Mark Myers was comfortable as the director of strategic initiatives at the Arkansas secretary of state’s office — that is, until January when the state’s new Gov. Asa Hutchinson asked him to step in as the state’s chief technology officer.
“He called me somewhat out of the blue,” Myers said. “We sat and talked about [the position] for about an hour, and I said, ‘So, when are you thinking about making a decision?’ and he said, ‘Well, I made a decision 20 minutes ago, I’m just waiting for you to say yes.’”
Now, Myers is leading the state’s 250-person department of information systems, an agency that offers IT support for state networks, maintains and manages its servers, and provides IT security.
Myers is no stranger to work in information technology. In addition to working at a Web startup in the early ’90s, he trained as a signal officer for the U.S. Army. According to a press release from DIS, he served two tours in Iraq and one in Afghanistan.
Myers told StateScoop his experience will help guide his work on three of his new projects:
According to Myers, the Arkansas Department of Information Systems will roll out a “bring your own device” policy that allows state employees to use their personal devices for work by the end of March, or early April at the latest.
“We haven’t as an agency really recognized that people are using their own devices, their own tablets, their own phones, for email, text messaging and all of those things,” Myers said. “We’re working on a policy to streamline that so you’re able to separate [an employee’s] personal use, versus their state use. [We want to] let them use their own devices that they’re most comfortable with.”
Arkansas is not the first state to look into bring your own device policies. Similar initiatives have been established in Michigan and Delaware as well.
As CTO, Myers is automatically the broadband manager for the state. Myers said that starting the conversation between vendors and the state was among his first tasks related to the technology. That conversation is underway already, he said.
“Broadband affects economic activity. If you’re doing a good job bringing broadband to your state agencies and to your public colleges, it’s easier for [the vendors] to build out a bigger network to serve more people,” Myers said.
When it comes to purchasing power, governments are a “big gorilla,” Myers said. Through effective relationships with the private sector, the government can establish a good platform for companies to establish a foothold in a community and grow their customer base.
“If you can give the private sector incentive to create broadband opportunities in small little towns, midsize towns and cities, and then it gives a reason for those providers to have a foothold there and then they can build it out,” Myers said.
The state is inviting bids for the broadband project now. Myers said the proposals will be in by the middle of March. The winner will need to install their systems in the fall, he said.
Broadband has grown in importance for state IT executives, according to a recent Deltek report on the priorities of the National Association of State Chief Information Officers. It has also increased in importance at the federal level — President Barack Obama included broadband as a significant focus in his State of the Union address and fiscal year 2016 budget proposal.
At all levels of government, and even in the private sector, cybersecurity has been especially in focus for the last year. Trained initially as a signal officer in the U.S. Army, Myers plans to place a significant, long-term focus on improving the state’s cybersecurity posture.
“I’ve got a very capable team,” Myers said. “But, we’re going to train, we’re going to look at software upgrades. We have to do all of those things that a good cybersecurity firm has to do, and we have to do it for tens of thousands of people.”
Yet, in addition to improving the technological aspects of the state’s cybersecurity, Myers said he is also looking into how to upgrade the physical security of the state’s tech infrastructure.
“Obviously my Army background really teaches me the importance of the physical security situation,” Myers said. “It’s much easier to break into a device if you’re actually plugged into it.”
When it comes to external threats, though, Myers said that he is trying to best protect the state against an intrusion but that he knows that even the most well-protected system is likely vulnerable somehow.
“There’s an old saying among cybersecurity professionals — there are only two types of servers, those that you know have been hacked and those that you haven’t figured out how they did it yet,” Myers said. “Nobody’s built the perfect system that can’t be broken yet.”
Myers said the best protection achievable against external cyber intrusions is about having different defense systems.
“It’s physical tools, it’s software tools and it’s people,” Myers said. “You have to layer that both with what you do manually and with what you do automatically with hardware, firmware and software.”