The city of Austin, Texas has appointed Shirley Erp as its new chief information security officer. Previously a director at KPMG, Erp brings more than 20 years of cybersecurity leadership experience.
Erp will be responsible for leading Austin’s information security office, and overseeing the information security program which protects the city’s info, data, and technology infrastructure. She will report to Rey Arellano, assistant city manager.
Erp succeeds Kevin Williams, who became Austin’s first citywide CISO in 2015.
She previously spent more than a year at KPMG, where she was a director and cybersecurity advisor in the Austin office. Before that, Erp spent five-and-a-half years as the CISO of Texas’ Health and Human Services Commission, and five-and-half years as assistant CISO for the University of Texas System. Erp also served as CISO of the UT Health Science Center at San Antonio for three years.
Earlier in her career, Erp worked in an IT security role at the United Services Automobile Association. She was also a systems programmer at Hertz and the City of San Antonio.
She holds an MS in technology management from Texas A&M University-Commerce and a BS in computer science from the University of Central Oklahoma.
“I’m very happy to have Shirley join our team. Her experience is a powerful asset to the work we do to protect our information security and risk management efforts,” Arellano said in a press release.
Erp commented, “I am excited about moving the City of Austin information security program to the next level to further mature the system by collaborating citywide and engaging departmental participation to leverage resources, increase knowledge, and expand our incident response capabilities.”
Cities are getting serious about their cybersecurity measures, as opportunistic hackers can view under-protected local government assets as a soft target. For example, Atlanta in March 2018 was the victim of the largest successful breach of a major US city by ransomware. The successful attack by non-state Iranian hackers disabled city computers for weeks, deleted numerous documents, and forced residents to pay bills and complete forms via paper.
The Atlanta hack came months after a city audit found thousands of vulnerabilities in the municipal IT system. In the aftermath, the city was forced to spend millions on consultants to recover from the breach.