Unlike many CSOs, who seem to take a winding path to the role, Mark Weatherford likes to say he's been working in information security his whole life. In grad school as part of his Navy service in the 1990s, Weatherford wrote a thesis on information security, an unusual topic at the time.
"It makes me cringe to read it now," he acknowledges with a laugh. "No one talked about information security at the time."
His last job in the service was running the Navy's computer network defense operations and its instant-response team. "That set the course for my career," he says. Following several years at Raytheon, Weatherford began working for state government, starting in 2006 as Colorado's first CISO.
"I built that program. It was unique and groundbreaking at the time," says Weatherford. Many states then had someone to head information security, but Colorado was the first state to enact legislation to elevate the topic of cybersecurity, according to Weatherford. "It was my first foray into the sausage-making of politics, working with a state senator and a state legislator, seeing the negotiations back and forth. It was very enlightening."
Being the head of security for a state government-or indeed any governmental agency-requires a perpetual balancing act and careful compromise, as Weatherford learned. "Being a security guy, I want to be autocratic in a way that you simply can't be in government if you want to get anything done."
And then there's the issue of funding, which came into sharp focus when Weatherford took a job as CSO for then-California governor Arnold Schwarzenegger. About a month after he started his new role, the state began experiencing major budget issues that went on for years. "My tenure there was marked by doing something with nothing. We had to become creative and resourceful," he says.
At the end of that administration, Weatherford was lured by a friend to his first role in the private sector in years, at the North American Electric Reliability Corp., where he directed the cybersecurity and critical infrastructure protection program.
He relished the role. "I loved working in the electricity industry. It's something tangible. We are all so dependent on electricity. It was exciting," he says. And while the security budgets were hardly limitless, they nowhere near as tight as in government. But his days in the public sector were far from over.
In the summer of 2011 he got a call asking if he was interested in working as a deputy undersecretary for cybersecurity at the Department of Homeland Security. DHS Secretary Janet Napolitano encouraged him to join the team. Weatherford wasn't interested, frankly.
"I didn't want to go back to work for the government. Knowing the bureaucracy and inertia in the government, I knew I would struggle with that," he says. Eventually, he became convinced he would regret it for the rest of his life if he passed. "Very few people get an opportunity to do something like that," he says. So he took the job.
Sign up for CIO Asia eNewsletters.