Chief Information Security Officer, Pennsylvania
The days of cybersecurity as an insider’s game have passed in Pennsylvania. This is, in part, thanks to the work of Erik Avakian, the state’s chief information security officer, who has worked in the last nine years to both demystify the concept of cybersecurity, and gain a better understanding of the workings and vulnerabilities of various agencies so he can help make them less susceptible to security disruptions.
Speaking recently with Government Technology, Avakian described some of the key philosophies that have guided his work as CISO. He’s a firm believer, for example, that strong cybersecurity practices shouldn’t stand in the way of business objectives, but rather empower them to be successful.
One effort that illustrates this commitment is Avakian’s work on an identity and access management solution for the state that simplifies citizen interactions with the state online. The end game for the project is what so many in government strive for: an Amazon-like experience. Thirty applications are expected to go live in 2019. But central to the effort is security: a collection of usernames and passwords for different agencies is less secure, not to mention a poor user experience.
Pennsylvania CISO Erik Avakian has championed the Keystone Login Single Sign-On initiative, a modernization effort to simplify interactions between citizens and the state #govtech #cybersecurity @PennsylvaniaGov
Avakian views the Keystone Login SSO (single sign-on) initiative as a key component of any modernization effort happening at the agency level, offering tools and staff resources to smooth the transition. “It is definitely something the agencies need help with,” he said. “But we didn’t do it in a silo; we are all moving together.”
One of the longest-serving state CISOs in the country, Avakian has pushed in recent years for robust and results-oriented cybertraining for the 80,000-strong Pennsylvania workforce. Phishing programs aim to course-correct with specific guidance for those who click on bad links, while cloud-based tools help round out the effort to fortify the first line of defense — the workforce — against incoming threats. And cyberthreats are only getting more sophisticated, Avakian said. “When we look at cyber, it’s such a complicated topic that requires a team sport methodology. That is a recipe for success, and I’m really passionate about that.”