The Public Sector Show by TechTables

Mark your calendars for the 2024 Phoenix Live Podcast Tour April 1st-3rd, 2024 in Scottsdale, Arizona.

Learn more here:

Before we get into this week’s podcast, I wanted to give a special shout-out to TechTables podcast sponsors: SentinelOne, Verizon, and SAP.

SentinelOne's AI-powered security platform to break down silos and protect this state's entire enterprise with real-time data and control. With seamless updates and overhead reduction securing 15,000+ endpoints across 25 agencies, SentinelOne partners to protect critical assets across states and agencies.
Learn how SentinelOne empowers this state to stay secure.

Verizon Frontline. The advanced network for first responders on the front lines. It’s your mission. It’s your Verizon.

More than 35,000 agencies rely on Verizon Frontline and its mission-critical solutions.
Check out the solutions built for first responders.

Overwhelmed by Digital Transformation? Here's How One City Keeps Pace in the Digital Age.

Provide residents and city employees with an even better, happier life through digital transformation.

Download the Case Study Now


📬 Subscribe to the newsletter

In this episode, we speak with Tim Roemer, Chief Security Officer for GMI, and former Arizona Director of Homeland Security, CIA, and White House Situation Room. Tim shared valuable insights on his dynamic career, the transition from the public to the private sector, and the importance of collaboration in cybersecurity.

Connect with Tim here:

Highlights from the interview:

1. Transition from Public to Private Sector: Tim discussed the challenges and perspectives gained from working in the public sector and the agility and focus on solutions in the private sector. He emphasized the importance of building partnerships and open communication with private sector companies.

2. Collaboration in Cybersecurity: Drawing parallels between basketball and cybersecurity, Tim emphasized the significance of effective teamwork and communication in both domains. He highlighted the need for diverse tools and proactive measures while underlining the importance of focusing on fundamental cybersecurity practices.

3. TechTables Live Podcast Event: Tim and host Joe Toste also previewed the upcoming live podcast event in Arizona, emphasizing the value of in-person collaboration, diverse thought, and trust-building within the cybersecurity community.

Mark your calendars for the 2024 Phoenix Live Podcast Tour, where we will dive deeper into these insights and explore the cutting-edge solutions driving innovation in the public and private sectors.

Learn more here:

⭐️ Leave a Review

If you enjoy listening to the podcast, ⁠please leave a 5-star review on Apple Podcasts⁠ and let us know who you want to see next on the podcast in your review. Thanks!

You can also Tweet us on ⁠@thejoetoste⁠ and tell us what lessons you learned from the episode so we can thank you personally for tuning in 🙏🙏

🔗 Connect with TechTables

LinkedIn TechTables ⁠⁠⁠
LinkedIn - Connect with Joe! ⁠⁠⁠
Follow us on Instagram!
Website ⁠

Creators & Guests

Joe Toste
“The Podcast Guy” | Host of The Public Sector Show by TechTables

What is The Public Sector Show by TechTables?

The Podcast & Community for Public Sector CIOs & CISOs.

Welcome to the The Public Sector Show by TechTables, featuring human-centric stories from C-level technology leaders. Hosted by Joe Toste, you'll gain valuable insights on current issues and challenges faced by top leaders.

Through interviews, speaking engagements, and live podcast tour events, we unite public sector CIOs, CTOs, CISOs, and technology leaders in fostering collaboration and meaningful connections in the ever-evolving technology landscape.

Joe Toste [00:00:00]:
Today we have Tim Roemer, chief security officer for GMI, former Arizona director of Homeland security, CIA and White House situation Room. Welcome back, Tim.

Tim Roemer [00:00:10]:
Hey, thank you, Tim.

Joe Toste [00:00:11]:
For those who may or may not know you across the country, you've had a super dynamic career. Really impressive overall, great guy. You've been on the show several times. This is a very rare for the audience. I'm going to link in the show notes it's to the episodes, but Tim came on virtually maybe two and a half years ago, came to the live event with Nancy Rainasak, which was awesome, the CISO for the state of Texas, and then came back on in Houston last year already, which is crazy. Can't believe it already, the last final four. So Tim's been on three, four times, and it's been a great time to just get to know him both on the camera and off. So we're going to dive in a little bit on Tim today, and then we're going to talk about the live event on the back end.

