After helping to build the state's cybersecurity framework, Alvarez says Florida has a firm foundation to cultivate a more mature security posture.
After surviving a recent restructuring attempt by the legislature and securing another year of funding, Florida's Agency for State Technology (AST) now finds itself in search of a new cybersecurity leader.
Officials confirmed that Chief Information Security Officer Danielle Alvarez will leave the state government June 1. Alvarez told StateScoop she will take a cybersecurity role with Tallahassee-based firm Hayes e-Government Resources. It was a hard decision, she said, but she wanted to spend more time with her family.
"With Florida public law, I can't seek business interactions with AST for a couple years, but I've totally offered up my mentoring and support as a private citizen and cybersecurity professional and I plan to continue supporting AST wholly going forward," she said.
Before taking the CISO role almost three years ago, Alvarez served as the manager of IT security and compliance at the Department of Financial Services (DFS) and also worked for the Auditor General. Before joining government, Alvarez worked in the private sector for a health maintenance organization and at a consulting firm that supported state government agencies.
Key cybersecurity accomplishments tallied during her time with the state include the creation of a risk-based cybersecurity framework.
"We created the foundation for someone to come in and just continue to do good after my departure. And they just have to continue to grow on it," Alvarez said, adding that the state is looking for someone who is highly collaborative.
Another success, she noted, was acquiring discounted SANS Institute training for more than 100 Florida technology officials. Training is now extending into cloud security management, she said, at the request of their security managers.
The state also completed a security assessment of half of the state's agencies. AST did not receive the requested funding this year to complete the second half of the assessments, but as the agency sorts through the initial results, they will be used to form policy going forward, Alvarez said.
AST also developed a risk-assessment summary tool that was adopted by the National Institute of Standards and Technology and hosted on the federal agency's resources page to be shared nationwide.
"We very heavily worked with our Florida National Guard for cyber exercise training," she said. "They have a mobile cyber range and we hope in November to get them to come back."
The National Guard developed a simulation environment that matched the state's datacenter requirements. After success with an initial setup that included six stations, the guard expanded it to include 18 stations, Alvarez said.
The CISO said she could see herself returning to government service someday, but for now, she's excited to try something new in the private sector.
"I'm working on architecting packagable security services," she said. "With the things I've seen as challenges, I find I can add a lot of value on that side in creating complete cyber solutions. I find that often we think about security from either a technological standpoint or a policy or procedure standpoint, but we don't think about the entire program practice that is basically a convergence of people, process and technology."