Jim Edman, who’s served as South Dakota’s chief information security officer since 2009 and worked for the state government for nearly four decades, will step down next week as he prepares to join the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency as one of its new statewide coordinators.
In an interview with StateScoop, Edman called his years in state government a “worthwhile experience” that gave him opportunities to work on many different IT functions, including application development and building out network infrastructure.
“There were lots of challenges, lots of good people,” he said. “The good far outweighs the bad.”
Edman joined what’s now known as the South Dakota Bureau of Information and Telecommunications as an IBM mainframe programmer in 1984, after graduating from the University of South Dakota. He said that environment looked much different than it does in 2021.
“The IT industry has come along way from a mainframe and green-screen terminal,” he said. “Today, I’m sitting at home at my desk connected securely to state government doing pretty much anything I could do in the office.”
‘A greater concern’
Edman recalled working on projects that had “immediate statewide impact.” Those included South Dakota’s 1996 effort to wire every K-12 school — across 176 districts — and state university building for internet service. That project, which put South Dakota on track to be the first state to connect all its schools to broadband, was performed largely by inmates of the state’s prison system. Later, Edman also played a role in the the 1999 creation of a data center and email services for the state’s school districts, he said.
Edman made the jump to CISO about a decade later, when South Dakota’s chief information officer at the time, William Zolnowsky, asked him to organize the state’s cybersecurity operations into a consolidated program. (The state had consolidated mainline IT operations in 1995.)
“It was becoming a greater concern,” Edman said. “It was 2008, and the CIO asked me if I was willing to organize the cybersecurity efforts across our department.”
Edman was named CISO the following year, and his purview expanded from just IT to a wider scope of government functions.
“It’s not an expense. It’s an investment in business,” he said. “In protecting your data, your intellectual property, all those pieces that are critical. If you’re going to be a successful business whether it’s government or private sector, you’d better have a secure environment.”
‘Spreading the gospel’
Edman’s last day with the state government will be June 8; he’s scheduled to begin with CISA on June 21. As one of the agency’s new state coordinators — a new position created in a defense authorization act last year — Edman will serve as a risk adviser and liaison to any organizations in South Dakota’s public or private sectors who may want cybersecurity assistance from the federal government. The agency is in the process of hiring a coordinator to represent it in every state and U.S. territory; in March, its acting director, Brandon Wales, said about 25 had been recruited so far.
“In the CISO role you’re spreading the gospel of cybersecurity across state government,” he said. “In this new role the audience is expanded to pretty much any entity in the state of South Dakota. That could be municipal governments, banks, hospitals, a hardware store or restaurant. If you’re going to have an online presence, you need to be able to protect that environment.”
CISA’s state coordinators are meant to be guides to the federal government’s suite of cybersecurity services, including malicious domain blocking and reporting services, domain name system and email filtering, vulnerability scanning and incident response and recovery.
Edman said that in his new job, he’ll aim to provide “some pretty valuable services.”
“Whether it’s a one-time assessment or recurring vulnerability review, there’s a lot of items on the menu to make folks aware of and hopefully they’ll see it an extension of assistance from us and not a big brother role,” he said. “It’s intended to fortify our IT infrastructure.”