Joe Toste [00:00:54]:
But Tim, how has the journey from the public sector to the private sector shaped your perspective on cybersecurity's role in connecting this community?

Tim Roemer [00:01:05]:
Appreciate our conversations and looking forward to the live event. Look, this is a really complicated challenge, is cybersecurity as you mentioned, and some of the viewers know, I started off my career working at CIA, spent some time in the White House, ended up being in a great position to be able to run our Arizona Department of Homeland Security. And the reason why I bring that up is there's lots of challenges that you're faced with, from national security to homeland security and everything in between. Cybersecurity is so risky because for the national security professionals, it means that you can be attacked by anyone from anywhere around the world at any given time. And it's extremely stressful. It's truly 24 7365. And as cybersecurity professionals know, most of the time, those emergencies do happen off hours. It's because our adversaries are attacking us when it's daylight, where they are at.

Tim Roemer [00:01:55]:
So we always knew that our cyber incidents were going to happen when you were driving home from work at 05:00 on a Friday before a holiday weekend. That's just the nature of it. Huge shout out to all the government public sector listeners that are out there that are working tirelessly to protect our citizen data, our critical infrastructure, overall it security and networks, and keep our states, our cities, our counties, our tribal organizations and others, keep them running smoothly, keep the lights on green, and protect us all. So a huge shout out to everybody in the public sector. What you really learn in that process is how quick you need to work, how good of a team you need to recruit, and surround yourself with really good people. And we're going to talk a little bit more about the talent pipeline and the challenges and everything else. But in my government side career, it was a lot about being faced with almost a new challenge every day and all the different things that pop up in government. Maybe hacktivists are not happy about a certain public policy that passed, and now you're dealing with an increased threat landscape overnight because of one policy.

Tim Roemer [00:03:04]:
And that's where it was difficult. Being in government is that every single thing you worked on had so many layers to it, and so many things were out of your control, and you just have to. It's almost like whack a mole. A lot of high level government cisos talk about it every day, just keep knocking down cyberattacks and they pop back up the next day.

Joe Toste [00:03:24]:
What you mentioned about the threat actors anytime, and it has nothing to do with you, but it could be the state's governor decides to run for president, and then suddenly the entire state is a target and you could be a tiny city and no one cares, but suddenly you just got a bullseye on your back, which is. I know that's a tough challenge. Curious around on the public sector side and then the private sector side, what were some of the unique challenges? You could speak to the public sector and then you could speak to on the private sector side.

Tim Roemer [00:03:55]:
Years in government, really from a broad perspective, so much of government was dealing with challenges. And now my short time in the private sector of being here for a year, it's so much more focused on the actual solutions. That's why really excited to be working in the private sector now, because we can move quickly and develop solutions for government or for the private sector for anybody else. But you have that great agility and ability to move quickly where in government, there are a lot of bureaucratic layers. Now, under Governor Ducey's leadership in the state of Arizona, we are really fortunate because he decreased a lot of that regulatory burdens, the red tape. He helped us move faster. We knew his management style. We knew the direction he wanted us to go.

Tim Roemer [00:04:42]:
For example, in public safety, cybersecurity fell underneath our public safety priorities. We knew we had carte blanche to move quickly on certain cybersecurity efforts because we knew we had the governor's support. But even government is still a large organization, and there's going to be certain bureaucracies there that are going to slow things down in the private sector. Working for GMI now, we can move a lot quicker. Our CEO directly will respond quickly and has the ability to make decisions for our company that allows us to move really fast in government. That wasn't always the case. Those challenges day in and day out. As you mentioned, one political item could happen, and now you're dealing with a whole new wave of attacks in the private sector.

Tim Roemer [00:05:27]:
A lot of private sector companies are getting hit. The MGM resorts, the caesars, the cloroxes of the world, just within the last few months. It's definitely a concern for everybody. Of course, on the private sector side, being able to be more focused on solutions versus just only the burden of the challenges is a nice change of pace.

