Β·
17 minute read
π¬ The TechTables Newsletter
TechTables connects public sector technology leaders β CIOs, CISOs, and CTOs β through darn good conversations and peer-driven community. The best place to start is the newsletter.
Subscribe now.π
Episode Summary
Florida CIO Jamie Grant + CISO Jeremy Rodgers on the story behind the first digital emergency response to Hurricane Ian β Starlink deployed in 56 hours, the fastest ServiceNow standup in company history, a zero-trust overlay built in 10 days, and a statewide cybersecurity mesh built from scratch. Recorded live in Orlando.
Featuring
Jamie Grant, CIO, State of Florida
Jeremy Rodgers, CISO, State of Florida
Timestamps
03:50 - Innovating cyber security strategies with Jeremy Rodgers
06:15 - Implementing Starlink amidst crises and the security implications
12:27 - The ethos of accountability and excellence in Florida's tech efforts
18:05 - The correlation between reliable sports coaching and team dynamics in tech fields
20:33 - Jeremy Rodgers on the influential leadership insights from "Connecting the Dots"
22:58 - Digital components of disaster response: Jamie Grant on Hurricane Ian's case study
26:44 - Emergency preparations and bureaucratic agility in technology deployments
30:21 - Embracing the startup mindset in public service for tech advancements
33:26 - Dealing with 'Moat Dragons' in cybersecurity and ensuring enterprise reliability
36:15 - Jamie Grant on building an enterprise security system from the ground up
39:04 - Discussing the transformation in public sector talent and operation strategies
42:49 - The discussion on cybersecurity posture and agency collaborations in Florida
46:34 - Talent investment and overcoming bureaucracy for innovations in government
50:18 - The proactive and team-centric culture for a successful digital government
53:12 - Andrea Sherwood on regulatory compliance versus innovation in cybersecurity
55:47 - Establishing an Enterprise CRM in the aftermath of Hurricane Ian
58:33 - Overcoming accessibility and security challenges in technology post-disasters
01:00:43 - Valuing product developers over excessive management layers in tech structures
01:03:57 - Recap and takeaways on cybersecurity collaboration efforts
01:07:02 - Addressing cybersecurity threats and fostering a collaborative agency culture
Whenever youβre ready, there are 3 ways you can connect with TechTables:
1. π¬ The TechTables Newsletter
Thanks for reading TechTables! Get early access to new episodes, insights, upcoming events, and more β straight to your inbox.
Join now: https://www.techtables.com/
2. π€ Are you a local government CIO who wants to become a better leader?
Check out our high-trust, vendor-free peer group built for local government CIOs tackling real challenges, honest conversations, and an authentic desire to become a better leader β our next retreat is November 2026!
Learn more β https://techtables.com/communities-local-government
3. π€ The Better Together Series (Virtual & On-Site)
The narrative-driven series bringing together industry partners and public sector CXOs. Discover the compelling stories that unfold when we stop working in silos and start building together.
»»» Email joe@techtables.com to learn more.
TechTables Better Together On-Site with Peter Loo, CIO, LA County & Hannes Scheidegger, Chief Global Delivery Officer at Info-Tech Research Group
Platinum Newsletter Sponsor:
Join TechTables & Info-Tech Research Group at Info-Tech LIVE 2026 - New Orleans (February 3 - 4, 2026) and/or Info-Tech LIVE 2026 - Las Vegas (June 9 - 11, 2026)!
Learn more about upcoming Info-Tech events here: https://www.infotech.com/events
Gold Newsletter Sponsor:
SentinelOneβLearn how SentinelOne empowers this state to stay secure.
Verizon FrontlineβThe advanced network that keeps first responders connected when it matters most.
CarahsoftβThe Trusted Public Sector IT Solutions Providerβ’, supports government agencies and education/healthcare markets. Contact your Carahsoft rep today to access special discount pricing exclusively through the TechTables + Carahsoft partnership!
