Zero trust is absolutely essential to ensuring the confidentiality, integrity and availability of state data. However, weeding through the different flavors of zero trust, some which may not allow you to leverage your existing investments and infrastructure, is quite challenging, so having a consolidated picture or a standard for zero trust would be extremely helpful.
Maturing our cybersecurity practitioner pipeline is essential to be able to continue to support North Carolinians and the services they expect from government. Right now we have a significant gap in the amount of talent that is coming in through our pipeline from K-12, community colleges and universities. So if I could wave a magic wand, I would have a mature pipeline model that provides an education to a student graduating from high school, coming into a two- or four-year degree program, or transitioning from the military so that they get the education they need and in turn they give us an equal amount of time back in the public sector in cybersecurity roles.
Privacy is of the utmost importance in maintaining the trust that needs to exist between state government and the citizens we support. In recognition of that, North Carolina recently onboarded our first-ever chief privacy officer. Oftentimes jurisdictions have a dual-headed state CISO and state chief privacy officer, who does privacy functions as well, but in recognition of the different lanes that we travel that are parallel, that’s going to be a strategic advantage to North Carolina and it’s going to provide that assurance to citizens that their data is in fact protected when we are entrusted with it.
We have a whole-of-state approach to cybersecurity, and in modeling or providing services to our local governments, we first look at where the gaps are, where our most economically depressed counties are. If funding were no object, I would be able to provide them 24/7 support and visibility into the threats facing their environments and provide them tools they can use to see themselves and where they fit in North Carolina in a consolidated risk picture. We’re getting there, we’re not quite there, but we’re going to take advantage of funding opportunities as they become available to really push cybersecurity from Manteo in the east to Murphy in the west.