Ut tellus dolor, dapibus eget, elementum ifend cursus eleifend, elit. Aenea ifen dn tor wisi Aliquam er at volutpat. Dui ac tui end cursus eleifendrpis.
What’s on the minds of top local government chief information security officers? In this interview, Michael Dent shares current security and technology priorities, career tips and more.
I have known Michael Dent, the Fairfax County, Va., chief information security officer, for more than a decade, and his knowledge, expertise, insights, perspectives and accomplishments never cease to impress me.
Michael is a seasoned cybersecurity executive and military veteran with over 30 years of experience in public-sector information security. As the CISO for Fairfax County, Michael has been instrumental in developing and implementing a comprehensive enterprisewide IT security risk and privacy program to protect critical government infrastructure.
A veteran of the U.S. Army, Michael brings a disciplined, strategic approach to cybersecurity, ensuring the resilience, integrity and security of public-sector digital assets. He is a founding member of Fairfax County’s Architecture Review Board and has served 16 consecutive terms as chairman of the Council of Governments CISO Committee within the National Capital Region. Michael’s visionary leadership has earned national recognition for Fairfax County’s Information Security Program as one of the top local government cybersecurity programs in the country. He serves on multiple advisory boards for both industry and government, where he provides strategic guidance on cybersecurity, risk management and public-sector innovation.
Put simply, when I think about a short list of the top public-sector CISOs around the country, from all levels of government, Michael (who often goes by Mike) Dent would certainly be on that list.
I was lucky to spend significant time with Michael in fall 2024, when we both attended the FBI CISO Academy in Quantico, Va. While there, he agreed to be interviewed for my blog on a range of leadership topics. That interview follows.
Dan Lohrmann (DL):You’ve had a great career in government leadership. Why do you like public service?
Michael Dent (MD): Public service is more than a career — it’s a calling. For over two decades, I’ve had the privilege of serving as chief information security officer for Fairfax County, Va. My passion for public service has only grown with time. Cybersecurity in local government isn’t just about technology — it’s about people, continuity and community resilience. It’s about safeguarding the trust residents place in their government and ensuring critical services remain secure.
What drives me is the knowledge that our work directly impacts lives. From protecting sensitive data to maintaining essential services, every decision in cybersecurity contributes to community safety. I’m proud to advocate for stronger cyber capabilities, not only in Fairfax County but for smaller jurisdictions that often lack resources or visibility.
DL: You’ve been CISO for over 23 years. What accomplishments are you most proud of?
MD: Over the past 23 years, I’ve served under multiple administrations and seen cybersecurity evolve dramatically. Through all that change, what has remained constant is the importance of strong teams, visionary leadership and a shared mission.
One of my proudest achievements is Fairfax County’s Annual Security Awareness Day, now in its 18th year. This nationally recognized event unites public and private stakeholders to collaborate on cybersecurity best practices. Its longevity is a testament to our team’s commitment and our enduring partnerships.
I’ve also had the privilege of serving as chair of the National Capital Region CISO Committee for 16 years. This role has allowed me to coordinate strategies and foster collaboration across jurisdictions, strengthening our collective cyber resilience.
What I’m most proud of, though, is using my platform to advocate for jurisdictions with little voice in national cybersecurity conversations. With the support of my leadership, I’ve helped ensure their needs are heard, capabilities developed and funding secured.
DL: What’s the secret to your success as a government CISO?
MD: If I had to boil it down: relationships, perspective and persistence.
Cybersecurity is a team effort. Success comes from building trust — with your staff, leadership, peer agencies and the public. I’ve prioritized those relationships throughout my career.
Perspective matters too. Our mission isn’t just about systems — it’s about protecting public trust and enabling service delivery. That view helps guide strategic decisions and maintain focus on what truly matters.
And finally, persistence. Government work is complex. Progress often takes time. But by staying consistent and focused on outcomes, we’ve made meaningful, long-term advancements.
None of this would have been possible without my team, the support of forward-thinking leaders and strong partnerships built over two decades.
DL: What cyber challenges did you face during the COVID-19 pandemic, and how did you respond?
MD: The COVID-19 pandemic created significant challenges. We had to support a remote workforce of more than 10,000 quickly and securely while safeguarding critical services for 1.1 million residents.
Fortunately, we had already begun our zero-trust journey. This allowed us to scale secure remote access quickly. We also implemented an immutable data platform to enhance ransomware resilience and speed recovery.
Our success during this time hinged on strong internal expertise, executive support and valuable partnerships with organizations like NACo [National Association of Counties], GBEF, MS-ISAC and CISA [Cybersecurity and Infrastructure Security Agency]. These relationships helped us anticipate threats and respond effectively.
DL: What are your current cybersecurity priorities?
MD: Right now, we’re focused on building an adaptive cybersecurity strategy aligned with emerging technology trends: AI, Internet of Things and multi-cloud environments.
