Show Notes
Featuring Ryan Murray, State CISO, State of Arizona; Krishna Edathil, CTO/Assistant Commissioner, Texas Higher Ed. Board, and Tim Roemer, ThriveDX President & Fmr. State CISO, State Arizona
We're all talking to the same people... How do we replicate that out to those other entities and then help give them the resources to do it? ~ Ryan Murray
I'm not the CTO; I'm the Chief Trust Officer... You can achieve [that] through the people and the relationship and then the trust that you build with them. ~ Krishna Edathil
I think cybersecurity really starts with the basics... It's about blocking and tackling like the core basics and fundamentals of football. ~ Tim Roemer
🔗 Connect with Tim: https://www.linkedin.com/in/tim-roemer-590279192/
🔗 Connect with Ryan: https://www.linkedin.com/in/ryan-murray-az/
🔗 Connect with Krishna: https://www.linkedin.com/in/krishnaedathil-779333142/
As fall gets into swing, we shift this episode’s sports focus to football and its many relevant analogies to the world of cybersecurity. Tim, Ryan, and Krishna share about the commonalities and differences across Arizona and Texas in their cybersecurity stances and plays. Similar to football, the best defensive plays are where every team player knows their gap assignment before the ball is ever snapped. Listen in as we learn about the importance of community and agency collaboration and insights on the best ways to stop the run, including:
🎙 Q&A Highlights
⭐️ Leave a Review
If you enjoy listening to the podcast, please leave a 5-star review on Apple Podcasts and let us know in your review who you want to see next on the podcast. Thanks!
You can also Tweet us on @thejoetoste and tell us what lessons you learned from the episode so we can thank you personally for tuning in 🙏
🔗 Connect with TechTables
LinkedIn TechTables https://www.linkedin.com/company/techtables/
LinkedIn - Connect with Joe! https://www.linkedin.com/in/jtoste/
Twitter https://twitter.com/thejoetoste
Follow us on Instagram! https://www.instagram.com/techtablespodcast/
Website https://www.techtables.com/
Joe Toste [00:00:00]: Hey, what's up, everybody?
Joe Toste [00:00:00]: This is Joe Tossi from techtables.com, and you're listening to the public sector show by techtables. This podcast features human centric stories from public sector, CIOs, CISOs and technology leaders across federal, state, city, county and higher education. You'll gain valuable insights into current issues and challenges faced by top leaders through interviews, speaking engagements, live podcast tour events. We offer you a behind the mic look at the opportunities top lead.
Joe Toste [00:00:25]: Yours are seen today.
Joe Toste [00:00:25]: And to make sure you never miss an episode, head over to Spotify and Apple podcasts. Hit that follow button and leave a quick rating. Just tap the number of stars that you think this show deserves.
Joe Toste [00:00:34]: Okay, so today we have Krishna Ettel, CTO at the Texas Department of Education, and Ryan Murray, interim state CISO for the state of Arizona, and Tim Roemer, former state Arizona Ciso. This is awesome.
Ryan Murray [00:00:45]: By the way, the alumni here, the.
Joe Toste [00:00:47]: Alumni Ryan or Tim hired Ryan, is that right? This is the definition of leadership. And now vp of public sector at Thrive DX, Krishna. Ryan and Tim, welcome back to the podcast.
Krishan Edathil [00:00:59]: Thank you. Thank you so much.
Joe Toste [00:01:01]: Fun fact, Ryan actually hasn't been on the podcast, but he was in the room in Phoenix.
Ryan Murray [00:01:05]: Yeah, yeah, I was in the background for the last one.
Joe Toste [00:01:08]: So if you actually look at the photos from Phoenix, you'll recognize that hat. That's Ryan. He's got that. Sweet.
Tim Roemer [00:01:14]: Yeah.
Joe Toste [00:01:14]: So, okay. So I'm super excited. Let's kick off with you, Ryan. This podcast has been a long time coming, and I'm really glad it has been because we were going to do it virtually. And this is just way better, way better live. For those who don't know you, can you just maybe give a brief introduction?
Ryan Murray [00:01:31]: For sure. Yeah. Thanks for having me, Joe. Really appreciate being here. As you mentioned now, the interim state CISO for the state of Arizona, prior to that was the deputy CISO brought in by Mr. Tim Roemer here, and before that, the CISO for the department of Revenue in the state of Arizona. I've been in public sector most of my life, most of my career worked in county level, city level school districts, and now at the state for about the last five years or so.
Joe Toste [00:01:54]: Awesome, Tim. Now, I know a lot of people in this room know who you are, but if you just give, like, a brief, quick background and then we'll jump in.
