Mark Weatherford: The Veteran

Weatherford, a principal at The Chertoff Group, understands security from both governmental and commercial perspectives

Unlike many CSOs, who seem to take a winding path to the role, Mark Weatherford likes to say he's been working in information security his whole life. In grad school as part of his Navy service in the 1990s, Weatherford wrote a thesis on information security, an unusual topic at the time.

"It makes me cringe to read it now," he acknowledges with a laugh. "No one talked about information security at the time."

His last job in the service was running the Navy's computer network defense operations and its instant-response team. "That set the course for my career," he says. Following several years at Raytheon, Weatherford began working for state government, starting in 2006 as Colorado's first CISO.

"I built that program. It was unique and groundbreaking at the time," says Weatherford. Many states then had someone to head information security, but Colorado was the first state to enact legislation to elevate the topic of cybersecurity, according to Weatherford. "It was my first foray into the sausage-making of politics, working with a state senator and a state legislator, seeing the negotiations back and forth. It was very enlightening."

Being the head of security for a state government-or indeed any governmental agency-requires a perpetual balancing act and careful compromise, as Weatherford learned. "Being a security guy, I want to be autocratic in a way that you simply can't be in government if you want to get anything done."

And then there's the issue of funding, which came into sharp focus when Weatherford took a job as CSO for then-California governor Arnold Schwarzenegger. About a month after he started his new role, the state began experiencing major budget issues that went on for years. "My tenure there was marked by doing something with nothing. We had to become creative and resourceful," he says.

At the end of that administration, Weatherford was lured by a friend to his first role in the private sector in years, at the North American Electric Reliability Corp., where he directed the cybersecurity and critical infrastructure protection program.

He relished the role. "I loved working in the electricity industry. It's something tangible. We are all so dependent on electricity. It was exciting," he says. And while the security budgets were hardly limitless, they nowhere near as tight as in government. But his days in the public sector were far from over.

In the summer of 2011 he got a call asking if he was interested in working as a deputy undersecretary for cybersecurity at the Department of Homeland Security. DHS Secretary Janet Napolitano encouraged him to join the team. Weatherford wasn't interested, frankly.

"I didn't want to go back to work for the government. Knowing the bureaucracy and inertia in the government, I knew I would struggle with that," he says. Eventually, he became convinced he would regret it for the rest of his life if he passed. "Very few people get an opportunity to do something like that," he says. So he took the job.

He was pleasantly surprised at the dedication of the people working in the DHS cybersecurity and communications organization. "They do a lot with not a lot," he says.

Figuring out how to share information between agencies and departments was a major part of his role. To do it, Weatherford worked on the National Cybersecurity Communications and Integration Center (NCIC), whose job is to coordinate cybersecurity across the government-law enforcement, FBI, Secret Service, Department of Defense, private sector, states, and so on.

"It was refreshing. People who would never know each other or talk to each other would interact on a daily basis," says Weatherford. "This group had been very immature and not functioning well. We helped turn it into a high-performance machine." He credits his team for their work.

Leading up to the presidential election last year, Weatherford started looking around to see what else was out there, in case of regime change. The opportunities he saw were so exciting that he decided to make a move regardless of whether Obama got re-elected.

"I was like a kid in a candy store. I was ready to go back to the private sector," he says.

As he looked at different companies, ranging from startups to large enterprises, he crossed the latter off the list.

"I didn't want to get back into a bureaucracy."

Consulting presented itself as the opportunity that would allow much more flexibility and autonomy. He joined The Chertoff Group in April this year.

"Most of my life, I have done operational jobs. I just wanted to do something different. I wanted to focus on cybersecurity and work with clients around the world. It has been an interesting transition," he says.

"What I enjoy the most is getting to work with a lot of different companies. The companies that are calling us really need my help," he says. "I am able to both satisfy my security jones and help companies from a strategic perspective.

"It's been an interesting career. Who knows what else is in my future?"

Read more about security leadership in CSOonline's Security Leadership section.

Join the CSO newsletter!

Error: Please check your email address.

Tags NCICCompass AwardsChertoff GroupMark WeatherfordsecurityCISOSecurity Leadershipraytheon

More about CSOFBIindeedRaytheon Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lauren Gibbons Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place