Nadean Shavor has been chief security officer for the California Franchise Tax Board since May 2016. She was previously its director of Enterprise Services from September 2014 to May 2016 and has been with FTB for more than 15 years, joining in March 2006 as data center manager.
FTB.ca.gov
Techwire: As CSO of your organization, how do you describe your role; and how have the role and responsibilities of the CSO changed in recent years?
Shavor: I think I have a unique role in comparison to other state department security programs. As the chief security officer at the Franchise Tax Board, I am responsible for the physical security of our central campus and 14 field offices, the disclosure program, privacy program and cybersecurity. Having these programs in one organization provides a very unique perspective into the risks and threats that we face as an organization. At the end of the day, I would categorize my job as a risk manager. It’s my job to help the organization make good risk-based decisions that minimize or mitigate adverse impacts to our business.
I have been in this role for about five years. During this time, the role has definitely become more prominent. Anytime you listen to the news you hear about another major data breach, nation-state hacking, ransomware, terrorism … the list goes on and on. As a result, my business partners, including the Filing and Compliance divisions, are far more aware of the security risks. I do a lot of education and outreach to my business partners. Open communication and trust is critical for a risk-based security program.
Privacy is also something that has dominated news cycles. The General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) have empowered people to take more ownership of their data. As an organization that relies on data, we keep a very close eye on privacy trends. FTB has made data protection a priority for the organization and we take the job of securing that data very seriously.
Techwire: How big a role do you personally play in writing your organization’s strategic plan?
Shavor: We recently refreshed our strategic plan. The first foundational principle is to “protect the privacy and security of data entrusted to us.” I chair our Privacy, Security and Disclosure Action Committee, an executive enterprise security governance team, which provides input and feedback for the strategic plan. I am proud to work at an organization that values security and the critical role my team plays in protecting the data entrusted to us.
Techwire: What big initiatives or projects are coming in 2021? What sorts of RFPs should we be watching for in the next six to 12 months?
Shavor: Several years ago, FTB developed a 30-year plan, broken down into three major projects, to modernize our IT systems. This next fiscal year we will be starting the second project, Enterprise Data to Revenue (EDR) 2, which will modernize our audit and compliance systems. These are major IT projects that take a significant amount of enterprise commitment. Due to the scope of work, we do not have any plans to pursue new technology outside the scope of EDR 2 within the next 12 months.
Techwire: How do you define “digital transformation,” and how far along is your organization in that process? How will you know when it’s finished?
Shavor: For me, digital transformation is about using technology to solve business problems in innovative ways. I want people on my team that are out-of-the-box thinkers. I like to call them the “yes, and” people. They are the ones that build on ideas … they say, “Yes, that is a great idea and this is how we can improve it.” This is a culture, both business and IT, of embracing technology to solve business problems. Just because something has always been done a certain way does not mean it should always be done that way. As IT professionals, we need to listen to our business counterparts, really understand their problems and help solve those problems with technology.
FTB’s digital transformation process is the 30-year journey, EDR, which I mentioned in the previous question. Vendors do play key roles in this process. FTB would not be where it is today without the great vendor partnerships it had in the first EDR project.
I do not think you are ever done with the journey. There will always be new innovative technologies and business problems that need to be solved.
Techwire: What is your estimated IT budget and how many employees do you have? What is the overall budget?
Shavor: Our IT budget last year, including information security, was approximately $250 million and we have 1,169 staff. FTB’s overall budget is approximately $875 million.
Techwire: How do you prefer to be contacted by vendors, including via social media such as LinkedIn? How might vendors best educate themselves before meeting with you?
Shavor: This is a difficult one. I get a lot of vendor contacts and am very busy. I do not have time to respond to every contact. I prefer email with a brief introduction to the product and contact information. If it is something that I am interested in, I will reach out to the listed contact.
I think it is important for vendors to do their homework by understanding your business, what you do and how their product might solve your business problems. For example, vendors can read our strategic plan and understand that data protection and customer service is very important us. Vendors also need to understand where we are from a technology perspective. Make the case as to why we should buy your product. In these tight fiscal times, you really have to sell the value of every purchase.
Techwire: In your tenure in this position, which project or achievement are you most proud of?
Shavor: Over my career, I have had great opportunities to work on projects that made a difference for our constituents and these are important achievements that I am proud of. However, I am most proud of my team. I lead an amazing team of hardworking, dedicated professionals. They consistently go above and beyond on a daily basis. FTB’s security program is one of the best in the state, a model program. It’s the direct result of my team’s hard work. They make me proud to be a civil servant.
Techwire: If you could change one thing about IT procurement, what would it be?
Shavor: This is an easy one: time. I would like the process to be faster. We have a lot of rules designed to protect the state and they are important. But procurements take too long. Leveraged procurements and the Software Licensing Program have helped and I would like to see them both applied to more products and services.
Techwire: What do you read to stay abreast of developments in the gov tech/SLED sector?
Shavor: I read a lot of different publications, including Government Technology*, Techwire* and cio.com. SC Magazine and DataBreachToday are my go-tos for security news. I find Gartner to be very beneficial. Probably some of the best information comes from my peers. I participate on Evanta’s advisory board. Both Gartner and Evanta facilitate boardroom discussion so that peers can share information.
Techwire: What are your hobbies, and what do you enjoy reading?
Shavor: I love the outdoors, hiking in particular. I think it’s good to get some fresh air and unplug from technology. I find it rejuvenating. Come Monday, I am ready to hit the ground running again. I enjoy reading and usually have multiple books going at once. I am currently reading Made to Stick and I’m getting ready to start A Discovery of Witches. I enjoy leadership books and the urban fantasy genre.
*Government Technology magazine is a publication of e.Republic, which also produces Techwire.
Editor’s note: This interview has been lightly edited for style and brevity.