Tim Roemer [00:02:00]: Absolutely. So, my name is Tim Roemer. I am the president and general manager of the public sector for Thrive DX. We are the global leader in cyber education, workforce development, and closing the digital skills gap, as well as our awareness and phishing tools also. And so I've been at thrive DX for three months. Prior to that, 18 years of government service. I started my career with an internship at CIA when I was 20 years old. And at age 20, it all really started for me because I had a top secret sci clearance and I wasn't old enough to legally drink yet.
Tim Roemer [00:02:39]: And so that was my big adult moment, and I never looked back. And I worked at CIA for ten years, including two years in the White House situation room, and then eight years working for the state of Arizona. I worked for Governor Ducey, helped build out a lot of our cybersecurity strategies for Governor Ducey in the state of Arizona. Of all of my successes that I like to think of in the state of Arizona and the things that we accomplished in working up to be the director of homeland security for the state of Arizona, I think hiring Ryan to be the deputy CISO was one of my smartest decisions, and I'm just really proud to see him in the interim CISO role now. So surround yourself with good people and good things will happen. That was my philosophy. Thanks for having me.
Joe Toste [00:03:23]: Yeah, no, I love it. Krishna, for those who don't know you, give us a quick background. Now a quick word from one of our brand partners. Nagaro is a leading provider of digital government services, partnering with state, local, and federal clients on some of their most strategic technology projects. Nagaro offers expertise in digital services, legacy modernization, case management, data and AI service desks, cybersecurity and more. Check out nagaro.com. That's nagarro.com. You got a pretty new role as the CTO of know higher ed.
Krishan Edathil [00:03:53]: Thank you. Thank you so much. Joe Krishna Idathil assistant commissioner and the first CTO. So that's a great honor for me to serve in that role because I get to create that DNA in a great organization and build that team and the culture. So that's the main thing. And previously I was heading AI and cloud for Texas Dir. And if you all know something called, I was put into the cybersecurity spot, but there is a study called prioritized cybersecurity and legacy system study, and I was leading that study for the last three years. And I was just talking to tame earlier, and we initially saw about 490,000,000 ask from all the agencies.
Krishan Edathil [00:04:33]: Then it actually doubled and it went over a billion dollars in the last ask, actually. So the first thing that we tell every agency is that, look, we need to put our problem, we need to go and ask the legislative session. We have a problem, a cyber issue, and we need funds for that. So that's my message. So you need to go and ask so that you get the money.
Joe Toste [00:04:53]: Yeah. And Christian and I have been able to form a great relationship. He's been on the podcast several times and just really smart. And so I was really glad that. And he's always willing to be a little bit agile. Right. Just kind of jump in and make it happen. So thank you for coming.
Krishan Edathil [00:05:07]: Thank you so much.
Joe Toste [00:05:08]: Tim, I love what you posted on LinkedIn yesterday. You said just because your bracket is busted doesn't mean your cybersecurity strategy should be too. My bracket is busted. I had Houston all the way. I had it in there early on selection Sunday. I had it picked. And so my bracket is totally busted right now. But I love that and how you put that together.
Joe Toste [00:05:27]: So before we hop into your cybersecurity bracket, strategies for later this episode, give the audience, you made this transition right now, right. And so if you could just maybe talk about that, you briefly started on it, but if you can maybe just give a little bit more flavor. Like you talked about being in the White House, right? Or, sorry, CIA. He has a great photo, by the way. I don't know if it's still on there, but it's him and Obama, and he's so young.
Tim Roemer [00:05:53]: And the photo, I am getting more gray. Cybersecurity had some gray hair.
Joe Toste [00:06:00]: So if you could just maybe just talk about quickly like that, you have the transition. So 18 years, you just go maybe a little bit deeper on, on what that.
Tim Roemer [00:06:07]: Sure. So when I was really thinking about the rest of my career, this goes back a couple of years ago. So it was not politics. It wasn't because we were transitioning governors between administrations. It was really the fact that after 18 years in government, I really wanted to work in the private sector and start being part of the solution side, that you then provide those solutions to government for public safety and for national security wins. I knew in my senior level leadership roles within government that we required new tools in cybersecurity to meet the growing threat landscape that cyberattacks are evolving to. And I eventually just got to a point where I said, you know what? I'm going to go to the private sector, and I want to be part of the solutions side of it. Now.
Tim Roemer [00:06:58]: What I was really passionate about in cybersecurity was the fact that we have this huge workforce development and talent pipeline problem. And Lisa actually brought this up in the first episode today. In the live event and kind of listing a lot of the job vacancies that are out there right now. And it's extremely challenging. And a good example is I recruited know from the department of Revenue to be my deputy and really help me run cybersecurity for the state of Arizona, because when I became the director of homeland security, I had to take on all these other focus areas. I couldn't really be the day to day CISO anymore. And that's where Ryan came in, and he did exactly what he said he was going to do for me. He said, I'm going to relieve your headaches.
