“I have a lot of fun taking the IT terminology out of it,” he said, “speaking in a way that people can relate to.” This role as coach and educator has been a constant for his entire career.
O’Neill joined the Executive Office of Technology Services and Security (EOTSS) in 2018 as deputy general counsel. He was named to his current role in 2022.
Since then, he has worked to build Massachusetts’ particular brand of a “whole of state” approach to cybersecurity, creating a network of internal information sharing, meeting regularly to discuss current threats and risk mitigation strategies. It’s a platform that’s taken time to build but has strengthened the state’s defenses by encouraging a sense of shared mission between security professionals within and outside of the executive branch. There’s now a subcommittee devoted to identifying and managing risks tied to emerging technologies, including AI. This work couldn’t come at a better time — Massachusetts announced a workforcewide partnership with OpenAI in February, equipping staff across the commonwealth with an AI-powered digital assistant.
Central for O’Neill at the moment is the ongoing development of heat maps at EOTSS and at the agency level too, where they identify the most pressing threats to each group’s critical business applications. “In a very complex organizational structure where you’ve had historic silos, this work can be challenging,” he said, though he’s confident in the risk and security leaders who are digging into it, enhancing their visibility into their risks so they can better manage them. He’s also grappling with vulnerabilities stemming from third-party suppliers — an oft-cited challenge by CISOs nationwide. And while he’s proud that the state’s overall cyber posture has matured in recent years, it’s not a static field.
