Those on the panel included Heather Doxon, regional engagement manager at the Center for Internet Security; Mike Duffey, assistant special agent in charge at the Florida Department of Law Enforcement (FDLE); Jason Johnson, cybersecurity engineering manager at the Florida Digital Service (FLDS); Bryan Langley, senior executive adviser for the Critical Infrastructure Program at Cyber Florida; and Yolanda Williams, cybersecurity state coordinator at the Cybersecurity and Infrastructure Security Agency (CISA).
They discussed technologies that are accessible at minimal or no cost to public entities. Below is a breakdown of the services they offer.
The Center for Internet Security (CIS) is a nonprofit which runs the Multi-State Information Sharing and Analysis Center (MS-ISAC). Services include:
- CIS Controls: A set of prioritized best practices for improving security defenses
- CIS Benchmarks: Detailed configuration guidelines for securely setting up various systems and applications
- CIS Hardened Images: Secure, pre-configured virtual machine images for cloud environments, aligned with CIS Benchmarks
- CIS SecureSuite Membership: A subscription that provides access to the latest benchmarks, guides and other cybersecurity resources
- CIS Endpoint Security Services: Managed services for protecting endpoints, including monitoring, threat detection and response
FDLE focuses on enhancing public safety and domestic security by partnering with local, state and federal agencies to prevent, investigate and solve crimes. Service offers include:
- Florida’s Cybersecurity Critical Infrastructure Risk Assessment Program: Free cybersecurity risk assessment and resources for Florida-based public and private critical infrastructure organizations
- Statewide Cybersecurity Training Program: Cybersecurity awareness and training courses tailored to job roles for all public-sector employees
- Cyber Range (HB 5001): Cost-effective, realistic training environments for city, county and local governments
- CyberWorks: Preparing veterans and transitioning first responders for jobs in cybersecurity
- Operation K12: Infusing cybersecurity awareness and career preparation throughout the Florida educational system
The FLDS sets standards and processes for assessing and managing state agency cybersecurity risks. It ensures the protection of digital assets and the integrity of IT resources while supporting a security governance framework. It offers the following programs:
- Cybersecurity consultation and assessment: Expert guidance on conducting thorough cybersecurity assessments. This includes identifying potential vulnerabilities, evaluating risks and creating tailored strategies to enhance an organization’s cyber resilience.
- Incident response and recovery: In the event of a cyber incident, FLDS deploys a rapid-response team to assist with threat mitigation. The team collaborates with entities such as FDLE to guide organizations through the containment and eradication process.
- Security training and awareness: FLDS offers training programs and resources designed to equip teams with the knowledge and skills needed to defend against evolving cyber threats.
- Continuous monitoring and threat detection: Through its Cybersecurity Security Operations Center (CSOC), FLDS provides real-time monitoring of digital assets. The CSOC identifies and addresses threats promptly to ensure uninterrupted service.
The CISA Cybersecurity Awareness Program aims to enhance understanding of cyber threats and encourage safer online practices. Services offered include:
- Access control policies and procedures consultation and documentation: Helping agencies design and document system access controls that meet federal guidelines
- Account management: Ensuring separation of duties and proper implementation of logical access controls, including account lockout and disabling measures
- Critical infrastructure operators: Assessing and standardizing security measures
- Assessment evaluation and standardization: Evaluating and standardizing cybersecurity practices
*Note: The Florida Public Sector Cybersecurity Summit is hosted by Government Technology, a sister publication of Industry Insider — Florida. Both are part of e.Republic.