Tim Roemer [00:07:44]: I'll never forget that. He said that in the interview. He said, my goal is to relieve your headaches. And he really did. But my headache as a CISO, and I don't want to speak for Ryan, but I think he still has the same challenges, is that we don't have the workforce to be able to hire across the board in order to meet these challenges. So if you steal one from. I steal Ryan from the department of Revenue. Good.
Tim Roemer [00:08:08]: Now the cybersecurity team of the state of Arizona has an additional employee, but now the department of Revenue is one person down. We did that with the city of Phoenix as well. We stole a great employee from the city of Phoenix, but now the city of Phoenix is now more vulnerable. And so I wanted to work for a company that had a mission focus in really caring about the root cause of one of the problems we're facing. And that's how I chose thrive DX. And I will tell you, the company, everybody I meet in the company, really shares my same passion for why we're doing what we're doing. I know, Joe, we've talked about quoting Simon Sinek before, and Doug Lang, one of our dear friends, loves to quote Simon Sinek, but it's starting with, why? Why are we doing what we are doing? What's the purpose behind it every single day? And so that's how transition 18 years of government into a cybersecurity role. And the reason why I chose cybersecurity, as opposed to other physical security or counterterrorism areas is because I truly think cybersecurity, based upon the fact that you can be attacked by anyone around the world at any time, I think, is the greatest threat.
Tim Roemer [00:09:09]: That's where I wanted to help provide some of the solutions, and now I'm just trying to learn about the private sector. So it's definitely full of its own challenges.
Joe Toste [00:09:17]: Ryan, real quick, before we kind of jump to the next part. But how are you seeing this workforce challenge play out? Tim leaves left you high and dry. No, I'm kidding. I'm totally giddy.
Ryan Murray [00:09:24]: We're still trying to fill that vacancy.
Joe Toste [00:09:26]: Can you just maybe talk about that recruiting aspect? And as you're stepping in, what do you see in Arizona right now where maybe you can fill that void?
Ryan Murray [00:09:35]: Yeah, for sure. And as Tim mentioned, it's essentially become a zero sum game where the community, especially in state and local government and cybersecurity, it's still really tiny. So if we pull from one entity, they now have to fill that vacancy. They pull from someone else, that entity now has to fill that vacancy. We're just not seeing that pipeline focused enough, especially in the public sector, to be able to fill all those vacancies at any given moment. So what we're doing is trying to find some creative solutions. We've heard a lot of other people talk about looking for entities or people that have security adjacent career fields, stuff that maybe you wouldn't traditionally look at as a cybersecurity professional. But we need all of these people in the field.
Ryan Murray [00:10:14]: We need project managers. We need people that have a development background that can focus on cybersecurity. We need people that have maybe a deeper desktop or workstation or server background to pull into cybersecurity. We need people that maybe are a little bit more outside of the norm of those career fields, not even in technology. Talking about counterterrorism, how cybersecurity is now a homeland security and public safety issue. How do we pull in those people, maybe from law enforcement or border security, that can understand that cyber threat, that digital threat, from a broader geopolitical aspect. So we're trying to get a little bit more creative in where we're sourcing those talents. We're talking to our community colleges.
Ryan Murray [00:10:53]: We're talking to our universities. We're trying to build this out again as a community problem, not just, hey, how does state of Arizona or my team fill these one or two vacancies that we have? How do we look at this more broadly as an entire statewide issue or in a nationwide issue where we're all helping each other to fill these vacancies? Something else we've talked a little bit more about is partnering with our private sector.
Chris Humphries [00:11:16]: Right?
Ryan Murray [00:11:16]: We do a ton of business with these cybersecurity companies, with these service provider managed services solutions companies. How do we lean into those relationships? And you mentioned Jamie Grant earlier from Florida. He and I talked about this several years ago at Nasio, where, look, we're bleeding our talent into the private sector. How do we lean into that relationship where it's not just a net loss for public sector, but it becomes a partnership where we know people are going to leave into the private sector eventually. Let's talk to them about building that training, building that relationship now so I can train up my staff while they're working public sector. We'll keep them for two years, three years, five years, whatever that looks like. But when they go work for Accenture or they go work for Sentinel one or what other, these partners that we're already working with, they're trained on those tools. They're trained on the methodologies.
Ryan Murray [00:12:03]: They understand the inner workings of those companies. Plus, they're bringing all that background to the public sector that they've already been working in for several years. So just driving that pipeline in creative ways, because we know we're never going to be able to fill all of these vacancies. As cybersecurity continues to grow as a career field, it's never going to be one of those where we have enough of a talent pipeline to fill everything.
