And yes, I think this overall principle applies to much more than just sports. It is fascinating to see where people ended up from various government and cybersecurity teams in history. There are many stories available online like this one that covers “WHERE ARE THEY NOW? What happened to the people in Microsoft’s iconic 1978 company photo.”
In part 2 of this blog, I want to cover the stories from various people within the Michigan government’s technology and cybersecurity teams from the past two decades and conclude with some lessons learned from those teams that we can all apply now.
THE WAY WE WERE: MICHIGAN’S DEPARTMENT OF INFORMATION TECHNOLOGY
In 2001, Michigan Gov. John Engler signed an executive order that created a new department overseeing all technology in state government called the Michigan Department of Information Technology (MDIT). The department was organized just after the Sept. 11, 2001, terrorist attacks in New York City and Washington, D.C. In 2002, the government staff was centralized and reorganized by function (rather than department) in tech areas such as project management, hardware support, help desks, data centers, database, system administration, end-user support and cybersecurity.
I became the state’s first government chief information security officer (CISO) in 2002, and all cybersecurity processes, procedures, tools, governance, budget and more were now under me in the Office of Enterprise Security (OES). We lost a bunch of people due to an early retirement program that was offered to cut costs. (Michigan remained in a recession for almost a decade, from 2001-2010, so the modus operandi was to do “more with less.”)
Our team consisted of an assortment of men and women from around government who were assigned to protect systems and networks — and I had no idea that my security team was full of future superstars who would become CISOs, international heads of cybersecurity, executive leaders for Fortune 500 companies and more.
What I did know was that we had a vital mission and a lot of important work to do to not lose ground on the “online not inline campaigns.”
Trent Carpenter, who later became CISO at Sparrow Health System, ran our “Bat Cave,” or security operations. On Trent’s team we had forensic experts like Joel Weever, whom State Police and others constantly leaned on for investigations. Joel went on to become a senior forensic investigator for HP Enterprise Security and is now a principal consultant at CrowdStrike.
In 2003, Gov. Jennifer Granholm was elected, and she brought in Teri Takai to become state CIO and MDIT department director. Teri was a very strong leader who later went on to become CIO for the state of California under Gov. Arnold Schwarzenegger and later the CIO for the U.S. Department of Defense. Teri is now senior vice president of the Center for Digital Government.*
Teri’s leadership team was full of future CEOs, Fortune 500 CTOs and more. While the focus was all around consolidation and efficiencies due to budget constraints, the innovation and excellence led to award-winning NASCIO projects, and many programs became national models that were followed by states across the country and even governments around the world.
One of our top leaders in MDIT was Ken Theis, who later became Michigan’s state CIO when Teri left for California. After he left state government in 2010, Ken went on to become CEO of Dewpoint. Pat Hale, who was CTO under Ken, went on to become CTO at Sparrow Health and is now the executive vice president/CIO at VITAS Healthcare.
These were innovative, hard-charging leaders who put together top teams and new approaches to managing enterprise technology programs.
I think it is important to note that these innovative changes occurred at a time when recession was causing furlough days in Michigan government, but bureaucratic silos were being broken down and innovative savings were expected yearly. Michigan won so many national awards for excellence during these years that organizations like NASCIO had to change the rules to limit the number of awards given to any one state each year.
THE STUDENT WHO BECAME A CYBER ROCKSTAR
Yes, looking back, we were very blessed to have so many talented people in Michigan at the same time, and we also had some amazing staff that joined the team. In more than one case, I made mistakes and almost said “no” to some amazing talent that landed at my doorstep.
Allow me to briefly tell the story of Michael (Mike) Monticello, a student who I initially did not want to hire but who refused to take no for an answer.
When Mike showed up at my doorstep in late 2003 as a student from Michigan State University, we were so busy that I didn’t have time to meet with him. I told my executive assistant, “We don’t need students. We don’t want students. We will not hire students. We are too busy.”
But Mike kept coming back — again and again. Finally, my executive assistant said, “Please meet with him for five minutes, because he is wearing me down.”
I agreed, but quickly told Mike the same thing when he entered my office: “Sorry, no students allowed!”
Mike said, “I’ll work for free. I’ll make coffee. Whatever you ask, I just want to be in the Bat Cave and learn information security. Please, give me a chance.”
So I agreed: He could work for free for 30 days. (Yes, I broke some Civil Service rules, which I found out later.)
You can probably guess what happened next. Mike worked harder than anyone in the office. We offered him a formal (paid) student job the next month, and he was amazing. He did more than great security work — he changed the culture. He brought in Nerf guns for everyone with his first paycheck, and he got the team to fire Nerf guns at management when we entered the Bat Cave.
