CIO of the Illinois State Treasurer’s Office on the importance of executive buy-in to cyber initiatives

When we think about the types of companies and organizations that are often targets of cyberattacks, we tend to think about the companies with something that e-criminals want. These are crimes being perpetrated by criminals, after all. They wouldn’t take the time and put in the effort to conduct cyberattacks if they wouldn’t get something that benefited them out of it.

This is why we understand when financial institutions like Citigroup or Capital One are hit with cyberattacks. They’re banks, and banks are where the money is. This is also why nation-state attacks against federal government and military networks make sense to us – they’re looking to get an edge or learn top-secret information. But what about state and local governments? They couldn’t possibly have anything that an adversary would want…right?

According to Joseph Daniels, CIO at the Illinois State Treasurer’s Office, that’s simply not the case:

“We are a financial agency with more than $30 billion in assets. We are facing the most advanced threats seen in the industry.”

Joseph is one of many exciting public sector and private industry speakers and panelists planned for the upcoming Fal.Con for Public Sector virtual event, where the threats facing public sector entities – from state and local governments, to federal agencies, to educational institutions and healthcare providers – will be analyzed and explored.


We recently had an opportunity to sit down with Joseph to talk about the unique cyber threats facing state and local governments, what his time in the National Guard taught him about cybersecurity and what attendees can expect to learn at the upcoming Fal.Con for Public Sector event. Here is what he had to say:

GovCybersecurityHub (GCH): Can you tell our readers a little bit about yourself and your current responsibilities within the Illinois State Treasurer’s Office?

Joseph Daniels: I have the honor to serve as the Chief Information Officer for Illinois State Treasurer Michael Frerichs.

In this role, I oversee the technology division. As the CIO, I am responsible for safeguarding the technological assets of the Treasurer’s Office. It is not often that IT professionals get to work for a leader who is just as enthusiastic about cybersecurity as we are, but with a $30 billion portfolio, it is top of mind for the Illinois State Treasurer’s Office. We are fortunate to work alongside a senior management team that has a shared vision and security-first mindset to protect taxpayer dollars.

GCH: You’ve dedicated a large portion of your career to public service – having served in the National Guard and now working with the Illinois State Treasurer’s Office. What has influenced your decision to dedicate so much of your life to serving the government?

Joseph Daniels: Public service is a calling. I believe that each one of us has the obligation of being good stewards, serving the communities we live in. I have served at the federal level, in the private sector, and now in state government. Additionally, I have 12 years of service in the Illinois National Guard, including serving in Afghanistan. My purpose in life is to be a part of something greater than myself and give back to the people we serve.

When I chose to come to work for the Illinois State Treasurer a couple of years ago, I made the decision based on his leadership and vision for all our agency programs. Our office provides financial tools to help people, including saving for college, increasing financial education for all ages and removing barriers to a secure retirement.

GCH: What does the threat landscape look like for an organization like the Illinois State Treasurer’s Office?  What kinds of threats are you facing? How does that compare to when you were working in data and network security in the national defense sector for the Illinois National Guard?

Joseph Daniels: Financial fraud is at an all-time high. Every week there is a financial institution shut down with ransomware or working with the FBI for a fraudulent wire transfer due to phishing. 

We are a financial agency with more than $30 billion in assets. We are facing the most advanced threats seen in the industry. Fortunately, in the last five years, we have been modernizing all legacy infrastructure at the office, with the last two years hyper-focused on the security footprint. We take cybersecurity very seriously – it is not an afterthought.

My experience in the National Guard has prepared us to rapidly defend against today’s attack vectors. The dual role of Citizen Soldier plays a part in understanding the frameworks that encompass cybersecurity.

GCH: What are some of the largest cybersecurity challenges facing state and local government organizations and offices?

Joseph Daniels: The lack of human resources, competing with private sector salaries for qualified experts, and not having a dedicated security budget.

If your leadership team does not support cybersecurity or does not believe in the program within your organization, that can cause major issues.  Legacy infrastructure is the next most prevalent issue that plagues states and local governments. 

Not having dedicated staff with a shared vision to modernize will leave agencies scrambling for help in a cybersecurity Incident. Again, I am very fortunate to work for a leader who is passionate about security and protecting the assets that we manage. In my experience, this is not the norm in this industry.


GCH: You’ve said that innovation is essential to the success of an organization. In which ways have you been innovating and what innovative new technologies have you been embracing to help keep the Illinois State Treasurer’s Office’s data and networks secure?

Joseph Daniels: No matter what your role is, you are only as good as the team of people you are with.  To innovate, we first needed to bring in a diverse IT workforce with a wide array of experience and ability. Collectively, we worked on our vision, worked in the Agile framework, and moved quickly and purposefully.

We have moved away from the traditional legacy frameworks and adopted a true hybrid model. We embraced and leveraged a multitude of security products to give us a defense-in-layers environment.

Embracing cloud security technologies allow us to keep a heartbeat on all our devices anywhere in the world. We also work closely with our internal auditors to ensure we are mitigating our risk exposure with every tool we implement.

GCH: What are you planning to discuss during your session at the upcoming Fal.Con for Public Sector virtual event?

Joseph Daniels: I am honored to share this space with so many phenomenal speakers and offer my experience with the attendees. With the expert group of peers on this panel, we will highlight opportunities for remote workforces, ransomware issues, and some industry-leading best practices and advice for other state and local governments reaching out for help.

GCH: Who do you think would benefit from attending Fal.Con for Public Sector this year? Why is now an important time to hold this event and why is it important to bring this community together – even virtually?

Joseph Daniels: Anyone who values security and is looking for suggestions from industry experts to secure and modernize their workforce. This event will have valuable information, regardless if you have a mature security program or you are just beginning.

If you take anything away from this event, it should be to get your senior leaders involved – get their buy-in to make your security program as robust as you can.  Train your staff, practice your incident response. If you need help, please, reach out. We are all in this together.

To learn more about Fal.con for Public Sector and to register online, click HERE.