Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 03/05/07 issue

Dan Lohrmann | Culture of security

Interview with Dan Lohrmann, Michigan chief information security officer

By William Jackson, GCN Staff

When it comes to security credentials, Dan Lohrmann has some powerful training. He became Michigan’s first chief information security officer after a career in IT and security that began at the National Security Agency. He moved to state government in 1997, when he became chief information officer and IT services director for Michigan’s Department of Management and Budget. From there, he oversaw the agency’s 2001 launch of the Michigan.gov Web portal. He became the state’s CISO and director of the office of enterprise security in the Department of IT in May 2002. As CISO, he plays roles in a number of other IT security initiatives, including the Multi-State Information Sharing and Analysis Center. We caught up with Lohrmann to find out how cybersecurity is playing out at both the national and state levels.

GCN: How did your work with the National Security Agency help prepare you for your current role as a CISO?
DAN LOHRMANN: It was a fantastic way to begin a career. The focus on the culture of security was unique and, I think, very helpful. It was a shock when I first started in state government, which is at the opposite ... extreme.

We have been able to change that after 9-11, and people have taken security more seriously. We’re never going to be an NSA, and we shouldn’t be. But their practices and procedures are world-class, and it provided the basis for my job in Michigan.

GCN: You led IT restoration efforts in the wake of an August 2003 blackout that rolled through the Northeast. Did you have a recovery plan in place, and how did you organize the response?
LOHRMANN: We had a plan we had just developed and ... tested in a variety of scenarios. We didn’t have a scenario that actually matched the blackout, but people did know where to go. I was the emergency management coordinator for [the state’s Department of IT], and the governor declared an emergency and launched the State Emergency Operations Center. It was a statewide center where my counterparts from other agencies reported during the emergency. We spent the better part of four 18-hour days there.

More news on related topics: Communications / Networks, IT Security, IT Management, State & Local



GCN Popup