August 1, 2014, was my last full day as Michigan Government's Chief Security Officer (CSO). As I look back at seventeen years of action-packed public service, I will remember the wonderful people who made it all possible and who served (and continue to serve) our citizens so well.
Michigan "Bat Cave" -- Photo Credit: Charlotte Allen
In early 1997, I saw an advertisement in a Detroit newspaper online for a government director of technology job in the Michigan Department of Management & Budget (DMB). At that time, I was working for ManTech International as a Technical Director in northern England. I knew it was a longshot, but I sent in my resume and cover letter.
It was one of the best decisions I ever made.
Looking back, I realize that Rose Wilson, who was the Department’s Chief Administrative Officer at the time, took a big chance on this overconfident young man who was living overseas - and one of 65 applicants.
After I interviewed by phone and visited Lansing in person, I was selected by a an interview panel led by Rose, who made me want to work for her because she was so smart and yet so very kind.
Rose became much more than just my boss. Over three years, she taught me how government runs, the inner workings of budgets and project management and the high calling and importance of state government service in the daily lives of ten million Michigan citizens. Later, when I moved on to other roles in government, she mentored me.
Dan Lohrmann with Rose Wilson in 2014 - Photo Credit: Charlotte Allen
Those early years were all about the Year 2000 (Y2K) remediation efforts. But for my career, the interactions and important relationships built across twenty state government agencies became a solid foundation for what was about to happen over the next decade.
In 1999, I was one of 20 agency-specific CIOs. At that time, I began to work closely with Michigan’s enterprise-wide CIO, George Boersma. George, and his team with experienced leaders like Tom Fogle, taught me the importance of standards, statewide policies, effective project management and the benefits of collaboration with other states and our federal partners. At George’s urging, I got involved with the National Association of State CIOs (NASCIO) as well as other national technology associations.
A New Millennium
After we survived the Y2K bug, the “e-everything revolution” began. I moved to Governor John Engler’s virtual government team under Stephanie Comai, who was the director of e-Michigan, in 2000. Eighteen months later we launched the first state “dotgov” portal (Michigan.gov) with a common look-and-feel, one color scheme, content management system, a reduced number of clicks to get to any content, our first attempt at a single sign-on (but SSO is still not truly real 14 years later), and most of all, an organized approach at how to access government online and not inline. This was a huge change from every government division doing their own websites.
I learned so much from Stephanie, and her executive team which included Peyman Zand. They truly understood how to get things done on-time and on-budget in government. This was my first real experience with a team that had the Governor’s trust and who delivered world-class products. I also was given more opportunities to select and manage excellent industry partners, like IBM and Deloitte, on large state contracts.
And then, like most Americans, I can clearly remember that day. On September 11, 2001, I was in an e-Michigan staff meeting on the first floor of the Romney Building when someone yelled: “A plane just hit the World Trade Center (WTC).” We watched as the second plane hit the second WTC Tower.
Over the next year, the implications for the security of our nation became clear. What also became clear was that our significant state government investment in online services needed to be protected in an entirely new way. I made the case to the Governor’s team that we needed a new Chief Information Security Officer (CISO) to lead a consolidated security team within the new Michigan Department of Information Technology (MDIT).
My background with the National Security Agency (NSA) in the 1980s and experience with enterprise-wide e-government provided me the skills to be selected as Michigan’s first CISO. I relied heavily on advice, support and encouragement of Michigan leaders like as Rose, George, Stephanie and others in my new role with no precedent.
A New Governor
After the election of 2002, Governor Jennifer Granholm, who was a Democrat, took office in January 2003. She appointed Teri Takai as Director of MDIT and the State CIO. I have written extensively and truly benefitted from my years with Teri, so I won’t repeat all of that here.
(Here are a few of the articles and blogs about (or quoting) Teri – from CSO Magazine when she went to California, a Govtech.com interview article on FirstNet and a kind quote from her in ComputerWorld.)
