Wisconsin Chief Information Officer Trina Zanow told StateScoop that as her division continues to modernize applications and bolster its workforce, new technologies, like generative AI, are entering her discussions.
Zanow said that while some of her top priorities include improving collaboration between agencies and launching services that make it easier for residents to do business with the state, Wisconsin must increasingly consider how new technologies are interacting with tasks like hiring technology talent, offering training to employees and launching new services.
In a recent interview, Zanow, who’s served the state government for more than 25 years, shared details about the state’s search for a new cybersecurity chief, workforce projects and Gov. Tony Evers’ order last month for a task force to study generative AI’s potential risks and opportunities.
Colin Wood: Hi Trina, thank you for taking the time to meet with me and share some of the technology projects you’re working on in Wisconsin. To start off, what’s one of your key focus areas right now?
Trina Zanow: We’re thinking about digitization and changing our services so that it aligns more with breaking down the silos of our organizations and presenting more joint efforts and joint opportunities as we collaborate with the agencies. Several years ago, we did a one-stop business portal and it was multiple agencies that got together and really created this vision of if somebody is coming and wants to create a business in the state of Wisconsin, how do we make that easy for them? That project kind of broke down the silos amongst those different agencies. We’re trying to do more of those types of projects.
What about cybersecurity? I know you lost your chief information security officer, Alan Greenberg, this year.
Yeah, April, May timeframe he left. So we’re in the middle of hiring a CISO right now. We’re in the middle of the interview process. And hopefully, fingers crossed, we find a good candidate.
Security is obviously another area that I don’t feel like you can ever do enough in that space, from managing day-to-day, but then also thinking about the state as a whole. And how do we educate? How do we communicate? How do we make sure people have resilient pieces and parts in place? Certainly the federal grants opportunities that are out there, we’re helping to manage that and waiting for approval of year-one funding. We’re just waiting for final CISA and FEMA approval, and then we’ll deep dive into implementation for years one through four.
What does the candidate pool look like for your CISO hiring? Do you mainly look for people who’ve held CISO roles elsewhere or are you casting a wider net?
You don’t have to have been a state CISO. Those are few and far between. But having an aptitude and understanding of the complexity of cybersecurity, I think is super important. And management of relationships is so key — somebody who has those federal relationships, somebody who has state relationships, or has been put into roles like that, is something that we’re looking for. It’s important for us for that person to not only have a connection with our team internally, but also with all of the parties that we work with, because we are as good in numbers as we are individually.
Recruiting and retaining IT staff has been as much of a challenge as ever for many states, if the National Association of State CIO’s most recent annual survey is accurate. Is this the case in Wisconsin?
We are getting a lot closer, I think, to our HR department and doing a lot of listening sessions about what’s working and what’s not working. We’ve been having a lot of discussions about how do we reach some more diverse areas within the state. And we have this theme “anywhere in Wisconsin,” as part of our workforce mantra, because people can work remote and so we can reach some of the places that we haven’t traditionally been able to reach before. You don’t have to live in Metropolitan Milwaukee or Madison to work for state government.
Are there any groups you partner with for hiring?
We’re trying to connect and collaborate with the school systems, so whether that’s meeting with K-12 and working with our Department of Public Instruction to talk about how curriculum and how do you introduce technology and cybersecurity? We’re trying to connect some of the federal dollar opportunities with our Department of Public Instruction so that if you want to teach something like cybersecurity, we’re ready with a curriculum and trainers. We’re doing it in a pilot setting with I think 10 different school districts right now.
Is there anything special you’re doing in terms of workforce strategy?
Our internship process has been going strong in one of our areas for 10 years now. We saw on the mainframe space, for example, that we weren’t able to find people, so we shifted the type of people that we were looking for. We are looking for people who have an aptitude for technology, but we’re looking for business people, people who understand financials, we’re looking for people with soft skills who can come in and we can teach them the tech. And we’ve seen some of our more senior people really get jazzed and excited about the opportunities.
I know you have some optimization efforts underway. Does generative artificial intelligence fit into your plans?
There are some people who are excited, and there are some people that are super cautious about it. Our governor announced a task force to look at the landscape, understand what this means to us, what it might mean to our workforce, where do we need to educate? What are some of the guardrails? What are the technology challenges, or advancements? How do we take advantage of some of that, because the pipeline of workers is dramatically decreasing from what we used to have. And so we have to think about automation in different ways than what we have done traditionally. And certainly AI is going to be a portion of that.
It’s a useful tool.
It is a useful tool, but you know it’s just as useful for bad actors out there who are using it for evil. I just got a communication earlier today about how deepfakes are becoming stronger and stronger. You have to also put some logic to it and make sure that you are using it for good and that you don’t open yourself up to new risks. And unfortunately, I can’t even at a state level control who has access to it. We’ve been having some conversations about similar to what other states, like how could it help with procurement? How could it help with writing certain things? My team certainly is exploring to figure out what those use cases are.
I think it’s inevitable we’ll have accurate deepfake videos and other generated content that is nearly impossible to distinguish from the real thing. I think you should be working on a trusted way to authenticate the source of information.
I agree with you. I think how to check fraud is going to become harder and harder and harder. We’re doing a My Wisconsin ID project where we’re trying to collapse all of these IDs. Understanding where AI is going, how do we validate some of the information that we’re asking for, while also still not making it super complex for the end consumer to do what they need to do? It’s associated with what’s the level of risk to the data? And what data are they getting access to? Or what data are they submitting? And, and how do you validate those types of things?
ChatGPT is being used to draft more convincing phishing emails, too.
Those emails have less spelling errors, less grammatical errors. Some of the traditional things that we tell our business customers be paying attention to — that’s getting harder. I saw a phishing email shared on LinkedIn and literally, I read that I read the email probably five times and I couldn’t figure it out. One of the letters for an “a” was slightly different than the rest. Everything else looked fantastic. And I was like, wow, how do you tell that to a person who is busy with their normal day to day life? Those are hard for them to check.
This interview was edited and condensed.