Arizona Gov. Doug Ducey last month appointed his office’s deputy legislative affairs director, Tim Roemer, as the state’s new chief information security officer. Roemer, who had worked for the governor’s office in a variety of roles since Ducey was first inaugurated in 2015, now fills an IT leadership hole created last December when Mike Lettman stepped down after seven years in the job.
Roemer, who had previously served as Ducey’s public safety adviser, was already a member of the 22-person Arizona Cybersecurity Team the governor formed in March 2018. Prior to joining Ducey’s administration, Roemer spent a decade with with the Central Intelligence Agency at its headquarters in Langley, Virginia, including stints in the CIA’s congressional affairs and acquisitions offices, and as a liaison to the National Security Council. He also worked for the National Reconnaissance Office and the National Geospatial Intelligence Agency.
Owen Zorge, the Arizona Strategic Enterprise Technology Office’s compliance and privacy officer, had been serving as acting CISO since Lettman’s departure.
Under Lettman, Arizona’s approach to information security was cited by the New America Foundation as novel among states. A 2018 paper by the think tank praised the state government for coordinating cybersecurity operations with the Arizona Cyber Threat Response Alliance, a nonprofit coalition that also includes businesses and universities, which serves as an information sharing and analysis organization for the public and private sectors.
Lettman also made a big move for Arizona’s cybersecurity posture last year when he hired a company called RiskSense to manage IT risk assessments for all 133 state agencies. At the time, Lettman said the state’s 100,000 IT assets were subjected to several hundred hacking attempts daily and more than 35,000 malware attacks per month.
Roemer, an Arizona native who holds a bachelor’s degree in communications from Arizona State University, could not be reached for comment.