Where is Florida heading regarding cybersecurity in government? What are the top priorities and hot projects? Hear what the Florida state CIO and CISO have to say in this exclusive interview.
Over the past 18 months, we’ve held interviews with influential government technology and security leaders from across the United States. Previously we’ve focused on Chief Information Officer (CIO) and Chief Information Security Officer (CISO) leaders from North Carolina, Ohio, Washington State, Missouri, Minnesota, Pennsylvania, Mississippi, as well as several other important states.
And now, I am excited to be able to bring you an exclusive interview from the Sunshine State of Florida.
At the end of 2014, Florida Gov. Rick Scott officially named Mr. Jason Allison as the state’s chief information officer and executive director of the Agency for State Technology.
Mr. Allison had previously served as the acting CIO when the Florida Legislature voted to create the Agency for State Technology to give the state a technology oversight agency in July 2014. Florida had operated without a CIO or a central technology agency for more than three years following the defunding the Florida Agency for Enterprise Information Technology that was deemed too ineffective.
And the governor selected a man with excellent government experience to lead IT in Florida government. Allison previously served as the information technology policy coordinator in the governor’s Office of Policy and Budget from 2012 until July 2014. From 2011 to 2012, he was the CIO for the Florida Department of Business and Professional Regulation.
Prior to that, Allison served as a senior IT business consultant at the Agency for Enterprise Information Technology from 2008 to 2011, and he was the management information systems director for the Florida Department of Health’s Division of Disease Control from 2002 to 2008. Earlier this year, Mr. Allison was received the Statescoop 50 Award for excellent service.
The newly empowered technology leader in Florida’s has enabled a refocus of resources on key enterprise priorities, such as cybsersecurity. My interview with Jason Allison and Ms. Danielle Alvarez, Florida’s talented CISO, makes their cybersecurity message loud and clear.
Ms. Alvarez has been Florida’s CISO since November 2014. She previously held government roles as manager over the IT Security & Compliance Office and information security manager at the Florida Department of Financial Services. She was also the lead senior IT auditor for the Florida Auditor General.
I have worked with Danielle on several different occasions, and she is certainly a rising star in the state government CISO community, in my opinion. Danielle has a wide breadth and depth of security knowledge, and she shares great materials and insights on many social media platforms. Danielle also demonstrates a passion for cybersecurity that is contagious. She was recently recognized with a NASCIO security award in Utah.
Interview with Mr. Jason Allison, CIO of Florida
Dan Lohrmann: You have had a very successful career as a technology leader. Are there any secrets to your success?
Jason Allison – Florida CIO: I always want to surround myself with the brightest and most talented individuals. I’m fortunate enough to have led great teams in my career and the team at the Agency for State Technology (AST) is no exception.
Dan: Can you tell us about your role as the CIO in Florida?
Jason: The chief information officer sets IT policy and direction for the State of Florida. The state CIO is an adviser to the governor on technology issues. AST is focused on providing the best services for our customers. We want to offer services that assist agencies with carrying out their mission as well as helping them meet their business needs. AST is working to partner with its customers and also provide thoughtful leadership on enterprise IT opportunities. Working with the agencies, we have great insight to where efficiencies can be made and where processes can be streamlined. If it’s working for one agency, there may be a collective benefit for others.
Dan: What are your top IT priorities in Florida over the next few years?
Jason: We’re focused on meeting the needs of our customer agencies, enhancing IT security and continuing to identify opportunities for standardization and consolidation of IT services that support common business functions across agencies.
Dan: How important is cybersecurity in your daily role? How does cybersecurity interact with your priorities?
Jason: It’s always top of mind. It’s not if a cybersecurity incident will occur, it’s when. We have to be proactive when it comes to IT security and be ever vigilant as the threat landscape continues to change. AST is responsible for IT security training for the agencies and provides resources to support the IT security managers as they protect their environment.
Dan: How has security changed throughout your career? Is it more important today with big data, mobile computing and the cloud security challenges?
Jason: The bad actors have become more patient and the attacks have become more sophisticated. We now have to think about how to secure a variety of endpoints (i.e., mobile devices, tablets, etc.) in addition to the infrastructure in the data center.
Dan: As we head into 2016, is cybersecurity given a high priority by your governor? How do you see cybersecurity changing over the next few years?
Jason: It is. Gov. Rick Scott’s priority is to bring high-quality, high-wage jobs and companies to the state. Florida has seen a wealth of growth and innovation in the technology sector; including IT security. As the threats continue to evolve, we need to increase awareness about the potential cyber-risks and ensure we are making investments in resources and technology that will combat such attacks.
Interview with Ms. Danielle Alvarez, CISO for Florida state government
Dan Lohrmann: Tell us about your scope of responsibilities as CISO in Florida? How do you work with agency security officers?
Danielle Alvarez: The role of CISO in Florida is responsible for establishing IT security standards and processes for executive branch state agencies. These responsibilities include establishing security rules and working with the state’s Fusion Center to establish processes for detecting, reporting, and responding to IT security incidents, breaches and threats. In addition, working with agency security managers is critical to the success of our mission. To promote this collaboration, we host monthly meetings to discuss various IT-security-related topics, offer various training opportunities and partner with state and federal entities to host exercises and workshops targeted at enhancing security practitioner capabilities.
Dan: How do you stay ahead of the ever-changing cyberthreat environment (personally and as a team)?
Danielle: Staying informed of emerging threat trends (especially the tactics being used by bad cyberactors) is at the foundation of developing sound enterprise security strategies. I am a member of several national and international organizations that fund research and development practices designed to strengthen cybersecurity. I leverage these resources, as well as the knowledge that many of my colleagues have amassed over the years, to stay most up-to-date.
Dan: What’s hot right now regarding your role? Where are you spending your time and what keeps you up at night?
Danielle: Detection capabilities are critical; as well as ensuring that our workforce is properly armed to mitigate targeted attack campaigns. I am constantly working to bring enterprise value to every effort we undertake; whether it be a service that benefits all state agencies or specified training designed to improve the state workforce’s ability to protect citizen data.
Dan: How has security evolved over the past decade? What’s different (and the same) today, as compared to a decade ago?
Danielle: Attackers have become more agile and their attack patterns have become more evasive and intelligent. This has elevated the role of security. Security has always been a facet of each IT domain -- from infrastructure to application development; but now, more attention is being given to make sure the domain teams are talking and collaborating up front.
Dan: As we move forward with the Internet of Things (IoT) and smart cities, how do you see security playing a role in innovative new technologies?
Danielle: Security will need to be demystified so everyone is able to protect themselves and their data. There are so many devices that transmit data. We are only beginning to imagine how this can enable and enrich our everyday lives. Everyone will need to know the tools to protect their information.
Dan: Is there anything else you’d like to share about your cybersecurity program and upcoming projects?
Danielle: We are noticing increased attention on cybersecurity. Agencies and legislators are now looking to us for guidance and using us as a resource. AST is in the second year of our five year plan to finish the standardization of the agencies platforms and complete the State Data Center (SDC) consolidation utilizing the recommended industry standards. Last year, Florida received much-needed legislative support for our program and continued growth. As the SDC continues to standardize our ability to secure Florida will only improve. So continued support in the Legislature is critical.
Dan: My thanks go out to Jason and Danielle for taking the time to answer my questions. I certainly wish them the best of success as they lead Florida's technology and security efforts.