State cybersecurity leaders discuss prioritizing security upgrades

Per Statescoop, state cybersecurity leaders are finding that the most effective way to secure funding and implement upgrades isn't through technical jargon, but by communicating the tangible risks and impacts of cyber threats to the right people.

During a National Association of State Chief Information Officers conference, officials like Rex Menold, Michigan's chief security officer, shared that agencies, not central IT, often decide on security priorities. This approach acknowledges that central IT may not fully understand the unique business needs of each agency. Menold highlighted the importance of framing cybersecurity funding in practical terms for legislators, focusing on how it impacts their constituents and local services rather than abstract technical needs.

Michael Watson, former Virginia CISO and now CIO, emphasized understanding what is universally important to stakeholders, whether it's a DMV system or mainframe services, to effectively advocate for cybersecurity. Tony Sauerhoff, Texas CIO, shared a strategy of clearly communicating identified risks and gaps to leadership, which helps in securing resources and reduces personal stress by making the risks understood by those with the authority to act. This method, while effective, has limitations as roles and reporting structures change.

Source: Statescoop