Ep.139 Building a Secure Future: Building North Carolina's Cybersecurity Talent Pipeline

Joe Toste [00:00:38]:
Today we have two special guests. Rob, main chief risk officer for the state, North Carolina, and welcoming back Jim Weaver, secretary for information technology and state CIO at North Carolina. Rob, welcome to Tech tables.

Rob Main, Chief Risk Officer, State of North Carolina [00:00:51]:
Welcome to the old north state. Joe.

Joe Toste [00:00:53]:
I love it, Jim. Twice in one day.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:00:56]:
I love this. How could you be so lucky?

Joe Toste [00:00:58]:
I am really a lucky man. I am really a lucky man. Okay, so in true Rob Maine fashion, we have to start with two truths and a lie. And for the audience out there, we're really going to test you out right now. So here's the first one. Jim Weaver. I'm going to start easy. Jim Weaver loves the Yankees so much, he has a jeter license plate on his car.

Joe Toste [00:01:22]:
Okay, so truth or lie? Okay, so we got some truths at NASTD in New Orleans. I went out with a group of folks from Texas, strolled around down Bourbon street, where Ed Kelly, the chief data officer, got lost in the crowd with a band of singers. And a man next to him was holding a snake. Truth or lie? An old friend of Jim's, Sindhu Menon, former CIO for the city of Raleigh. You might be wondering, how do I know her? And now the CIO for Harris county in Texas. She thinks Texas barbecue is better than Carolina. Now, which. Which one is false? Number three.

Joe Toste [00:02:06]:
Number three, you're right. That is actually, she told me, she said, I actually don't eat meat at all.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:02:14]:
Okay. So we had a little inside knowledge on that. Now, we were sorry to see Sindhu go back to. Actually, that was her former job before she actually came here to the city of Raleigh. But she was a great partner here while she was here.

Joe Toste [00:02:27]:
Yeah, she was really great. I was trying really hard just for some scheduling. I was actually even trying to get her on camera to record here just a little bit. She was going to have a message for you, Jim, but unfortunately, we just couldn't get the timing to work. But her podcast will come out probably in September, so we look forward to that one. And before we jump into today's podcast episode is sponsored by Sentinel one. Sentinel one redefined cybersecurity by pushing the boundaries of autonomous technology with its singularity XDR platform. Sentinel one is the leader in endpoint protection and beyond.

Joe Toste [00:03:00]:
Check out Sentinel one at Sentinel one. Okay, Rob, so I recently had Tim Roemer, the state CISO in Arizona, and Nancy Ranisack, the CISO for the state of Texas, on at our Phoenix event. And Tim had mentioned that cybersecurity is homeland Security. That got me thinking about a really great quote from. I think either Nancy had said it, but it was basically cybersecurity is national security. I know a number of folks are saying that now with the importance of cybersecurity top of mind for many governors and CIOs and CISos across the country today, could you maybe just talk about two to three examples of the cyber pathways partnership that you're helping to lead in North Carolina and what you hope to achieve with that?

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:03:39]:
Sure.

Rob Main, Chief Risk Officer, State of North Carolina [00:03:39]:
I'll go ahead and describe it in two distinct ways. One, the internal partnerships that we're cultivating throughout the public sector, and then those necessary external partnerships without whom the program would not be successful. So starting with the internal partnerships and diving more into, first of all, the creation of our IT Strategy board back in 2019, that affords DI T and Secretary Weaver an opportunity to be informed and help drive strategic direction for programs affecting North Carolinians across technology lines. So through that body and through the collection of internal stakeholders that are a part of that body, we're able to come up with a good means by which we go to mature, create that cyber pathways initiative, and make sure that it accounts for all the resources that we have in North Carolina at our fingertips through either the community colleges system or our great university system. So those internal partnerships are absolutely essential to making the Cyberpathways initiative a success. Now, as we move forward and see this pathway mature, we're going to be dependent upon our public private partnerships that we'll be able to develop with IT firms or firms that are interested in participating and providing internships and apprenticeship opportunities for the North Carolinians, whether the Be high school students that are entering into the cyber pathways program, transitioning military members or spouses that are coming off of active duty at a North Carolina base and entering into the program, or also just career transitioning folks. So those external partnerships will provide valuable and necessary experience to the individual as they are going through their educational programs leading to public sector service.

Joe Toste [00:05:30]:
Yeah, that's great, Jim. Governor Cooper encourages high school students to explore cybersecurity careers throughout the state through friendly competitions. I got to believe this is just up your alley. I think you got to love this. Are there any cybersecurity ideas for high schoolers or college students in the back of your pocket that you're in the process of implementing or would love to implement in North Carolina during your time as state CIO?

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:05:52]:
Yeah, we talked about it a little bit earlier. So cyberstar in America is a great opportunity for us to get high school students introduced into cybersecurity. As we talked about, it's a little bit of capture the flag, but at least it doesn't require any background. You just basically sign up and participate. And here in North Carolina, we've been very fortunate. This year alone, we had over 1500 students from 162 school districts here participate in North Carolina. And we had 24. Right, Rob? 24 national scholar winners, three of which were repeat winners from the year before as juniors as well.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:06:26]:
One of those juniors, Miss Emily Chan, one is a junior, got so entrenched into cyber and excited about Cyber, where she reached out to her state senator and asked her state senator, how can I help my state? And that was just awesome to have that type of an opportunity to work with an individual like that. She came to our building, Rob got her interested, talked more to her. She brought some classmates. They've now started a cyber club. Rob was working with them on Wednesday afternoon. In fact, I went to his office one afternoon, talked about going into the office, and he's on a Zoom call with their cyber club, talking through what vulnerability management looks like and why that's important. And it was just great to see that Emily even agreed to do some videos for us to promote the Cyberstard America more for us, which is why we got more people participating this year as well. So we're really trying to tap into that young talent that's out there.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:07:17]:
And what was really interesting is last year's winners, we were able to arrange an hour with the governor where, unfortunately, we were still kind of coming out of the COVID protocols, so we couldn't do it in person. But it was interesting when we had each student introduce themselves, what school they were, and then why were they interested in cyber? What guide them, kind of. And it was just amazing. From my family personally got hacked, and I just want to be able to do something to one young gentleman who spoke four languages already. Four, he put it. I only speak four languages only. Yes. But he was tired of spam callers, and it was kind of his interest to one student admitted that I just wanted to hack my dad's phone to one was, I do believe there was one young man who thought that there would be a cool way to maybe meet some girls.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:08:09]:
I mean, it was interesting, the myriad of reasons why, but they were all engaged with the governor, and the governor's call to them really was around. If you're going to go ahead and pursue this career, and we encourage you to do think about your state that you're going to be able to go off in the private sector someday and be able to make some really good money, but think about your state. And if you could come and help us for three to five year kind of timeframe, that would be phenomenal. And like I said, one student in particular, Ms. Chen, just kept going, and now I believe she's going to be dual enrolled between UNC at Chapel Hill and also at Duke University. So that's the kind of caliber of people and talent that's sitting here in the state of North Carolina. Now, we have a lot more to do because most of our national scholar winners were all within the 30 miles radius of Raleigh. North Carolina is a big state from coast to from border to border, and we have to do a better job of outreach and really starting to engage our western communities here in North Carolina and along the eastern seaboard as well.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:09:08]:
So more work for us to do there. But every year we've been improving so far. Very fortunate to have Governor Cooper be interested in cybersecurity, as he was very willing to sign and formalize executive order two five four, which formalized the joint cyber task force. Every cabinet meeting, he's looking to me for an update on what's our cybersecurity posture looking. And he's made it very clear that Rob doesn't like to hear this, that cyber is my number two priority, because broadband is my number one priority. But nonetheless, he is very interested in what's going on in cybersecurity and wants to be very helpful. And then on the other side, the General assembly as well, is understanding the importance of cybersecurity and is an engaged partner as well. So we're very fortunate in that regard.

