Information assurance graduate serves and protects Vermont's most valuable assets

Share this

Forget the Canadian border. Some of Vermont's most vulnerable places are the invisible borders in cyberspace, through which thieves steal identities, empty bank accounts and threaten to paralyze entire corporations.

But as chief information security officer (CISO) for the state, Kris Rowley is working hard to secure those borders - and to make sure everyone, even young children, is prepared for battle.

"What goes on out there is absolutely terrifying," said Rowley. "…our perimeters get hammered every day by hackers and others trying to get into our networks. The bottom line is that there's a cyber war brewing, and Lord help us when it happens."

Rowley's task of reviewing, updating and writing policy requires plenty of patience. But she didn't end up in this position overnight. Raised in Brookfield, Vt., Rowley earned her nursing degree in Boston and worked there as a nurse for 25 years until an accident left her with a broken back and she found herself searching for a new career.

"I thought, 'I can sit for a long time and I like machines; what can I do for a living?'" said Rowley, who ultimately pursued her bachelor's degrees in computer information systems and business administration management at Norwich University. After being hired by Norwich's College of Graduate and Continuing Studies, she entered the Master of Science in Information Assurance program in early 2006.

Working with Peter Stephenson, Norwich's CISO, Rowley acquired real-life experience by studying the University's own system.

"I wrote the first security policy for the University that went all the way through and got signed," she said with a note of pride, adding that the information assurance program taught her to balance perfect-world scenarios with reality, and to collaborate with numerous entities such as data-center managers, help desks and network administrators.

"My cohort at Norwich included 17 people with all different kinds of backgrounds," she said. "I really learned to respect other perspectives more, and understand that there is more than one way to do things."

Still, Rowley was unsure if she was a good fit for the Vermont CISO post when she read the job description. Encouraged by former Information Assurance Program Director Mich Kabay, she wrote a letter to David Tucker, chief information officer (CIO) and commissioner of Vermont's Department of Information and Innovation, which brought an interview and, eventually, the job.

Now, Rowley helps streamline security among 7,500 state employees who use IT systems.

"IT security challenges are constantly changing as people devise ways to game the systems we manage," said Tucker. "Kris is able to bridge the gap between being 'book smart' and practical. Getting used to working in the public sector at the state level can be challenging because things don't work the same as they do in private industry, but Kris is a quick learner and she has been able to deal with what would otherwise be challenging issues because of the manner in which she approaches the subject matter."

Rowley's Norwich training and approach to her job helped earn an invitation to speak at SC World Congress 2009, an IT security conference in New York City in October. Her topic addressed balancing people and technology in the security awareness debate.

"It was pretty exciting meeting some of the leaders in IT security," said Rowley.

Upon her return to Vermont, she was already busy preparing to meet some potential future IT leaders: kids at the Brookfield Elementary School who were helping Gov. Jim Douglas proclaim October cyber security awareness month in Vermont.

"No two days are the same," said Rowley. "Sometimes I get to play cyber sleuth and track down where stuff came from and who's banging at the door. Then a lot of my job is like trying to eat dry sawdust - but I guess I have a penchant for the taste."