What I remember most clearly about Mike during those early years is that his perseverance and determination to succeed were off the charts. I can honestly say that he was the most ambitious “go-getter” person that ever worked within one of my teams, and that was sometimes annoying.
Nevertheless, he excelled, finished his degree, and worked for us for a few years as an outstanding cyber pro. Mike went on to jobs at IBM where he was the senior threat researcher (X-Force), threat research and intelligence principal, and later the security intelligence director - North America.
After that, Mike became the director of cyber defense for KPMG and then later a senior director of cyber security, privacy and forensics advisory for PwC. Mike is now at Walmart as engineering fellow for information security.
Mike recently said this about his early days on the Michigan cyber team: “What I do know is that Dan let me work for him. Within a few months it became a paid role. Within a year I was the youngest forensic investigator with an EnCE in the U.S. Within a year and a half I graduated with my bachelor’s degree and more than 60 technical job offers. Within four years, I was advising numerous CEOs and venture capitalists on security. Within 10 years, heads of state (plural) were following my social media and so on.”
The ”rest of the story” is that we were very fortunate and blessed to have Mike on our team, and we learned more from him than he learned from us.
GOV. SNYDER FOCUSES ON CYBERSECURITY
Just a few more examples from teams in Michigan government. In 2011, Gov. Rick Snyder, who was formerly the CEO at Gateway computers, took office in Michigan. He brought in John Nixon as director of the Department of Technology, Management and Budget (DTMB, an agency created when MDIT and the Department of Management and budget merged) and David Behen as state CIO.
Over the next few years, we achieved a remarkable set of cybersecurity initiatives under the banner of the Michigan Cyber Initiative (2011 and 2015 versions). CISA highlighted these efforts in this 2017 case study. You can also read about these further in my book Cyber Mayday and the Day After.
John Nixon is now the senior vice president at CNSI, and Gov. Snyder and David Behen started this cybersecurity company last year.
Gov. Snyder made cybersecurity a priority and Michigan continued to attract cyber talent to government roles. Michigan went on to start many new technology innovation efforts under Gov. Gretchen Whitmer which are bipartisan in nature.
One more notable cyber expert was Chris DeRusha, who became Michigan’s deputy chief security officer (CSO) in 2018 and went on to become Michigan CSO in 2019. He joined the Biden for President campaign in 2020 and is now the federal CISO and deputy national cyber director under the Biden administration.
LESSONS LEARNED FROM WINNING TEAMS
Here are a few takeaways from looking back at winning teams in history:
- Leadership matters: From Michigan Republican Gov. John Engler (who went on to be the CEO of the National Association of Manufacturers and president of the Business Roundtable) to Democratic Gov. Jennifer Granholm (who is now secretary of energy in the Biden administration) to Republican Gov. Snyder who championed cybersecurity to Democratic Gov. Whitmer who just won re-election, the actions taken by top leaders impact cybersecurity and technology in many ways in government and the private sectors. Teri Takai, Ken Theis, Dave Behen, Dave DeVries and current Michigan CIO Laura Clarkhave built on the actions taken by their predecessors and strengthened teams by focusing on results and innovation.
- Hard times can be overcome and even help build stronger teams: The decade from 2002 to 2012 was not the best for the Michigan economy, but that enabled Michigan’s cybersecurity teams and technology teams to keep and attract talent and grow winning teams. Just like “the Baltimore Boys” came from tough circumstances to overcome and be successful in high school and beyond (see part 1), hard times actually broke down barriers in Michigan government and enabled centralization of governance to work better and save dollars while improving results. Later leaders did not undo the advances of their predecessors, but built on them and did not play politics with essential cybersecurity efforts.
- Award-winning, talented teams can lead to more talented teams: Chris DeRusha was interested in the Michigan CSO job based upon the reputation of previous cybersecurity teams and steps taken by those who came before him in Michigan. He sought out his colleagues to build on successes and be mentored and learn. Message: A culture of success can be built in government just as it can in sports.
- Take chances on staff that have passion and the right work ethic: I almost did not hire Mike Monticello because of his resume (and he was a student), but I am so glad I did. Many people did not think Tyrone “Muggsy” Bogues could be successful in high school or college (not to mention the NBA) because of his size. However, both were very successful in their careers.
- Champions take years to build — in sports, technology and cybersecurity: Little successes can build into much more and have lasting results.
- Say thank you to those who helped get you to where you are. One example of how I tried to do that here.
FINAL THOUGHT
And last, and perhaps most important for all of us: See the potential in your team, because you may just be managing a group of superstars (but remember that it may take you years to figure that out).
*The Center for Digital Government is part of e.Republic, Government Technology’s parent company.