State

Pennsylvania CISO Erik Avakian looks back at 12-and-a-half years

Pennsylvania CISO Erik Avakian, who said cybersecurity is a team sport, will soon play for another team.

October 21, 2022

Erik Avakian (Scoop News Group)

After a long tenure of 12-and-a-half years as state chief information security officer, Pennsylvania’s Erik Avakian signed off Friday to take an undisclosed job in the private sector.

In an interview with StateScoop, Avakian looked back at his time as the state’s top cybersecurity official, a period that saw major changes in how both the world and the commonwealth use technology. Like many other state IT leaders, Avakian credited his team for the “many accomplishments” Pennsylvania has made in cybersecurity over the years.

“Cybersecurity is a team sport and we all need each other to improve, to grow, to learn,” Avakian said. “It’s about identifying talent on the team and letting it expand and grow where somebody’s potential lies and where their passions lie. We don’t make the catcher pitch and vice versa. One of the things I loved in the role was putting people in positions in the baseball field, where they were best suited, so they could blossom into stars.”

Avakian, who declined to share any details about his next job, joined the Pennsylvania government as a security consultant in 2005 before taking the deputy CISO role in 2007, eventually becoming statewide CISO in 2010. Avakian told StateScoop that Pennsylvania’s use of technology particularly evolved when CIO John MacMillan’s shared-services initiative kicked off in 2017.

“It really changed the whole dynamic, the whole culture,“ he said. “We’ve changed culture through this concept of cybersecurity as a team sport, where they don’t say somebody else needs to worry about that. They’re all part of that team. They all care and they all have skin in the game, per se. We’ve made so many accomplishments, so many projects have been successful.”

Avakian pointed to the use of screensavers and newsletters to advance cybersecurity awareness, as well as the rapid shift to remote work spurred on by the COVID-19 pandemic in spring 2020. He said the health crisis accelerated the state’s work in enabling remote work, which was made possible through security features like VPNs and multi-factor authentication.

Avakian also advocated for consistency in services, using airports as an analogy: The security process is the same regardless of destination or departure city. His departure coincides with a shift in many states to an “all-of-state” approach to cybersecurity in which the state government works with all levels of government and across sectors. Avakian said he’s seeing that in Pennsylvania, too.

“One thing I’ve learned about being a CISO is you’ve got to be a great collaborator, even working outside your comfort zone and working with people outside your organization,” he said. “The partnerships we’ve made with the local government, the counties, K-12 — those are all foundational to cybersecurity for not just the state agencies but for the entirety of Pennsylvania.”

Corrected Oct. 22, 2022: This story was corrected to reflect that the state’s shared-services initiative was officially started in 2017, not 2016.