Image courtesy of the city and county of Denver
His appointment as CISO in October followed Denver’s move to split the chief data and information security officer position, formerly held by Ashley Bolton, into two distinct roles: CDO and CISO. At the time, an official told Government Technology that the split was intended to reflect Denver’s prioritization of data and security.
Namuth came to Denver with more than 25 years’ cybersecurity experience at various-sized entities, primarily in the private sector. He argued this experience helped him see how to balance security needs with an organization's unique requirements. His experience working in different environments, the CISO said, gave him valuable knowledge that he will use in Denver to mature its cybersecurity program.
His top priority now is to learn the systems and programs currently in place and identify gaps in security that may exist. Namuth is charged with providing cybersecurity support across all 55 of Denver’s agencies, so he is working to build relationships with the people in those agencies to understand the services they provide and security needs that must be addressed.
While forging these connections, Namuth said it is important to frame security risks in the language employees speak. For example, when emphasizing the role of security for employees managing Denver utilities, framing the conversation on risks around how water distribution could be impacted will enhance understanding of security’s importance.
Ensuring employees are educated about how to protect themselves against threats can pose a challenge for a government, as they play a significant role in its security posture. Denver recognizes this by having a robust security awareness program in place for employees. Among other long-term goals, Namuth is hoping to expand that initiative beyond City Hall by October 2025: “We’re looking at somehow being able to expand this security awareness to the residents across the city and county of Denver.”
Namuth said he believes the security challenges governments are addressing are very similar to those in the private sector, such as increasingly sophisticated ransomware threats through phishing. Denver, he said, may face a higher level of such threats because of its size.
Notably, artificial intelligence technology can impact security work in both a positive and negative way, he said. AI can analyze large quantities of data to help with security monitoring and threat detection, increasing efficiency in those operations. However, it can also be used to generate phishing emails and even to create malware. This makes it easier for bad actors to target an organization.
As technology continues getting more sophisticated, Namuth emphasized that collaboration will play a key role for security: “It takes everyone to be able to protect ourselves — and protect each other.”
