Matti Parviainen, Chief Information Security Officer of the City of Espoo, has been selected as Chief Information Security Officer of the Year 2019. The Finnish Information Security Association Tietoturva ry, which awarded the prize, based its choice on the fact that, after working for the city for just over two years, Parviainen has increased the visibility of information security work promoted by Espoo in the city organisation as well as in the society at large.
“The municipal sector as an operating field is more challenging than average, but Parviainen has managed to promote the significance of information security in an open-minded and positive fashion. In Finland, information security has been disproportionately viewed as a matter belonging to the private sector,” the statement of reasons concludes.
The title of the Chief Information Security Officer of the Year is awarded to a person who has, in an open-minded and exemplary fashion, developed operating methods and prerequisites related to information security in their own organisation or, through their own activity, significantly promoted the networking of data security professionals and the sharing of impartial data across organisational boundaries.
The winner was declared in the 600 minutes of Information and Cybersecurity event on 28 March.
Active communication and networking
Parviainen has been working as Chief Information Security Officer of the City of Espoo since December 2016. Over two years, he has given the city organisation’s 14,000 employees guidance on all matters pertaining to information security in a steady and consistent manner while maintaining a practical, clear and light-hearted approach.
Besides traditional training sessions and instructions, Parviainen has created an internal blog in which he shares his data security tips and observations with the entire organisation. Together with Juho Nurmi, the data protection officer of the City of Espoo, Parviainen launched the Suojatie podcast (in Finnish) which focuses on information security and data protection themes. At first, it was supposed to be for internal use only but, on the request of the public, it was made accessible to all.
“Security today requires a very different approach from ten years ago. To integrate data security into all operations, experts must first be able to tell ‘why’ this is so. When people and organisations understand the reasons and consequences, it is easy to look for an answer to the question ‘how’”, says Parviainen.
Making use of young people’s hacking skills
In its statement of reasons for awarding the prize, the Finnish Information Security Association also highlights the Hack with Espoo course on ethical hacking, which originated from Parviainen’s idea. It was seen as an example of a successful campaign when it comes to the visibility of information security work and general awareness of information security.
The course, piloted in Espoo’s upper secondary schools in autumn 2018, teaches about responsibility and tools used in hacking and gives the young participants permission to hack into the city’s information systems under development.
This is how the City of Espoo shows its social responsibility by providing young people with the opportunity to develop their hacking skills for a good cause. As a bonus, the city will receive valuable information about possible information security gaps and can utilise it in developing applications.
This year, the course concept, created together with the upper secondary schools in Espoo and information security companies, will be expanded to cover vocational studies.
“The city is able to influence the development of society. The Hack with Espoo course not only teaches young people about hacking and related responsibility, but also contributes more widely to an increased level of awareness and a positive attitude towards information security. We do this openly and in collaboration with companies, authorities and hacker communities,” Parviainen stresses.
Previous Chief Information Security Officers of the Year
The Finnish Information Security Association has been selecting a Chief Information Security Officer of the Year since 2012. The previous winners are:
- 2018: Tomi Pitkänen, Neste Oyj
- 2017: Jari Pirhonen, Oy Samlink Ab
- 2016: Leo Niemelä, LähiTapiola Group
- 2015: Kimmo Rousku, Government ICT Centre Valtori
- 2014: Helvi Salminen, Gemalto Oy
- 2013: Jani Arnell, Finnish Transport and Communications Agency
- 2012: Jyri-Petteri Aro, National Defence University
- Matti Parviainen, Chief Information Security Officer, City of Espoo
tel. +358 43 827 0246, firstname.lastname@example.org
- Statement of reasons: Tomi Marttinen
tel. +358 40 550 9286, email@example.com