Tonya Digiorno is the director of Information Technologies for El Dorado County, a role she has had since December 2019. She was previously chief information officer for the California Department of Technology from October 2017-December 2019, the last of many staff and executive roles in state government spanning nearly 30 years.
Digiorno has a Bachelor of Science degree in criminal justice from California State University, Sacramento.
Industry Insider — California: As director of Information Technologies at your organization, how do you describe your role?
Digiorno: As the IT director of El Dorado County my role is to plan, organize, manage, and provide direction and oversight for all functions and activities of the county’s Information Technologies Department. The Information Technologies Department develops and implements organizational and departmental policies, establishes goals and directives in support of the business, and coordinates with other county departments, officials and outside agencies. My role is to foster cooperative working relationships among county departments, intergovernmental regulatory agencies, and various public and private groups. I also assist the chief administrative officer, county departments and Board of Supervisors with strategic planning to meet their technological needs.
IICA: How have your role and responsibilities changed in recent years in terms of their intersection with IT and innovation?
Digiorno: The pandemic forced many IT departments to act quickly to make secure work-from-home solutions a priority. It also added a whole new level of challenges when it comes to cybersecurity. IT director roles have expanded exponentially to include a broad range of responsibilities that extend beyond the traditional responsibilities. We are now at the forefront of driving innovation, cybersecurity, strategic planning and digital transformation to help [the] organization mature in an increasingly technology-driven world, where expectations of the end users have changed to expect more. IT directors are now seen as strategic leaders who play a crucial role in aligning technology initiatives with overall business objectives, driving digital transformation efforts, and ensuring technology investments contribute to the maturity of the organization. With the rise in cyber threats, ransomware attacks and data breaches, the IT directors have gained a much larger responsibility when it comes to cybersecurity. As the landscape continues to change, the responsibilities include implementing robust security measures, staying updated on security trends, educating employees and IT teams and data owners on best practices to protect sensitive data, and ensuring the organization is prepared to quickly and effectively respond to security incidents. Cloud and hybrid environments have added a twist to data security approaches. Cyber criminals understand the value of data; as data becomes increasingly valuable, IT directors are becoming more involved in data management efforts, ensuring data quality, security and compliance, as well as leveraging data analytics to derive insights to ensure informed decision-making. With the pandemic, the public has grown to expect digital services such as more online services, chatbots and push technologies to stay informed.
IICA: Does your organization have a strategic plan, and may we hyperlink to it? How big a role do you personally play in writing that strategic plan?
Digiorno: Yes we have a plan, which is currently in the process of a refresh, the 2022 El Dorado County Strategic Plan. We are currently working on a business-driven IT strategy. All department leadership, including elected officials, the CAO and board members, were invited to participate in the development/refresh of our mission, vision and values. Collectively, we defined our organization’s strategic plan. The IT department is currently working on an IT strategic plan in support of the business.
Upon starting the IT director position in December of 2019, IT established a five-year plan:
2020-2022 — Stabilize the IT department
- Remove technical debt
- Develop policies and procedures to standardize
- Create structure as it relates to the system development life cycle
- Establish IT governance
- Provide transparency to set expectations with our county employees
- Conduct a third-party security assessment to understand the security posture
- Develop a three-year strategy to mitigate risk.
- Moved funding from individual departments into the IT department to better manage and control devices
- Establish an application inventory
- Educate the departments about their role as data owners
- Gain and understanding of our data assets
- Created project portfolio to manage and prioritize our initiatives
- Refresh cybersecurity three-year strategic plan
- Continue to mature our IT governance model
- Mature our risk management process
- Develop auditing processes to ensure compliance with state laws and regulations
- Improve our vulnerability management processes
Digiorno: Asset management: We’ve recently awarded a contract to implement a formal asset management system, targeting completion by mid-2024.
Payroll system replacement: Since our payroll system will be reaching end-of-life, the county will be issuing a solicitation in Q4 of 2023, for replacement by December 2025.
