A lawyer who likes information technology

As New York’s top cyber official, Will Pelgrin also leads a successful multistate ISAC

Any public official who is responsible for cybersecurity will learn that a command-and-control management style doesn’t work, said Will Pelgrin, director of New York state’s Office of Cyber Security and Critical Infrastructure Coordination.

“Everyone in this agency has an opportunity to make their case,” he said.

Pelgrin enjoys discussing all sides of a problem before making a decision. “In the end,” he said, “it is not who is right but that we do the right thing.”

Besides being the state’s top cybersecurity official, Pelgrin is the founder and chairman of the Multi-State Information Sharing and Analysis Center (MS-ISAC), an organization with members from all 50 states and the District of Columbia.

It was created in 2003 to help state and local governments and industry protect their cyber infrastructures from an attack. The center’s purpose is to build relationships and trust among its members so they can prevent or respond to a major cyberattack.

Pelgrin also is chairman of the New York State Public/Private Sector Cyber Security Workgroup, whose members include executives from critical industry sectors such as agriculture, public safety, telecommunications and utilities.

Partnership is an overused word, Pelgrin said, but it accurately describes the workgroup. He had to assure the partners that he wasn’t interested in imposing additional reporting requirements on them.

“I’m a real deliverables-oriented person,” Pelgrin said. He is not interested in endlessly debating issues without reaching a conclusion. Whether beginning a major project or organizing a group, Pelgrin said he prefers to get something started and modify plans later.

Pelgrin’s vision and management style have made him a leader in the cybersecurity community, said Alan Paller, director of research at the SANS Institute, an educational organization for security professionals.

“He’s the most capable person I’ve ever met who finds ways for everyone to win in this difficult area of cybersecurity,” Paller said. “He honestly looks for the other guy’s benefit. People know that, and they [want to] work with him.”

Information sharing and analysis centers were created as part of the Homeland Security Department’s preparedness efforts, but only two have been notably successful, Paller said. One is the Financial Services ISAC. The other is the MS-ISAC. DHS has recognized the MS-ISAC as a national center for coordinating states’ cyber readiness and response.

The center initially included only states in the Northeast. Pelgrin reached out to other states, and under his leadership, the MS-ISAC created a secure Web portal for sharing information. It also has a public Web site. Through its National Webcast Initiative, the center has produced cybersecurity Webcasts viewed by thousands of participants nationwide. Its members have participated in reporting and simulation exercises, including events known as LiveWire03 and this year’s CyberStorm 2006.

No breaches
A lawyer by profession, Pelgrin said he had to take his legal hat off to help ensure the center’s success. He initially asked lawyers to stay out of the way. On their own, MS-ISAC members developed a one-page principles-of-conduct document that states that the goal of the parties is to share confidential information without violating the rights of others.

For the two and a half years that members have shared information, “not one breach of confidentiality [has] occurred,” Pelgrin said. The MS-ISAC brought in lawyers later. Now all but one of the member states have signed nondisclosure agreements, and the final state is in the process of signing an agreement, he said.

Pelgrin said he wants to bring more local governments into the MS-ISAC. In the smallest municipalities, the town clerk is the cybersecurity official. “When you have a town clerk who is a part-time person whose [computer] is in their home…you can understand that the challenges are huge,” he said.

One town clerk told Pelgrin, “When I get your alerts that say patch, I look for duct tape.” Pelgrin recognized that small towns need extra help. The MS-ISAC now offers a 10-page cybersecurity guide for elected officials.

Open door
Pelgrin has a strategic vision of the importance of information sharing among states and between the states and federal government, said Andy Purdy, acting director of DHS’ National Cyber Security Division.

He also has a knack for working with people on important issues. “There is nothing that we can’t deal with if people feel good about coming and talking about it,” Pelgrin said.

The Will Pelgrin fileCurrent position: Director of New York state’s Office of Cyber Security and Critical Infrastructure Coordination.

Career highlights: Worked in New York state government for 25 years, beginning his career in 1982 as an assistant counsel for the New York State Commission of Correction. Then he served as counsel and general counsel for the commission. He later became executive deputy director of the state’s Division for Youth. After serving as executive deputy director and chief counsel for the state Office for Technology, he became director in 1998. In 2002, he became cyber chief for the state of New York.

Family: Single.

Education: Earned a bachelor’s degree in history and political science from Union College in Schenectady, N.Y., in 1977 and a law degree from Albany Law School in 1980.

Activities: Swimming, skiing and running.

On technology: “I like gadgets and am not scared of technology,” he said.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected