New Jersey CTO’s cybersecurity background a big plus


 

One barometer to use when assessing how serious states are about cybersecurity may be a governor’s selection of a new chief information officer.  In the case of New Jersey Gov. Phil Murphy, his first choice last year turned out to be the state deputy chief information security officer, Chris Rein, arguably the first CISO to be elevated to the top state IT job in the nation.

And while Rein’s official title is chief technology officer in the Office of Information Technology (OIT), it’s only a New Jersey distinction, as he is effectively the Garden State’s official CIO — a cabinet-level position that reports to the governor. This is an organizational hierarchy for state CIOs which has become more and more prevalent in recent years, according to Doug Robinson, executive director of the National Association of State Chief Information Officers. Unsurprisingly, Rein’s background informs his priorities as state CTO.

Chris Rein, New Jersey
Chris Rein, New Jersey state chief technology officer

“Data security and bolstering our state’s cybersecurity measures are a key priority,” he said. “And I would tell you, if there is another priority that is hotter than that for me, I don’t know that I can think of it.”

State security roles split between two agencies

Interestingly, in his previous role as deputy CISO, Rein served in that position within the state’s Homeland Security Agency where cybersecurity responsibilities are located. He believes that it’s important to separate the role of security and security monitoring as well as security practices.

“I believe there’s value in separating duties out of the core Office of Information Technology, setting policies, performing security reviews of all of our vendors, of all of our procurements,” he said.

This separation was done by an executive order two years ago, prior to Rein taking over his role.

“But I will tell you there is a very, very close, a very focused relationship, between our two agencies,” he said. Rein felt that that relationship did not exist in such a collaborative way in the past. “I feel like it’s a positive step towards sharing the responsibility with cybersecurity under Homeland Security, as well as the operational aspects of security in my shop at OIT.”

Rein described it as a multilayered approach. “We don’t depend on all security and one hard outer shell, that’s obviously the old model. We don’t have one vendor only. We have multi-vendor, multi-operating system and a layered approach that we work with Homeland Security.”

Success is all about relationships

Next to security, Rein believes that fostering improved relationships with state agencies was critical for his success.

“When coming into this role, it’s all about relationships, right? That how you get things done,” he said. Rein understood having been with an outside agency that OIT did not have the highest reputation in some cases. The source of this relationship damage was the prior executive order of consolidation and the way that it was implemented, not the fundamental issue of consolidation itself.

“It really wasn’t implemented in a way that opened up lines of communication and fostered better relationships between the agencies and OIT as their service provider,” he said. Focusing on these relationships became a priority. Now, 15 months in office Rein believes that a number of these relationships are on a much, much better level than they had been, in late in 2017 in early 2018.

Business and technology strategic plan  in early 2020

The development of a new strategic plan for New Jersey has provided a process for this improved relationship. Citing new initiatives this fiscal year, Rein spoke about the need for a solid foundation beginning with such a plan, but he has gone to great lengths to say it’s not an IT strategic plan.

“I really want this to be a business strategy and technology plan. So we’re reaching out currently to the cabinet members and each of the agencies, the CEOs to really understand what makes sense for a strategic plan for the state of New Jersey,” he explained. He had looked at prior iterations of strategic plans, and they were prescriptive down to software version numbers, and application and infrastructure products and services.

“I did not believe that serves the state as well as a plan that lays out the core technologies and technology enablers to really attain the business goals and business strategies for health and agriculture and human services and motor vehicles and so forth.”

The new strategic plan coming out of New Jersey will be more aligned with the business goals of state agencies and the governor’s office. Rein anticipates that the plan will be completed in early 2020.

Rein concluded our discussion by highlighting one major initiative for next year. It’s the expected release of a large, next-generation 911 RFP that has been under construction for quite some time.

“That’s a real important one for New Jersey because of our state’s density,” he said. “And our 911 system that we have in place is not up to the standards that we want it to be, and our public safety agencies need it to be.”

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.