Before accepting the job, Carter worked in local government as a senior information security analyst for Bellingham, Wash. Before that, he held other security-related roles in Miami County, Kan., and for companies including Clover Security Advisors, United Release Corporation and FlyPage.
Now, as Arlington’s new CISO, Carter told Industry Insider — Texas, his job “is to communicate security in a way that everyone can understand.”
To do that, he will work with the IT department to evaluate Arlington’s security risks and needs. After that, he will focus on creating an enterprise-wide security program.
“Previously, there was a lot of outsourcing that Arlington had done under the previous CIO, and now we’re kind of changing that dynamic,” Carter said.
One of these changes includes broadening security outside of IT and into a more collaborative space.
“I think one of the biggest problems we have as CISOs is that cyber risk usually stays contained within the IT department,” Carter said. “What I’d really like to do is involve the entire organization.”
To achieve this, Carter plans to form an oversight committee to help steer the implementation of an enterprise-wide information security program.
After that, he plans on building new relationships.
“Second on my list is developing strong relationships with our local, state and federal partners, including our local universities and colleges,” Carter said. “Right now, we only have one position under the city that’s directly working with cybersecurity outside of the CISO position.”
Outside of that, the city has outsourced other security-related functions to contractors.
As a result, he said, “I think one of the challenges is going to be creating a program that can work well with the city’s existing outsourcing structure in addition to creating some staffing internally that can understand what our security goals are.”