Defense Agenda: A Week In The Life Of Kentucky CHFS CISO Dennis Leber
My week starts around 4:30 a.m. Monday with some yoga, a cup of coffee, breakfast, then reviewing emails, security news and posting to my blog.
At the Cabinet for Health and Family Services (CHFS) for The Commonwealth of Kentucky, we provide all the social services that a citizen requires. This includes food assistance, healthcare, adoption assistance and child support, just to name a few. The Commonwealth has 120 counties and we operate in all of them.
Due to the nature of our services, we are also subject to every federal regulation, law and rule ever dreamed of, which includes HIPAA, HITECT, IRS, SSA, PCI, FTI and state regulations. CHFS has hundreds of in-house developed applications and remote workers, plus it collects and shares all types of data, works with vendors and collaborates with other government agencies.
A typical week in the Security Office involves identifying and reducing risk, providing recommendations in developing and implementing security controls, leading DevSecOps, security assessment testing, compliance, governance, IT audit(s), vendor management, risk management, incident response, security awareness, policy management and serving as a trusted advisor to business areas.
My role requires that I lead by example and provide executive-level security leadership to the business and the team. I found success and respect as a C-level leader through setting strategy that is obtainable, aligns with the business, provides value and reduces risks. This is amplified by building relationships and approaching every task with a customer service mindset.
The greatest success comes from remaining mindful, seeking continuous improvement, having fun, building a talented staff, empowering them and supporting them. Pair this with innovation and it is hard to go wrong.
“No” is not in our vocabulary; we work with our business partners in developing the best possible security solution while reducing risk and meeting the mission.
Other items from “a week in the life of” include meetings (they never go away), responding to incidents, working on administrative items (paperwork), looking for improvement opportunities, weekly security awareness newsletters, staff training and tracking projects and initiatives.
A current project our team is engaged in is a “1115 waiver enhancement” that stands to serve as the template for healthcare reform for the rest of the nation.
Working as a CISO is the most rewarding role I have ever had. The ability to improve security for the citizens of my state, and the state enterprise, is one thing that makes me excited to come to work. My team and peers motivate me, and the fact that we have a positive impact everyday invokes great joy in my career.
The joy of my week as a CISO stems from knowing every day I can have a positive impact on my organization, my staff and myself. Every week I learn, and every week I work at bettering myself, my knowledge and my skills. I leave you with one of my favorite sayings:
"Disce quasi semper victurus vive quasi cras moriturus." Or, “learn as if you're always going to live; live as if tomorrow you're going to die.”
Be Sure To Check Out: 'Security Is A People Problem': Q&A With Awake's Gary Golomb