This principle of cybersecurity was perhaps no more apparent than during 2020, when his county protected the integrity of three different elections. With each election cycle last year, Godsey’s team looked at what worked and what didn’t to further refine its election incident response plan, which was partially based on observations made during the 2018 midterms.
If 2018 taught Godsey anything, it was that misinformation could be as big of a problem as attempts to intrude into the county’s election systems. In fact, by the time the September 2020 primary began, Godsey had to dedicate more staff to social media monitoring.
Thanks to these efforts, the county had an extremely mature process in place for the 2020 general election, which was fraught with misinformation and disinformation. Godsey’s team was reporting new information every hour to keep up with ever-evolving threats.
“I’ve never experienced anything like that in my 25-plus years of public service, short of responding to a natural disaster,” Godsey said.
Building trust-based relationships is at the heart of Godsey’s cybersecurity approach. Maricopa County has a central IT organization, but there are also pockets of decentralization, with individual agencies relying on their own IT shops to different degrees. This adds complexity to Godsey’s role in promoting high security standards across the board.
Rather than take an authoritative approach, Godsey strives for consensus. He shares all of his organization’s frameworks, controls and applications; he develops formal relationships with IT leaders across county agencies; and he offers consultive services to agencies that need help meeting unique cybersecurity needs. “We frankly try to remove any excuse not to work with us,” he said.