Cybersecurity

New York State CISO Karen Sorady stepping down

Karen Sorady, the state chief information security officer, will step down after joining the state's IT agency in 2012.

December 15, 2021

New York State CISO Karen Sorady (New York State Office of Information Technology Services)

Karen Sorady, New York State’s chief information security officer, is stepping down from her post after “an honorable time in the saddle,” state Chief Information Officer Anglo Riddick announced on LinkedIn Wednesday.

Sorady, the state’s top cybersecurity official, joined the New York State Office of Information Technology Services in a directorial role in 2012 and began serving as acting CISO following the departure last year of Deborah Snyder. As state CISO, Sorady was responsible for protecting the state’s IT infrastructure, coordinating statewide policies on IT security and standards and running cybersecurity programs, such as awareness training and the state’s Virtual Cyber Security Conference.

New York State represents one of the most expansive cybersecurity challenges in the public sector, encompassing an organization of nearly 277,000 full- and part-time staff.

State officials did not respond to requests for additional information, such as who will replace Sorady.

In a press release for the state’s cybersecurity conference earlier this year, Sorady noted the importance of intersectoral collaboration.

“Cyber security awareness and education is still our most strategic defense to evolving cyber threats,” Sorady said. “The Annual Conference allows government, the private sector and the community to discuss the latest intelligence and mitigation strategies with industry leaders while collaboratively working towards cyber resilience for the State of New York.”

In October, Sorady supported Gov. Kathy Hochul’s support of Cybersecurity Awareness Month, commenting that “every individual” is invested in protecting their “digital footprint.”

“There is a growing dependency on the use of technology in every aspect of our lives and with that dependency comes risk to confidentiality, integrity and availability,” Sorady said in a press release. “Therefore, we must all understand our role in managing that risk. Cyber Security Awareness Month provides an excellent opportunity to focus attention on good ‘cyber hygiene’ practices that will help users safeguard their identity, devices and information.”

New York is among the states taking cues from the federal government on how to administer cybersecurity. During an online event in November, Riddick said White House directives on security don’t come with instructions on how to apply them to the state level, but his organization follows along anyway.

“I have the benefit of my general counsel to take a look at this guidance,” Riddick said. “Generally we parallel federal government with regards to regulations, policies and rules.”