Joe Toste [00:12:24]: This is really great, Krishna. So a big theme that you sent to me across the public sector is this workforce development. Can you just maybe piggyback off of Ryan and Tim and talk about how you're thinking about talent pools for the government and private sector?
Krishan Edathil [00:12:36]: I think it's a great opportunity for us to talk about this in Texas coordinating board. Our biggest mantra is talent strong Texas. So what that means is that Commissioner Keller has lined out a strategy where we are able to create that talent pool and where all the agencies that we have a Texas education agency, we have the coordinating board, and we have the Texas Workforce Commission. So here is where we are trying to bring the data together so that we know exactly what the. And create a career path for the students as they are just entering their middle school. And then you will know exactly from the higher education coordinate board because we have the data, live data, real data. And then based on the subjects that they take, we can create with that data in mind the courses available to them. We call it credentials of valley.
Krishan Edathil [00:13:29]: You will see that a lot of talk by commissioner. And what will that do? Is that then we are aligning with the data that the workforce commission has, real time data, so that if we know that there are 79,000 cybersecurity jobs up there not taken, we quickly draw it back and get these community scholars to stack up their course and make sure that these ten graders, when they are in the senior years, they can also get those carrier aligned so that they can take that job. So that way what happens is that at the end of the day, it will fill both the pipeline for the public sector and also for the private sector. It'll be easy for us to get them when they are young. And just like how Ray was saying, we can keep them for one or two years, train them, and we know that they will leave, but they can always go and come back after they finish their 20 years in government or private sector, they can come back and finish their career within government. So that's what we are preaching to that audience. So it's a collaboration between the agencies and also the private sector. And academia plays a clear role.
Krishan Edathil [00:14:36]: And I think it's the data that values more because we are trying to connect the real time data so that we can create that balance and provide the right talent. It's not that I finish my cybersecurity study, and when I go for a job, they say, look, we don't have any jobs anymore, so we want to make sure that the career path or what? Yeah, that path is very clear for the students and we help them so that they're not disappointed when they reach at the end of that particular path.
Joe Toste [00:15:08]: Yeah, no, that was great. Brian, you were featured in an article where the title was how community building drives cybersecurity. I absolutely love mean, I'm always preaching the community aspect. Can you just maybe talk about how the community building, from the cyber readiness program to all the road shows leading up to the Super bowl earlier this year? I don't know if you talked, but that's Dr. Chris Mitchell and the NCAA final fours in town. You might want to make connect with him. And so he's just going to talk about all those roadshows leading up. You have the Super bowl in Arizona and Glendale.
Joe Toste [00:15:36]: Talk about helping to secure the state of Arizona.
Ryan Murray [00:15:38]: Yeah, for sure. So the cyber readiness program is something that we're super proud, you know, Tim, and under his leadership was really where we kicked this off, essentially providing cybersecurity protections to all of our local government entities for no cost to them. And I think this is sort of a novel, right? This going back to the understanding, and I think it was Wendy Nather from Cisco years ago said, there's this cyber poverty line, right? That there's haves and have nots when it comes to cyber protections. And that should never be the case. It shouldn't be a matter of how much tax revenue or how much revenue in general you as an entity have to be able to continue to defend against cyberattacks and continue to have an actual existence, especially when we're talking about state and local government. These are critical services that we're providing to our citizens. So recognizing that, knowing that small cities and towns across the United States are not going to be able to provide these services or buy these resources themselves, how can the state or some of the larger entities jump in and provide some of these support? So we're providing five tools specifically to all of our local government entities, including our k twelve school districts. So bringing them into the community.
Ryan Murray [00:16:42]: And because of this, as you mentioned, we're getting all this data, right? We're getting telemetry from across the entire state. We're understanding what the entire threat picture of the state looks like, how many vulnerabilities exist in k twelve schools, how many attacks are happening at k twelve schools, cities and counties, how many web application attacks are occurring against city government websites every day, every month, and then putting protections in place to be able to address those. And you mentioned the roadshows, right? We didn't just come up with this stuff on our own. We actually drove around the state and talked to people and said, what are your challenges? What are your concerns? What are you facing? Do you have the resources and funds to be able to do this on your own, or do you need help from the state? And if so, how can we best provide that to you? Is it services? Is it product licenses? Is it just being there to help walk you through some of these struggles you're having? And obviously, we heard across the board, one, we're underfunded, we're underresourced, we don't have the money to buy these tools. We don't have the staff to support these tools. How can you guys provide this to us? So on top of that, we've tried to crowdsource the heck out of it. And I said it even in that article, right? As we're building out this community, if we're all using the same tools, we're all talking to each other, we're all struggling the same way. How do we come together in a way to build these relationships where it's not just city of Gila Bend in the middle of Arizona that know a few thousand people and they're one it person that maybe does cybersecurity on the side.
