Three months after the departure of CIO Jason Allison and just weeks after the Florida Agency for State Technology (AST) was nearly defunded on Thursday, May 18, Chief Information Security Officer Danielle Alvarez will be heading out the door for a related post in the private sector, a spokeswoman said.
Alvarez gave her notice on Friday, May 12, and will leave state employ effective June 1, to join Tallahassee-based Hayes e-Government Resources Inc., as a cybersecurity strategist, AST Spokeswoman Erin Choy told Government Technology, noting that the timing is unrelated.
“I think that Mr. Allison had been a part of state government for over a decade and as with any natural maturity, you want to continue to challenge yourself professionally. For him, it was an opportunity that found him,” Choy said.
She said Alvarez’s move is a “great opportunity” for her to continue to build out Hayes’ cybersecurity practice, in a role that will have a degree of continued interaction with public agencies.
Choy praised Alvarez’s work in strengthening Florida’s security posture, helping the state adopt a cybersecurity framework designed to National Institute of Standards and Technology specs; and coordinating a week of onsite SANS Institute cybersecurity training several months ago for about 150 officials in three states, including more than 100 information security managers across state government.
“That was a very big win, a very big success for Danielle,” Choy said.
“Additionally her work with the Florida National Guard on hands-on, tactical cybersecurity training has been very well-received and is something we’ve done for a couple years now and will continue to do. We wish her good luck and we’ll miss her,” Choy added.
Allison left the public sector on Feb. 13 to take a position as director of public affairs at law firm Foley & Lardner — coincidentally also in Tallahassee.
AST, however, has had a bumpy decade, losing its funding most recently in 2012 before being relaunched in 2014 under Allison, on a mission to modernize and streamline the beleaguered office.
In November 2014, as that relaunch picked up steam, Allison elevated Alvarez, former manager of IT security and compliance for the Florida Department of Financial Services, to CISO as the agency released a strategic plan for security.
She had also previously served as lead senior IT auditor for the Florida Auditor General.
In a November 2015 interview with Government Technology, she said spotting cyberterrorists early and properly equipping the state workforce to combat them, is increasingly essential for public agencies.
“Staying informed of emerging threat trends (especially the tactics being used by bad cyberactors) is at the foundation of developing sound enterprise security strategies,” Alvarez said.
She added that spreading value enterprise-wide is essential “whether it be a service that benefits all state agencies or specified training designed to improve the state workforce’s ability to protect citizen data.”
The previous month, Alvarez had received the third-annual Thomas M. Jarrett State Chief Information Security Officer Scholarship from the National Association of State Chief Information Officers (NASCIO) — an award named for the organization’s past president, known for his passion for cybersecurity.
Alvarez, NASCIO said in a news release at the time, has worked “diligently” on state strategy, policy and process, through “all major IT silos, strategically positioning her to thread security into all operational platforms and processes,” and praised her work leading the Florida Cybersecurity Framework adoption effort, and a statewide risk assessment.
She was nominated by Allison, who said then in a statement that “with Danielle leading these initiatives, Florida is directed to a more secure and resilient future.”
Two years ago, Alvarez told Government Technology, AST was in the second year of its five-year plan to standardize agency platforms and finish State Data Center (SDC) consolidation along recommended industry standards.
“As the SDC continues to standardize, our ability to secure Florida will only improve. So, continued support in the Legislature is critical,” she said at the time.
That work continues, but legislative support is another matter.
On April 5, the Florida House Appropriations Committee approved legislation that would have ended AST again – just a week after the House Government Operations and Technology Appropriations subcommittee supported House Bill HB 5301 nearly unanimously, calling for the removal of AST’s management authority over the state’s data center.
Ultimately, however, policymakers forged a deal that included quarterly reporting requirements on system updates and new activity — but funded AST in the next fiscal year and widened its authority, allowing the CIO to appoint a state Chief Data Officer, and permitting the creation of a geographic information office.
Choy said Interim CIO Eric Larson is in the position as the state begins discussions about hiring a new permanent CIO.
The state will undertake a nationwide search to fill Alvarez’s position and will not appoint an interim CISO, Choy said.
“I know that Danielle is looking for candidates," Chou said, "as is Eric Larson, our interim CIO, for candidates who will continue in the collaborative fashion that Danielle has shown in her role."