IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New Vermont CISO Has Extensive Federal, Private-Sector Resume

John Toney, the new chief information security officer for the state of Vermont, replaces Scott Carbee, who stepped down in August to join the University of Vermont as ISO. Toney spent more than a decade at the U.S. Secret Service.

Vermont Capitol.
Vermont has appointed John Toney to serve as chief information security officer, according to a press release received from the state.
John Toney
State of Vermont

Toney replaces Scott Carbee, who was named the state’s permanent CISO in January 2020, after serving as interim twice during two years; his first day as CISO was Monday. Carbee left state employ in August to become information security officer at the University of Vermont, according to his LinkedIn profile. Deputy state CISO David Kaiser has served as acting CISO since Carbee’s departure.

This appears to be Toney’s first state-level information security role; however, he has nearly 20 years’ experience in IT. That includes more than a decade as a special agent with the U.S. Secret Service, specializing in “network intrusion crimes and critical systems protection” per the news release.

Toney served on “multiple protection details” at the White House, the U.S. Naval Observatory and at Department of Homeland Security headquarters, the state said. And from 2007-2009, while at the Secret Service, he was the lead of the Philadelphia Electronic Crimes Task Force, according to LinkedIn.

“Effective security is more than an IT responsibility, it’s a team effort,” Denise Reilly-Hughes, Vermont CIO and secretary of the Agency of Digital Services, said in a statement. “We are fortunate to have John help in advancing Vermont’s security priorities of protecting state services and Vermonters.”

After leaving the Secret Service in June 2014, Toney served as director of forensic investigations at KPMG US from 2014-2015; then reprised the role, adding incident response, at Ernst & Young from 2015-2017, according to LinkedIn. He was director of security operations at EY in McLean, Va., from 2018-2021; and, most recently, was global chief information security officer at City Electric Supply in Dallas, Texas, from 2021-2023.

“It’s no secret that everyone is facing increasing cybersecurity threats, including state government,” Gov. Phil Scott said in a statement. “It’s critical we are vigilant and prepared, and John brings a wealth of experience to help lead our efforts.”

Toney will help the state develop strategies for bringing new technologies like artificial intelligence into state processes and departments, Vermont said in its news release, indicating he “has been instrumental in architecting and building global security teams across five continents.”

“The appointment positions the state to secure a professional of unparalleled caliber, ultimately safeguarding our digital assets, and preserving the trust of our constituents,” the state said in the news release.

Editor’s note: This article has been updated with a photograph, and additional details on the CISO’s tenure and background.