Drake will become the next CISO for the University of Central Florida, according to Ohio Department of Administrative Services (DAS) officials. Prior to joining Ohio in October 2022, Drake was chief privacy officer and director of cybersecurity governance at The Ohio State University for more than four years.
Drake’s final day with the state is Friday.
Matthew Hemker, deputy CISO for Ohio, will step in as interim CISO, state CIO Katrina Flory said.
“Holly has been a tremendous asset as State CISO for Ohio since February 2023,” Flory wrote in a message to the Ohio Office of Information Technology provided to Government Technology. “Under Holly’s leadership, OISP [Ohio Information Security and Privacy] has reinforced the concept that cybersecurity is a shared responsibility between agencies and OISP, as well as deployed new cybersecurity tools and services with a customer focus. We will miss her and wish her well on her new adventure.”
Drake was recently awarded the National Association of State Chief Information Officers’ Thomas M. Jarrett Cybersecurity Leadership Award, which calls attention to the essential role CISOs play in state cybersecurity work.
“Holly is an impressive leader who is committed to fostering innovation while securing the state’s digital environment,” Kathleen C. Madden, director of the Ohio Department of Administrative Services, said in a statement recognizing the award. “She is a valued member of our leadership team who has made significant contributions to the state’s efforts to evolve and strengthen our cyber practices and protect the state’s systems and citizen information.”
The Office of Information Security and Privacy within DAS works to protect the privacy of Ohio residents and secure the state’s government systems. Drake has been at the center of developing the state’s cybersecurity, privacy and compliance initiatives, state officials said.
Hemker has been leading the agency information security officers and “Red Team” and is responsible for guiding agency implementation and monitoring information security and privacy activities at state agencies, Flory said.
“He has significant experience in incident response and collaboration with other state and federal partners to develop strategic plans related to securing critical infrastructure in the state of Ohio,” she added, in her message to staff. “Matt also serves in the Ohio Air National Guard in Cyber Defense Operations. Congratulations to Matt and thank you for supporting him as he dives into this new role.”
“While she [Drake] leaves big shoes to fill, I am up for the challenge and look forward to leading the Office of Information Security and Privacy, working with our state partners to defend state systems from threat actors and ultimately securing services to Ohio citizens,” Hemker said via email.