Transcript
Joe: Today we have Jamie Grant, CIO for the State of Florida, and Jeremy Rodgers, CISO for the State of Florida. Jamie and Jeremy, welcome to The Public Sector Show by TechTables.
Jamie: Thanks for having us.
Jeremy: Thanks. I love this β this is a long time coming. I'm super excited.
Joe: Today's podcast episode is sponsored by SentinelOne. SentinelOne redefines cybersecurity by pushing the boundaries of autonomous technology with the Singularity XDR platform. SentinelOne is the leader in endpoint protection and beyond β simply put, they stop the bad guys. Big shout out to SentinelOne for being the diamond sponsor today.
Jamie, I love this quote you had at NASCIO where you said: "We're a startup within government. We didn't inherit a program that's won a few championships β we inherited a program that's never won a football game. I can't leave till that changes." I love the sports analogies. When folks don't know what it's like to win championships or football games, it's hard to know what winning looks like or what standards to set.
One of my earliest podcasts was with Gary Brantley β he was the CIO for the City of Atlanta and is now the CIO for the NFL. We talked about this too: the City of Atlanta had a massive cyber attack, and he came in and had to not just get the cybersecurity piece right, but get the culture right and the team right. It's hard to do that if you don't know what winning looks like. We're going to cover Hurricane Ian and the digital response, and also the $30 million cybersecurity grant program from the State of Florida. But first β Jamie, talk about setting the standard, raising the standard, and being the standard across digital services in the State of Florida.
Jamie: If you don't have the people and the culture right, nothing else matters. I've been fortunate to be in some locker rooms with some really talented players. The example I'd give is the 2003 Auburn Tigers football team. A lot of people talk about the '04 team with four first-round draft picks β but the '03 team was much more talented. It was tragically poorly coached at a coordinator level, and you watched a team that should have been winning championships struggle through conference play. The only thing that really changed from '03 to '04 was leadership and buy-in.
Florida has, four times before the digital service, created an office to do state technology β only for the legislature or the governor to get frustrated and abolish it. So we kind of cherish that as a team. Nobody's ever been able to do it. But step one, before you can go out there and start accepting trophies, is just get in your own locker room and get folks to believe that they can win a single game. When they start to see a little bit of success, they start to buy into a playbook, they start to buy into a culture. You're going to have adversity, you're going to have losses β you don't go from a perennial loser to winning championships in an instant. You go from winning zero games to winning two or three. That's still losing a lot of football games. But letting folks understand that there is a plan, and that you're going to ride with them through all of it β if you're willing to do that and you get the people right, the technology is actually very easy.
Our challenges on the cybersecurity and modernization front are not problems of "can technology solve it" β it's "can we get people to buy in, can we get the moat dragons out of the way, and can we encourage and incentivize the good behavior and discourage the bad." Moat dragons is a term I've used for maybe a decade. If there's a castle full of success, there are certain people that just circle in the moat trying to make sure nobody gets to success. They exist in every industry and every ecosystem. The recipe β whether it's coaching football, coaching basketball, or building enterprise cybersecurity β is the exact same. It starts with talent and buy-in. And reliability is the most important ability. We've had people with abilities off the charts who just couldn't be reliable. At the end of the day, you find people that are bought in and reliable, and you can build anything.
Joe: For those listening β you might want to hop over to the video, because Jamie and Jeremy are wearing their college jerseys. Love the sports theme, love the moat dragon concept. Jeremy, I want to transition to you. There's a leadership book I found off your LinkedIn β I bought it. It's from your friend, mentor, and Navy shipmate Sean Heritage, titled Connecting the Dots: Deliberate Observations and Leadership Musings About Everyday Life. In the book it says dots signify two things: first, they represent milestones β large and small, happy and sad β we enjoy throughout the journey of life. They additionally symbolize disparate pieces of data that by themselves mean far less than they do in the aggregate. One of my favorite sections β or "musings" β was "It's the Network, Stupid." People ask me all the time why TechTables has grown the way it has, and the answer is: it's the people, it's the relationships. What spoke to you about Connecting the Dots, and how are you applying it in your current role?
