The state appointed Ritter as CISO in February, following a stint as interim CISO that started in October. He has more than 30 years of cybersecurity and IT experience, including nearly nine years of service with Pennsylvania government.
Prior to becoming interim state CISO, he was deputy CISO, enterprise IT security risk manager, and a senior cybersecurity consultant. Before working for the state, he held a variety of cybersecurity roles in the private sector with organizations like 323 Technology Inc. and Bath Fitter.
Across both the public and private sectors, Ritter said, “risk is risk.” The difference, he said, is that in public service, government is responsible for delivering many critical services.
“The scale of the impact is greater here,” Ritter said, noting that residents should be able to access government applications at any time — and to do so securely.
One lesson Ritter learned during his time in the private sector is to stay in front of the threats whenever possible. A lot of businesses’ cybersecurity response has traditionally been a reactive one, he said, but over the past decade, the approach has shifted.
Today, cybersecurity officials have access to new tools including AI, although so do bad actors.
“From an adversarial perspective, we’re seeing a greater volume of attacks and more sophistication,” Ritter said, explaining that the advance of AI has contributed to this landscape shift by building capacity for offensive and defensive players. On the defense side, he indicated that AI holds promise in its ability to support incident detection and response: “We have to be faster, and we have to be more vigilant.”
The CISO’s priorities, he said, are the efficient delivery of services for residents and the security of identities and data.
“That is my objective, to be more outcome-driven, more so than focused on tooling alone,” Ritter said.
The state’s cybersecurity work is supported by investments from Gov. Josh Shapiro. These enable increased technological capabilities and improvements in identity management and multifactor authentication as the state works toward zero trust, said Dan Egan, director of communications for the Office of Administration.
Pennsylvania's Commonwealth Office of Digital Experience (CODE PA) has a unique mission focused on improving residents’ experiences within digital offerings; state leadership is investing in the office’s work to modernize government.
The CODE PA team helps to support Ritter’s goal of a proactive approach to security, he said, embedding it into the development process in the beginning phases.
In addition to working with CODE PA, the CISO said he will work with other agencies, local governments, groups like the County Commissioners Association of Pennsylvania, and federal partners to facilitate a coordinated approach to security.
Ensuring employees have access to modern technology and can work securely regardless of their location, he said, is a key priority.
“This is a team sport,” Ritter said.
