After being named Nebraska’s interim chief information security officer last month, Bryce Bailey on Tuesday lost his interim status and will serve as the state’s top cybersecurity official for the foreseeable future.
Bailey joined the Nebraska state government as its deputy CISO last June after departing the Cybersecurity and Infrastructure Security Agency, where he’d spent 18 months working on cybersecurity initiatives “foreign and domestic,” he said in an interview. In Nebraska, Bailey said he wants to “take cybersecurity to the next level,” a goal that includes bolstering the state’s cyber workforce, changing cybersecurity’s image and amassing enough data to demonstrate to government policymakers that cyber programs, like the federal State and Local Cybersecurity Grant Program, are worth keeping.
Census estimates in 2024 showed that Nebraska had finally surpassed 2 million residents, a sign of modest growth that nonetheless leaves it as one of the nation’s smaller states, ranked between Idaho and West Virginia. A majority of Nebraskans, Bailey pointed out, live in the east, near Omaha and Lincoln, but his vision for incubating cyber talent, not only for the state government but the state generally, includes smaller, rural communities: “I’m thinking about those kids out in Grand Island or Scottsbluff, where they can learn to protect or defend a network before they even graduate high school and then they stay out there. And that’s a win for Nebraska 10 years from now.”
A growing number of state governments, including Nebraska, have partnered with community, technical and state colleges in an attempt to develop cybersecurity talent and in some cases provide internships with government agencies, a symbiosis widely lauded but perhaps not adequate to fill all of the nation’s open cyber roles. Bailey said that by starting earlier, in K-12 school districts, the state might harness the rebellious energy of youth: “They’re fighting not only against adversaries,” he said of schools, “they’re fighting against the students,” who are “trying to get around the security controls the district has in place to block them from inappropriate content, all that kind of stuff.”
Bailey, like officials in all states, relies on the federal government as a coordinator and distributor of cyber threat intelligence, but the second Trump administration has pulled back funding across numerous programs, from Medicaid and education to disaster relief and cybersecurity. Many state technology officials have reported concern with what this will do to their budgets in the coming months. And continued cuts at CISA — a federal agency that, by numerous accounts, is struggling to perform some of its core duties — have likewise pushed states to embrace self-reliance and the grace of philanthropies.
Bailey acknowledged the current administration’s push to “decentralize” some of its functions, but added that he still talks to officials at CISA “at least on a weekly basis” and that the federal government is “still fully supporting what we’re doing here in Nebraska.” He said the change signals an opportunity for states to “step up” and take more seriously their “whole of government” cybersecurity strategies, in which states play leading roles in supporting local governments, educational institutions and, in some states, the private sector.
One potentially remaining federal support for state and local cybersecurity is a major federal grant program that’s found passage in the House but still needs Senate approval, and consensus from lawmakers on how much funding the program’s second run would receive after its past $1 billion, four-year authorization. Bailey said the SLCGP has been “super valuable” in Nebraska, paying for vulnerability scanning, hardware replacements and security information management systems, particularly in the state’s cash-strapped school districts. He said that if the program receives a second tranche of funding, states and local governments should diligently collect data on how helpful the program’s been: “We need to be able to tell that story to the federal government, to individuals in Washington, D.C., and tell them how important this program is.”
Managing cybersecurity’s image not only on a national stage, but inside Nebraska’s executive branch is another priority for Bailey, who said he doesn’t want cyber officials to always be viewed as the ones “who are just going to say no to everything.” He warned that being overly strict with security can backfire, leading state employees to find insecure workarounds or use unmonitored personal devices to skirt the rules. “I want to drive that secure innovation,” he said, “making sure security is baked in from the very beginning. I want to leave Nebraska’s security posture stronger than I found it, not just technically but also culturally.”
And though Nebraska is small, the world of state technology officials is close-knit, and information spreads quickly. Bailey said that when it comes to government IT security, he wants his state to be known as an originator of good ideas: “By the time I’m done here and my time has come, I want other state CISOs and CIOs to be looking at Nebraska and saying, Man, what is Nebraska doing? Let’s reach out to them so that we can do what they’re doing.”
