THANK YOU FOR SUBSCRIBING
Gov CIO Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Gov CIO Outlook
Stephen Dyer, Director of Information Technology, City of Coral SpringsStephen Dyer is the Director of Information Technology for the City of Coral Springs, Florida. Since in 2013, he has led transformative digital initiatives focused on risk mitigation, cyber resilience and cross-departmental collaboration. His leadership has positioned Coral Springs as a nationally recognized model in municipal cybersecurity excellence.
Cybersecurity is an organizational effort, not an Information Technology issue. For Cybersecurity to be truly effective, it must be a shared responsibility embedded in the entire organization’s culture. While Cybersecurity must be supported from the top, it cannot end there. That is where the role of the CIO becomes critical, as we are the ones who must help executive leadership understand not only the risks but also the opportunities that come with investing in Cybersecurity.
This was my primary goal when I started as the CIO in January 2019. I began by sharing stories of compromised agencies and all the bad things that could happen if we did not take it seriously, only to be labelled as an “alarmist” and a “fear-monger.” This spread quickly and probably hurt me more than helped me. Over time, I reframed the conversation, focusing on what mattered most to our executive leadership. Eventually, I figured out what resonated with my leadership Iteam and used those topics to gain momentum to make Cybersecurity a citywide priority.
For my organization, three significant triggers resonated. First was by framing Cybersecurity as a strategic investment via risk mitigation. I started by laying out the risks, including ransom payments (and, more importantly, the recovery costs if hit with ransomware), system downtime, regulatory fines, data breach costs and reputational damage. Then, I paired that with a simple ROI analysis, demonstrating how a proactive investment in Cybersecurity was significantly more cost-effective than recovering from a single major attack. Framing Cybersecurity as risk mitigation and not a technical expense was the first breakthrough in shifting the executive mindset.
“Cybersecurity is not about firewalls or fear. It’s about building a culture of trust, leadership and shared responsibility. When framed as a strategic investment in risk, confidence and credibility, it becomes a mission everyone in the organization can support”
The second trigger that landed with my leadership team was public trust. Our city and its residents were victims of the Click2Gov self-service bill-payment portal breach in 2019 because we ran vulnerable software provided by our long-time vendor. While we knew of this vulnerability, our leadership team had no appetite to shut down the portal at that time and there was no real way to protect against the vulnerability while keeping it operational. Thankfully, our city did the right thing and notified our residents immediately upon learning about the breach. We then permanently shut down our Click2Gov portal, leaving residents to mail in checks or pay over the phone until we could set up a viable replacement self-service bill-payment portal.
In government, trust is currency. One of our city’s greatest assets is its reputation for operational excellence. I clarified that this trust is fragile and a preventable cyber incident could quickly erode it. Click2Gov was a clear warning sign we heeded.
This was especially compelling when paired with data. Through benchmarking studies, I showed that our city consistently spends less on Information Technology than our peers. That comparison helped emphasize the need to close the gap, not just for security but also to preserve public confidence in how we manage taxpayer resources.
The third step in our organization’s embrace of Cybersecurity was that accolades matter. After we began regular penetration testing, we saw a measurable evolution in our cyber maturity. What once took years to remediate now takes weeks. Each testing cycle concludes with a debrief that includes the City Manager’s office, allowing them to hear directly from third-party experts.
We also engaged with the Department of Homeland Security’s CISA to conduct voluntary risk and vulnerability assessments. Our strong performance in the most recent risk vulnerability assessment earned us a notation in our report that we ranked as a top-tier cybersecurity agency nationwide. This validation from a respected federal agency reinforced our credibility. These external accolades became powerful motivators, helping leadership see Cybersecurity as a point of pride, not just a line item.
A successful cybersecurity strategy is not just about firewalls or phishing tests. It is about culture. And culture is shaped by leadership. If you’re a CIO, CISO, or IT leader, your job isn’t just to build technical defences. It is to translate Cybersecurity into a language that resonates with your organization’s values. For us, it was financial stewardship, public trust and recognition. For others, it may be safeguarding critical infrastructure, protecting sensitive data, or simply staying out of the headlines. Whatever the message, the mission is the same: Cybersecurity must be a shared commitment, supported by leadership and sustained by culture.
Read Also
