From Farming to the White House: Mark Weatherford’s Journey to Becoming a CISO
In a two-parter on The New CISO (episodes 83 and 84), our host Steve chats with Mark Weatherford, CISO and Head of Regulated Industries at AlertEnterprise, a security convergence company. Mark’s extraordinary career trajectory has led him to the White House, and he shares invaluable insights regarding his experiences, the importance of delegation in leadership, and becoming the go-to person for opportunities in the cybersecurity field.
In this article:
- From humble beginnings: The Navy and cryptography
- A soaring career: building a world-class SOC
- The importance of delegation and good training
- A new horizon: CISO for Colorado
- The intricacies of politics
- Embracing the challenge: CISO for California
- White House bound: the call of duty
- The value of mentorship
From humble beginnings: The Navy and cryptography
Growing up surrounded by heavy machinery in a farming community, Mark envisioned himself becoming a Navy “Seabee,” constructing roads, bridges, and dams. Nevertheless, the Navy had other plans, enlisting him in the Advanced Electronics Program (AEP). Despite feeling like “a fish out of water,” he discovered a talent for electronics, delving into basic electricity, cryptography, and eventually working with mini computers in 1976.
Mark admits that the shift from hands-on labor to a more abstract, technical setting proved challenging throughout his career. He compares the tangible outcomes of construction work, where one can see the results at day’s end, to the more elusive accomplishments of coding. “When you’re outside and you’re working with your hands, typically at the end of the day, you can see something tangible that you’ve done. I mean, you’ve changed something, you’ve built something, you’ve moved something,” Mark says. “Whereas when you’re coding, you might be able to look and see that you actually wrote some code or you fixed a piece of equipment. But it’s different. It’s a different kind of tangible outcome.” Despite these challenges, Mark’s background in electronics and cryptography laid a robust foundation for his thriving cybersecurity career.
A soaring career: building a world-class SOC
An exhilarating opportunity arose for Mark when Raytheon invited him to establish and oversee the Navy Marine Corps Intranet Security Operations Center (NMCI SOC) in San Diego, Calif. — a $6 billion project for monitoring and securing the Navy’s computer networks and information systems. Regardless of the immense pressure of the job, Mark and his team successfully built what was once the world’s largest SOC. He credits his success to the exceptional team he collaborated with, highlighting the significance of delegation and trusting his core group of leaders.
The importance of delegation and good training
As a CISO, Mark underscores the need to delegate in order to get projects completed. “You can’t do everything,” Mark says. “Good leadership is about delegating, and you have to delegate both responsibility, but even more importantly, delegate authority to people to be able to do their job without worrying that someone is watching over their shoulder and micromanaging them.”
But Mark also notes that the tech sector frequently fails to properly train people for leadership roles. “In technology, we often don’t train our people to be leaders,” he asserts. You grow up from somebody who’s a technical person, who’s got your hands on your keyboards, and you become your expert as a technologist. And then the next thing you know, you’re in a management role. But the only thing you have to fall back on is what you learned from your managers.” To address this, he suggests that organizations should invest more in leadership training for technology professionals to ensure they are well equipped for their newfound responsibilities.
A new horizon: CISO for Colorado
Mark’s career took an unexpected turn when he was offered a position in Colorado to spearhead security for a Missile Defense Agency Program. After a year in that role, he was invited to interview for the position of CISO for the state of Colorado. Following a two-year tenure under Governor Bill Owens, Mark was asked to continue his role when Bill Ritter, a Democrat, was elected as the new governor — an unusual occurrence, given the change in political party affiliation.
As CISO for Colorado, one of Mark’s primary challenges was fostering collaboration among the 24 state agencies. He dedicated considerable effort to working with security managers and leaders from various agencies, striving to unite them despite their independent budgets, personnel, and technologies.
Mark recalls, “We were building a great team in Colorado. We had written a piece of legislation, I worked with legislators and we wrote Colorado a bill that codified security in Colorado state government.”
The intricacies of politics
Upon entering the political realm, Mark quickly learned that trust is a rare commodity. He became more discerning and inquisitive, even though his role was not explicitly political. Mark also became involved in policy making, partnering with Senator Ron May to draft state cybersecurity policy. They faced opposition and had to make compromises, but ultimately produced a policy that, while different from its initial form, was a significant step forward.
Embracing the challenge: CISO for California
When the chance to become the CISO for the state of California arose, Mark eagerly accepted. His enthusiasm for the role stemmed from the sheer scale and complexity of the opportunity. With a massive economy and diverse range of industries, California posed unique challenges in terms of cybersecurity. As CISO, Mark was responsible for overseeing the security posture of the entire state, which included more than 160 agencies, all operating independently from a security perspective.
One of the key aspects of his role in California was fostering collaboration and communication among these diverse entities. Leveraging his experience in Colorado, he worked diligently to bring everyone onto the same page, stressing the importance of a unified approach to cybersecurity. Mark’s efforts proved fruitful, as the state’s security posture improved significantly during his tenure.
Mark takes pride in the lasting impact of the programs he started, which are still considered successful today. As a testament to his achievements, he was recently invited to speak at the California Cybersecurity Education Summit, where he discussed his experiences with other CISOs who succeeded him in the role.
White House bound: the call of duty
Mark’s exceptional work in California did not go unnoticed, and he received a call from the White House, offering him the position of Deputy Under Secretary at the Department of Homeland Security, working under Janet Napolitano. He initially thought it was one of his friends “playing some kind of a joke” on him, but eventually figured out that the offer was real. He consulted with friends and family, and “and everyone pretty much said, ‘You can’t say no to the president.’”
In this role, Mark was responsible for coordinating cybersecurity efforts across the federal government and collaborating with state and local authorities. He also worked closely with private sector entities and international partners to strengthen the nation’s overall cybersecurity posture.
The value of mentorship
Mark highlights the importance of mentorship in one’s personal journey. He credits his own growth and success to the guidance and support he received from his mentors. He says, “I look for opportunities to mentor people, especially people that are working for me.” Mark advises young professionals to actively seek out mentors and be receptive to guidance from more experienced individuals in the field. And he urges leaders in the cybersecurity community to actively mentor and guide the next generation of professionals, fostering their growth and success.
Mark’s insights into his extensive career offer valuable guidance for cybersecurity leaders and aspiring CISOs. From his beginnings in the Navy to his time at the White House, Mark’s experiences underscore the significance of delegation, collaboration, and mentorship. His journey serves as an inspiration to professionals in the information security field, emphasizing the importance of resilience, adaptability, and seizing opportunities.
From Unassuming Beginnings to CISO Excellence: A Journey with Andrew Wilder
10 Essential Episodes of The New CISO Podcast
Generative AI and Top Honors: Highlights from Google Cloud Next ‘23
Defending Against Ransomware: How Exabeam Strengthens Cybersecurity
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See How New-Scale SIEM™ Works
New-Scale SIEM lets you:
• Ingest and monitor data at cloud-scale
• Baseline normal behavior
• Automatically score and profile user activity
• View pre-built incident timelines
• Use playbooks to make the next right decision
Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR).
Get a demo today!