CISO Vincent Hoang on Cybersecurity in Hawaiian Government - Government Technology
When most people mention Hawaii, thoughts of vacations, beaches and tropical island fun come to mind.And yet, Hawaii, like the rest of the world, is not immune to cyberattacks impacting the military, governments, businesses, residents and visitors.Indeed, a Civil Beat headline this week reported “Hawaii Officials Are Making A Cybersecurity Push To Keep Federal Contracts Flowing.” Here’s an excerpt:“Recent cyberattacks on businesses and infrastructure around the country have lent new urgency to a series of cybersecurity projects Hawaii has in the works to help local businesses and nonprofit groups maintain federal contracts by complying with stricter guidelines.“The changes could mean major adjustments — and significant costs — for some organizations that have benefited from the large military presence in the islands.”Hawaii’s state government cyberdefense efforts are led by Vincent Hoang, who became the chief information security officer (CISO) in December 2016. Vincent, who generally goes by Vince, has an impressive LinkedIn profile, with extensive public- and private-sector experience. He holds CISA, CISM, GIAC and CISSP certifications.Anyone who speaks with Vince for more than a few minutes will quickly learn that he is both humble and very smart. He has a great grasp on all aspects of his government cybersecurity roles, and he clearly has a plan that he follows.Needless to say, I have been very impressed with Vince, as I was with his Hawaii CISO predecessor Arnold Kishi, whom I knew well while I was Michigan CSO.You can get a sense of Vince Hoang’s communication style in this YouTube video for the Hawaii Information and Communications Technology Association (HICTA) Conference. The video is a few years old, but shows his extensive knowledge on a range of network and security topics:Interview Between Dan Lohrmann and Hawaii CISO Vince Hoang
Dan Lohrmann (DL): Tell us about your Hawaii role as CISO. How does the governance work in Hawaii government?Vince Hoang (VH): I’ve had the privilege and honor to serve as the state of Hawaii’s CISO for more than four years. Our Office of Enterprise Technology Services provides IT guidance and strategic direction to the state. In addition, we support enterprise-wide systems such as the network that connects departments to the Internet and Microsoft Office 365. We’re a hybrid federated environment where departments individually have their own IT staff and operate over some common shared infrastructure. Regardless of where the lines of authority are drawn, it’s vital that we build strong relationships and support each other as one team to share our limited resources more effectively.DL: Tell us about a few of the top challenges you’ve faced in 2020-2021 in Hawaii regarding technology and cybersecurity as a result of COVID-19. How did you overcome those issues?VH: Like many organizations, we needed to quickly adapt to a teleworking environment. Fortunately, we had an existing mobile workforce strategy and many technology components were already in place. COVID-19 served as a “digital kerosene,” accelerating massive adoption of telework-enabling technologies. The top challenge was the pace and how quickly we could stretch the team to support the demand for telework. Technologies that greatly enabled productivity included electronic signatures and web conferencing. Security technologies enabled to protect our infrastructure included endpoint detection and response, multi-factor authentication, and virtual desktop infrastructure.DL: How big is the shortage of cyber talent in Hawaii? Are you finding the right people to fill key vacancies? If so, how?VH: Finding and retaining talent isn’t easy anywhere. Adding in the high cost of living only compounds the challenge. Whether new to the workforce or changing careers, we recruit people with diverse backgrounds, good attitudes and a great curiosity to lean into entry-level positions. We partner with local university programs to build pathways into state government through internships. We’ve been very fortunate to build the team that we have today, offering staff new challenges to keep them motivated to build the skill set and self assurance to “level up.” What’s bittersweet with this model is it can lead into larger and broader opportunities outside of the state. Maintaining the pipeline is critical to the success of this approach.DL: Describe your resource situation. Is funding/budget a significant problem right now?VH: Funding is scarce in state government. Our leadership recognizes the value of cybersecurity, so we’ve received support for reasonable funding from the executive and legislative branches. The key to maintaining that trust is to ensure that we’re able to execute on our priorities. Delivering results provides future opportunities to make requests.DL: What are your top cyber project priorities for 2021-22? VH: Top cybersecurity-related projects include: 1) improving our coverage of the CIS Controls; 2) expanding identity and access management within the departmental applications and systems; and 3) enhancing our incident response capabilities through continued simulated phishing exercises to end users, tabletop exercises to IT staff, and periodic cabinet and legislative-level briefings.Thank you for the opportunity for me to collect and share some thoughts.DL: Thank you Vince for taking the time for this interview. I certainly wish you the best of success in your cybersecurity work for the state of Hawaii.