Solomon Adote, the former global information security operations manager at Philadelphia-based FMC Corp., a specialty chemical company, has been hired as Delaware’s chief security officer, the state said in a news release Oct. 11. He replaces 13-year CSO Elayne Starkey, who retired in June.
At FMC, Adote led its worldwide IT cybersecurity team for six years and was responsible for security of its international manufacturing and corporate network, the state said. Previously, Adote had been a senior information security engineer and team leader at e-commerce company QVC Inc., where he handled security for a credit card processing operation with a multi-national Internet presence. From 2003 to 2006, according to LinkedIn, Adote was a team manager and service support administrator at the state Department of Technology and Information (DTI), where he worked in access control, network connectivity, and systems and applications services.
“When I had to pick IT, it wasn’t a difficult choice. It wasn’t like I was giving up something. It felt like I was getting more out of something. The need to serve, I think, has always been there,” said Adote.
Delaware is “excited to welcome Solomon back,” CIO James Collins said in a statement, adding: “He brings a great blend of organizational and tactical information security experience that will be invaluable as our enterprise digital government strategy evolves.”
The new CSO’s first day back at the state was Sept. 17 and now, four weeks in, he said he’s “bringing a mesh of the corporate world to the state world” and “trying to achieve that model of a service-oriented security program.” Adote said the agency needs to support the state in viewing IT from a centralized, strategic perspective — becoming proactive, not reactive; laying the foundation for smart cities and Infrastructure as a Service; and developing centralized solutions that provide high levels of value to a variety of state customers.
“What I want to change in my team is where we kind of understand where our businesses want to go, where our state departments want to go and try to lead them, try to get ahead of them,” Adote said, adding that a goal here would be to identify the technology that needs to be in place to facilitate agencies’ migration to the cloud.
His team, he said, also needs to maintain visibility, authenticate and authorize the multitude of independent systems at work throughout the state. Identity life cycle, Adote said — tracking, monitoring and potentially unifying the many identities that have access to state systems — is a need he hopes to address. But to accomplish that, he noted, officials and agencies must do a better job of maintaining an identity and ensuring appropriate access levels and termination of access when, for example, an employee retires.
Design and execution of the Delaware Information Security Program is another area of focus for the new CSO, the state said. Adote said his team has been meeting twice a week on the program and sees it developing around several teams in enterprise security operations, risk management, governance and security operations. He said the risk management and governance team — encompassing everything from disaster recovery to audit compliance — must be independent, to assess the performance of other departments and of his own security team.
He’ll also spearhead the state’s Continuity of Government and Disaster Recovery Program, the CSO said, with his team interacting with crisis centers statewide and talking with partners to ensure agencies are ready for a disaster.
“We have that ability to interact with the state government, to make sure that they’re ready, make sure we can handle a crisis. I believe business continuity is not only about making sure that the technology services we provide are available but making sure the customers can get to that technology,” Adote said, adding that part of that focus will be to ensure remote access capabilities during a crisis.
In keeping with the idea of being service oriented, the CSO said he’d also like to partner with other departments on development, earlier than previously has been done, to ensure projects are not only securitized but also designed correctly and fully enabled to interact with the state’s layered network architecture.
