Thursday, December 12, 2019

CIO Theresa Talks: Welcome Colorado Digital Service

We are proud of the long list of tech companies that have been founded, headquartered, or have offices here in Colorado. The tech talent is strong and continues to grow! From system architects, to app designers, developers, cybersecurity analysts, hardware engineers, and product experts, you'll find them at Colorado’s startup weeks, the Colorado Technology Association, Prime Health, Rockies Venture Club, and other gatherings. Colorado tech talent is always heads-down and laser-focused on building amazing things. We have a #givefirst attitude and succeed together because of it.

As the State CIO, I have an opportunity to talk to Coloradans about how government services and technology impact their lives. Our goal in the Governor’s Office of Information Technology is to enhance the lives of all Coloradans. We keep the State of Colorado systems operating, information flowing, applications running, and technology advancing, securely. From offering technologies that ensure public safety, providing a more consumer-friendly experience at the Division of Motor Vehicles, and improving health care data interoperability, to expanding broadband coverage to all corners of the state, ensuring essential food and medical benefits to the most vulnerable, and so much more, the impact of government on our daily lives is huge.

I also think a lot about the many paths software engineers, designers, and product managers take in their careers and how Colorado government can enlist their help in delivering for our residents. It became clear to me that senior to mid-career techies could provide value here in Colorado through a "tour of government service.” In this model, technologists sign up for a “tour of service” ranging anywhere from six months up to two years, become full-time state employees, and focus on the Governor's most important priorities. Are you one of them? 

I love the way Governor Polis describes the Colorado Digital Service in an October 2019 Denver Business Journal article:
“There are some great IT professionals who work for state government, but we need more cross-pollination,” Polis said of the program. “A lot of folks don’t want to change their career because they have successful careers in business and technology, but they understand the importance of taking a year or six months to give back.”

The Colorado Digital Service has been funded by the Colorado General Assembly and is now accepting applications. To learn how you can make a meaningful difference or to stay in touch as we build out the team, visit

Today's blog comes from OIT Chief Information Officer and Executive Director, Dr. Theresa M. Szczurek

Friday, November 22, 2019

Shopping Tips for the Holidays

I received a great newsletter this week from the Multi-State Information Sharing and Analysis Center (MS-ISAC) titled "8 Shopping Tips for the Holidays" and it got me thinking about all of the holiday-type attacks that I've seen resulting in compromised systems or an unhappy holiday experience.

The first ever holiday attack I witnessed was a fake FedEx notification to my husband, about eight years ago, during December, at a time in which he really was awaiting several shipments to be fulfilled. Upon clicking on the link, malware was installed that rendered his computer completely unusable. He's a smart IT professional - if it happened to him, it can happen to anyone!

So here are a few tips...

1) Don't click on fake shipping links. The "FedEx" attack comes back every year. Don't fall for it! When you want to check the status of your shipment, either logon to the site from where you purchased your item, or logon to the shipping site and type or paste in the shipping number directly. Never click on a shipping link in an email! And remember, attackers don't just mimic FedEx; I've experienced this type of phishing email simulating other shipment companies too.

2) Shop from known reputable merchants. Sometimes advertising that you see on your social media sites are actually links to fake websites to either install malware or steal your credit card information. Instead of clicking directly on those advertisements, try googling the product, or better yet - go search for it in your favorite shopping site (like Amazon). It's best to purchase from known reputable merchants to protect yourself and your purchasing experience.

3) Don't be scammed by unrealistic prices. Remember, if it seems too good to be true, it is likely a scam. Don't fall victim to a scam while seeking great shopping deals!

4) Don't click on links received in a text message. Last week I received three different text messages, supposedly from different financial institutions indicating fraud or some other problem with my account. Since two of these belonged to financial institutions for which I don't have an account, this felt like a scam. While this isn't necessarily a holiday attack - this could definitely ruin your holiday if your smartphone becomes unusable or your account is taken over at this important time of year. Avoid clicking on links sent in a text message! Using a separate means, such as a browser or your bank app, log directly onto your account and validate whether there are any important messages. Alternatively, you can call the institution to ask about the text message.