Joe Toste [00:05:45]:
I know it's been a short amount of time at GMI. It's pretty new. But as you're thinking about this and then your previous experience at the last job, how do you think about if you were going back to the state of Arizona, how would you want private sector companies to position their solution for you now that you've been on both sides of the aisle?

Tim Roemer [00:06:05]:
Look, we said this a lot when we were running. I say we. It wasn't I. It was a we. It was a teamwork. Like I mentioned at the beginning, you surround yourself with good people. Good things will happen. It's truly about building teamwork.

Tim Roemer [00:06:18]:
There's no one person out there, there's no one Cisco that can do this alone. So grateful for everybody that's worked on our teams in the past and the great work that has been done and what we were able to build was a strong, cohesive unit. And with that said, you just don't have all the answers. And so many of the times in government, you keep thinking that you can get there and you're looking for vendors to assist you and nudge you in the right direction, but maybe you don't know what you don't know. And now that I'm on the private sector side of things, now, selfishly, maybe a little of this is selfish, but I'm a lot more open to the ideas of where the private sector can help. Where government has always wanted to hold on and hoard things, in government, we always wanted to have control of everything. It's a great goal. Recruitment, retention, challenges.

Tim Roemer [00:07:15]:
Trying to hold on to everything is not always the best strategy. What I've really learned in my time now in the private sector is if I could go back, I would probably partner a little bit more with the private sector, instead of giving specifics on exactly the tool that I needed, it would be more opening it up and saying, here's a challenge I have, will you help me solve it? So a little bit more open lead way for some of our private sector companies to provide more unique, innovative, collaborative solutions. The other thing that we did at the state of Arizona is we stopped referring to our vendors as vendors and we referred to them as partners. We said, if you don't want to be a long term partner of the state of Arizona, if you're more concerned with making money on this one year contract and trying to take us for a few extra bucks, that's fine. But you're not going to be able to benefit from the long term benefits of doing business with us. And that's what I'm able to bring to the private sector now is knowing that the real solutions, the real good work and the success in the business world on that side of things now will be done because of long term partnership and collaboration, not for short term wins. And too many times I think private sector companies try to sell to government and they do it in a way that their government clients never want to do business with them again when that contract is up because they feel like they got taken advantage of. They felt they didn't get a good price.

Tim Roemer [00:08:37]:
Long term success is brought by being a good partner and not being so short term and one sided. And that's why we really started to focus on the fact of calling our vendors partners and really collaborating with them on a daily basis.

Joe Toste [00:08:52]:
I want to drill in on the collaboration. And specifically, you've been in the room when you were the director of Homeland security in the state CISO, and you've been on the other side. Also, could you talk about when you're in the audience at a Techtables live podcast tour event, can you talk about the behind the scenes that maybe folks don't see on? They just see the episodes on camera. But can you really hone in on the collaboration that happens inside the room? Yeah.

Tim Roemer [00:09:21]:
One of the huge benefits of these live events is being able to be face to face. There's just no substitute for it. Back during the pandemic when we had no physical location or office to be in, it was unfortunate because we didn't work as quickly, because we weren't around each other as fast. We had to set up a Zoom meeting just to have a sidebar conversation with somebody on an operational level or a technical level. You could have satisfied that coming in and out of a meeting or walking into somebody's cubicle, grabbing a minute here, a minute there, and then everything became so virtual, and it was like, oh, do you have time on somebody's calendar? It's difficult these days to find time on anybody's calendar, right? People are very specific on who they'll allow to have that time. I'm a big in person guy, and when you bring the right people together and you have them in the same room, you start generating diversity of thought. It's amazing what you can learn and achieve together if you just open up a little bit, if you just ask some candid questions, if you're just honest with the challenges that you face and what you're looking for, those right people in the room, especially at a tech tables live type event, can help you solve. Because, again, we know that no one person or no one organization has all the answers.