Rob Main, Chief Risk Officer, State of North Carolina [00:09:45]:
Joe and I know we're going to get into talking more about the workforce piece and the cyber fellows piece that were as a strategic priority for our it strategy board. But I want to call attention to how we don't want to simply target the counties or the k through twelve s and the human resources, which are the most valuable resource in the whole cybersecurity pipeline itself, and any cyber defensive posture that you can think of. But we also want to ensure that every North Carolinian, not just those in our more financially capable counties with higher tech schools, we want to ensure that everybody is able to come along for the ride in a very inclusive way.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:10:25]:
And I think to that point, I'm glad you brought that up, Rob. As part of our digital equity literacy and enablement program, there is a component of cyber training, because the last thing we want to do is get people connected and then have them get victimized. So we're really working very hard to get a curriculum together for cyber training. So as we are getting more and more people connected to the digital highway, they have an awareness of what's out there and don't fall victim to the nefarious actors.

Joe Toste [00:10:51]:
Yeah, Rob, I caught that. There's a short clip of you, maybe it's 45 seconds on Govtech, about improving the talent pipeline to boost North Carolina cybersecurity. And I actually want to go a little bit deeper on that because I think it was a really great insight that was brought up, and I was kind of curious around how are you starting to track and measure each stage of that pipeline? What are you seeing right now in North Carolina that you like knowing that that pipeline is going to take a long term perspective? A long term. I mean, we're talking high school, college students. It's gonna take time for those kids to develop into adults. What are you seeing right now at each stage that you like through the talent pipeline?

Rob Main, Chief Risk Officer, State of North Carolina [00:11:27]:
So there's a number of different ways that we can measure our success. The secretary Weaver hit on a few of them. The number of participants in Cyberstard America and our ability to communicate that pathway and the opportunity presented by that particular competition. I think it's important to call out the progress that we've made in North Carolina just from 2020 to 2021, increasing the number of participants by 34%. Increasing the number of national cyberscholar designees from 18 to 24. That may sound like a small number to you or to your listeners, but that's quite significant for North Carolina as we continue to communicate the cyberpath way and we push more information out to North Carolina. I'm hoping, personally to see that number skyrocket well above the 1562 folks that participated for North Carolina. And as I just mentioned earlier, ensuring that every county in North Carolina has the ability to participate as well and has students that can be pushed towards that program.

Rob Main, Chief Risk Officer, State of North Carolina [00:12:35]:
So in addition to the participation within the Cyberstared America program, we also want to look at how the school systems, and this is a partnership opportunity with our state Department of Public Instruction, how cyber clubs are being rolled out, and not necessarily even limited to cyber clubs, but rather STEM programs that might lead to careers in cybersecurity. So that's a partnership opportunity that we can see develop with our Department of Public Instruction to begin really tracking that and giving us something to measure the success of the program against. Now, longer term, looking at the number of STEM related programs, not only in the k through twelve s, but also in the community colleges and university systems, we want to ensure that wherever the students are in an earlier podcast, it was mentioned, go to where your staff are in terms of workforce, health and hygiene. We need to go to where the students are, where the opportunities exist to extend inclusivity in programs related to cybersecurity. So ensuring that the community colleges have a curriculum that meets the needs of the areas that they serve. And also the flip side of that, we can't just think about getting more students into the pipeline. We also have to consider the faculty needed to teach those students and the increasing demands in North Carolina. At last check, there were over 21,000 vacancies in North Carolina related to cybersecurity positions, and that number is only going to grow.

