Mission isn’t everything — leaders also need tools, Texas CISO says

Government IT leaders often downplay the importance of which tools they use or even technology in general, choosing instead to focus on the importance of their constituents and agency customers. But Texas Chief Information Security Officer Nancy Rainosek says that selecting the right tools can make a big difference when it comes to cybersecurity.

“Leaders need to understand that investing in tools can help them secure their information,” Rainosek says in a recent video interview.

Texas was highly detail-oriented when it responded to a widespread ransomware attack in August that crippled the computer systems of 23 local governments across the state. Texas Chief Information Officer Todd Kimbriel told StateScoop in October that it was through use of its state operations center, a statewide incident response plan and an emergency declaration that allowed the state government to respond and recover the communities within a week.

“Often times, historically in the past, leaders have chosen to just focus on mission and not necessarily tools,” Rainosek says. “It’s important to understand and have a paradigm shift in this regard because security is part of your mission.”

She admits that mission is important, but adds that if details are neglected it can compromise service delivery and the mission will fail.

“When you have the lack of ability to perform your services because of a cybersecurity breach, some ransomware and some kind of security issue, then you can’t perform your mission, therefore it’s important to have that paradigm shift,” Rainosek says.

Rainosek on government’s attack surface:

“It’s increasing. As new technologies come on and it’s easier to connect, the attack surface increases and it adds more risk to the organizations.

Rainosek on balancing data with security:

“First off, I think agencies need to understand the information that they’re gathering, collecting and make sure they’re only collecting the things that they need to collect.

Rainosek on how the cloud affects data security:

“We have standard configurations depending on the classification of the data that’s going to the cloud so that we can help our customers be prepared and secure their data as they move to the cloud.”

These videos were filmed at the Fortinet Security Transformation Summit, produced by FedScoop and StateScoop, on December 3, 2019.