Top 17 State & Local Cybersecurity Leaders to Watch
If you ask a government IT leader what his or her top priorities are, it almost always starts with cybersecurity.
Its become such a default answerthat some dont even bother discussing it anymore they know the work they have cut out for themselves and would prefer to talk about something else.
But chief information security officers dont want to hear that. As Montana Chief Information Security Officer Lynne Pizzini says, Its all about security.
In a space that moves so fast and affects so many, two of the most common challenges named by security workers are the feeling of isolation in knowing that they face all these threats alone from their resource-constrained, staff-limited offices, and a general feeling of being overwhelmed by the new varieties of cyberattacks that are discovered each day.
This list is not onlya celebration of those in state and local government who work constantly to keep critical information and systems secure, but also a means of connecting this federated community of IT security professionals who are often too busy to share what theyre thinking and working on with their counterparts across the country.
Creating an ultimate list of state and local cybersecurity professionals was beyond the scope of this project. Instead, this is across-section of governments best state and local cybersecurity talent, assembled through StateScoop’s own stories and reporting; fromthe recommendations of leaders across the state and local government technologyindustry; and by the suggestions of nonprofits and associations across the space.
There are dozens more cybersecurity leaders across state and local government doing great work.Is there one that should be on our radar?Let us know.
Frank Andrews
Chief Security Officer
State of Arkansas
Whats your current position and how did you get there?
I was introduced to IT about 25 years ago while working for a large claims management corporation in the Midwest. I found it interesting and decided to pursue a career in the field. I had originally been hired as an auto expert to verify vehicle information for valuation purposes, but I couldnt shake my fascination with IT once I was exposed to it. I was fortunate enough to get experience in a number of technologies and start down the path as an IT professional. Fast forward to 2006, I was hired as a systems analyst by the State of Arkansas. Shortly after coming on board I picked up a new assignment to set up the network and systems for the incoming governor. We transitioned the staff into office and I was asked to stay on as their IT administrator. In that role I managed email, domain and network services for the administration. From servers to cellphones and all points in between, as well as cybersecurity. I remained in that role for 6 years. When the previous state CISO retired in 2013 I was asked to take on my current role by the state CIO.
Whats your biggest ongoing project?
We are currently studying data center optimization/consolidation and it will be a big initiative for the next few years. We expect to start work in that area early next year. As far as currently running projects, I would have to say that our monitoring system is the biggest. We have built out our SIEM that monitors the state WAN and we are constantly automating functions to provide improved visibility and response without increasing headcount. Ticketing, alert notifications and resource allocation are a few of the areas we have successfully addressed. We have also developed our own behavioral analysis piece to address insider threats and the use of compromised credentials. We are also working towards extending our SIEM as a common platform for outside agencies to allow for real time sharing of threat intelligence among agency stakeholders.
Whats the best cybersecurity decision you ever made?
I feel that the best decision I made was to end our once-a-year cybersecurity training sessions and go to a bimonthly lesson that is subject-specific. The training is administered in smaller cohesive pieces and the bimonthly cadence is keeping awareness levels higher. I always feared that the training sessions we had in October, for Cybersecurity Month, were being forgotten by January or February. I have seen the positive results of the change in methodology and I routinely have employees stop me in the hall to make positive comments about the current training. We have made a number of strides forward in cybersecurity, but having a better educated workforce is the one that I expect to continue to pay dividends over the long run. We have recently secured a grant that will allow us to extend the same training to all executive branch employees of the state, so I expect the positive results to spread across state government.
Erik Avakian
Chief Information Security Officer
Commonwealth of Pennsylvania
Whats your current position and how did you get there?
I am currently the chief information security officer for the Commonwealth of Pennsylvania. I lead security policy, governance, risk, compliance, and incident response efforts encompassing 46 agencies in the governors jurisdiction. I joined the commonwealth back in 2005 as an IT security contractor to work on a major security initiative. I became a commonwealth employee in 2006 and deputy CISO in 2007 after taking on additional responsibilities. I have been in my current role since early 2010.
Whats your biggest ongoing project?
Our biggest ongoing project is the implementation of our Keystone Login Portal. The primary goals of Keystone Login are to enhance the way our citizens interact with the commonwealth, provide them with a more seamless and user-friendly experience across all agencies, reduce costs by eliminating duplicative efforts, and enhance security by applying industry standards across all agency applications.
Whats the best cybersecurity decision you ever made?
I feel its the decision to come to work for state government in the public sector. I have a strong passion for security and believe in supporting the greater good. This job lets me do both by enhancing cyber security for the citizens of Pennsylvania. Im also very fortunate to have a highly talented team of dedicated security professionals in our Enterprise Information Security Office focused on the efforts. Working with them makes it a joy to come to the office every day.
Aaron Blackstone
Chief Information Security Officer
Texas Department of Public Safety
Whats your current position and how did you get there?
I am currently the chief information security officer for the Texas Department of Public Safety. I started out enlisting in the Texas Army National Guard while I was still in high school.I then joined ROTC at Sam Houston State University while obtaining a computer science degree. After graduation, Iwent to military intelligence school and then worked for the Army Research Laboratory in White Sands. After there I worked for 5th Army in San Antonio and was the ISSO for the Houston FBI field office. At this time I transitioned from the Army to the Air Force as a Cyber Operations officer. I was on a two-year deployment and upon my return started working for DPS.
Whats your biggest ongoing project?
Building the Cyber Security Division from scratch. It has been a long and rewarding road that I am privileged to have under my belt. The amount of knowledge gained from building something from the ground up is priceless.
Whats the best cybersecurity decision you ever made?
It is always a challenge on how to divide your resources and invest funds. I found that investing in people versus tools was the best decision I have ever made. Often we invest in tools forgetting that they are only as good as the person utilizing them. It doesnt matter how good the tool looks and all the wonderful things it can do. If your personnel dont know how to utilize it, then it is an expensive bullet on a PowerPoint.