Needless to say, Teri taught me many things, including the importance of being an enabler in security. She led our consolidation and technology realignment in Michigan during a decade when we were cutting budgets every year and doing more with less. She went on to lead California and the US Department of Defense (DoD) global technology efforts as CIO, so that speaks for itself.
Brigadier General Mike McDaniel became the Governor's Homeland Security Advisor under Governor Granholm, and he was a big support to our cyber program - helping with many cyber grants during a time of tight budgets.
We successfully responded to the Blackout of 2003 and many virus outbreaks during these years. As our IT Department's emergency management coordinator, I started working more closely and building a strong relationship with Michigan State Police (MSP) and leaders like Kristie Etue in the State Emergency Operations Center (SEOC). Col. Etue is now the Director of MSP.
It seemed like we had 1-2 big computer security incidents each year, but our excellent teams always seemed to rise to the challenge. In fact, the best staff shined the brightest when responding to major incidents. We also participated in Cyberstorm I, II, III and IV and many cyber national exercises.
Highlights during this period included our new relationships with the MS-ISAC and CISOs from around the country and world. Will Pelgrin, Mark Weatherford, Elayne Starkey, Mike Russo and many other security leaders became trusted friends and the MS-ISAC Executive Board launched numerous cyber efforts that are still running today.
We helped write or comment on many ground-breaking national cybersecurity strategy documents, like the National Strategy to Secure Cyberspace, the National Infrastructure Protection Plan (NIPP) and Sector Specific Plans for the IT sector. We participated in several public/private sector coordinating councils run by DHS, like the IT-GCC.
I also learned a lot and grew in my CISO role during the years that Ken Theis led MDIT as our State CIO, after Teri went to California. Ken built great customer partnerships, and his experience as an expert project manager also allowed as to work to deliver major government projects in community health, human services, criminal justice, transportation and other critical areas.
In 2009, Ken asked me to take on a new challenge as the State Chief Technology Officer (CTO) when Pat Hale left for Sparrow Health System. Leading 750 staff plus additional contractors and running a $200 million budget was another stretch goal, and a great opportunity, for me. We were able to usher in cloud computing and transform our service delivery with a great team that worked well together on consolidating and improving datacenter operations and customer service.
We established great relationships with the Department of Homeland Security (DHS), becoming the first state to pilot EINSTEIN, to monitor networks like our federal partners. Great partners like Cheri McGuire from DHS moved on to Microsoft and later Symantec, but we kept great relationships with Carlos Kizzee, Kelvin Coleman, Jordana Siegel and others.
When Ken moved to the private sector, Phyllis Mellon became our department director. Phyllis was an expert administrator who had been a chief deputy director in several agencies. She had a distinguished career in state government. I reported to Phyllis for several years, and she helped me understand how I was viewed by different business areas regarding customer service. She stressed the importance of doing lunch with agency leaders and strengthening partnerships across the consolidated infrastructure, security and application development teams.
Governor Snyder Takes Office
In 2011, Governor Rick Snyder, a Republican, brought a new focus to technology and cybersecurity in the state. With his background as CEO of Gateway Computers, he understands the opportunities that technology can bring to improving outcomes and the lives of Michigan citizens – and the risks that cyberattacks can bring.
David Behen became our State CIO in February 2011, and he brought an immense amount of entrepreneurial spirit and experience from the local government level. He vastly improved our relationships with counties and other local entities, while championing customer service excellence with agencies.
David also convinced me to stay in Michigan government and move back to running security. I became the Chief Security Officer in October 2011, with a charter to go where no state or local government had ever gone before. Best of all, our Governor was behind us all the way – even leading many security efforts.
In under three years, we established a new Michigan Cyber Initiative, built exciting new cyber training for 50K end users, public/private technical staff and 10 million citizens. We merged physical and cybersecurity into one office, built a cyber disruption response strategy, established the Michigan Cyber Civilian Corps and held a series of cyber roadshows and great cyber summits with global leaders. Another exciting cyber summit is coming in November 2014.
