As part of Industry Insider — Texas’ ongoing efforts to educate readers on state and local government, their IT plans and initiatives, here’s the latest in our periodic series of interviews with departmental IT leaders.
Bryce Carter is the chief information security officer for the city of Arlington. He has over 10 years of private- and public-sector IT experience, including working for the city of Bellingham, Wash.; Miami County, Kan.; Clover Security Advisers; United Release Corporation; and FlyPage.
He holds a master’s degree in information technology from the University of the People, and is a certified information security manager and certified information systems security professional.
Industry Insider — Texas: As CISO for your organization, how do you describe your role?
Carter: As the CISO for the city of Arlington, my role involves overseeing the newly formed Information Security and Privacy Office (ISPO) and promoting a culture of security and privacy.
I often see myself as a transformational CISO, aiming to expand the scope of information security and privacy and integrate it at the highest levels of government. While security certainly plays a key role in IT, security and privacy programs should be initiatives that involve the entire organization, with everyone having responsibilities and roles. It is also crucial to ensure that those who develop an organization’s strategy are well-informed and involved in security and privacy matters. Without their engagement and support, initiatives aimed at cultivating meaningful, long-term change will likely fail.
Overall, I consider myself an initiator and liaison for organizational change, focusing on shifting the security mindset toward resilience and privacy first. This approach represents a significant departure from the unsustainable approach of solely investing in technologies to address what is also a people problem. For security and privacy to be effective in the digital world as it exists today, proper oversight is needed and everyone in the organization must actively participate and take ownership.
Industry Insider: In your tenure in this position, which project or achievement are you most proud of? What are you looking forward to working on?
Carter: Although my tenure at the city is limited, I am currently involved in several exciting initiatives that have the potential to drive substantial long-term transformation. If implemented, these initiatives will prioritize innovation while establishing oversight for information security and privacy in line with the priorities set forth by our City Council.
Industry Insider: What big initiatives or projects are coming up? What sorts of developing opportunities and RFPs should we be watching for in the next six to 12 months?
Carter: All city projects for FY 2023 can be viewed starting on page 70 of the Adopted Budget and Business Plan.
Industry Insider: How do you define “digital transformation?” How far along is your organization in that process, and how will you know when it’s finished?
Carter: I see digital transformation as a continuous goal that leverages technology to streamline processes and achieve greater efficiency, ultimately resulting in improved services and increased value for our community. Since technology and community needs are constantly evolving, it’s an ongoing process rather than a one-time event.
Industry Insider: What is your estimated IT budget, and how many employees do you have? What is the overall budget?
Carter: Although the city’s Fiscal Year 2023 IT budget is roughly $19 million, it’s important to consider that this figure doesn’t provide a complete overview of all technology-related expenditures. Many departments within the city have their own budgets that cover specific technology resources and staff.
Industry Insider: What do you think is the greatest technology challenge in Texas?
Carter: In my opinion, the most significant technology challenge in Texas is effectively securing and implementing privacy best practices in the face of rapid and unparalleled innovation. Some specific challenges include the widespread adoption of software-as-a-service (SaaS) solutions, as well as the increasing use of machine learning and artificial intelligence. These technologies often lack transparency, leaving us with limited insight and control over their inner workings. In Arlington, we’re working to address these challenges by prioritizing people, outreach, governance and collaboration.
Industry Insider: What advice would you give to someone who would like to lead an innovation and technology division?
Carter: My advice for aspiring technology leaders is to shift their focus from solely the technical aspect of their roles and prioritize understanding the organization and the community it serves. Transforming an organization requires forming partnerships, building trust, gaining a deep understanding of needs and experiencing the challenges faced by the organization and its community. As an IT, security, or privacy leader, it is your responsibility to align your efforts with the strategic goals of the organization and provide support in achieving those goals.
Industry Insider: What professional or affinity groups do you belong to?
Carter: Currently, I am a member of the CIS CyberMarket Advisory Board, the Coalition of City CISOs, The CISO Society and numerous others. I will also be joining the DallasCISO chapter of the Inspire Leadership Network in the not-too-distant future.
Industry Insider: What conferences do you attend?
Carter: I usually attend the MS-ISAC annual conference and RSA Conference, among numerous others.
Industry Insider: What are you reading or listening to for fun? What do you do to unplug in your downtime?
Carter: In my downtime, you’ll find me on a mountain, trail or beach somewhere. I’m an avid hiker and love being outdoors. In terms of reading, I keep an RSS feed in an aggregator with my favorite news and information sources, which includes a large mixture of legal, economic, sociological, academic, security, privacy and technology feeds.