California Chief Information Security Officer Michele Robinson stepped down from her post Monday, nearly two weeks after legislators hammered her for not doing enough to strengthen the state’s cyber defenses.
In an email obtained by StateScoop, Robinson told staff in the state Information Security Office she was leaving to address “personal family matters.”
“I wanted to personally let you know that I will no longer be serving as the state chief information security officer,” Robinson wrote in the email sent Monday morning. “It has been an honor to serve as your state CISO and to work with you toward the advancement of information security and privacy programs in state government, as well as California’s overall cybersecurity posture.”
In the email, Robinson said she would “remain active” in the information security and privacy communities, and would assist the department with transition activities “as needed.” Robinson served in the role for nearly three years.
[Read more: California governor signs cyber assessments bill]
In February, California Assembly’s Standing Committee on Privacy and Consumer Protection had questioned Robinson about a damning report from the state auditor’s office that found her department had not “provided effective oversight or guidance to reporting entities and this cannot ensure the confidentiality, integrity and availability of some of the state’s most critical information and information systems.”
Committee Chairwoman Jacqui Irwin pressed Robinson why she hadn’t done more to strengthen the state’s cyber stance during her tenure.
“It’s very disturbing, I think, to all of us that are in an oversight role,” Irwin said. “When can we start to expect changes? And that we don’t have to keep going through this exercise. When can we start to see improvements?”
Robinson told the committee that the department acknowledged the problem and took “full responsibility for it.” Robinson also claimed the department has made “great strides” to remediate the issues identified. The department has either addressed or partially addressed all nine recommendations in the report, Robinson said.
Later, Robinson also noted that the state experienced 104 data breaches in 2015, and of those breaches, nine involved personally identifiable information.
The California Department of Technology directed StateScoop’s requests for comment about the vacancy to the governor’s office, which said the state is “working to fill the position as quickly as possible.”
StateScoop’s California Editorial Intern Kayla Nick-Kearney contributed to this story.