Jeremy: Sean's a good shipmate and mentor from the Navy. He's now doing great work over at MITRE. One of the big takeaways β and Jamie touched on this too β is that if you don't get the people right, if you don't get the community right, if you don't get the mindset right, the technology doesn't matter. When Jamie brought me on to run cybersecurity, a big part of going in the right direction was building relationships first. Florida is a federated system of 30-something agencies, each with their own CIO and security leader. Getting everyone rowing in the same direction β sharing information, sharing intelligence, versus having 37 separate silos β that's the big lesson. It's not perfect, we're still building it. But just getting face to face, building those relationships β because if you don't know somebody's name when times are easy, it's going to be really tough when you're dealing with a security incident together.
Joe: Jamie, our original live podcast tour stop was supposed to be in Tallahassee. However, due to Hurricane Ian in late September last year, we postponed the event so the State of Florida could serve its residents β all hands on deck at the Emergency Operations Center. Governor DeSantis set the tone for a successful emergency response β a great case study on cutting government red tape to help Floridians when they needed it most. You're quoted as saying the state's response to Hurricane Ian was the first response that had a truly digital component. Can you talk about some of those digital success stories β from Starlink to missing persons to helping first responders avoid life-threatening situations through data sharing?
Jamie: My granddad used to say β and it's six P's, but we'll say five for a public audience β planning prevents poor performance. One of the things we've stressed to the agency community is: have your binder ready to go. When a state of emergency shows up and the handcuffs of government come off and the speed limits of bureaucracy are removed, you can actually go.
We had asked for a CRM through the normal budgetary process. The response was: "Why do you need a CRM? You have Outlook." I showed up and found out that in a $100-plus billion enterprise, the CRM was an email with a deck, a spreadsheet, or a Word doc circulated around. That's how we did business. The moat dragons said no. Then Ian showed up, and we had our binder.
For the first time in state history, we were able to establish a CRM to truly serve the enterprise. We've been told we stood up the fastest ServiceNow instance in the history of the company β public or private. Big shout out to Jeremy, Chandra, Adam Taylor, and the team going 20 hours a day to make that happen. We also immediately stood up missing.fl.gov, where people could report themselves as needing help or family members could report someone missing. We ingested what we didn't know existed β about 48,000 households β and deduplicated down to 20,660 households that had been offered a portal to shelter in place. When you give a Floridian in the impacted area a shelter-in-place survey, they reasonably assume you're coming to get them. We had to work through all of that.
Urban search and rescue was running their ticketing system off a single email address. The storm took out most of the 911 infrastructure and the Coast Guard could only route cases to that one address. So: step one, triage the email. Step two, stand up the CRM. Step three, deploy network.
We had been working with elections on Doomsday scenarios and were far enough down the path with SpaceX on a Starlink deployment that we could move fast. We ingested 20,660 households of less-than-clean data, used our Snowflake instance to clean it up and push it back into ServiceNow to start resolving cases. We stood up safe.fl.gov alongside missing.fl.gov and deployed AI contact center capabilities we'd used during the pandemic β press one, reply: are you good, do you need help?
48 hours after impact we had our first 30 Starlink terminals. 56 hours after impact they were deployed in Southwest Florida. The next day a plane came from California β not people fleeing for economic opportunity, but people packing Starlinks to come support Floridians. We now have the largest Starlink fleet outside of Ukraine. It was the first-ever Starlink deployment in history for a natural disaster.
Within 10 days we had ingested about 100,000+ waypoints that search and rescue teams had tagged β latitude and longitude coordinates β and our data team converted those to household-level mapping so we could give intel to the front lines about where there was a missing record and nobody had been touched.