We also rebuilt our Security Operations Center and other cyber operations to run with new tools and upgraded functionality in a 24x7 world of cyberattacks.
We also developed new ties with the National Governor’s Association (NGA), when they established the Resource Center for State Cybersecurity, led by Governor Snyder and Maryland Governor O'Malley.
DHS’s new cyber leader Phyllis Schneck, who came from McAfee in the private sector, has been a good Michigan partner for many years. Also, White House leaders in cybersecurity like Howard Schmidt, Michael Daniel and Cheri Caddy have also closely partnered with us in Michigan over the past three years.
It’s All About The People
No doubt, our cyber teams have worked on numerous exciting projects over the years, with hot technology and high visibility. We championed very important initiatives and struggled through some long outage days and even some hectic weekends.
Nevertheless, it is the people that I will remember.
I was truly blessed to be a state employee for seventeen years in a variety of roles. I was honored with the opportunity to serve both Republican and Democratic administrations and to lead numerous technology and security transformations. Most of all, I will remember the wonderful people who made it all possible – many continue to serve our citizens so well.
As I think back over 17 years, I remember Rich Reasner who was on most of the teams that I led. Rich is an outstanding public servant who deserves to be recognized as such. He works long hours, nights, weekends and more, and his dedication is seldom matched by anyone anywhere.
I think of Charlotte Allen, an excellent administrative assistant who organized my work life. She really ran the office and freed me up to focus on important priorities.
I think of Jason Nairn, who moved on to become the Director of the Homeland Security Simulation Lab at Concordia University Portland. Jason built the physical security team and program to become one the finest in the world.
I’ll remember Pat Hale, Lynn Draschil, Eric Swanson, Andris Ozols, Ric Tombelli, Deb Stanaway, Leon Hank, Tina Richardson, Neil Slagle, Mike Binkley, Rock Rakowski, Judy Odett, Karen Tarrant, BG Michael Stone and so many others who performed great work in Michigan Government for so many years.
I think of the great teams in the “Bat Cave,” (our Security Operations Center). The Bat Cave has become a minor league incubator for upcoming cyber superstars. Many cybersecurity experts have risen out of the Bat Cave, and more are coming. (Yes, I’m sure.)
Dan Lohrmann with Rich Reasner July 2014 -- Photo Credit: Charlotte Allen
Names like Mike Montecillo, Joel Weever, Brenda Fantroy-Johnson and Trent Carpenter – people who started careers with our cyber team and moved on to run cybersecurity operations for HP, IBM, AT&T and Sparrow Health System.
This wider family of government staff is what I am so thankful to God for. I was blessed way beyond what I deserve. These people truly care, and they will continue to be in my thoughts and prayers.
To The Next Cyber Generation: Consider State Government Cyber Career Opportunities
I realize that these names and group acronyms mean little to most people around the country who are reading this blog.
(And I didn’t even elaborate on our vendor partners, regional conference organizers like ESD, SecureWorld, and government digital summits, private sector critical infrastructure colleagues, other federal and local partners, Michigan InfraGard, NASCIO staff, CDG leaders, Merit Networks leaders who run our Cyber range, state agency pros or numerous others who make up our Michigan cyber ecosystem.)
But my message to young college students, or recent grads who are reaching for the stars or even mid-career experts who are looking for something different to do, is this: Consider a career in public service.
State government brings so many opportunities that the private sector cannot offer. Besides the service to the community, the breadth and depth of challenges and opportunities to grow are truly amazing.
Dan's going-away reception -- Photo Credit: Charlotte Allen
I have served both federal and state governments. I have no regrets, and many great memories of traveling around the world as a government official.
In government service, you are a part of a mission that is much greater than yourself or financial profits alone.
Thank you Michigan Government – and a very special thanks to the people who helped me, and who help so many citizens, each and every day.
Note to blog followers: I will continue blogging next week for Government Technology Magazine in my new role with Security Mentor, Inc.
Never miss a story with the daily Govtech Today Newsletter.