Rob Main, Chief Risk Officer, State of North Carolina [00:14:12]:
We have to have a sense of urgency and we have to really be thoughtful and be able to measure our success of the program so we can make the necessary adjustments in the future.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:14:21]:
So as we talked about, the pathways program that Robin and some of his colleagues are working on, I mean, obviously we're looking at UNC system for four year programs working with our community college system. And North Carolina has 58 community colleges here that are phenomenal and very talented. I mentioned Fayetteville Tech in the earlier podcast. Just some of the work they're doing, not in the cyber it arena, but some of the other things that I've saw mortuary affairs as an example. It's just awesome what they're doing down there and working with first responders. So we have that. But we also need to bridge the gap because we don't necessarily need students with two year or four year degrees to come into the program. So as they're coming out of high school, what's that program look like? That maybe until they're ready to go to community college, maybe they're ready to go to a four year school.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:15:10]:
But we can still employ their talents because as we know our children today, compared to when we were kids, it's night and day, right? I can still remember the rotary phone. I hate to say that. Yes. You may not know that. Mr. Yeah, I was at Yankee Steam in 2009. But anyway, I have two grandsons. And if you look at our grandchildren, they're already using technology.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:15:33]:
It's second hand nature to them. So let's take advantage of that. We were just recently, North Carolina has a, it's called lady Cardinals, but it's an intern program for women to introduce them into state government. We've had been very fortunate to have a young intern working with us who wants to be an FBI profiler as an example. But she's there working in the it arena. So I think there's ways for us to start engaging that group and maybe bridge that gap a little bit. And maybe it's now at a point where you don't necessarily need to have a formal education. It's more about aptitude of learning and being able to do certifications, because I think that's more relevant today than it is necessarily not minimizing formal education.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:16:14]:
Please. That's the takeaway. But that can catch up the, that's.

Rob Main, Chief Risk Officer, State of North Carolina [00:16:18]:
Why the apprenticeships and internships are so valuable, and that's where it's going to be, going to take that public private partnership to help really take full advantage of the resources that we have in North Carolina. To Emily Chen, who secretary Weaver mentioned a short time ago. I exchanged emails with her this week. She's still very excited. She shared with me about her dual enrollment between the University of North Carolina and Duke. But I think it really calls out one particular thing. Not only are students such as Emily rising to meet the challenges of public service and in areas of their own comfort level or expertise, but the relationships matter. Lost in a lot of technology conversations are the soft skills that you need to be effective leaders, whether you be in cybersecurity or data or network operations.

Rob Main, Chief Risk Officer, State of North Carolina [00:17:13]:
So forming that relationship with not only Emily, but her fellow cyber scholars that did spend some time with us, that we walked them through what a day in the life of a cybersecurity professional might be. It makes an impression on them. They made it and surely made an impression on me and my staff. So I just want to mention that relationships matter. If we just present a program that's just cold and it doesn't really provide an opportunity for growth, and it's just a place to go work and then go home, that's not going to get it.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:17:46]:
And if I remember correctly, in the day they came to us, they were here at 08:00 in the morning. How many teenage kids do you know of that are at 08:00 in the morning? Excited to come. And over the summer, that wasn't a mandatory school day they were getting out of. It was during the summer. So it was just awesome.

Rob Main, Chief Risk Officer, State of North Carolina [00:18:01]:
And Joe, they brought their parents. Some of them brought their parents with them. So that was a true testament to the involvement of parents of kids that want to get into the cybersecurity field again. Relationships matter.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:18:13]:
Yeah.

Joe Toste [00:18:14]:
No, I love that. I've actually thought about. I've had this idea in my head, and I'm waiting for the right relationship. I want to do a couple of podcasts at high schools. And so I'm kind of waiting to see there's a number if some other high schools across the US aren't opening up. I'm just going to do it. The high school I coach at because I can do it there. But I think it would be a blast to actually have.

Joe Toste [00:18:34]:
I mean, you just bring a bunch of food and you get 500,000 high schoolers to show up. You just bring food and people show up. I think that's an idea that I have. I love the relationship piece. If it's a cold, hard program, no one's showing up. But if they're involved, they're involved when they're bringing their mom or dad, their mom or dad showing up. So I've got a friend, Chris Winnock. I know, mandy knows, and he was on episode 72, cyber warfare in the public sector and is lieutenant colonel and CIO.

Joe Toste [00:19:04]:
I have the 36th Infantry Division. But I think he got promoted. I am very sorry, Chris, that I got the wrong one, but I'm pretty sure he got promoted recently. He had texted me. We were texting back and I said, hey, I've got Jim and rob coming on. And so he was really excited and he got back to me immediately and really fat. And it was a deep question. I was like, I don't really understand how to answer this question, but I'm going to put it down.