The last thing I'll say: one of the challenges in any CxO role is the conflict between accessibility and security. You can't walk in and brief the governor and say "I'd love to give you satellite Wi-Fi β it's just not secure following a hurricane." So we deployed Starlink, and then Jeremy's team very quickly started figuring out how to secure it. Within 10 days we were routing all that traffic through a zero-trust framework. Our network team now has a pelican box with an antenna, a Cradlepoint, and a SEM that we can deploy anywhere. The new baseline is the expectation: well done, but what are you going to do next?
The hurricane was an opportunity for us to do five years of innovation and transformation in about 45 days. I got the call around 9:30 that night that the infrastructure broke. I made three or four calls β to Jeremy, Adam, Chandra β and said: I'm getting in the war room, anybody want to go? We went 20 hours a day for about a month. You can't design for having the right talent, bought in, willing to play together in that moment. That was the coolest part β seeing people experience things they'd never experienced before, under timelines and pressures they'd never experienced before, only because they believe in the mission.
Joe: That was fantastic. Jeremy, I want to continue on the bad actors side β we deploy Starlink, but now there's a cyber front to deal with. Can you talk about that part of the experience?
Jeremy: Jamie got the call at 9:30. I got a text about 20 minutes later β not "I need you in," but "hey, if you want to come in, I think we've got some exciting stuff coming up." It was a grueling month, but it was probably some of the work I'm most proud of.
On the Starlink deployment β our security team worked to overlay the security apparatus on top of it. You're giving internet access in a spot where towers are down and cables are down, but for the first time search and rescue teams, fire teams, and police coming together from all across the country have C2 command and control. They can see where the missing points are in minutes, not days and weeks, where lives matter. The Department of Economic Opportunity and DOT could get people's lives and businesses back up in hours β and that was the expectation Governor DeSantis put on us.
I remember talking to Jason and Josh on my team, probably 10 hours in. I said: do you want to gather a team? Within a minute Jason said: "You're asking me to go to an emergency site, aren't you?" β with a glimmer in his eye and a smile. Within less than a day, state employees were heading down to Southwest Florida to set this up.
The challenge was: great, you've given internet access everywhere β but how does the state put our security apparatus on top of that? How do we monitor traffic, block foreign actors, protect state IT? The solution our team built is something other states are now talking to us about. They haven't seen someone bring the hardware, software, applications, cloud security, and infrastructure environment together in a way that lets you monitor, know what's going on, and block what you need to.
Joe: A common theme I hear across all these interviews is that Governor DeSantis expects excellence. Excellence isn't perfection, but you strive for it. Jamie, can you talk about the mindset going into the CIO role β knowing it had failed four times before?
Jamie: The cliff notes: I was frustrated as a legislator. I practiced law for a year and a half, saw some things that pushed me toward tech policy, and got really heated about it. My boiling point came with what's called a claim bill β a way for the legislature to sue itself when sovereign immunity cases are too severe. In at least one situation that came before my committee, a foster child had been placed in the same household as a sexual predator β because two different agencies controlled two different lists that never talked to each other. An API call we could have written in a week would have flagged 123 Main Street as a red flag. We couldn't do it, and the worst of the worst happened.
So I started writing policies like a board chairman ready to fire a CEO: "The state CIO will do this and this." Then the administration came and said: we want you to take that job. My first answer was no. I said the job sucks and the pay sucks β fix one of the two and we can have a conversation.
Two things got me to yes. One: if you dare me, you're going to get me to yes. I love being told it's not possible. Two: it's a blank canvas. There's no other $115 billion enterprise I can think of that's never built enterprise data, enterprise governance, or enterprise security. You only get to do that once in a lifetime.
And our rallying cry to the team: if we fail, we're just number five. Nobody else has been able to do it. Cherish that. We've also instilled a culture where: you can make the same mistake every single day and we'll eventually promote you to customer or constituent. You bust one assignment β you've got immunity. But I don't want to watch the same assignment on film over and over. Get on the field. Trust yourself. Play fast. Believe in the playbook.
We win, I lose. If you have that mentality as a coach, people start to understand: we don't want to hear "I" in our locker room. We can accept a trophy β I get fired β that's acceptable. Invert that, and you've got a pretty toxic culture set to lose a lot of games.
