The State of Maine’s cybersecurity programs focus on business continuity, disaster recovery and threat prevention. As ransomware and other forms of cyber attack accelerate, they are working hard to keep their citizens’ data safe.
In this episode, join Presidio’s Dan Lohrmann and special guest Nathan Willigar, Chief Information Security Officer at State of Maine, as they discuss how he and his team have adapted to the growing threats in the wake of current global events. We also touch on:
- Addressing daily cybersecurity attacks
- Preemptive threat intelligence
- Attracting and retaining cyber talent
LISTEN TO THE FULL PODCAST HERE.
Addressing daily cybersecurity attacks
For many years, Maine has been the pinnacle of cybersecurity initiatives: Such as cyber grants, project initiatives, infrastructure, and centralizing technology and roles. A standard that many other states look to as inspiration for their own cybersecurity initiatives.
Through the past few years — in and out of the COVID-19 pandemic — cybersecurity threats have only increased; making initiatives more important than ever. Nathan highlights some of his team’s top accomplishments through the pandemic in an effort to show success is possible even in the most challenging times:
- Growth: Over the last four years, their team has grown leaps and bounds. Nathan credits this to the administration and Governor Mills putting a large focus on cybersecurity.
- Funding: By increasing their budget and leveraging the Coronavirus relief fund, the team has fueled a lot of their initiatives.
“Like other states, we’re looking to take advantage of the state and local funding. That’s roughly about 13 million over four years. That will help us develop a committee and start helping municipalities tighten up their security.” — Nathan Willigar
- Disaster recovery: The pandemic has been an eye-opening event that convinced the team to strengthen their business continuity and disaster recovery.
- Strategic plan: The team is making strides towards their 6-step strategy.
- Cybersecurity advisory council: The council has given recommendations to the administration on future advancements either through legislation, funding, tools, or partnerships.
Unexpected pandemic complications
The pandemic has been stressful for a variety of reasons that most people are already familiar with. But how exactly did it impact cybersecurity? It comes down to the rapid shift to a more remote environment.
All of a sudden, businesses couldn’t hide behind the firewall afforded to them by the physical building they worked in.
Nathan explains, “We had to really shift our focus on the endpoints, looking at how we can strengthen that, and making sure that our end users are protected during that engagement.”
Preemptive threat intelligence
With more, and new, cyber attacks taking place every day, many have found themselves unprepared for these attacks. With Maine remaining mostly protected against many of the malicious attacks that have occurred at a state level, what has Nathan done differently? It comes down to anticipating attacks, no matter what form they take, through threat intelligence.
The defense breaks down into two distinct areas:
Education: One of the major threats lately has been ransomware — a threat that exists primarily within email. Educating end users on the potential dangers of opening these emails helps ward off unfortunate situations.
Monitoring: Many threats could be dealt with if only they were found early enough. This is where monitoring comes in — identifying threatening behaviors and containing them.
Attracting and retaining cyber talent
Finding the right employees to work within the cyber workforce is a challenge felt everywhere. Nathan has found success by focusing on a few key areas of recruitment:
External: Looking to colleges and universities has been a steady channel that Nathan and his team have been able to pull from — offering internship opportunities, letting them get their hands dirty working on the security tools and being part of a group that defends every day.
Internal: There’s more than likely a group within your organization that wants to learn more about cybersecurity that already has a technical background.
Partnerships: Leveraging vendors for professional service can help employees improve their skills.
Budget: Without a strategic plan, developing your workforce will be a struggle.
For those interested in working with the State of Maine, there will be vacancies this fall. You can find more information at the state of Maine’s human resources website.
Breaking down silos in digital workspaces
Looking to the near future, Nathan’s most excited about the entire state approach towards cybersecurity. Without this participation, creating a true defense against these attacks isn’t possible.
“We’re all in this together, we’re your partner, and we’re going to centralize things because there’s not enough people to go around. You can’t do this in silos.” — Nathan Willigar
To hear this interview and many more like it, listen on Sounder, Apple Podcasts, Spotify, or our website or search for The Digital Decode in your favorite podcast player.