Craig Buesing – Colorado Secretary of State’s Office

Leading up to the 2020 election, IT staff from each of Colorado’s 64 counties had weekly calls to ensure they had strong technology to support processes such as voter registration, vote tallying and the dissemination of results.

The calls allowed everyone to share best practices and current threats, and they allowed staff to talk through concerns and create a unified cybersecurity plan.

“Having these talks got everyone on the same page and allowed us to pool our resources,” Craig Buesing says. “It was less overwhelming to work together, and it’s made the county governments more connected.”

Buesing is the chief information security officer for the Colorado Secretary of State’s Office, which oversees and administers laws related to elections, businesses and licensing. He says the calls have continued on a monthly basis even after the elections, and they’ve inspired him to take related measures, such as extending resources to other government entities in the state, including city governments, tribal governments and schools.

“We’re trying to provide ways for us to share information and tools so everyone doesn’t have to start from scratch or reinvent the wheel,” he says. “A lot of organizations are in their own silos, but I know getting on the same page with technology and security will make us all stronger.”

Better together

From the monthly calls, Buesing has also started quarterly trainings for all county IT staff. The webinars and workshops are focused on new tools, programs and resources for improving cybersecurity. He’s also reviewed county government security protocols and helped counties develop security policies.

“It’s about building trust and having open communication,” he says. “I’m not trying to tell anyone how to do their job. I just want to offer support.”

In addition, Buesing is working with other state and local partners to create an IT hotline that any state or local IT staff can call when experiencing an issue, like ransomware. If the issue were beyond the scope of his team, he would connect the caller to the proper resources.

This same group of state and local cybersecurity professionals are also working to create unified purchase agreements. With some counties being much smaller than others, and having smaller budgets, “if they can get in on a purchase agreement for the entire state, they get a better pricing,” he says. “Then, there’s no need to get through the red tape and you have an advocate.”

Threat protection

Buesing has learned the benefits of collaborating on security matters from his involvement with the Colorado Threat and Information Sharing Group. The group, which was formed a few years ago, is comprised of county IT staff as well as IT staff from other government agencies. Every member must be authorized to join and pass a background check.

According to Buesing, the CTIS Group allows Colorado government organizations to quickly share threat information. For example, if members see something suspicious in their network, they alert the entire group and can get support responding to the event.

“This allows us to work together to create a strong plan of action,” he says. “If someone’s coming after one government organization, they’re probably coming after others, too.”

When it comes to protecting the Colorado Secretary of State’s Office from threats, Buesing says his team has worked with Trend Micro Inc. for years, with the partnership predating his hiring nine years ago. The American Japanese cybersecurity company provides anti-virus software to prevent viruses from downloads.

Buesing has also been working with Menlo Security, a cloud-based security platform, to create a malware breach prevention project that sends all web traffic through a secure web gateway. For example, when an employee tries going to a website, the Menlo platform intercepts any malware attacks before they reach the user and only allows safe content to be delivered to the user’s browser.

In October, Buesing was working with Menlo to test the program and said he expected it to fully launch by the end of the year.

“This will create a safety barrier for us and cut down on the threats we encounter online,” he says. “Since the threats change and mutate so quickly, it’s important that we do this to protect our office.”

A little bit of everything

As Buesing makes the Secretary of State’s office more secure, he’s also working to keep Colorado residents safe from scams and attacks. He shifted the office to a .gov domain to show people they’re on a trustworthy site, for instance. The IT team is also developing apps to make it easier to access offerings, such as business filings and notary services.

“I enjoy the diversity I have,” Buesing says. “We’re a pretty small shop, so I get to do a lot of different things.”

Variety has been a theme throughout his career. One of his first jobs was as an aircraft mechanic for the U.S. Air Force, which he did for almost five years before becoming a paralegal for the military organization. From there, he spent almost eight years as a paralegal and systems administrator for Markusson, Green & Jarvis, a law firm in Denver now called Coombe Curry Rich & Jarvis.

He started at the Secretary of State’s Office as a systems and network security engineer in 2012 before being promoted to CISO in 2019.

“I love the collaborative nature of what I do, both internally with my colleagues and externally with other agencies,” Buesing says. “In cybersecurity, you can usually find good common ground because people who do this work are really passionate about it.”

View this feature in the Winter I 2022 Edition here.