Winner: Mark Weatherford, CISO, office of information security, state of California
California government is a vast organization employing 225,000 people distributed across more than 130 agencies, departments, offices and boards. With the establishment of the office of information security, under the leadership of Mark Weatherford, there has been renewed emphasis on protecting the state's enterprise IT assets through a centralized, focused, action-oriented security program. Weatherford developed and manages a strong security team – a Herculean feat in the decentralized bureaucracy of California government – through a combination of personal leadership, enterprise policy guidance and operational outreach and training. One example of how he forged a sense of teamwork among California's 128 ISOs is the enterprisewide security policy refresh. The results of this project standardize security policies across California. The collaboration implicit in this project began a migration in the state from a collection of individuals carrying out their missions to a group of professionals focused on enterprise security.
Prior to the appointment of Weatherford as California's CISO, the state government's business lines approached information security in a decentralized fashion. An integral part of Weatherford's effort in California is managing the cultural change necessary to transfer from an ad-hoc to an enterprise organization. Weatherford pursues a strategy to facilitate this change by gaining the trust and sponsorship of business and IT executives throughout the state. One example of this sponsorship is the May 2009 Governor's Reorganization Proposal (GRP). The reorganization, proposed by Gov. Arnold Schwarzenegger and approved by the legislature, folded the CISO position and office of information security into the office of the state chief information officer. Weatherford was integral in the planning and negotiations that ensured that placement, a clear sign to California's business leaders of the importance the governor is placing on information security.
Weatherford proselytizes for information security within and outside of California state government – promoting the CISO as an enterprisewide position with over-arching security responsibilities – while heightening the profile of information security across government.