Visit our Cybersecurity Help site and/or the Multi-State Information Sharing and Analysis Center (MS-ISAC) for more tips.

Happy shopping this holiday season!

Today's blog comes from OIT Chief Information Security Officer Debbi Blyth

Friday, October 11, 2019

CIO Theresa Talks: Hello tech leaders, do you want to work together?

After a full career in information technology ranging from engineer, product manager, management consultant, author, speaker, high tech entrepreneur, and board member, I wanted to make more of a difference. Contributions and connections bring meaning to my life.

So I asked myself, "Could a tour of service in government work for me? Should I run for office or what?"

Then opportunity knocked. I heard newly elected Governor-elect Polis on the radio asking people to apply for his Cabinet positions. So I did. Six weeks later, I was pleased to be appointed as the State of Colorado Chief Information Officer and Executive Director of the Governor’s Office of Information Technology (OIT). WOW! The perfect match, this position leverages all of my experience and delivers phenomenal opportunities to make a difference in an innovative, forward-looking environment.

OIT busted my myths. 

Prior to jumping in, I held some stereotypes of bureaucracy and slow-moving government operations. I was wrong. I found a fast-paced, full-service enterprise provider of information technology and communications services with nearly 1,000 IT and support professionals who serve more than 31,000 state employees in 17 executive branch agencies. Our work ranges from keeping systems operating, information flowing, applications running, and technology advancing, securely. We power state government and serve Colorado's counties, residents, businesses, and visitors. Our passionate purpose is customer delight.

Have you asked that question? What brings meaning to your life? Could a tour of service in government also provide you a way to leverage your talents, give back, provide meaning, and have some fun? We are looking for a visionary Chief Technology Officer, Chief Strategy Officer, and other talent. Check out the OIT job opportunities here and spread the word. Let’s find a way to work together.

Opportunity is knocking.

Today's blog comes from OIT Chief Information Officer and Executive Director, Dr. Theresa M. Szczurek

Monday, January 28, 2019

How Anonymous Are You Online? Tips for Protecting Yourself

Have you ever wondered how something you briefly look at on one website pops up as an advertisement on a completely different website? This is because each website you visit collects information about you, allowing the next site you visit to display advertisements based on the information that was collected. Usually this is done by companies to better advertise to you as well as collect data on their customers, but this can be a privacy concern or used for malicious purposes.

Some information that can be collected about you from websites can include: your IP address, how long and how often you visit particular pages, other websites that you visit, the browser you are using, and in some cases the type and version of the operating system on your device.

There are several steps you can take to prevent this information about you from being collected.
  • Use a VPN (Virtual Private Network): There are many different VPNs that you can download and use. Some are free, some are not. A VPN provides you with an encrypted tunnel to access the internet, which can increase your security and anonymity online.
  • Limit or disable cookies: Most websites use cookies to track the users that visit their sites. Cookies enable websites to find out about your browsing habits. Because cookies can store personal data, limiting or disabling them can be a good idea.
  • Use HTTPS Links: Be cautious of any site URL without HTTPS in the URL. HTTPS is more secure than HTTP.
  • A Big No to Public Wi-Fi: Wi-Fi hotspots are convenient, but when accessing your personal accounts, be cautious. Make sure you never log in to your accounts, particularly bank accounts, when using a public Wi-Fi network. Someone using the same network could intercept the data that you have provided online (e.g., your bank details, passwords, emails, etc.) If you must use a public Wi-Fi network, do so with a VPN.
  • Password Manager: Like VPN products, there are many password managers that you can download and use. Password managers store your passwords, and they also suggest good, complex passwords to use for each of your accounts. This is a great step to take to help prevent your online accounts from being compromised.
  • Look out for phishing: A very easy method that attackers use to collect your personal data is phishing. The attacker will send out emails, text messages, and sometimes even phone calls pretending to be your bank or cell phone company. The email or text will provide a link for you to click and will take you to a website requesting your personal information. Always be wary of requests for personal data and trust your instincts if something seems “phishy.” 

Today's blog comes from Chelsey Vance, OIT Risk and Compliance, Senior Risk Analyst.