Security enhancements: We recently completed a security assessment and will be refreshing our three-year cybersecurity strategy and continuing to improve upon our security posture throughout the county.
Microsoft 365 adoption: With the implementation of M365 in October 2022, we are continuing our adoption efforts of the M365 productivity tools.
Digital records management: The county will be publishing a solicitation for the digitization of documents in Q4 of 2023.
Website redesign: The county awarded a contract in 2023 and will be implementing a new public website in April of 2024, moving our site to a ca.gov domain and establishing a citizen-centric site with emphasis on our services.
Proofpoint: We will continue the implementation of Proofpoint. The email security gateway was implemented in Q2 of 2023, and we will continue to expand the tools functionality, leveraging the annual security awareness training solution.
Veracode: We recently awarded a contract to Veracode to mature our SecDevOps model. Implementation will start in October.
IICA: In your opinion, what should local government be doing more of in technology?
Digiorno: Local governments should consider aligning to the NIST (National Institute of Standards and Technology) framework, more aggressively managing risk and thoughtfully implementing technologies such as artificial intelligence and robotic process automation to improve the delivery of services. In addition, recognizing data as an asset to make informed decisions, and provide relevant services to those in need of those available services. Data management and data governance should be a top priority to minimize the data sprawl. Most organizations are data rich and information poor; therefore, implementing a data management strategy that provides opportunities to leverage the data and minimize risk is critical.
IICA: How do you define “digital transformation?” How far along is your organization in that process, and how will you know when it’s finished?
Digiorno: Digital transformation is the process of leveraging technology to streamline operations, enhance the customers’ experience and drive innovation to continuously improve efficiency. Digital transformation is an ongoing effort. In my opinion the opportunity for digital transformation is continuous, just like laundry; it’s never “done” because you wake up the next morning and you have more. The business, in partnership with IT, continuously seeks to increase efficiency, agility, innovation, customer satisfaction and growth by integrating digital technologies, strategies and capabilities into the organization. It’s important to drive an environment of continuous process improvements. Digital transformation is never “done.”
IICA: What is your estimated IT budget and how many employees do you have? What is the overall budget?
Digiorno: Our IT budget is approximately $14 million. Central IT supports ~1,800 employees with 47 IT staff in our central IT department.
Note: The district attorney and sheriff maintain their own IT staff and support for their employees.
IICA: How do you prefer to be contacted by vendors, including via social media such as LinkedIn? How might vendors best educate themselves before meeting with you?
Digiorno: By referral of another agency — county, city or state. The best way to connect with new clients is to ensure you are successful with your current clients. Once you’ve proven success, the ability to connect with others should be a simple introduction. Do your homework/research. Review state Senate Bill 272 critical systems, search Board items, sign up to receive notification of our solicitations, review the IT strategic plans.
IICA: In your tenure in this position, which project or achievement are you most proud of?
Digiorno: Establishing relationships and trust with the business and building the foundation for information technology to be successful. With a fully established project management office, development of the security program and the implementation of IT governance has greatly improved the communication and prioritization of projects. The IT department now has the capability to support the business in the critical planning activities to successfully implement solutions that meet the needs of the business.
IICA: What has surprised you most this year in government technology?
Digiorno: How much remote work is still occurring following the pandemic. Though there’s value in offering the flexibility to our employees, in my opinion there’s greater value to human interaction. You tend to lose out on the learning opportunities you gain by being in-person, in addition to the potential for declining mental health of individuals being secluded when working from home.
IICA: What do you read to stay abreast of developments in the gov tech/SLED sector?
Digiorno: Government Technology*, StateTech magazine; I also attend relevant webinars, conferences and events.
IICA: What are your hobbies and what do you enjoy reading?
Digiorno: Spending time with the family and anything active (hiking, kayaking, snowboarding, running, gym) are hobbies of mine. I enjoy reading leadership books, self-improvement articles, and learning about other leadership success stories.
*Government Technology magazine is a publication of e.Republic, which also produces Industry Insider — California.
Editor’s note: This interview has been lightly edited for style and brevity.
