All episodes
Episode 286 May 17, 2026

Yvette Florez, CISO of a Colorado State Government Agency

Managing statewide crises and driving legislative change, from the SamSam ransomware response to the Joint Technology Committee. Interviewed by Frank Victory.

Our featured guest this month is Yvette Florez, Information Systems Security Manager at the City of Lakewood and former Director of Identity & Access Management for the Colorado OIT, interviewed by Frank Victory (President of Denver OWASP and Conference Chair for SnowFROC).

We often talk about the operational side of cybersecurity, but Yvette brings a unique perspective on managing statewide crises and driving legislative change. She takes us back to her time with the Colorado Governor's Office of Information Technology (OIT), detailing the intense response to the SamSam ransomware attacks that took down CDOT. Yvette also shares the behind-the-scenes work of representing OIT before the Joint Technology Committee (JTC) in 2018, where she played a key role in securing crucial funding for state identity initiatives. Finally, we explore unique workforce solutions, like the Department of Corrections (DOC) programs that utilize offenders for tier I Help Desk calls.

In this episode

  • The SamSam response. The state's battle against the SamSam ransomware attacks on CDOT and the resulting federal indictments.
  • Funding state identity work. Navigating the Joint Technology Committee to secure legislative support and funding for critical state identity initiatives.
  • Unconventional workforce development. Using Department of Corrections offenders for tier I Help Desk calls via the CCI program.

This month in Colorado security

The news & resources segment.

From the guest