This year’s awardee is Chris Burrows, Chief Information Security Officer (CISO) for Oakland County. In his position, Mr. Burrows is responsible for information security, compliance (HIPAA, PCI DSS, CJIS), technology risk management, business continuity and information life cycle management. He created the first IT Risk and Security Program at Oakland County in 2013. His innovative thinking and leadership also extends to all those in local and state government levels. Mr. Burrows provides leadership and guidance and has performed as a security advocate for other Michigan counties, including Washtenaw, Wayne, Macomb, Livingston and Monroe counties, looking to build or enhance their IT security maturity.
Mr. Burrows is a Certified Information Systems Security Professional (CISSP), a Certified Project Manager and is ITIL certified. Burrows recently earned his Global Industrial Cyber Security Professional (GICSP) and has completed SANS SEC561: Immersive Hands-on Hacking Techniques as well as SANS SEC 575: Mobile Device Security and Ethical Hacking. Chris shares his ongoing learning about current cyber security issues with various organizations through easy to understand presentations. Some of his 2016 presentations include “CySafe for Business”, West Michigan Cyber Security Consortium in Grand Rapids, “Bringing SANS Cyber Training to Michigan”, Pontiac, ITSEC Panel Discussion, NACo Legislative Conference, Washington DC, “Training Our Future Workforce”, Oakland County Schools, Waterford, ITSEC Panel Discussion, Merit Member Meeting, Ann Arbor, “Risk Management”, Evanta, Detroit. Additionally Chris works with local universities regarding relevant content to include in their cyber security programs and has started creating his own course called “Current Issues in Cyber Security” which is slated to be offered as Walsh College in the fall of 2016.
Besides his professional opportunities, Burrows is significantly involved in numerous volunteer groups. His involvement includes: Team Leader for Section 9 (5 SE Michigan counties) of the Michigan Cyber Civilian Corps, a groups of trained cyber experts who individually volunteer to provide expert assistance to the state in times of emergency, Government Sector Leader for the State of Michigan for InfraGard, a partnership between the FBI and private sector persons representing business, academic institutions, state and local law enforcement agencies dedicated to sharing information and intelligence to prevent hostile acts against the U.S., Member of the CSO Kitchen Cabinet, a group of ITSEC public and private organization CISOs who meet monthly to discuss current trends and issues relating to cyber security, and CISO Governing Body Member for Evanta where he is a discussion leader multiple times per year with focus on specific best of breed solutions identified by the Governing Body – most recently was a discussion on Risk Management at Ford Field in Detroit. Mr. Burrows provides leadership and guidance and continues to perform as a security advocate for Oakland and other Michigan counties, including Washtenaw, Wayne, Macomb, Livingston and Monroe counties.
This year’s winner is the City of Novi who, in partnership with the Novi Community School District, Northville Public Schools and Walled Lake Consolidated Schools, launched an online community attraction tool called Hello Novi (hellonovi.org). The site provides an engaging, technologically driven platform for anyone to become acquainted with the Novi community. Users can explore with an interactive map and learn about the exemplary educational opportunities, high quality public services and robust private employment locations with the City of Novi. Using traditional informational content, location based presentation and share based social media, users can travel down a Novi street in an augmented reality experiencing the traits and amenities that make Novi a unique and desirable place to live in or visit. The site also proves useful to families who are moving to Novi from other countries for overseas work assignments. Hello Novi features a google translate option to facilitate understanding in dozens of languages and provides information that can be useful in making necessary arrangements prior to arrival including school district information. As part of its development, a series of interviews were conducted with families, businesses, city leaders and school administrators to determine the Novi brand as it is really lived and experienced. Hello Novi serves as the beginning of a conversation about the City and enhances and expands the ability to portray Novi in an increasingly mobile world.
This year’s winner is the Kent County Information Technology Department for its multi piece approach in fighting their recent challenges with ransomware infections. As ransomware attacks moved beyond individual user hard drives to numerous attacks on its network drives, the IT department needed effective, cost effective ways to mitigate or avoid the attacks. Their solution began first with a Powershell script written by one of the department’s security desk technicians. The script monitors individual file writes to file servers from each PC. If a set threshold is exceeded, the staff is alerted and the application doing the writes is terminated thus reducing recovery times for when infections do occur. The second piece consisted of implementing deep packet filtering, a capability from their WebSense appliance, as an extension of Kent County’s web filtering. Instead of just reacting to the categorization of the website, the appliance examines the actual content of what is being downloaded. Parameters are set up to reject malware downloads which has made a significant dent in the number of ransomware attacks experienced earlier this year. Current attacks usually only occur on PCs where the capability hasn’t yet been rolled out to or when a PC is connected to some other network than Kent County’s and their anti-virus software doesn’t recognize the variant.
The final piece is on-going user education. The IT department began working with the county’s Communications Director and periodically send out security newsletters to county employees . The newsletters focus on current security issues and the number of newsletters increased as the number of ransomware attacks increased. All three pieces plus a substantial amount of staff time to coordinate the effort and perform individual tasks have worked together to significantly reduce disruption to Kent County’s customer base and increase available staff time which would otherwise have been spent fighting infections one by one.
This year a special Lifetime Achievement Award was given to Don Sheehan. Don was a founding member of MAGCU which later became Mi-GMIS, former Board Member, and former President.
We are pleased to be able to honor his many years of service to Grand Traverse County, as well as his many contributions to MAGCU and Mi-GMIS.