Government Cyber Security Requires Good Leadership
Published on September 20, 2022
It’s easy to think of government cybersecurity as a formulaic function that thrives on a robotic, straightforward way of thinking. Yet, at the City of Coral Springs, FL, the most important piece of the city’s Information Technology (IT) Department’s cybersecurity efforts is not found within the algorithms, encryptions, or wires -- it’s found within its people. It’s been said that humans are the weakest link when it comes to cybersecurity, but Coral Springs believes its people are what makes cybersecurity stronger.
Strong cybersecurity leadership means not only knowing the latest technology, but also truly caring about the people who dedicate their lives to public service. Most people want to feel valued in the workplace and leave with a sense of fulfillment at the end of the day. Leaders create this environment by ensuring employees are understood and heard, and by showing genuine appreciation. Good leadership can be boiled down to three main areas: culture, communication, and cultivation.
It takes a significant amount of time and effort to build a strong organizational culture that reflects the beliefs of leadership and matches with an organization’s core values. Coral Springs promotes a culture that comprises a highly collaborative, yet flexible work environment where every individual is valued. This is truly a people-centric culture where everyone feels like family. Employees strongly identify with the organization’s vision and mission and readily unite over a shared cause.
Building this culture requires a progressive Human Resources Department who embraces strategic planning and recognizes the need to remain flexible to acquire top talent. For example, Coral Springs offers a summer internship program for college students to gain experience, which for many students, results in employment. Coral Springs employees are also provided a comprehensive benefits package that focuses on total physical, mental, and financial wellbeing, including a Behavioral Health Access Program (BHAP) offering peer support, clinicians, resources, and more.
At the City of Coral Springs, cybersecurity efforts have full support of executive leadership, which includes the City Manager’s Office, City Commission, and all department leaders. For organization-wide cybersecurity efforts to be effective, they must be well communicated throughout. To gain support from leadership, it is always important to explain “the why” behind a cybersecurity project or initiative.
For example, the city’s website and email system were recently transitioned from a .org to a .gov extension. By using a .gov domain name to provide public services and information online, the consistent extension makes it easy for the public to know that the domain’s services are official. It also makes government communications less susceptible to online scammers, imitation, and fraud. The process for obtaining a .gov extension includes multiple layers of security checks and now requires verification from the U.S. Department of Homeland Security.
Before embarking on the shift to .gov, the communications and marketing team to join efforts with the IT department to ensure all department leaders fully understood “the why.” Taking the time to explain the rationale creates a stronger sense of teamwork and builds trust and respect. When employees truly understand why cybersecurity measures are implemented, they are much more likely to embrace (and not circumvent) them.
It’s no secret that competitiveness exists within the IT industry, especially when it comes to cybersecurity jobs in the private and public sectors. That’s why it’s so important to cultivate people within the organization. Leaders must invest in employees by providing adequate training opportunities. Combine this with a collaborative working culture, and it creates a strong environment for people to succeed. Invest in people, making them feel valued, creates superior employees who are always looking for ways to improve. This benefits not only themselves, but also the organization.
Many organizations fear that they will invest training dollars in employees only to have them leave the organization shortly thereafter. A quote credited to Henry Ford sums up why training is important: “The only thing worse than training your employees and having them leave is not training them and having them stay.”
Cultivating employees not only helps to improve retention, but also helps to keep services in-house. Outsourcing cybersecurity services to external consultants is costly and poses security risks by entrusting confidential security information to a revolving door of people who may not be directly invested in the mission of the city.
This employee-first leadership philosophy has helped to create a highly capable, solutions-oriented IT Department who is ready to deploy their cybersecurity expertise to solve problems and create enhancements across the city and beyond. Coral Springs recently expanded 911 call-taking and dispatching services to include a neighboring city that was in-need of new services.
This endeavor involved building an entirely new public safety network to host the city’s Computer Aided Dispatch (CAD) software and setting up Microsoft Active Directory domain-to-domain trusts connecting these networks. A plethora of cybersecurity controls were implemented as well as continuous vulnerability scanning and automated security configuration assessments to meet the FBI’s Criminal Justice Information Services (CJIS) compliance as well as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework.
Ultimately, if employees go home at the end of the day feeling appreciated, valued, and like their input mattered, it creates a happier, more productive, and more secure environment for everyone.
About Stephen Dyer
As a seasoned public sector employee, the City of Coral Springs Director of Information Technology began his career in county water and wastewater maintenance. During the tech boom of the 1990s and early 2000s, Dyer embraced the explosion of new technology, eventually becoming a Microsoft Certified Security Engineer and landing a position in the county’s IT department. After several promotions, Dyer made the switch from county to municipal government by joining the City of Coral Springs in 2013. He was promoted to Director of IT in 2019 and currently holds a Master of Public Administration degree as well as several certifications including CISSP, PMP, and CGCIO.