North Carolina’s top cybersecurity official, Maria Thompson, stepped down from state government last Friday after six-and-a-half years as its chief risk officer.
Thompson, who was hired to the position in 2015, accepted a private-sector role, the North Carolina Department of Information Technology confirmed to StateScoop.
Her resignation was first reported in an interview with Dan Lohrmann of Government Technology magazine.
Thompson joined the state government after a 20-year career in the Marine Corps, during which she was among the branch’s first group of cybersecurity personnel, ultimately retiring as its first cybersecurity and information assurance chief. She also had a private-sector stint between her military service and joining state government.
As North Carolina’s chief risk officer, Thompson often advocated for a “whole-of-state” mentality in protecting securing IT and infrastructural assets, an approach that resulted in closer collaboration not just between agencies in Raleigh, but with local governments and the education and private sectors.
She also led the North Carolina Information Sharing and Analysis Center, an operation modeled on the nationwide Multi-State ISAC, to share intelligence with local governments that are expected in turn to report incidents and indicators of compromise.
“State is in our title, but state doesn’t necessarily just mean state agencies,” she said last year during a National Association of State Chief Information Officers webcast.
Thompson also said last year that as responding to ransomware attacks — particularly against schools struggling to operate through the COVID-19 pandemic — became a bigger part of her job as she increasingly incorporated the North Carolina National Guard and “strike teams” of local IT officials into the state’s reactions.
Recently, Thompson received a StateScoop 50 Award for her cybersecurity leadership.
In addition to her remarks on cybersecurity strategy, Thompson has also spoken frequently about recruiting more women and people of color into IT and related fields, especially in the public sector.
“If you wake up in the morning and everyone you work with looks the opposite of you, you’re not going to think that’s a welcoming environment,” she said at a NASCIO event in 2019.
Thompson was particularly active with CyberStart, an annual national talent search and competition aimed at getting high-school students to consider educations and careers in information security. In recent years, she also aimed to invite students who’d been through North Carolina’s juvenile justice system to participate in the event.
Thompson could not be reached for comment about her departure. Rob Main, who was her deputy, will serve as acting chief risk officer, NCDIT said.