Joe: Jeremy, before we jump to audience Q&A β on the road show you mentioned that zero agencies had collaborated on cybersecurity since 1845. Can you talk about the data sharing agreements and the team spirit you've built across the 30-plus state agencies?
Jeremy: When I got to the digital service a little over a year ago, no agencies had shared security information. Jamie brought me in to build a security mesh architecture β intelligence sharing, threat sharing β and create a centralized view of cybersecurity posture across the entire enterprise. You can't have 37 different CIOs rowing in 37 different directions, giving 37 different security reports, and fixing things 37 different ways. Adversaries work at asymmetrical speeds. We have the Haves and the Have-Nots β some agencies doing pretty good jobs in their own silos, some underfunded, some where cybersecurity wasn't a focus at all. But it was a golden opportunity to build from the ground up.
Our posture has been: let's just turn the lights on. We didn't even know how many endpoints we had across these agencies. Now we understand the problem and we're addressing it from the most critical down.
Jamie: Can I brag on Jeremy and the team for a second? When I showed up, I told our 100-plus employees: I expect to find bad news and skeletons everywhere. You have an immunity period β bring me all the skeletons. Once the immunity period ends, if I find a skeleton you hid, that's a zero-tolerance policy. That's putting self-preservation above the team.
We did the same thing with the agencies. But in those first couple of seasons, some agency CIOs were doing things best defined as self-preservation β getting hit, not reporting, hoping nobody found out. The same agency CIO who said "I won't participate in cybersecurity until there's a data sharing agreement" had domain trust with 15 agencies and admin/admin accounts with no passwords. You're worried about the contract on the front end, not the sieve on the back end.
Then something happened that I'm most proud of. Jeremy, Warren, Leo, and the team β talk about the first time in state history that a security operations center detected and responded to a threat, with a CIO coming in voluntarily saying "I got hit" β no tips from MS-ISAC, no IOCs from the FBI or FDLE. A hundred percent an agency coming in and saying: I got hit hard, we're responding, but I wonder if anybody else is dealing with this. For the first time in state history, three other unexecuted exploits across three agencies were remediated before they detonated. That's the culture emanating out.
Jeremy: It was a great case study. A year ago, none of these agencies were talking to each other. Our cybersecurity operations center is now the clearinghouse for incident reporting and threat intelligence. We had an incident at one of our more mature agencies. They stepped up and said: we have an incident, we're handling it β can you give us OverWatch at the digital service level?
We took those IOCs, got them out to the ecosystem, did some searches with our enterprise security apparatus, and found a couple of other potential exploitations. We sealed them up β patched here, blocked there. For the first time in state history, what would have been four or five agencies exploited became one contained incident. If they hadn't reported, the agencies that weren't at that maturity level would have been far worse off. You smelled a little smoke in one area, turned it off β if you didn't have that collaborative mindset, you would have had a three-to-five alarm fire across the enterprise.
Even better: that agency came back to our monthly security leaders meeting and said "open kimono β here's what it's like to go through this, here's what it's like to partner with the team." You would have never had that before.
We've got a lot of hiring going on, by the way β if you're interested in joining the State of Florida, reach out.
Jamie: Every buying decision in the history of civilization comes down to hope or fear. We're leaning hard on hope. But the message to the ecosystem is clear: if you do the right thing and report, I'll take every bullet for you. If you hide the ball β I'm pulling the trigger. Getting to a place where an agency leader comes in and says "I got hit" is one of the most fundamental transformations in rolling out enterprise security.
Ultimately, our goal is to scorecard at an executive level so secretaries and executive directors don't have to understand security β they just need to see a trend line. We scorecarded ourselves first. We're just starting monthly and quarterly briefings with agency heads. No secrets: here's what's going to be on the scorecard. The only question is what your numbers and your trend are going to look like.