Tim Roemer [00:10:38]:
We need to convene like minded people, but at least with a diversity of thought in order to get to that point. That's the reason why I love coming together as a community. People used to call it like the water cooler talk, right? It was a water cooler talk. Maybe people think about it in a negative connotation, like you're going and gossiping, but in the real world, the way that it happens is that water cooler talk is where a lot of the business gets done. It's almost like when people talk about all business is done on the golf course these days, right? Because you're having a good candid conversation, you're opening up. And being a Scottsdale, Arizona guy, I got to put in a little bit of a plug for Scottsdale golf courses and the great game of golf. And I'm sure the Arizona Chamber of Commerce would appreciate that. And that's where I'm taping this podcast from today is the Arizona Chamber of Commerce and CEO Danny Seiden's office.

Tim Roemer [00:11:26]:
Because we're over here working with them and trying to expand cybersecurity to protect our private sector companies and continue to help government as well. And that's where the teamwork and collaboration comes in. So, yeah, you can walk into the chamber of Commerce weather Day, chamber of Commerce golf course type of thing. But let's get back to the fact that a lot of business and a lot of good hard work is not done on a Zoom meeting. It's done in person, collaborating, getting to know one another, building trust. And that's really why I like these in person events so much.

Joe Toste [00:11:58]:
I'm very excited. Also, I'm excited that it is in Scottsdale that's probably one of my faves, actually. My top fave. I'm sorry, Justin. Justin Farrell and Goodyear. I love a. They've got a killer breakfast coffee shop. I'm not going to give it away on the podcast because I don't want people showing up there.

Joe Toste [00:12:15]:
But yeah, it's really good. So I'm looking forward. I'm probably going to spend some time when we drive. We're going to come to Arizona probably a couple of days before that, and we are going to stop in Goodyear and then we're going to continue through. But I'm really looking forward to this golf course we might have to set up. I don't golf, sadly. I know I break people's hearts. I don't golf.

Joe Toste [00:12:35]:
But we'll have to arrange something where we can get some folks supporting the golf course in Scottsdale Chamber of commerce. And so I'm definitely looking forward to that. And I love what you said about being honest about the challenges that everyone faces, because in the public sector and even everyone has challenges and just being transparent about, hey, here are the top three things I'm working on right now. These are the problems that I'm trying to solve. And they could be cybersecurity, they could be leadership and culture. They could be, you name it, it could be any host of things. And so really drilling in on the specifics is a huge plus at the live events. And really just getting that time and q a time for the audience to be able to ask questions and contribute to the community, I think is huge.

Joe Toste [00:13:21]:
And not to mention, Tim knows we have great. Not going to. I am going to spoil it. So we're going to bring some of that sushi for one part of the meal. Tim knows what I'm talking about. My wife found this incredible sushi spot and she's, hey, what if you think we bring it over to Scottsdale? I'm like, we're going to go pick it up. She'll go pick it up. She'll drive over there.

Joe Toste [00:13:41]:
She's going to go get it. And so we're going to have good food. Lots of good food. And I'm really looking forward to this, Joe.

Tim Roemer [00:13:48]:
I can't help but jump in here and let people know and create a little bit of a metaphor here because you're talking about good food in the middle of the desert and you're talking about sushi. Which one would not think that those two go together, right? But that's about being innovative. That's about being open to other solutions even though you may think that it sounds a little outside the box, whether you're trying to solve a technology solution or cybersecurity solution or trying to satisfy your hunger crave. But getting sushi in Scottsdale, Arizona, may not seem like the first priority, but it is delicious. And sometimes we have to be open in our industry to solving our challenges in a little bit more of a creative way.

Joe Toste [00:14:34]:
That's all. My wife. Finding hidden gems. And we love that. We love finding hidden gems. We're not going to give everything away here on the pod. But if you end up showing up in Scottsdale, trust me, you won't regret it. The food will be great.

Joe Toste [00:14:48]:
The experience will be. And so the final four is happening that week. And actually, there's the basketball from last year's final four. Actually, it traveled twice. It traveled to Orlando for the Orlando live podcast tour, which was the first round. Now, we're not going to do a first round this year. We're only going to do the final four. Then I took that basketball to Houston, and people tried to steal this basketball from, okay, in the airport.

Joe Toste [00:15:13]:
People were like, hey, what professional athlete signed this? And I was like, Lisa Kent, CIO, city of Houston, please don't take it from me. And so we're going to be bringing basketballs, we're going to be getting signatures. It's going to be a blast. But I was kind of curious around, how do you see the spirit of this big event mirroring the collaboration and competition in cybersecurity today, the final four Houston live podcast.

