Musings of a Former State CTO Part 2: Public Service Meets Cybersecurity

Claire Bailey has made a career of improving cybersecurity and the delivery of citizen services in the public sector. As Director of the Arkansas Department of Information Systems and the State Chief Technology Officer (CTO) starting in the early 2000s, Claire leveraged government systems to work for citizens. What’s more, she made it possible for government organizations to share data across multiple platforms – easily and securely.

“The minute you have that appointment [to a position of leadership] is the minute you’re responsible for all citizen cybersecurity risks,” says Claire, Regional Vice President (RVP) of Governmental Affairs at Veracode. “You don’t get to say, ‘I’m sorry, I don’t know the answer to that,’ and move on. You’re there to get things done for the public you serve.”

Getting things done requires diligence. To improve upon service and security, for example, begin by forging strong partnerships in the private sector. “Working with industry partners helps to maximize risk mitigation with available [limited] budgets,” Claire says. “When you’re in an appointed position, you’re responsible for ensuring that every taxpayer dollar received is respected and used equitably.”

In the tech world, that means innovation.

Under Claire’s direction, Arkansas became one of the first states in the country to deliver a mobile app enabling motorists to renew vehicles’ tags using a smartphone. Prior to the app’s rollout, which took a year to complete, people took a day off from work to navigate a process that required multiple steps at multiple locations. Using the app, citizens complete the renewal process in seconds. The time savings increase service accessibility and quality of life for citizens.

Putting in place a system for cybersecurity is trickier. Delays increase the odds of a successful cyberattack. “We don’t have a year when it comes to cybersecurity,” Claire said. The acceptable period of “time to purchase and deploy a system has been significantly shortened, and smaller projects must occur concurrently while contributing to the bigger evolution.”

The trend toward contracting out system development has raised the stakes of cybersecurity, increasing pressure to expand zero-trust architecture. Simultaneously, developers are learning the importance of “shifting left,” the process of baking cybersecurity checks and balances into every step of the application development process.

“We should know who’s working on our items and where they’re located and feel certain that no one is embedding risk in an app because we’re constantly scanning it – not just once or twice a year,” Claire said.  “Consistent checks must be put in place for every step of code development in order to maintain the perimeter.”

The bottom line is that in a zero-trust environment with industry partners allies, public sector agencies are empowered to work faster, better, and smarter for citizens. And it is steps such as these that will transform the federal customer experience by rebuilding the public’s trust in the government as detailed in President Biden’s recent Executive Order on cybersecurity.

“They [citizens] should know we’re here to help. They should feel trust when working with a government entity. They should be able to know that we’ll be accessible, without fail, whenever needed. No matter what. “

More of Claire’s story to come in our next installment on the cybersecurity evolution!

Missed part 1? Check it out, here.