Gov. Hogan creates CISO position for State of Maryland - Baltimore


Jun. 19, 2019 11:44 am

Gov. Hogan creates CISO position for State of Maryland

The new chief information security officer role, which is being assumed by John Evans, comes amid a series of moves designed to centralize the state's cybersecurity efforts.

The Maryland State House in Annapolis.

(Photo by Stephen Babcock)

Gov. Larry Hogan on Tuesday signed an executive order that’s designed to centralize the state’s cybersecurity activities aimed at preventing attacks and protecting data.

“Security of Marylanders is at the forefront of our administration’s efforts on a day-to-day basis. In today’s world of emerging cyber threats, it is crucial that we work in unity to improve the processes and procedures designed to protect Marylanders and to manage and minimize the consequences of cyber events,” Hogan said in a statement. “The steps we are taking today are about ensuring that Maryland’s infrastructure and citizens are as safe as possible from cyber attacks.”

The executive order creates three new roles and entities within state government under the banner of the Maryland Cyber Defense Initiative:

  • The position of Maryland Chief Information Security Officer, to be assumed by John Evans
  • The Office of Security Management, which is located within the state’s Department of Information Technology
  • Maryland Cybersecurity Coordinating Council, comprised of state officials from multiple departments

According to data compiled by the National Conference of State Legislatures, at least 15 other states have statewide CISOs.

Evans previously served as CISO for the state’s Department of Information of Technology. The new role will extend statewide, and Evans will lead the Office of Security Management. This office will be responsible for overall cybersecurity strategy and policy for the many state agencies that fall within the executive branch. It will also be tasked with updating the state’s cybersecurity manual.

Along with applying best practices from federal government agencies like Maryland-based NIST, these efforts will help align efforts and goals across multiple organizations.

For its part, the Maryland Cybersecurity Coordinating Council is tasked with providing policy-level guidance as cybersecurity standards are implemented. It will also work alongside stakeholders from inside and outside government to provide recommendations on securing the capabilities necessary to “identify, protect, detect, respond, and recover from cybersecurity-related risk,” the governor’s office stated.


While officials are often touting the state’s talent when it comes to cybersecurity, this executive order is focused on the internal work of protecting public data.

The executive order states that the moves comes as there is an increase in the “volume and capabilities of malicious actors seeking to negatively impact the confidentiality, integrity and availability of State systems and data.”

There’s been increasing focus on cyber threats to state and local governments in recent weeks. Locally, that’s come into focus with the ransomware attack against the City of Baltimore.

In Washington, D.C. on Tuesday, the Baltimore attack was referenced as two U.S. senators introduced legislation that’s looking to enable the federal government to provide resources and training to state and local governments that can help detect risks to infrastructure, The Washington Post reported.

Companies: State of Maryland
Already a member? Sign in here
Connect with companies from the community
New call-to-action


Two tech tenants sign on for space at Columbia’s Merriweather District

Maryland is testing digital license plates

TEDCO CEO George Davis plans to resign



How law firm Nemphos Braue is guiding startups along the new business learning curve

Baltimore, MD 21201

14 West

Junior Database Administrator

Apply Now
Baltimore, MD


Account Executive (Baltimore)

Apply Now


Vice President of Business Development

Apply Now

Maryland, UK’s Midlands Engine partner on life sciences

Congressman: ‘No evidence’ that NSA cyberweapon was used in Baltimore

These tools have data on MTA transit performance



Building a data acquisition system? Don’t make this mistake


emocha Mobile Health

Software Engineer

Apply Now

RackTop Systems

API Guru

Apply Now


Front End Developer

Apply Now

Sign-up for daily news updates from Baltimore

Do NOT follow this link or you will be banned from the site!