Tim Roemer [00:15:40]:
Last year, speaking of food, I got to say, you did some things last year that I had never seen before, like a s'mores bar. And then it's funny because I saw somebody else do it recently, and all I could think of is, man, they must have copied tech tables, because you still deserve credit for being the first person to come up with really cool solutions like that. Little fun, delicious ways to bring everybody together. And to our point last time over, the last question is, it's really hard to build trust and break down barriers of the silos when you don't know somebody. If you know somebody in person, if you're able to break down the walls of these Zoom meetings and these virtual meetings and get to know somebody, you're going to open up a lot more and you're going to find out a lot better questions and answers, really. And the collaboration at these events is what I really look forward to the most. I think you're a basketball coach at a much higher level I just started coaching my son's basketball team. I'm more of a football guy.

Tim Roemer [00:16:35]:
As from some of the other tech tables events we talk a lot about, it's cybersecurity field. Needing to respond quickly in an incident, you have to respond fast. That's how you're saved. Right? And basketball these days, in the new wave of basketball, it's run and gun, right? It's shoot three pointers, play fast. I actually just got done watching season two of winning times on HBO about the dynasty of the Lakers as they built up as the coaches of the Lakers and the ownership of the Lakers, drafting Magic Johnson and others in 1980 and beyond changed and revolutionized basketball with a faster pace of play. And so you're going to be hosting this amazing podcast event, and it's final four. I can't help but draw some similarities to the way that we work within the field of cybersecurity and modern basketball, that you've got to be able to run the floor. You can't just stay in one spot.

Tim Roemer [00:17:30]:
You stay in one spot, you're going to get hit. The hackers will go around you. We've got to be able to move quick. We've got to be able to play as a team. And those are the types of things that I love about bringing everybody together, especially when it's around a sporting event, gives them just a little bit more excitement and fun and camaraderie. And it's going to be an amazing time, and it's going to be so exciting to see who makes it. Who knows? Joe, look, I'm an Arizona State University sun devil guy, but the University of Arizona is known for being the powerhouse of basketball, especially in Arizona and a national powerhouse. I can't help but think how incredible it would be if the University of Arizona is in the final four.

Tim Roemer [00:18:12]:
When you come to film this podcast.

Joe Toste [00:18:13]:
It would be pretty epic. The city would just be whole, state would be popping, which would be great. So I love what you said about running the floor, not staying in one spot, playing as a team. I think sometimes I get a little, hey, Joe, that sounds great, but it's not that technical. And in cybersecurity and all this technology and in coaching high school basketball, I see it with the team. We just played a crosstown rival the other night, and it was the same thing if you don't communicate as a team, because there's no one person that does anything. If you're running any organization, you're putting a group of people together. In my case, a group of kids together.

Joe Toste [00:18:57]:
And if they don't communicate, you end up getting blown out big time and how you move the. And so I love what you said about the Lakers and about watching that. A lot of times when you watch games, the nuance that you don't get is you don't actually pick up that all of the professional athletes are actually communicating with each other on the floor. They're constantly talking. They're talking so much. You just don't think it when you're just watching it on a screen, but they're moving the ball up the floor like magic Johnson moving the ball up the floor so quick. And that's what you want to be able to do in Cybersecurity also.

Tim Roemer [00:19:33]:

Joe Toste [00:19:33]:
If you're not communicating with your team, if you're not delegating and then elevating people on your team into positions, it's going to collapse. You're going to get blown out.

Tim Roemer [00:19:45]:
Yeah. Think about it like this, Joe. So good communication is key in basketball, right? So you don't have turnovers, that you're not passing the ball to somebody. They made a cut here. Now you pass the ball out of bounds and it's a turnover. Cybersecurity is so much about good communication and coordination, finding enterprise tools and solutions that partner together, that complement one another, that actually work together, and that you can monitor together and track and log and perform as value added too many times. If you're like building a basketball team and you're just adding all stars, but they don't complement each other well. Let's say you grab five all star shooters, but you don't have a center, you don't have a point guard, and the five players running around just trying to air the ball up, you're not going to be very good enterprise.