Joe Toste [00:19:26]:
So he texted, know what? He considers the secret sauce to achieve unity of effort within the state and federal, local government and the private sector. And his question was, how does North Carolina build the interlocks with all of the critical infrastructure and stakeholders to synchronize the efforts at the tactical, operational, and strategic levels towards the state's vision for cyber woo, Chris.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:19:52]:
Boy, is this where we say we have a force multiplier that enhances our defensive and cyber attacking operations and we establish a common cop for now.

Rob Main, Chief Risk Officer, State of North Carolina [00:20:02]:
So resiliency is absolutely essential in modeling statewide force that we have here in North Carolina. And I'd like to go into the foundation of that joint cybersecurity task force if I could. And then we'll lead into what formalization looks like and how we bring our federal partners involved to achieve the necessary interactions and synergies that make North Carolina's JCTF effective. So many years ago, the North Carolina National Guard Cybersecurity Response force was engaged to perform a security and compliance assessment against a state agency here in North Carolina. It was the first of its kind. It was approximately ten years ago. And from that moment forward, there has been a very intentional effort to seek opportunities to expand the roles of the National Guard, get the necessary person power in place where they can to take on a greater statewide mission. Fast forward to several months ago in January, approximately when Russia was amassing forces on the border with Ukraine.

Rob Main, Chief Risk Officer, State of North Carolina [00:21:09]:
This was eye opening for several states. This was eye opening for North Carolina. This is a geopolitical situation that could potentially have North Carolina impact. What resources do we have in place? What do we have at the beck and call in the event that a significant outbreak of incidents occurs? So with that and through the support of Governor Cooper and Secretary Weaver, we were able to formalize the Joint Cybersecurity Task force for a number of different reasons. And I'm going to go into executive order two, five, four, as secretary Weaver mentioned a short time ago. But the formalization of our joint Cybersecurity task force is a very important piece of our effectiveness. First of all, it allows North Carolina in areas far flung from Raleigh, the state capitol, that provides them an awareness of what the Joint cybersecurity task force is. If you're a smaller municipality, one of the 300 plus municipalities in North Carolina, or you're a smaller, underresourced county of one of the 100 in North Carolina, sometimes you may not know that there is this force in Raleigh or spread out throughout the state that can assist you in the event that your domain controller gets totally encrypted, or if your email server goes down, or if your public facing Internet presence is unavailable due to a DDoS, a distributed denial of service attack.

Rob Main, Chief Risk Officer, State of North Carolina [00:22:35]:
So with that formalization, it provides an awareness to North Carolina and also allows us to create partnerships with our critical infrastructure and key resources entities here in North Carolina. Those of us on the east coast very painfully recall the inability to get fuel for our vehicles several months ago as it related to the colonial pipeline hack. So within North Carolina, we are very interested in developing those partnerships with critical infrastructure and key resources partners. So we have visibility into the threats that are facing them and they have visibilities into the threats facing us to strengthen our information sharing with those partners to ensure that the services that exist within local governments that provide capabilities to North Carolinians are protected in the best way possible. Three areas of encouragement within executive order two, five, four that are worth mentioning. The first area is encouraging our critical infrastructure partners to provide us details of their public facing web environment so we can proactively help them monitor. The second is for them to report in a strongly encouraged way the occurrence of incidents. And the third is to strongly encourage those entities on the critical infrastructure side to allow the Joint Cybersecurity task force to come alongside them in incident response and recovery activities.

Rob Main, Chief Risk Officer, State of North Carolina [00:23:58]:
The goal here is to ensure that North Carolina life safety is at the forefront and that we assist with the return of service for those partners that wish to participate in the most expeditious way possible.

Joe Toste [00:24:11]:
Awesome. All right, we're going to open this up.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:24:13]:
I was going to say drop the microphone there. Right.

