In a phone interview, Brahmapuram, who’s held the job since October 2019, declined to name his new employer, but described it as a global Fortune 500 company with a large state, local and education practice, in which he’ll work as a senior director for security practices.
During his two-and-a-half years in Olympia, Brahmapuram oversaw several cybersecurity initiatives, including the implementation of at least five enterprisewide technology implementations, as well as a centralization of network security services.
“What I’m very proud of is the change we were able to bring overall,” he said. “What we did is we came together and really started looking at how the threats are evolving. One thing I was keen on is how do we take a threat-centric approach.”
Brahmapuram, who moved to Washington after a few years with the State of South Carolina, said that before to his arrival, there hadn’t been much discussion among state government leaders of cyber risks and threats.
“Washington always wanted to be a leader in the nation,” he said. “What are the objectives we have to focus on? Prior to me, there wasn’t a group coming together and and having those conversations, understanding the business, the risk, the threats.”
Brahmapuram said this heightened collaboration led to the adoption of several new technologies, including endpoint detection and vulnerability management tools, in windows of time that he said were much shorter than what most state governments face.
And for the past year, much of his attention has focused on carrying out a law centralizing Washington’s cybersecurity efforts under a single office headed by the CISO. That legislation, which Gov. Jay Inslee called for amid the fallout of a major data breach in the state auditor’s office, granted statutory authority to Washington Technology Solutions’ Office of Cybersecurity to set governmentwide standards and conduct regular compliance reviews of agencies.
“These are very critical components for building the right level of support,” Brahmapuram said.
Like countless other government officials over the past two years, Brahmapuram’s tenure was also largely defined by the COVID-19 pandemic, with Washington recording the first U.S. cases in late January 2020 — “Within four months after I started,” he said.
But he said the pandemic also presented opportunities to accelerate long-desired goals to upgrade technologies and revise processes.
“There are things I identified way before the pandemic that had to be done in Washington,” he said. “We accelerated because the needs changed.”
Brahmapuram’s last day with the state is March 31. The state’s chief information officer, Bill Kehoe, will serve as acting CISO while the state undertakes a nationwide search for a successor, officials said.
Brahmapuram said that in taking a private-sector job that works with state officials, he hopes he’s “not going to miss anything” about public service, though he did acknowledge he won’t have as much of a direct impact on Washingtonians’ lives.
“What’s been near and dear to my heart is knowing what we do has an impact directly on the people we serve,” he said. “The challenges we see in front of us, they’re not going to disappear. Security is a method to protect services so they reach the people who need those services.”