In 2025, the government introduced a requirement for the position of CISO (Chief Information Security Officer) in all government agencies.
In 2025, the government introduced a requirement for the position of CISO (Chief Information Security Officer) in all government agencies.
According to DOU, the first CISO appointed to the position was Serhiy Vintonyak, who heads the information technology and information protection department at the State Inspectorate for Energy Supervision.
«To become a CISO in a state institution, you need to pass a competition, have a specialized education in IT or cybersecurity, and at least three years of work experience in this field. After winning the competition, the candidate is checked by the SBU, and the State Service for Special Communications conducts an interview with him. Only after that is he officially appointed to the position of CISO,» the material notes.
Serhiy Vintonyak became the first CISO in Ukraine after completing a three-week training course in the CISO Campus pilot project. After completing the training, a competition was held for the position of CISO, which Vintonyak won.
As Vintonyak himself noted, after he received the aforementioned position, his department at the State Inspectorate for Energy Supervision remained the same, but now operates as a separate unit and reports directly to the head of the body.
«In my old position, if I needed to contact the State Service for Special Communications or the SBU, I had to write letters signed by the head, and it took a long time. If I had suspicions about infiltration of the system, I had to explain it to the management and wait for approval. Now I decide everything — I don’t have to wait a day to check any facts,» Serhiy said about the positive developments.
He said that one of his first steps in office was to implement two-factor authentication in all work services.
«Previously, my colleagues used weak or repetitive passwords. We implemented two-factor authentication. Many people took this negatively, but we explained that it was for their personal protection as well. We also started monitoring the operation of systems to notice suspicious user actions and respond to incidents,» shared Vintonyak.
He added that about 40% of cyberattacks are aimed at collecting information about energy facilities, and another 40–50% of attacks are aimed at disabling generating equipment.
Serhiy Vintonyak’s salary as CISO is 30,797 hryvnias, plus allowances and bonuses. In addition to him, the team consists of three people: two cybersecurity specialists and a specialist in communications and employee training.
«It is physically and mentally difficult for four people to do so much work,» says Vintonyak.
We also recall that as of June 1, 2026, 24 cybersecurity managers out of 110 planned positions have been appointed in central and local executive bodies.
As dev.ua wrote, in November last year, CDTO Campus, together with the State Service for Special Communications, jointly opened a new direction, CISO Campus, an educational platform for training managers and cyber security specialists (CISO).
