Chetrice Romero has spent countless hours working in public service. Romero served as the first Cybersecurity Program Director for the state of Indiana. In this role, she worked hard to build a cybersecurity strategy to protect the entire state.
“It’s really important to go back to just the cybersecurity basics. Are you using multi-factor authentication? Are you training your staff and employees at all levels to not click that link? Are you patching your systems? Do you have good monitoring software and applications that are monitoring your network even when you’re sleeping?” Romero says.
Romero also highlights that cybersecurity isn’t separate from physical security, and that security leaders need to work together. Indiana faces an average of 22 tornadoes a year, which can cut power to essential services. Cybercriminals look for openings such as these, targeting perceived weak spots to increase their chances of success. Romero worked hard to ensure that IT and cybersecurity leaders were involved in emergency preparedness conversations.
Working within local government, Romero knows how to work around a limited budget. If security leaders can’t insulate themselves from every kind of attack, then they need to prepare for the inevitability that an attack will come. Romero encourages security leaders to prioritize recovery and remediation policies, especially when there isn’t the funding to patch known vulnerabilities.
“At the very least, have an incident response plan. If you can’t control and use all the tools that you should be using, then your likelihood of getting attacked is increased. So how do you prepare for it with your leadership? How do you recover?” Romero says.
Romero also served as the Cybersecurity Advisor & State Coordinator for the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). Here, Romero was in charge of handling cyberattack recovery and coordinating with other government officials.
“I responded to a number of cyberattacks, including many utilities and local governments. The commissioners or the mayors or the councils, they came back every single time and said, ‘I did not realize how much I’d be involved.’ And the fact that they didn’t prepare for that makes everything take longer. There’s a lot of chaos during an incident. They don’t know what questions to ask. They don’t know who to contact.” Romero says.
Currently, Romero is the Senior Cybersecurity Advisor at Ice Miller. Romero uses her extensive experience from the public sector to build comprehensive cybersecurity policies and including governance, risk and compliance (GRC) initiatives, crisis management, and employee awareness programs. “I worked in government, worked with government, and now I still get to do that,” Romero says.
Source: Security Magazine
