This Q&A is part of a new GovLoop series called “CIO Conversations.” Through 2019 we’ll feature conversational interviews twice a month with current and former federal, state and local chief information officers to get know the people behind the titles. You’ll learn about the perks and challenges of their job, how they ended up in their current position, what’s top of mind for them, how they’ve rebounded from setbacks and more.
Home to the first woman U.S. senator, the southern state of Arkansas now hosts one of eight state chief information officers (CIO) that identify as women, Yessica Jones. While Jones admits that public sector IT has a long way to go when it comes to amplifying women, she commended Gov. Asa Hutchinson’s sponsorship of female leaders throughout the state government.
“I was so fortunate that Gov. Hutchinson fell into the category of men who recognized my potential and guided me to serve in this role,” Jones said.
In an interview with GovLoop, Jones also highlighted cybersecurity initiatives, discussed Arkansas’s latest IT projects and provided insightful advice for IT leaders.
The interview below has been lightly edited for brevity and clarity.
GOVLOOP: You are one of only eight CIOs that identify as women serving at the state level today. Do you have any thoughts on women in public sector tasks or creating an inclusive IT environment to improve recruitment and retention of women and minorities?
JONES: Definitely. There was an article in the Wall Street Journal that said that more women are making it to the CIO level. But really, the percentage only increases slightly from 16% to 18% from 2017 to 2019. So on one hand, it’s an honor to be in such a great group, whereas on the other, 18% — there’s definitely room for improvement.
As far as how to improve it, I could personally relate to one of the article’s suggestions. Sheila Jordan, the CIO for Symantec, said that men in senior positions really must be willing to sponsor women to build their careers — so giving them the same opportunities when high-level jobs become available. And I think this is true, not only for men but women as well. I’ll say this reflects my own experience because I was so fortunate that Gov. Hutchinson fell into the category of men who recognized my potential and guided me to serve in this role, first as a deputy director, then as an interim director and ultimately as director. Here at DIS [Division of Information Systems], we look for those females who are doing a good job and push them up instead of pushing them down.
Considering all the different ransomware attacks going on with states and localities, is cybersecurity a concern for Arkansas? What are your steps to mitigate that?
Oh, definitely. I mean, with the recent outbreak of ransomware attacks to state and local government — we heard about Louisiana and Texas — cybersecurity’s definitely a tough issue that keeps us wondering what is happening. Who’s trying to get into our network, and do we have the right people and tools in place to stop them? But the main thing is that half of these cybersecurity attacks begin with phishing emails. And to me, it’s cyber hygiene.
I’ll say that our employees are one of our best defenses that helps us prevent malicious activity if they are well educated and fully understand cybersecurity and cyber hygiene. In Arkansas, we receive a homeland security grant that enables us to implement a cybersecurity training program for state employees. We’ve gotten some great feedback from employees that the lessons have really helped them to better understand and find malicious activity. This training not only helps them in the work environment, but it’s valuable information that can be taken home and talked about with their families.
Have there been any other exciting developments in cybersecurity for you lately?
So Arkansas was one of only seven states selected by NGA, the National Governors Association, to work in collaboration with NGA’s Homeland Security and Public Safety Division to develop action plans to enhance statewide cybersecurity. We’re super excited about that. Here at DIS, we applied for the workshop program in mid-June on behalf of the state, and NGA announced that it was not only Arkansas, but Louisiana, Maryland, Massachusetts, Ohio and Washington. We all made it. We’re going to work to improve interagency coordination and collaboration.
This is great because the NGA will offer technical assistance to our state on overall cybersecurity governance. That to me is critical because now we have the NGA with other associations helping us. And the overall goal for Arkansas is to develop an engagement framework to provide cybersecurity assessments and response capabilities with local government across Arkansas. One of the things that we talk about is that local government needs help, and we also need help, right? So this is going to be a project that I’m very excited to see the outcome. The workshops are going to be scheduled for some time this year, and we should be done by the end of December.
What are some of the core skills that are important to being a public sector IT leader in your opinion?
There are several I believe are definitely important for a public sector CIO or IT leader. Diplomacy, strategic thinking, building relationships and being a good communicator.
As a public sector CIO, you’re always working in a highly political environment. It is critical to learn how to navigate the terrain because you’re working with legislators and other agency directors who all have individual sets of priorities and objectives that may or may not align with yours. So being able to explain to your key stakeholders how technology can leverage some of their business needs is definitely a must for me.
How do you prepare constituents for emerging technologies such as artificial intelligence (AI) when the technology is not fully realized yet?
I think it comes back around to using those diplomatic skills. I will often get asked my opinion in AI, or other emerging technologies, either by a legislator or other agency director. They either have seen something on TV, or they’ve maybe read something online, a magazine, newspaper, you name it. This is an opportunity to educate them and prepare them for the landscapes surrounding the technology and to share with them whether or why it is or isn’t a good fit for the public sector. So again, it’s just being a good communicator and painting the picture of the landscape and technology here in government.
Image Credit: Daniel Schwen via Wikimedia Commons
Yessica is such an inspirational CIO!
Very excited to see what comes of Arkansas and NGA’s partnership for their Homeland Security and Public Safety Division. That said, I think she’s totally correct to focus on cyber hygiene re. phishing emails. We need more leaders like Yessica.