Key initiatives include upgrading security infrastructure, deploying AI-driven threat detection, automating operations and enhancing cloud governance. These projects support our defense-in-depth approach and ensure our systems remain resilient and reliable.
We’re also investing in our people, ensuring our cyber team receives advanced training and exposure to industry best practices. These efforts help us stay ahead of the curve and deliver secure services to our residents every day.
DL: Is there a cyber talent shortage in Fairfax County? Are you finding the right people?
MD: The talent gap is real, especially in Northern Virginia, where federal agencies and contractors compete for top cybersecurity professionals. That said, we’ve built a capable team by focusing on mission-driven recruitment and professional growth.
We invest in training, certifications and engagement opportunities. And we emphasize that working in local government means directly supporting the services that residents rely on. That sense of purpose attracts great people.
DL: How are you handling cybersecurity funding and resources?
MD: Budget pressures are a reality in any local government. But in Fairfax County, cybersecurity is recognized as a strategic priority. We’ve been able to secure resources for initiatives tied to risk reduction, continuity and compliance.
Our approach is to align cybersecurity with business outcomes, showing that it’s a public service enabler. This framing makes it easier to justify long-term investments. We also make strategic use of partnerships, shared services and enterprise platforms to maximize value.
DL: Cybersecurity accountability starts with leadership — and must be funded accordingly. How do you navigate that?
MD: Leadership, both elected and administrative, must be accountable for funding and supporting sustainable cybersecurity programs. It’s not a one-time expense or a tech issue — it’s critical infrastructure.
Federal programs like MS-ISAC, EI-ISAC and CISA’s SLCGP [State and Local Cybersecurity Grant Program] have been instrumental in helping local governments build foundational capabilities. These programs should be expanded and fully funded, not reduced. And SLCGP funding must be available directly to local governments, not just funneled through states.
Many states use these funds for services like “local SOCs” or assessments, but often don’t fund actual mitigation. Local governments know their risks; they need support to address them. Flexibility and direct funding are key to meeting local operational needs.
At the same time, federal funding should act as seed money. Long-term sustainability must be the responsibility of state and local leadership. Cybersecurity is not optional — it’s essential infrastructure.
DL: How can vendors better support local government cybersecurity?
MD: Vendors play a vital role, but many still miss the mark.
First, local governments aren’t just smaller private companies. We have longer budget cycles, procurement rules and different risk profiles. Solutions must be tailored accordingly.
Second, we need partners, not just salespeople. The best vendors take time to understand our environment and work with us to deliver outcomes.
Another gap is workforce support. Vendors can add real value by offering training, knowledge transfer and implementation support, especially for smaller jurisdictions with limited staff.
And finally, simplicity matters. The most effective tools are easy to manage and scale, without requiring large teams to operate.
If vendors want to succeed in this space, they must align their approach with the public mission and make it easier for governments to succeed.
DL: How is AI impacting your cyber strategy?
MD: AI is already part of our cybersecurity strategy and has been for years. We’ve used AI on endpoints for over a decade to enhance threat detection and response.
We’ve also developed an internal AI capability to support employees, governed by our IT security policy. We created an AI Strategy to guide responsible adoption, and we emphasize education to help staff understand the benefits and risks of AI tools.
From a security operations standpoint, we continue exploring AI for automation and incident response. But we’re deliberate — we don’t chase every new solution. We evaluate carefully and build where it makes sense.
DL: Any lessons from your career as a public-sector leader?
MD: After nine years in the military, nine in state government and many more at the county level, one truth remains: Cybersecurity decisions must be business-aligned. If security becomes a barrier, it loses effectiveness.
My military experience instilled discipline, mission focus and the importance of leadership accountability. Those lessons carried over into my civilian career, where I’ve seen how crucial it is for leaders at every level to take responsibility for their systems and data.
Advisory roles on boards and committees have also broadened my view. Every locality is different, but we all need sustainable, scalable cybersecurity programs rooted in real-world operations.
Throughout my career, I’ve stayed focused on outcomes. Cybersecurity must serve the mission, and that’s the mindset I continue to bring to this work.
DL: Anything else you’d like to add?
MD: Cybersecurity in local government is about leadership, trust and sustained commitment. My experience — from military to state and county government — has shown me that success depends on strong governance, strategic partnerships and clarity of mission.
A favorite motto from my military days is, “Lead, follow or get out of the way.” That’s how we make progress, by stepping up with purpose or supporting those who do.
CISOs must have the same authority and stature as CIOs. Without top-level accountability, we won’t achieve lasting success. Every decision — technical or not — should reinforce the public’s trust.
Local governments deserve direct access to cybersecurity resources and vendor partners who understand their unique challenges. We’re not asking for handouts, just a chance to build sustainable programs with the right support. Together, we can ensure that cybersecurity remains a pillar of public service, protecting the systems and data our communities depend on.