Joe Toste [00:24:16]:
I always like to give it a little bit of a pause. I thought Secretary Weaver was going to fill that.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:24:21]:
No, actually, and for those that are in the National Guard, every state has what's called the SPP program, a state partner program. North Carolina's two assigned countries is Botswana and Moldova. And it's funny that last year we were working with Moldova remotely. Actually, we were supposed to go there in person and actually do a cyber assessment, working with the Moldova defense ministry until the geopolitical activity kind of derailed that a little bit. But as we were going through our exercise last year with them remotely, they kept coming back to, what can you tell us about the colonial pipeline that resonated even over in a european nation like that? So the profoundness of that incident here, as well as obviously the impact it had here in North Carolina during that timeframe, but the fact that we're able to now we're engaging with our critical infrastructure partners. Just this week, Robin team had a meeting down in Charlotte, and we've got commitment from a critical infrastructure partner, a very prominent one here in North Carolina, to actually start sharing intelligence with us, as well as to actually work with us and engage in cyber tabletop exercises, working with them on their turf a little bit, if you will, to see how they do things, coming alongside with us on our turf, if you will, to see how we do things and really trying to get the best of both worlds there. So we're, again, trying to get to that common operating picture here in North Carolina, all joking aside, and we have a good idea what's going on in our state borders, and then how can we more effectively protect North Carolinians in that regard? Obviously, the governor's reach doesn't extend into private sector, but again, what we've seen here so far is an outreach from the private sector community to want to figure out how can they get engaged in the joint cyber task force. Can they help augment us? What resources can they bring? Because candidly, we've been victims of our own success.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:26:11]:
And that kind of sounds like a double edged sword, but we've been so successful that the demand has gone so high that we've actually really had to sit back, take a pause a little bit. Talking about burnout earlier, that's kind of what was happening. Our resources that we had engaged on a daily basis just needed to have a little break. Unfortunately, in cyber, you don't get that break. So we're trying to figure out how can we augment and make sure they have a good work balance there.

Joe Toste [00:26:36]:
Love it. All right, let's open this up for questions for the Q A.

Steve Stocks, Principal Solutions Engineer at SentinelOne [00:26:41]:
All right, so we've talked about resiliency pipeline for feeding new minds to the cybersecurity field at the state level. For some of the other states that aren't so advanced or not necessarily so advanced, but as far ahead as you guys are of the curve with recruiting talent, where should some of these states start?

Rob Main, Chief Risk Officer, State of North Carolina [00:26:58]:
Right?

Steve Stocks, Principal Solutions Engineer at SentinelOne [00:26:59]:
What's a couple easy, maybe five tips, whatever, that these states could kind of, maybe you point them in a direction to get started. What would you say from lessons learned.

Rob Main, Chief Risk Officer, State of North Carolina [00:27:07]:
So North Carolina is not alone in the good things that are happening in this space. We just happen to maybe be a little bit farther along. But I want to call out two fixed states and the good things that are happening there that frankly, we have an opportunity to model North Carolina after. The first is Michigan and their civilian cyber volunteer cyber corps that provides additional capabilities to the public sector in Michigan, bringing folks in from industry that can help out in the event that they need a surge capacity to handle multiple events at the same time. That's one opportunity. The second, the state of Florida has credit for service, and they have this credit for service modeled. And this is college credit for service modeled or in partnership with Florida Atlantic University. The concept here, as I understand it, is that a student that's in a stem program, computer science, computer engineering, cybersecurity through Florida Atlantic, has the opportunity to serve his or her state in a cybersecurity role for a semester.