Tim Roemer [00:20:33]:
Cybersecurity. You can't be having five tools that do the same thing. That's a waste of money. It's not a good use of people's time and effort in learning that. You need to have five tools that complement each other, just like five players on the basketball court. You also can't just be running around shooting three pointers all the time. I know the warriors have done a really successful job of this, and Steph Curry's kind of revolutionized the three point shooting game. But at the end of day, basketball, like cybersecurity, is about doing the little things right, making layups.

Tim Roemer [00:21:03]:
Like, I'm sure you coach your team as well. You're going to have a lot higher percentage of making layups than you do three pointers. So let's drive the lane. Let's try to get some fouls. Let's try to score some points. Cybersecurity is still having over 90% of all incidents are human caused. It's the low hanging fruit. Everybody wants to instill this incredible offense and three point shooting and everything.

Tim Roemer [00:21:24]:
And cybersecurity, it's like fancy AI, right? Everybody wants AI solutions. But guess what? You could spend a lot of money on some fancy AI tools. If you don't have MFA in place, good luck. If you're not making your layups, if you can't dribble and pass, you don't have cybersecurity awareness training. You're not fishing your own employees. You don't have MFA. You don't have basic account security. Okay, great.

Tim Roemer [00:21:47]:
You can have all the fancy AI tools you want. You're going to be taken down from somebody clicking on a phishing email. And that's the thing about basketball as well, is like you're going to be taken down. One team can actually dribble, pass, and do a pick and roll, can actually do the basics. The basics in basketball are the basics in cybersecurity. It's what's going to actually save you. We've got a wonderful cybersecurity community here in Arizona. We've been really fortunate to have CISA Director Jen Easterly join the Arizona Department of Homeland Security at their cybersecurity summit last month.

Tim Roemer [00:22:19]:
And I think that showcases that. Arizona is a role model in this space between the public and private sector. So if you're thinking about coming, I think you'll be able to see a network and community of collaboration and partnership that is unlike anywhere else in the country. And yes, also amazing food, great views, five star service, and phenomenal weather. Come on. We're talking April, just past spring training baseball here in Scottsdale, and it's going to be a great time. So we're really looking forward to highlighting not only what we do in Arizona, but how we're partnering across the public and private sector to truly solve some of these great challenges that government is faced with.

Joe Toste [00:23:02]:
I'm looking forward to bringing everyone together. This will be the first event of 2024.

Tim Roemer [00:23:08]:
We want even more excitement for the Arizona event, but at the same time, Arizona is definitely going to rise to the occasion and bring it home. So thank you for the wonderful opportunity to be a host. There is great value in being able to share perspectives and be able to come together. Like I said, it's a lot easier to talk about a problem and to find a solution when you do it in person. It's just so incredibly difficult to do everything virtually these days. In a day and an age where everybody's working from home. We have this beautiful facility that we get to have our security operations center. We get to run incident command that we get to work out of every single day, and it's a fun opportunity to be able to showcase this to everyone.

Tim Roemer [00:23:52]:
So thank you.

Joe Toste [00:23:53]:
Do we get a private tour of the security operations center?

Tim Roemer [00:23:56]:
Of course.

Joe Toste [00:23:57]:
Like a show. And happy we're going to put that on the agenda?

Tim Roemer [00:24:00]:
Yes, absolutely. Happy to do that. Great view upstairs of the McDowell mountains in Scottsdale. Yeah, we'll roll out the red carpet, don't you worry.

Joe Toste [00:24:10]:
Oh, I love it. Tim, thank you for coming on the pod. I really appreciate this. And I cannot wait. A little less than three months and we're going to be in Arizona, so I'm stoked.

Tim Roemer [00:24:20]:
Yeah, I can't wait. Joe, keep up the good work. And for everybody out there that if you're public sector, again, thank you for what you do. And if you're on the private sector side, hey, let's keep coming together as a community and coming up with good solutions that can help all of us. That's where the private sector or needs to drive. We need to be driving on innovation, and that helps people in our own community, it helps our own companies, but at the same time, it really helps protect all of our data and all of our government organizations as well, because they are at a disadvantage. So let's come together and let's do some good.