IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Arkansas CISO Gary Vance Talks Early Progress, Long-Term Goals

Following the departure of former CISO Nolan Leatherwood in April 2021, Gary Vance has stepped into the top cyber position. He shared the challenges inherent to a jump to the public sector and key initiatives underway.

Gary Vance stepped into the role of Arkansas’ chief information security officer in April 2021 after the departure of Nolan Leatherwood. In the months following his appointment, he has set his sights on securing the state data center and training personnel to spot threats.

He was originally hired by the state in March 2021 as a senior security architect to manage the security platform of the state’s new data center, according to Alex Johnston, chief of staff for the Department of Transformation and Shared Services, part of the Division of Information Systems (DIS).

“My No. 1 priority is to improve the overall security posture and maturity of studying cyber defense practices and capabilities,” Vance told Government Technology.

As CISO, his responsibilities have shifted, but he is still focused on the data center modernization effort and is working on building its integrated security framework, which he hopes will be implemented early next year and fully operational by the third quarter.

Another key focus is building cybersecurity awareness throughout the government. With phishing emails ever on the rise, he underlined the importance of security awareness, training and policies to combat the challenge.

He will draw on his 24 years of experience in cybersecurity, which includes a variety of roles in the private sector — most recently, with Acxiom.

“It’s very fulfilling, because I really do feel like we’re making a difference, and that we are protecting state critical infrastructure and state sensitive data,” Vance said.

He noted that state agencies are faced with challenges in recruiting skilled cyber professionals, as they often are not able to offer the salaries candidates might find with private companies.

Another initiative underway, Vance said, would create a governance risk and compliance framework, establishing clear security policies, governance and compliance to help the state deploy services securely.

Since Vance started in the CISO role, Gov. Asa Hutchinson announced in July 2021 his appointment as one of 12 members of the state’s newly formed Arkansas Cyber Advisory Council. It was created to manage risk and improve the state’s response to cyber threats.

Vance describes this council as a direct pathway to bring proposed programs directly to the governor’s office, removing some of the “red tape” that can traditionally slow progress.

The council meets quarterly, he said, but can be convened for additional meetings if needed.

Former CISO Leatherwood departed from the role in April 2021, Johnston stated. He was appointed in July 2020, after having served as the interim CISO since April 2018. Leatherwood still works at DIS in a team lead role for the Unix support team. He has been working for DIS since 2001, when he began as an intern.
Julia Edinger is a staff writer for Government Technology. She has a bachelor's degree in English from the University of Toledo and has since worked in publishing and media. She's currently located in Southern California.