This Q&A is part of a new GovLoop series called "CIO Conversations." Through 2019 we'll feature conversational interviews twice a month with current and former federal, state and local chief information officers to get know the people behind the titles. You'll learn about the perks and challenges of their job, how they ended up in their current position, what's top of mind for them, how they've rebounded from setbacks and more.
In Massachusetts, the commonwealth's IT operations strike a balance between securing its infrastructure and improving services for citizens.
"We have a tagline: Get digital, get secure," said Chief Information Officer (CIO) Curt Wood. "It's a balance."
Wood sat down with GovLoop's Senior Online and Events Editor, Emily Jarvis, last month to talk about 2020 priorities, 2019 triumphs, cybersecurity and workforce retention.
The interview below has been lightly edited for brevity and clarity.
Courtesy of Mass.gov
GovLoop: What does your role entail?
So my position is a cabinet-level position within the administration of Massachusetts. I have responsibility for all IT services and procurement services, everything associated with IT for the executive branch of government in Massachusetts.
We have a consolidated IT organization, so we have eight other cabinet secretaries, such as Health and Human Services, Public Safety. Everything reports up through me -- I have executive sponsorship, and I control the budgets, things of that nature.
So a lot to put on your plate. As you're planning for next year, what's at the top of your priority list?
In preparing for this year and going into next year, cybersecurity is certainly at the forefront. We've been investing a lot of money over the past couple of years on that. That'll remain a top priority of our administration as we build out a security framework and continue to strengthen our position [and] start to build better approaches through collaboration, innovation and information sharing.
Of course, from a technology perspective, we're also really making sure we have a solution that addresses the commonwealth. My office has responsibility for over 150 agencies and 50,000 employees, but also, really, the 7 million residents of the commonwealth, from interaction with services and their data and privacy and things of that nature. So cybersecurity and just the security of our commonwealth are paramount.
When you say cybersecurity, does that mean your team is going into the identity and access management realm? Are we talking about securing networks, training or all of the above?
It's all the above. Where we're at right now is that we have a Chief Information Security Office within the office. We have responsibility for securing the infrastructure, securing the network, whether it be on-premise or in the cloud, the transactions within the network [and] all the data systems.
We have a responsibility to make sure we have the appropriate security awareness training and education for our employees and our contractors and vendors that work with us. We work quite a bit now with our municipality partners; we've started to do a lot more in information sharing, intelligence, threat intelligence and threat analysis with our local homeland security folks, our local state police, or our Fusion Center and our municipalities.
It's really about an approach and a program that we need to make sure is sustainable. So we've instituted identity access management [and] multifactor authentication. We've leveraged some new things with new content filtering on our websites. There's a whole lot.
We've been fortunate in Massachusetts over the past years to have access to capital funding to really invest [in technology]. We have a capital funding bond up in our legislature right now. We're working with our legislature and our administration. We have $135 million built into that plan for the next three to five years to really continue and modernize our infrastructure to secure [and] build best practices and guidelines, making sure that our leadership is prepared for the future in case a ransomware [attack happens] and things of that nature. So we've got an all-out effort across the board in our security program.
We like to highlight some successful projects and programs. Anything come to mind that you guys are really proud of for this year?
Yeah, I think that we've done a lot in our digital space. With Matt [Moran], my partner over here, we re-platformed our Mass.gov environment over the past year or so.
It's a continuing initiative that we're really working on to enhance our ability to provide a better experience when people interact with state government.
I think another area that we're really working on is identity access management [and] multifactor authentication.
We have a tagline: "Get digital, get secure." So, you know, it's a balance. We have to make sure that our infrastructure and our services are worked on, but also that we can improve the services for the people that need to reach out to us.
We've also done stuff with our training and our retention of IT staff. We've really worked hard to modernize our IT work titles. We've worked to incentivize our employees and have different and creative work programs to keep up with today's technology.
We've been in a transformation the last couple years and we have an older workforce and [one that is] starting to get younger, so we're trying to accommodate both. Folks today work differently than they did in the old mainframe days, so we're balancing that.
We have a dedicated IT recruitment team which I'm very proud of. We've been able to really identify folks in the field who are interested in working in state government for a few years, with the understanding that they'll probably move on at some point. But I think they get really good training, they get a good experience, they get a sense of what government is, versus, you know, just making money. So, I think those are some of the areas that I'm very happy with and very proud of.