Audience Q&A
Jason Moreno, Quest Software: One of the challenges in state and local government β and corporate America β is the retirement crisis and the Microsoft gap: retiring MCSE certifications around Active Directory versus the push to Azure. How are you planning to fill that gap as Legacy AD knowledge walks out the door?
Jeremy: We can definitely relate β we could do a whole other podcast on this. From a technology standpoint, leaning into modern paradigms like zero trust and cloud-first is a challenge. One of our cybersecurity sayings: it's not the zero-day that worries me, it's the zero-day from 10 years ago. From a people standpoint, it takes deliberate work β succession planning, building a talent pipeline from folks coming out of school or non-traditional routes, training the folks you have, fellowships. The state's workforce is more like an aircraft carrier than a fast attack boat β you can't move everyone from 25-year-old technology to where things are going tomorrow overnight. We've got a collaboration lab where we bring in industry partners and focus heavily on cross-training.
Jamie: Free enterprise markets are undefeated because incentive structures are undefeated. If you went to agency heads and asked "what does ISM mean, who does the ISM report to, do you have someone actually responsible for cybersecurity?" β many have no idea. The ISM is supposed to report to the agency head, not the CIO, which creates a perverse structure: auditor versus head of security. We're working to incentivize agency heads to get a dedicated CISO β an FTE on paper β so they have someone dedicated to security, while also having an information security manager providing true and accurate information. Keep those two roles separate.
And: Active Directory is the new COBOL. There will be people doing that at 75 instead of mainframes when we finally retire mainframes. The message to agency CIOs who are scared of cloud: embracing cloud will not lose you your job. Trying to resist the OpEx, SaaS, cloud world will cost you your job. There's a massive difference between unfireable and invaluable. Unfireable is the person with the spreadsheet nobody else knows how to work. Invaluable is the person who coaches everyone up and makes themselves replaceable. I am actively trying to make myself irrelevant at the digital service.
Andrea Sherwood, NBC Universal (formerly Lockheed Martin): How do you balance regulatory compliance with innovation? At Lockheed the culture was: yes, check the boxes, but understand the threat and focus on what you need to protect.
Jeremy: Our job is to take technical risk, cybersecurity risk, and business risk off the table β and nothing is more risky than the unfireable person. Transitioning that mindset to invaluable means pushing limits, taking calculated risks, and getting as many people as you can in the boat to embrace innovation.
Jamie: I'm not all that bright β I just plagiarize what works, and pay more attention to what didn't. The best leaders to learn from are the worst leaders I've worked with. A few things: startup within government means all the rules, none of the resources. You can only go as far as your executive backing β I don't care if it's Lockheed or the State of Florida, that's the only thing that matters. Every organization has two strands to its DNA: the mission it's trying to solve and its character at its core. You have a limited window to set that culture.
Know what stage you're in. I know I'm not wired to be a Fortune 100 CEO. I'll go crazy. Identify what you're bad at and don't do it. Invest in what you're good at. Nobody said "how do we make Shaq a point guard." Nobody tried to make Tom Brady a left tackle. We said these guys are elite at what they do β have them do that.
And I'll get on a soapbox: I am sick and tired of managing people being the definition of success. I had to fight the legislature to pay my coordinators more than I make. How many managers made more money than Randy Johnson? We invest in players. Government screws this up β if you want more money, you have to be more senior to someone who does the work. Some people in my org make more money than me. My choice: pay them what they need and get the talent, or don't. We win, everybody does fine.
Elon showed up to an engineering meeting at Twitter and asked: how many of you have pushed code to production in the last six months? Two hands. The best engineers were managing engineers who were managing engineers who were managing kids right out of Stanford actually writing Twitter. The people on the field making the product should not make less than the manager. As David Sacks says: surplus elites are getting rooted out. Look at any layoff β it's not product, it's the VP of something nobody can point to and say made the product better. Invest in the people making product happen.
Joe: And with that we'll wrap up. Big shout out to Jeremy and Jamie for coming on. Thanks for being here.
Jamie & Jeremy: Thanks for having us. Happy game day!
/5S7A6587.jpg)