He will leave his role as Missouri's cybersecurity point man at the end of the month.
One of the longest-serving state cybersecurity leaders will leave for the private sector at month's end.
Michael Roling, who has served as Missouri chief information security officer (CISO) since 2009, will depart Sept. 28 to become a lead technical project manager for a private software company. Though Roling declined to reveal the name of the company, he did say he would remain in the state.
Roling has been heading up the Missouri Office of Cyber Security (OCS), a department recognized for its creative and innovative approaches to safeguarding state government networks from hackers and others seeking to sow disruption.
“I have thoroughly enjoyed my time as CISO and will always look back at this period in my life fondly,” he told Government Technology.
He cultivated the Office of Cyber Security from a staff of five to now 20, and helped to usher in a culture shift around cybersecurity that places the onus of protecting the state’s data on everyone — ranging from cabinet-level officials to frontline workers.
“Back in the early days there was a belief that a small number of IT security staff were ultimately responsible in keeping Missouri’s data safe. Now, elected officials, cabinet-level members, project managers, social workers and data entry clerks alike understand that they play a tremendous role in cyber,” said Roling.
Stephen Meyer, deputy CISO, will assume the role of acting CISO, CIO Rich Kliethermes said, and there are no immediate plans to begin a national search to fill the position permanently.
“I have the utmost confidence in the baton being passed to deputy CISO Steve Meyer to lead OCS as the acting chief information security officer,” Kliethermes added via email.
Kliethermes lauded Roling as a dedicated and valued public servant.
“He’s done a tremendous job in building our current Office of Cyber Security, and has put a tremendous team in place, and has set the road map for them to carry on,” he said.
“Mike’s vision and leadership had prepared our Office of Cyber Security to continue the execution of Missouri’s four-part cybersecurity plan,” he continued.
Roling has been employed by the state of Missouri since 2003 but has also worked in the private sector with the likes of AT&T and Anheuser-Busch.
In the nine years Roling has been in the role, he has picked up a number of accolades, including being named to Government Technology’s 2017 Top 25 Doers, Dreamers & Drivers, where he was part of Team Missouri alongside Kliethermes, and Deputy CIO for Operations Steve Siegler.
Part of Roling’s work in Missouri involved developing an effective cybertraining regimen for state employees — an increasing target for phishing and other cyberattacks.
“They understand the potential weakest link in any government is going to be that end user, so they’ve been going after them extremely hard with sophisticated phishing attacks,” Roling told Government Technology in 2016.
The shoring up of vulnerabilities and an eye toward cyberdefenses will continue to be an ongoing focus for all IT agencies, and Missouri is no exception, Roling said.
“I don’t foresee the concern tailing off anytime soon as people’s lives will rely on digital systems if they don’t already,” he added, calling attention to emerging technologies like self-driving cars, digital public safety systems and more. “In addition, for many businesses and governments, paper backup processes for various functions don’t exist. In other words, critical processes must rely on IT for delivery.”