Ryan Murray [00:18:06]: They're fighting the same fights against the same threat actors that we are sitting at the state capitol.
Krishan Edathil [00:18:11]: Right?
Ryan Murray [00:18:11]: So how do we provide them that support, help them solve those problems that they're fighting across the entire state. How do we come together and share that information so they're not alone on that island and truly building out that community, that collective defense where we're sharing information about threats in real time, we're sharing defensive capabilities and providing solution space to these problems in real time across the entire state. And then ideally building that model out as a national model so we can come to Texas and talk to them about some of the struggles we've had, the successes we've had. How do we work together to solve those problems again? Building that community across the nation.
Joe Toste [00:18:46]: Yeah, no, I really like how you went out, did the road shows, and you were like, hitting city after city.
Ryan Murray [00:18:52]: We've got more of them coming up in the next couple of months, too, so it's time to start hitting the road again.
Joe Toste [00:18:56]: And I was going to think, if you ever need tech tables to come out, we do the live podcast to a roadshow version of it.
Ryan Murray [00:19:02]: That would be amazing. Go to Bisbee or go to Sedona or something. Hit me up.
Joe Toste [00:19:06]: Yeah, no, I'll hit you up. I was joking with Ryan offline. I'm going to be at secure Miami in May. And he was like, I was like, hey, Ryan, you're going to be there? He's like, no, that's too far east for me.
Ryan Murray [00:19:16]: How about secure Phoenix?
Chris Humphries [00:19:17]: Yeah.
Joe Toste [00:19:17]: So I was like, secure Phoenix? And I don't know, maybe there's a secure Houston.
Joe Toste [00:19:21]: I don't know.
Joe Toste [00:19:21]: I got to look into that. But, yeah. Tim, you played a vital role in securing the state of Arizona for years before you recently went to thrive. DX, reflecting back on your time with the state of Arizona, what are you seeing that differentiates those with strong cybersecurity postures that others can learn from?
Tim Roemer [00:19:38]: I think cybersecurity really starts with the basics, and we get so enamored with what's the new fancy product, and how can AI help me? How many companies, and I mean this with all d. AI is a great technology. Now AI can help us and hurt us because attackers use AI in a certain way that automates their attacks, and then we use AI in a way that helps automate our protections. And that's great. But I think artificial intelligence is really assisted intelligence. You still need a team of human beings in your cyber command center, well trained on how to protect your entities, how they're going to configure the tools, how they're going to use them is really imperative, and that's a great thing. So obviously, a technology podcast, I'm a huge believer in technology. But we also discussed as a group earlier today in some of the other sessions about the human factor of cybersecurity.
Tim Roemer [00:20:38]: And so that's where I think it's about the fundamentals. So I'm looking at a basketball here right now. So I'm going to save my football metaphors. That wouldn't be good timing because I normally, like, talk about cybersecurity, that it's about blocking and tackling, like the core basics and fundamentals of football. But this is a basketball peer, so we can say it's about passing and dribling and playing defense. Right? It's your core fundamentals. I don't need you to do alleyoup dunks, as you referenced earlier today. I mean, alleyoup dunks, great.
Tim Roemer [00:21:07]: It's fancy. It's great to be on sports center and all those type of things that could be like your really fancy cybersecurity strategy. But a lot of organizations, especially a small local government organization, is not cyber mature enough to take on and manage a really fancy cybersecurity tool. They need the basics. They need cybersecurity awareness training. They need phishing training. It starts with the basics and the fundamentals of it. Just like when you're coaching your kids on your JV basketball team, you're not just running them out there, I'm assuming.
Tim Roemer [00:21:37]: So you're not just running them out and be like, everybody just start shooting threes, like steph Curry, splash brothers. Let's see how many threes you can make. You're probably focusing on some passing drills first. Some give and goes, moving pass and cut, right? And so cybersecurity, I think what really has stuck out to me as that time goes by, I think the organizations that are doing it best and protecting themselves are the ones that are starting with the basics. They're solving, like, 90% of their cyber incidents. And Ryan and I had this great talking point that I really believe in, and that was when we got the governor to mandate annual statewide cybersecurity awareness training for every single employee in the state. I said we just grew our cybersecurity team from 16 to 36,000 because at the time, we had 16 people working on our cybersecurity team. And thanks to Governor Ducey's support, we have more than 16 now.
