Michael Roling has been the Chief Information Security Officer for the Office of Administration, Information Technology Services Division for the State of Missouri since 2009. He heads the Office of Cyber Security and is responsible for overseeing the information security posture for the State of Missouri. Michael has been employed by the State of Missouri since 2003.
As CISO, he has transformed the security culture throughout government, introduced new processes and technologies that have enabled IT to swiftly and effectively respond to incidents, and has implemented various policies that have strengthened IT governance. Prior to joining state government, Michael worked at AT&T and Anheuser-Busch. Michael earned a Bachelor of Science degree in Management Information Systems from Saint Louis University.
B.S. in Management Information Systems, 2002
Saint Louis University
Certified Information Systems Security Professional
The State of Missouri’s Office of Cyber Security is being recognized for its outstanding end-user awareness program that combines short and focused lessons with phishing assessments. The awards ceremony will take place in Scottsdale, AZ.
Missouri has made significant strides tech- and cybersecurity-wise in recent years, and it has three individuals in the C suite to thank: Acting CIO Rich Kliethermes, Deputy CIO Steve Siegler and CISO Michael Roling.
The State of Missouri’s Office of Cyber Security launched a program in May 2016 to identify vulnerable, Internet connected systems belonging just not to state and local governments, but also to businesses, utilities, and academic institutions across the State of Missouri.
The Office of Cyber Security’s Portal was honored with the “Innovation of the Year” award from StateScoop.
Leading state government into a new technology landscape with innovative ideas and by inspiring others to get on board.
The SC Awards in San Francisco honor the most outstanding contributions in the information security industry.
The winner of the Overall Excellence in Cyber Security Award has tools and systems in place to prevent and mitigate risks; has established best practices in cybersecurity across their organization; has provided end-user awareness training and certification to ensure that its employees know and support IT security and risk management plans; and has helped their IT security professionals to better address components of their IT security and risk management plans, such as secure coding, vulnerability management and incident response, and computer forensics.
State governments sometimes get a bad rap for not doing much to help their constituents protect their data. But in Missouri, there is a cybersecurity effort afoot to apprise organizations of the flaws in their computer systems that could lead to breaches and malfeasance.
With public software increasingly less vulnerable, bad actors are utilizing legitimate tools already on users’ systems — and so-called ‘fileless’ attack techniques that leave no trace.
Cybersecurity awareness programs in Missouri and Washington center on education, anonymized real-life anecdotes and assessments that can include “phishing” their own employees.
The cybersecurity landscape has many pitfalls, public officials and industry experts said at the 2017 Missouri Digital Government Summit, but some solutions are out there for enterprising agencies.
Dozens of countries are still reeling from the after-effects of a May 12 ransomware attack targeting public and private institutions.
A recent report found that the typical public-sector organization uses nearly 750 cloud services – 10 times the number IT departments expect to find.
Unlike cyber criminals who hack into computer networks to steal data for the cash, most hacktivists aren’t doing it for the dollars. They’re individuals or groups of hackers who band together and see themselves as fighting injustice.
Missouri’s Cybersecurity Task Force released its recommendations for both private and public entities to achieve greater protection against online threats. Those recommendations include the creation of a designated cybersecurity institute, modifying K-12 curriculum to include cybersecurity related studies, and providing multiple avenues to assist private entities to protect themselves from cybersecurity threats. Irl Scissors, a representative of the Midwest Cyber Security Alliance, said he fully endorsed the ideas promoted within the action plan, the full text of which can be read here.
AT&T and the National Cyber Security Alliance are leading a long-term strategy to increase cybersecurity awareness among elected officials. As part of that effort, the Governing Institute—an organization that helps public sector leaders govern more effectively through research, decision support and executive education—surveyed 103 state legislators and their staff to understand how lawmakers view their role in this critical issue.
“In the late summer and fall of 2014, during the period of civil unrest in the St. Louis area, the State of Missouri was the No. 1 target of hacktivists globally,” Roling said. “They went after web applications, looking for vulnerabilities, and tried to social-engineer their way into our systems.”
CIOs and CISOs realize that human error is perhaps the biggest weakness in any information security program – but proper training may condition employees not to click or open anything that looks remotely suspicious.
Roling shares how he makes sure his staff – and the state workforce in general – is prepared for today’s threats.
Missouri’s state government has recorded an uptick in social engineering incidents in recent months, not because the cyberattacks themselves are increasing, but because more end users are reporting the advanced threats.