What were some of the biggest lessons during the pandemic?
We needed to learn or evolve in how to work fast, how to adapt and be more rapid in terms of things that we release when it comes to digital products, applications, and security services. We have an internal five-year roadmap that we built our security program upon. During the course of the pandemic, we had iterate and update the strategy a little bit and change the various priorities and focus areas that we’ll need to be concerned about. And all that stems from the threat landscape that we’re dealing at hand. Obviously everybody’s moving to a more digital environment, a more remote environment.
So what do you need in terms of resources and personnel to get that done?
There’s always an opportunity or a need to be more proactive instead of reactive. And we’re constantly shifting and prioritizing future resources or next year’s resources to align the state better. We’re working towards a zero-trust model where we facilitate or automate and embed security into everything that’s happening in real time, within the context of the threat landscape that we’re dealing with.
When you’re taking a look at that landscape, what are the things that you’re thinking about the most?
Ultimately it goes down to what threat modeling what is the worst possible thing that can happen to disrupt either privacy and confidentiality of the data we’re dealing with and our assets that the data resides on. Availability of our services and continuity of government is of the utmost importance and more so today than ever before. Attacks are becoming more commoditized. I mean, it’s a lot lower, the barrier to entry for somebody to conduct a malicious act upon upon an organization. So we really need to be cognizant of folks out there, bad people out there trying to abuse our processes.
View the full list of the 2021 StateScoop 50 Award winners.