Tim Roemer [00:22:30]: But at the time of 16, we had 36,000 state of Arizona employees. But we trained 36,000 state of Arizona employees to learn that there's such a thing called a phishing email. And you shouldn't be clicking on it, and you should have good password security and different types of things like that. So I think the protecting the human factor, I mean, that's just where I think I've seen the most success across the board.
Joe Toste [00:22:52]: Yeah, people think this is a technology podcast, but if you didn't know it's really like a human centric podcast. Could you just actually, real quick, before we move on, you talk about some of the funny stuff, like you had the memes and stuff you've done. I know maybe you're trying to bury this in your last career, but I love it. I think it's hilarious. Can you just maybe touch on that a little bit?
Tim Roemer [00:23:10]: I would be happy to. I've had really stressful jobs in my career, and I just think that if you can't laugh every once in a while, then your job is going to kill you, quite literally. And so when I was trying to figure out how to make cybersecurity relevant to 36,000 state of Arizona employees, how to make them pay attention, how to sell cybersecurity to the governor in the cabinet, I came across the fact that we have very short attention spans. And if you go to Google Images and you do like cyber memes, there's some funny ones that come up, but you can only use those so often. So I just started making cyber memes myself based upon what was popular in pop culture. So our latest round of cyber memes, before I left the state of Arizona, we did Top Gun maverick, obviously, from last year. And it was know I feel the need for speed, but instead of that, it was like, I need the need for cybersecurity awareness training. And we just started posting them around, trying to get people to just laugh and start to realize that cybersecurity matters.
Tim Roemer [00:24:12]: So, yeah, thanks for bringing up the memes. We've had meme contests where I gave away a couple free lunches to state employees who made cyber memes that were strong enough for me then to use in my role as CISO. And then I rewarded them with lunch. So that was good. And so I got to give a shout out because I'm looking at Chris Humphrey right now. And I was watching one of the previous podcast taping here at the live event, and he dropped a great diehard reference that probably not many people notice. It was, welcome to the. So I see you, Chris.
Tim Roemer [00:24:45]: I heard you. That was good. Very big on those. I love. No, that's. To answer your question, that's how I had a point and a purpose. I wasn't just goofing around. But I actually thought, how do I get people to regularly just read an email? And I was like, well, everybody can see a meme, so I'm going to throw memes in there.
Joe Toste [00:25:04]: Yeah, no, I love that. And it's that engagement factor that I think is so important. And it's easy to gloss over this guy sending out memes. But no, you want people to be engaged, especially when it comes to things as mundane as phishing emails and things like that. So Krishna, super interesting. So you sent this to me. So you said by 2050 the Texas population will double. Is that because all the people are leaving from California? You mentioned that the government cannot double.
Joe Toste [00:25:34]: That would be crazy if it doubled. Why is that? How do you envision using technology to help fill the workforce needs while keeping the budget pocketbook happy? How do you manage that?
Krishan Edathil [00:25:46]: So that's an interesting question. You can all go and Google and it'll surely show you. The projection here is where we are headed to. So the big challenge is that we need to be, as a taxpayer, you don't want our government to double or quadruple to meet all our needs. Look at all our needs, right? We don't want that. And then the moment you have longer lines in front of all these public sector services, if they don't go into cloud native technologies and things like that. But we need three things to happen. One is by then we need to have a productive government, means they should be very productive and not goofing around and very clear that they're very productive.
Krishan Edathil [00:26:29]: Second is that they should be very efficient. They should be able to. Earlier, Shauna was talking about that if you're able to do a job in 1 hour, you should be able to knock that out well earlier than that and not spend the whole day trying to spend that time. And the third thing is transparency. So people should be able to see, and then clearly see that we are working. We are productive and we are doing what we are doing. And the tax dollars that they put on it, we all draw the salary from the tax dollars. So they should be able to get that.
Krishan Edathil [00:27:00]: So if we achieve these three, then we are in a good game. So how do we do this, given all this cybersecurity threat, given all this cloud movement? And the only way we can do is we need talent. So when I was at AG's office, I thought technology was the whole thing. When I moved to Dir, I thought policy and policy making and technology was the core thing. But later on I decided when I realized it was the talent that matters. You can have the greatest technology in the world, but to sell it to the people, to first of all, put it in place and start using it, is a big night. You all know we go through a nightmare. So that's where we have to just the early movement of the community movement and collective collaboration.
Krishan Edathil [00:27:47]: And I want to state one thing here. While I was at Dir, you won't believe the Texas cloud was in the early stages, 2012, 2013. They were trying to put it together and by 2018, the legislature was on us and we were to go, or many leaders would have gotten there. From the legislature side, we put something called cloud Tiger team. I was the only person. And then there was another one. We pulled about 200 volunteers from across the state of Texas, from all the corporate companies, and they came, people even flew from Seattle on their own. We didn't pay for it.
