Vitaliy Panych has made some bold moves over his lifetime: immigrating from Ukraine as a young child, earning his black belt in Brazilian Jiu Jitsu, taking up the mantle of protecting the largest collection of digital information assets in the country. Most recently, he accepted the 2022 Thomas M. Jarrett State Cybersecurity Leadership Award, which acknowledges his accomplishments in the cybersecurity field. The next week, he appeared on former Chief of OTech and Launch Government Sector Lead Davood Ghods’s government tech leadership podcast, Davood for Thought.
The full podcast episode is available LISTEN TO IT HERE, but we’ve got some exclusive bonus content from behind the scenes.
Something you may not know about Panych is that he started developing his cybersecurity career as a teenage entrepreneur, after a website he built on his hosting farm was compromised. He became “hyper-obsessed” (his word) with investigating why and how the hack happened, and how he could mitigate future risks. What drove his interest in public service?
“It goes back to being mission-driven,” Panych says. “The government serves a broad population in all kinds of ways. Supporting the community at large makes government and society more effective, resilient, and safe and secure.”
The State of California is well known as a public-sector leader in cybersecurity and resilience. When asked what steps he’d recommend to other states looking to transform their security services, Panych has a ready-made roadmap:
1. Focus on the fundamentals first. Build in stronger access controls, authorization, and multi-factor authentication into every user base/access point.
2. Know where your critical assets are. Knowing where your data is allows you to enforce proper protocols and controls. Continuously and regularly patch software and hardware.
3. Make sure critical systems are resilient from an availability aspect. Minimize disruption of services and test your resiliency plan. Always have a backup plan.
4. Use a collaborative approach. Make sure State departments are collaborating with emergency services, National Guard, and military departments. This is important not just for government, but also for the provider community. Vendors/providers should be a part of task force initiatives so they can contribute to transparent planning and services.
Panych’s devotion to fundamentals of resilience is reflected in his practice of Brazilian Jiu Jitsu. Jiu Jitsu aligns with his work, he says, in the sense that people who practice are always learning, sharpening their tools, staying calm under pressure—and acutely aware of the environment and circumstances they’re in.
For Panych, that means being aware of trends and challenges in security, and a major concern he’s observed over the past few years is the talent gap. Currently, there are some 75,000 information security openings in California alone, and not enough people coming out of school to fill them. For people interested in pursuing a career in cybersecurity, he recommends getting involved in the security community. “Go out and participate in associations and conferences,” he suggests. “Get certified, attend forums, and find a place to start.”
He also has some unconventional advice for budding leaders: “Find a mentor—and find someone to be a mentor to.” Often, he points out, people learn by teaching others. While a mentor is an invaluable resource for a growing professional, a mentee gives that person a change to validate their understanding by imparting it to someone else—applying learning directly to changing circumstances.
In fact, that’s how Panych defines bold in his field. It’s about innovation through mission focus. “We need to continuously prioritize,” he says. “We want to leap forward in everything we do.”
Listen to Davood for Thought featuring Vitaliy Panych, CISO of the State of California - LISTEN HERE.