After nearly two years with the Department of Information Resources (DIR), Engle will leave government to become the first employee of a new nonprofit called the Retail Industry Information Sharing and Analysis Center. Engle said that Texas will do fine without him, and he’s excited to continue sharing cybersecurity knowledge as he takes his new position on Monday, Feb. 9.
“It will be there to support the retail industry organizations in their cybersecurity efforts and their efforts to protect their customer information and information technology," Engle said, adding that the center also will use intelligence sharing between the organizations, as well as intelligence as it's derived from various industry partners and federal government resources. “It will help to provide research, benchmarking and analysis of performance as comparative indicators, and also try to provide educational opportunities to equip the personnel of those retail organizations for their work.”
Over the past two years, the state of Texas has seen big changes in its cybersecurity efforts, Engle said, noting that he’s most proud of the team they’ve assembled. Deputy CISO Edward Block will take over as interim CISO upon Engle’s departure, and though Engle said he’s not involved in the selection process for a permanent replacement, he anticipated that Block would be on the state’s short list.
“In the past two years, we really have established a security program with valued services -- and in a way that we have been able to extend them to all of our eligible state agencies and higher education institutions," he said. "So we’ve converted a lot of things that we’ve been provided into very efficient services that are extensible to all the organizations that are in scope for us."
Engle also said an education program for security professionals within the state was established -- the Texas InfoSec Academy is a comprehensive, sustainable, enduring program of not just classes or certification, but true education. "It has the potential of being a very capable legacy component,” he said.
Also of note is the state's development of the Texas Cybersecurity Framework, Engle said, along with a revision of the Texas Administration Code’s security standards. It all adds up to a more structured cybersecurity governance model for the state, he said, that will also allow the state to adapt and grow as needed.
“I’ve seen how the manual efforts to manage a program with spreadsheets and Word documents has been quite fragile and not sustainable," Engle said, "so I think when I look at the two years I’ve had at the state with this team, we’ve gotten some really big things done."
And Engle says that after he’s gone, he anticipates continued and steady progress in Texas cybersecurity.