Krishan Edathil [00:28:22]: So that collaboration really made the cloud happen for Texas. So we wanted that collaborative effort. Then people will forget about the money, the payment, everything. They put the costs ahead, and that's how we're going to make this happen. So there will be a lot of AI, a lot of technology, lot of talent. And like you were saying, the new generation, they're going to come and change the world like kind of thing. And while I was here in a couple, was sending me a GPT, a program. So people are going to quickly program things and it won't take year to order a server or get a server and get it provisioned.
Krishan Edathil [00:29:00]: We're going to beat that by the technology and also the talent, the people who will do it faster.
Joe Toste [00:29:05]: Let's jump right to the audience. Q. A. We can get the mic ready.
Meg Hare [00:29:09]: So my question is for Krishna. So you've had experience, private sector and public sector working in technology. What do you see as both the biggest challenge right, in the public sector as well as the biggest opportunity? Given your experience coming from a big private sector company working in state government, where are the opportunities and then where are the challenges?
Krishan Edathil [00:29:32]: That's a very interesting question. So previously I used to work at Accenture and we were running, and then what are the challenges and opportunities? Right. So the challenges are to be honest with you, working with people, to be honest with you. Because once building trust with whoever you work, if it is a private sector or public sector, and sometimes I call myself, I'm not the CTO, I'm the chief trust officer, so that I'm able to win trust, so that I'm able to give a technology and then the people are able to use that technology and enable them to do certain things better. So that is the biggest challenge. And the opportunity is you can look at the budget, the number, the it spend is going off the roof and every system needs modernized and every system has got a cybersecurity vulnerability. If you look at. So you need to go and tell them and educate them.
Krishan Edathil [00:30:32]: Say that, look, you cannot say you have a problem so we can collaborately work and say that, look, your system will be secure and I can help you. That is a place where people are going to turn around and take that help. Both the opportunities and the challenges are all you can achieve through the people and the relationship and then the trust that you build with them. But that's my two cent.
Ryan Murray [00:30:56]: Thank you.
Chris Humphries [00:30:58]: I've been in many situations where I'll go into a place and somebody who's worked there said, I've been screaming the same thing for ten years, why don't you listen to me? So maybe somebody from outside will help. But did you have challenges in that? What was that like?
Ryan Murray [00:31:10]: You're right. Egos exist everywhere. Right. And it's going to be to more and lesser degrees depending on who you're talking to. Fortunately, Arizona is a little bit smaller than Texas. We've got 15 counties, approximately 100 cities and towns, 200 school districts. So the scope is somewhat limited and I'll say the majority of them are in such dire straits that they need the help. We talked about the carrot and stick methodology earlier.
Ryan Murray [00:31:34]: Right. I've started joking that I'm beating people with carrots, that I'm not using the stick anymore. It doesn't work. And just handing them the carrot doesn't work anymore. So we got to start hitting them with the carrot. And that seems to be somewhat a nice middle ground effort. There's definitely been struggles, right? Especially those that don't need the help. The larger cities, the larger counties, the egos exist there.
Ryan Murray [00:31:54]: They think they're doing everything right and they don't need the help from the state. They don't necessarily need to participate in the rest of the efforts that we're doing. But we've tried to impress upon them that, look, we get it, you guys are amazing. You're doing amazing things. Help your neighbors, they need the help. I can't do everything at the state level. You at the county level can't do everything. Certainly the smaller counties, the cities, can't do everything and the school districts absolutely cannot.
Ryan Murray [00:32:17]: So how do we all get together and take your best practices, take those awesome things that you're doing. Sure. Stroke the ego a little bit.
Tim Roemer [00:32:23]: Right.
Ryan Murray [00:32:24]: But take those amazing things that you're doing because they are amazing. How do we replicate that out to those other entities and then help give them the resources to do it? And that's something I think that we've done really well in Arizona. So our cybersecurity team, as part of Tim's leadership, is underneath our department of Homeland Security. So we are directly tied to the organization that brings in federal homeland security dollars. And we know who the stakeholders are.
Joe Toste [00:32:46]: Right.
Ryan Murray [00:32:46]: So we're continuing to build out that community, both on the cybersecurity side, on the homeland security side, public safety side, law enforcement side, we're all talking to the same people. And our state agency representative that works directly with FEMA and DHS to bring those dollars into the state is literally my counterpart on the other side of the department. So we sit there and talk to each other about what are you seeing from a perspective of cybersecurity struggles, national security struggles, homeland Security safety struggles, how do we talk to those same people and bridge the gap here where cybersecurity ties into all of those things? And how do we make sure that they're getting the resources, the funding, the capabilities and just the support from a psychological perspective to let them know that there is help available, that it's not something they have to do on their own.