Rob Main, Chief Risk Officer, State of North Carolina [00:28:09]:
And at the end of that semester, they get credit for the class. So that's not something that we currently have in effect in North Carolina, but definitely an opportunity as we mature our own cyberpathway program.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:28:20]:
Yeah. I would add as well, is not to fall victim to the lure of one time funding sources. I've seen across the country where a lot of states are getting right now, especially with the ARP funding that's out there, the promise of the upcoming IIJA funding that's going to be out there, that one time funding source ends. And when you start building programs, it needs to be sustained. And so we've been very fortunate here in North Carolina last year and again this year to get recurring funds. Now, are we at the dollar amount that maybe Rob would like? No, but we're building there. And we're building there because we're showing credibility, we're showing results, we're showing outcomes that benefit North Carolina, and that resonates with the stakeholders that are involved in this and the likelihood of us getting additional funding. As we also look at the IAJ funding opportunity that's coming down, we're taking a position, depending upon how CISA ends up doing, the final notice of final funding opportunity is that we're going to do this from a state perspective.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:29:19]:
We already worked with our legislatures to set aside the federal matching funds, so we're not going out to counties and looking for counties who are already not spending money on cyber to try to figure out how to match 1020, 30, 40% over the next four federal fiscal years. So we're going to try to make sure that we're doing that, because what we want to do at the end of the day in our counties and our local governments is actually get it done and not be caught up in grant administration and trying to figure out funding sources. We can take some of that responsibility away from them and incur that administrative burden better at the state, I think. So that's kind of the approach we've taken there as well, but really to focus on sustainability of programs. We talked a little bit earlier about 911 programs and what we're doing across our 911 call centers, but again, that's part of what we're going there and asking our PSAP community, show us a plan. This is what needs to be fixed. This is how I'm going to go fix it. And then how is that going to get moved into an operational mode? Because fix it once, it's going to be a matter of time before it's broke again.

Joe Toste [00:30:16]:
And you would get more funding if it wasn't his number two priority, is that right?

Rob Main, Chief Risk Officer, State of North Carolina [00:30:21]:
I'm not going to answer that question.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:30:22]:
John, we joked you didn't hear this, but Nate was referred to yesterday as the $2 billion man.

Rob Main, Chief Risk Officer, State of North Carolina [00:30:29]:
Right?

Joe Toste [00:30:30]:
The $2 billion man.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:30:32]:
Yeah. So Rob's hoping to become the $6 million?

Rob Main, Chief Risk Officer, State of North Carolina [00:30:34]:
No, I want to be a thousandaire.

Joe Toste [00:30:37]:
Did you say he's the 600 million dollar man? The 600 million dollar man, not the 2 billion. Okay. Anyone else questions? Amanda Crawford.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:30:48]:
This is payback, Rob.

Rob Main, Chief Risk Officer, State of North Carolina [00:30:49]:
I know. Here it comes.

Joe Toste [00:30:50]:
Crush him.

Rob Main, Chief Risk Officer, State of North Carolina [00:30:51]:
What is the most. This is for Rob, challenging part of your job that people would be surprised to hear the most challenging part of my job being very frank. It's allowing people to see themselves in the vision that I'm trying to create. Sometimes we get so mired down into our day to day. What's the closest alligator to our canoe? Whether you be a business stakeholder or a cyber defender embedded within that agency. So showing them how the structures and the processes that we're putting in place are to facilitate the secure and safe exchange of data and not just an impediment or not just yet another obstacle that businesses have to overcome. And I think that's why I have been successful. While it's still a challenge, I've been successful in my role to date because I am empathetic.

Rob Main, Chief Risk Officer, State of North Carolina [00:31:47]:
But I also understand what it's like from the agency's perspective, having served as the chief information officer for several state agencies. So being able to understand that there's business drivers that may not be apparent, that are produced in exception requests or procurement requests, and also understanding that agencies have their own specific direction defined by statute, that may not be necessarily apparent. So understanding, being empathetic. But the most challenging part is helping folks see themselves in the vision I'm trying to create with the understanding that I'm helping them work towards a yes and not being the office of no.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:32:35]:
I was worried there for a second that the answer was going to go to to be no.

Joe Toste [00:32:39]:
All right, thank you both for coming on tech tables. I appreciate it.

Jim Weaver, Secretary for Information Technology / State CIO at State of North Carolina [00:32:42]:
Thank you, sir.

Rob Main, Chief Risk Officer, State of North Carolina [00:32:43]:
Thank you for having us, Joe.