IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Mike Watson

CISO, Virginia

Mike Watson, Virginia CISO
Government Technology/David Kidd
Mike Watson’s 12 years as Virginia’s CISO have seen him through several CIOs, COVID-19 and the Colonial Pipeline ransomware incident. He’s overseen state defenses as hackers became increasingly sophisticated, resourceful and impactful, and as the spread of connected devices increased the attack surface.

Virginia went from thinking it could detect and block every attempted compromise to realizing the threat was too big and that it must be ready to respond and rebound. Watson helped evolve the state’s defense and resiliency approach, including adopting sophisticated, machine learning-powered suspicious activity analysis tools; automated response systems; updated training; and other new strategies.

When Watson kicked off his career, Virginia was focusing heavily on the confidentiality piece of the fundamental cybersecurity triad of confidentiality, integrity and availability. The state strengthened its approach to protecting sensitive data and responding appropriately should any be exposed. Then ransomware’s rise prompted increased efforts around availability. That included looking at how to maintain operations during system disruption and recover after such an attack.

Now the advent of AI-powered phishing and deepfakes is putting new focus on integrity. Generative AI’s emergence turned the state’s employee phishing detection training outdated “in minutes,” and Virginia is now looking to develop new training. Keeping everyone informed as threats rapidly evolve can be one of the most challenging, but impactful, parts of the job.

Being a CISO is also about relationships and understanding others’ needs. Cybersecurity must avoid being seen as an obstacle to other agencies, which, in their frustration, might seek workarounds to security restrictions, Watson said. As such, when the cyber team deems a proposal to be too risky, it aims to be ready to suggest alternative approaches.

Watson is also deputy CIO and spent a period as acting CIO. That’s given him insight into the budget constraints CIOs face and helped him understand how to position cybersecurity needs within the context of the bigger IT picture.

This story originally appeared in the May/June 2024 issue of Government Technology magazine. Click here to read the full digital edition online.
Jule Pattison-Gordon is a senior staff writer for Governing and former senior staff writer for Government Technology, where she'd specialized in cybersecurity. Jule also previously wrote for PYMNTS and The Bay State Banner and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.