Krishan Edathil [00:33:30]: The one challenge that I've seen is, again, agencies and institutions, they won't really ask because they think I get the information. You can go and find it from anywhere. They think they're sharing their dirty laundry with us. And then, okay, I have the details now I pass it on to the legislature so they have the information and then it goes to the finance committee, et cetera. So everyone is knowing about my challenge or problem, right? First thing is that they have to get out of that and say that, look, I have a problem and it becomes our problem. And then the funds can be allocated.
Joe Toste [00:34:03]: And every team has challenges. Every team has an ego and it's, can you submit it? Submit your ego for the sake of the mission. And all 50 states have the same problem. I know because I interview everybody. So, yeah, the challenges are not unique, but if people can come together and find common ground, and in Texas, everything is big, right? Yeah, everything in Texas is big.
Ryan Murray [00:34:27]: Yes.
Joe Toste [00:34:27]: Everything in California is big, too.
Tim Roemer [00:34:30]: Awesome.
Joe Toste [00:34:31]: Well, thank you, Tim, Ryan and Christian for coming on. Next up, we're going to have Dr. Chris Mitchell, Ryan Murray and Jeremy Deckert. Hey, what's up, everybody? This is Joe Tossi from techtables.com.
Joe Toste [00:34:42]: And you're listening to the public sector show by tech tables. This podcast features human centric stories from public sector, cios, cisos, and technology leaders across federal, state, city, county, and higher education. You'll gain valuable insights into current issues and challenges faced by top leaders through interviews, speaking engagements, live podcast tour events. We offer you a behind the mic look at the opportunities top leaders are seeing today. And to make sure you never miss an episode, head over to Spotify and Apple podcasts. Hit that follow button and leave a quick rating. Just tap the number of stars that you think this show deserves.
Chief Technology Officer/Assistant Commissioner at the State of Texas Higher Education Coordinating Board
Krishna Edathil is the Chief Technology Officer for the Texas Higher Education Department in an Assistant Commissioner rank. In this capacity, he would provide technology leadership and stewardship to support the agency to achieve a Talent-Strong Texas and make Texas a global leader in higher education.
Krishna has more than two decades in technology start-up and leadership roles. He served as
the Division Director of Enterprise Solution Services at the Texas Department of Information Resources on Cloud, AI, and emerging technologies. Before that, he was a senior technology executive for Accenture’s Intelligent Software Engineering Services group.
Krishna has an executive certificate from MIT Sloan School of Management in Leadership and Management including Artificial Intelligence, Machine Learning, and the Internet of Things. He also graduated from UT's ELITE program for Texas State technology leaders.
Chief Security Officer for GMI. Former Arizona Director of Homeland Security & State CISO
After 18 years of government service, I joined the private sector to focus on providing solutions to the government to better protect our society from physical and cyber threats.
I’m currently the Chief Security Officer at GMI in Scottsdale, AZ. I’m also an advisor to NightDragon, and a member of Dataminr’s advisory board.
Previously in my career I served ten years at CIA, including two years assigned to the White House Situation Room where I provided national security updates to the President, Vice President, and National Security Council.
After ten years at CIA, I returned to my home state of Arizona to work for Governor Ducey. I was appointed by Governor Ducey and unanimously approved by the Arizona Senate to be the Director of Homeland Security and was the only person in the country to run a Department of Homeland Security and at the same time be the Chief Information Security Officer. My responsibilities included cybersecurity, border security, and counterterrorism. I co-chaired the Arizona-Mexico Commission’s Security Committee, as well as being on the Arizona Human Trafficking Council.
Deputy Director and Chief Information Security Officer at State of Arizona
Ryan Murray joined the Arizona Department of Homeland Security in July 2021 and currently serves as the Deputy Director for Arizona Cyber Command and as the Deputy Chief Information Security Officer for the State of Arizona. He also previously served as the Chief Information Security Officer for the Arizona Department of Revenue for three and a half years.
In his current role, Deputy Director Murray provides tactical and operational leadership for Cyber Command, and strategic advice to key executive stakeholders throughout the State.
Prior to joining the State in 2018, Ryan held several public sector positions throughout Arizona including in Maricopa County and the Crane School District.
He has nearly 20 years of experience in IT and Information Security, is a Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) and holds a Bachelor’s in Cyber Security and Information Assurance from Western Governors University.
This year Mr. Murray looks forward to accomplishing several key initiatives, including a significant expansion of the Department’s Cyber Readiness Program for local cities and counties, and increased collaboration for cyber information sharing across the State.