Leaving his post for a job in the private sector, Bob Kolasky, director of the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center, wants CISA to embrace a more proactive role in helping to methodically reduce the considerable cybersecurity risk facing U.S. critical infrastructure.
“We don’t call ourselves the nation’s risk advisor anymore,” said Kolasky, who served his final day in government Friday. “We want at CISA to really reduce risk, and that means being able to measure risk to some degree and to do the thinking there.”
Kolasky, who is set to start as senior vice president for infrastructure at the artificial intelligence-focused risk management firm Exiger, started working on risk management for the Department of Homeland Security in 2008. He shared insights with Nextgov from a front row seat on how cybersecurity policy has evolved—and failed to evolve—over the course of the last near-decade.
Perhaps the biggest catalyst in that period happened only in Dec. 2020, when suspected Russian hackers penetrated systems of two major vendors of commercial information technology—SolarWinds and Microsoft—gaining potentially…
