CYBERSECURITY ABOUT US

About Us

Office of Security Services

The Office of Security Services is located in the State Information Technology Services Division (SITSD) in the Department of Administration (DOA), we are responsible for protecting the State's cyber assets and securing the State's cyber services to the citizens of Montana. The Office of Security Services is comprised of two sections:

Cybersecurity Operations

• Provides incident response and technical security services to the State of Montana.
• Provides investigative services utilizing digital forensic techniques.
• Acts as subject matter experts for technical security inquiries.
• Performs vulnerability and compliance scanning of information systems.
• Conducts penetration test engagements.

Policy & Risk Management

• Provides security policy and risk management services to the State of Montana.
• Creates a framework of safeguards and information security best practices based on by the National Institute of Standards and Technology (NIST) as well as other national standards.
• Promotes adoption of consistent information security policies throughout all state agencies.
• Furthers information security awareness and skills among State of Montana employees.
• Enhances the overall posture of information security within state agencies.
• Encourages collaboration between state agencies through the Montana Information Security Advisory Council (MT-ISAC).

Leadership

Chief Information Security Officer

Chris Santucci, MBA, GOSI

Contact me: Email 

Cybersecurity Operations Bureau Chief

Vacant

Contact me: Email 

Enterprise Security Compliance Officer

Michael Barbere, MSIA, CISSP, CCSP, GSNA, GCCC, GCLD

Contact me: Email 

Policy & Risk Management Bureau Chief

Daniel Donithan

Contact me: Email

Security Architect

James Zito, CISSP-ISSAP, ZTX-I

Contact me: Email

Mission, Vision, and Goals

We align our Mission, Vision, and Goals with those from the Department of Administration (DOA) and the State Information Technology Services Division (SITSD). The core of "what we do, how we do it, and why we do it" is governed by a central theme: " Protect State information assets and citizen's data".

Our Mission

Our mission is to protect and preserve the confidentiality, integrity, and availability of the State's information assets by managing risks, hunting threats, and mitigating vulnerabilities before they are exploited to harm the State's people, processes, or technology.

Our Vision

Our vision is to provide a secure environment for the State to conduct business and provide services to the citizens of Montana.

Our Goals

Our primary goal is to enhance information security by implementing standardized best practices to protect systems, assets, and data in a cost-effective manner.

• Objective 1.1 Develop and implement security standards, common controls, and best practices for information systems.
• Objective 1.2 Enhance the enterprise information security training and awareness program.
• Objective 1.3 Protect information systems across the state by leveraging the public-private partnerships established by MT-ISAC to enhance information sharing, outreach, and risk awareness.
• Objective 1.4 Develop the internal review and compliance program to provide data that proves efficient security controls or identifies security gaps to remediate.
• Objective 1.5 Develop automated processes in continuous monitoring and risk management to identify threats, gain efficiencies, and overcome resource limitations.
• Objective 1.6 Perform a cybersecurity cost analysis for the State of Montana, including investment recommendations.

Service Offerings

SITSD Service Catalog

• Security Service Offerings