It's now official. I have changed technology roles and permanently moved offices within Michigan Government. I am now the Chief Technology Officer (CTO) and Director of Infrastructure Services. After almost seven years as Michigan's first CISO, I took an acting role as CTO in January, when Pat Hale left government and became CTO for Sparrow Health System. After\u00a0successfully navigating\u00a0the interview process, the\u00a0"acting" has been removed. \u00a0Looking back, here are a few memories and perspectives from across the hall.First, why did I make\u00a0a change?\u00a0It was a hard decision, but I was ready for new challenges. I also thought it was time to allow others to step forward in their careers.\u00a0In the Michigan Department of Information Technology (MDIT), our CTO\u00a0position is a deputy director over centralized technology infrastructure managing around 800 staff\u00a0plus contractors covering roles\u00a0such as\u00a0enterprise architecture, networks and telecommunications, help desk (customer support center), data centers, technical support, office automaton, field services, project management, and more.\u00a0This is a huge (and humbling) management and technology challenge, and I am very grateful for the\u00a0vote of confidence that has been placed in me.\u00a0\u00a0In addition, the new federal stimulus package offers some unique opportunities for involvement that are historic in nature and excite me, such as the possibility to build out Health IT and new government high-speed networks.\u00a0Second, was the change difficult?\u00a0 Answer: Yes, but the position has grown on me every week. The first few weeks were like drinking from a fire hose. I was trying to do too much and manage two transitions (learning my new job from Pat Hale who was getting ready to leave\u00a0while handing off my old job to our new Acting CISO Trent Carpenter). Fortunately, I knew the people and processes - which helped tremendously. But I had no idea how\u00a0many personnel issues would come with a very large technology organization. I quickly realized that I was way out of my comfort zone, but many colleagues were eager to help. I also gained a new appreciation for our infrastructure experts and my new team.\u00a0A major virus outbreak\u00a0that we experienced in February turned out to be a blessing in disguise.\u00a0While I never wish these problems on anyone, I was forced to focus on one core issue for several days, and\u00a0navigate my new team through an emergency\u00a0situation that I was well-qualified to lead. A\u00a0more cohesive\u00a0team emerged from that problem. Meanwhile, I gained a\u00a0better understanding of the perspective of\u00a0my staff running infrastructure.\u00a0That emergency also gave me\u00a0a closer relationship\u00a0with the customers who were impacted by the outage.Third, what were some of\u00a0my\u00a0favorite memories?\u00a0Together with our Michigan\u00a0partners, our security\u00a0team\u00a0accomplished quite a bit from strategic security plans to websites offering cybersecurity training\u00a0to new executive orders surrounding ID Theft and breach notification\u00a0to PCI compliance over the past several years. However,\u00a0my best memories always surround the relationships formed with customers and\u00a0professional colleagues in government and in outside groups like the MS ISAC, Michigan InfraGard\u00a0and the Department of Homeland Security's (DHS's)\u00a0National Cybersecurity Division.\u00a0\u00a0Cybersecurity must be a team effort to be successful, so I urge friends and colleagues to\u00a0partner, partner, partner - whenever possible. \u00a0As CISO,\u00a0I also learned so much about emergency management in\u00a0surprising\u00a0ways. When the Blackout hit the Northeast in 2003, I found myself unexpectedly at our State Emergency Operations Center (SEOC) for four long days coordinating response. But that incident created new relationships and opportunities for the future, as new technology became integrated into new areas of government.\u00a0Michigan\u00a0was very fortunate to participate in both Cyberstorm I in 2006 and Cyberstorm II in 2008, and we learned so much from coordinating our cyber responses with the federal government, private sector partners, other states and even other countries. I've developed many friends around the country, and I owe you so much. Thank you for your help.Thinking of success factors ... there is no doubt in my mind that CSOs and CISOs must embrace the unexpected to be effective over time. Turn "lemons into lemonade" wherever possible. There are always new ways to gain support for security initiatives, but they are typically not obvious at first.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Finally, will I every\u00a0go back to a senior security role?\u00a0\u00a0I think security is in my blood, so my honest view is that I'm not really leaving security. Yes - I am leaving the Michigan CISO function in other (very reliable) hands. But\u00a0in reality, there are many security functions within technology infrastructure - such as network and system administrator roles. More than that, we are all partners getting a common job done.And yet, some of you will rightly say that\u00a0I'm\u00a0dodging the real question. I never say never. Looking back, I\u00a0am surprised that I stayed in this CISO role as long as I did.\u00a0Our Lord\u00a0has been good to me, with plenty of "success," but I realize that awards aren't what's ultimately important. We do what we do to help others - to make a positive difference. We press on to build safer, more reliable\u00a0digital government and an Internet with end-to-end trust.\u00a0\u00a0We fight\u00a0as cyber ambassadors\u00a0for good. \u00a0\u00a0As for this blog ... I am no longer a CISO, so I will be cutting way back on my security blogging. I told Derek and CSO Magazine\u00a0that I would occasionally pop in (every few months) to offer a view of security from a government CTO perspective, but I will no longer be a featured blogger for CSO-online. I am grateful that CxO media wants to\u00a0keep my\u00a030 months of blogs on their website for future public consumption.\u00a0\u00a0CSO Magazine has been awesome to work with, and I am very thankful for their support through the years. One final thought ... try to surround yourself with good people\u00a0who you can trust. That is the most important aspect for\u00a0CISO success.\u00a0 I was blessed with a great Michigan security team. I also\u00a0worked for\u00a0great leaders like Teri Takai (now California CIO) and Ken Theis (current Michigan CIO). It certainly helps to have technology partners that "get it."