“I have four key objectives for the year: efficient and effective government, operational excellence, constituent experience, and cybersecurity and compliance,” Tardiff told Government Technology.
Achieving those goals includes driving cloud transitions and ERP modernization, moving toward a zero-trust cybersecurity approach and hiring and upskilling employees with an eye toward the skill sets needed to sustain IT systems long-term, Tardiff said.
Tardiff himself comes to the CIO and CDO role after 26 years’ experience “across all IT domains from tactical radios to cybersecurity.” He served in the Army and Rhode Island Army National Guard before joining the state. Former CIO and CDO Bijay Kumar named Tardiff chief of staff for the IT Department. Tardiff then became CISO and now holds the post left vacant by Kumar.
“I’m a Rhode Islander, born and raised, so I have vested interest in being successful in this role,” Tardiff said. “It’s our job to serve our constituents in the best manner that we can, and technology is going to be the way that that happens.”
CLOUD, MODERN ERP, AND WORKFORCE
Rhode Island is pushing toward a software as a service (SaaS)-first approach as it modernizes applications, Tardiff said. The state also has a cloud landing zone where it has been deploying and managing applications. The pandemic led to services related to COVID-19 and unemployment claims shifting to that landing zone, with more services to come.
Additionally, the state aims to abandon legacy systems — some of which are 25-30 years old — in favor of a modern ERP system. That should speed up business processes, letting staff serve residents more efficiently, Tardiff said. It will also mean Rhode Island has access to better data analytics and reporting to inform decision-making.
Phase one of the transition aims to see HR and payroll services go live in 2025. The ERP modernization also prompts the state to take a fresh look at employees’ skill sets.
Staff who maintain the current systems are nearing retirement. As the state looks to adopt a new ERP, it’s considering how the skills it’ll need on hand to maintain that system align with the skills available in the workforce.
“We’re trying to make sure that we keep pace with national trends as far as what type of training the current workforce is getting in our educational institutions and making sure our technology maps to that skill set and vice versa,” Tardiff said. “We don’t want to have this huge gap between what we have and what we can support.”
Rhode Island looks to a mix of contractors, managed service providers and employee hiring and upskilling to maintain and modernize its tech portfolio.
Valuable skill sets will include low-code and no-code application development and IT project management. The state also looks to ensure all IT employees understand cybersecurity.
CYBERSECURITY AND THE NEXT CISO
The state has been adjusting to reduce the cyber risks that come with remote work. That push has included investments in tools like those for data loss prevention, identity and access management (IAM) solutions and extended detection and response (XDR) for monitoring remote assets.
Rhode Island is participating in the State and Local Cybersecurity Grant Program and requested a one-year extension on using the monies. That’ll give the state time to finish its cybersecurity plan and submit it this summer.
“We’re hoping to align the state strategy with the intent of the grant program, which is zero-trust architecture,” Tardiff said.
That plan will likely call for conducting cybersecurity assessments of municipalities, so the state can determine which technologies each local government needs to help mature its defenses.
Also on the cybersecurity agenda: finding a permanent CISO. Tardiff is currently continuing to handle cybersecurity responsibilities with the help of staff while the state seeks a permanent replacement.
Tardiff said he can help the new CISO grow and succeed in the role. Based on his own experience, he recommends the next state CISO be “very mission-oriented.”
“You have to be willing to understand and communicate risk in non-technical terms, and just be ready to roll your sleeves up and work,” he said. “It’s a daunting task at times, it can be overwhelming, but it’s something that my peers across the country have been extremely successful at.”
