Empowering a Workforce Built on Cyber Awareness

Tyler Podcast Episode 131, Transcript

The Tyler Tech Podcast explores a wide range of complex, timely, and important issues facing communities and the public sector. Expect approachable tech talk mixed with insights from subject matter experts and a bit of fun. Each episode highlights the people, places, and technology making a difference. Give the podcast a listen today and subscribe.

Show Notes:

In this episode of the Tyler Tech Podcast, Tim Walsh, general manager of cybersecurity at Tyler Technologies, joins the show to discuss the human side of cybersecurity and the importance of building a strong organizational culture to support it.

Tim explains why technology alone isn’t enough to defend against evolving threats — emphasizing the critical role of people, processes, and leadership. He shares how public sector organizations can strengthen cyber resilience by investing in their teams, encouraging continuous training, and fostering a culture where every employee understands their part in protecting systems and data.

The conversation also explores strategies for addressing workforce shortages, partnering effectively to maintain 24/7 coverage, and recruiting and retaining cybersecurity talent in a competitive market. By empowering employees and creating a culture of shared responsibility, public sector leaders can build teams that are ready to adapt, respond, and thrive in an ever-changing cybersecurity landscape.

This episode also highlights the advantages of cloud infrastructure and how it is transforming the public sector. From reducing technical debt and streamlining operations to creating the flexibility to adopt AI and other emerging tools, the cloud provides a smarter, more resilient foundation for modernization, security, and innovation. Explore our resources in the show notes to learn how governments can maximize long-term value and take the next step toward a future built to adapt.

• Explore More: Cloud Infrastructure for Government

And learn more about the topics discussed in this episode with these resources:

• Download: Digital Access and Accessibility in the Resident Experience
• Download: How To Identify Cyberthreats Before They Become a Breach
• Tyler in the News: South Carolina AI, Cyber Initiatives Reshape Services
• Blog: The Power of Data: Building Resilient and Responsive Systems
• Blog: Preparing for the Future of AI in Government
• Blog: Boosting Resilience: Cloud Solutions for Modern Government
• Blog: Cyber Defense: Local Governments Weigh In
• Blog: Partnering With Communities to Build Resilience
• Blog: K-12 Cybersecurity Funding: What Districts Need to Know
• Blog: Resilient Communities Rely on Modern Public Safety Solutions
• Blog: Increase Community Resilience With Modern Payment Systems
• Blog: How Cloud-Based Solutions Expand Access to State Services
• Blog: Resilience at Scale: Technology for an Unpredictable Future

Listen to other episodes of the podcast.

Let us know what you think about the Tyler Tech Podcast in this survey!

Transcript:

Tim Walsh: It’s people, it’s process, and technology. And I often feel that public sector organizations and organizations as a whole, not just the public sector, focus almost too heavily on the technology side. Humans are one of the most critical aspects of actually engaging with the tools that you purchase and building a culture of cybersecurity.

Josh Henderson: From Tyler Technologies, this is the Tyler Tech Podcast where we explore the trends, technologies, and people shaping the public sector.

I’m your host, Josh Henderson. Thanks for listening.

Today, we continue our special two-part series for October, which is Cybersecurity Awareness Month, recorded live at Tyler Connect 2025 in San Antonio.

And I’m joined by Tim Walsh, general manager in cybersecurity here at Tyler. And in this conversation, we shift the focus to people while investing in teams, providing training and resources, and fostering a culture of cybersecurity are essential steps for public sector leaders. There’s so much to get into with this conversation, so let’s jump right in. We hope you enjoy.

Tim, let’s start at a high level. What’s your perspective on the state of cybersecurity for public sector organizations today? What are the biggest challenges leaders are facing?

Tim Walsh: Great to be here, Josh. This is a somewhat of a loaded question in the sense that the cybersecurity landscape is evolving, and it’s becoming more of an amorphous landscape where it’s changing every day, and we have a shrinking workforce to address that problem.

So, I would say that some of the biggest challenges we have, as you mentioned in your intro, artificial intelligence. That is one of our greatest tools to combat cybersecurity threats and emerging threats. It’s also the way that the bad actors are creating new threats and actually leveraging these tools that they can find online just like any of us can and create emails, phishing emails that sound like they’re coming from a person because they can dump sample text in it or to write malicious code to infiltrate a network. So, I think AI is going to be a big trend as we see it already being in the cybersecurity space. I also think that with budget cuts and a changing workforce and a shortage of talent, it’s not getting easier to address the changing landscape.

Josh Henderson: Now, you know, cybersecurity tools are important, but they’re only part of the equation in that regard. So how critical is the human workforce in this equation, and how are workforce shortages impacting agencies’ ability to defend themselves?

Tim Walsh: Absolutely. So, I always say that it’s three parts. It’s people, it’s process, and technology. And I often think that, and I often feel that public sector organizations and organizations as a whole, not just the public sector, focus almost too heavily on the technology side. We’re investing in the shiniest or the most exciting tools, but don’t have the people to manage them or the processes in place to address what those technologies uncover.

So I would say that, you know, humans are one of the most critical aspects of actually engaging with the tools that you purchase and building a culture of cybersecurity and having that executive love level leadership to I don’t want to say push down, but to influence the worker who just logs in and maybe punches their time card, but is still can potentially leave the network or the city or the county or the school district vulnerable based on their simple actions of what they need to do in their day to day job.

Josh Henderson: And now I’m curious to get your advice on, you know, what should public sector leaders who are trying to build a culture, like you mentioned, that values cybersecurity and keep pace with evolving threats?

Tim Walsh: I think first and foremost, as I mentioned before, it’s executive sponsorship. Right? Getting that buy in from the top, whether that’s in a school district, your school board, or your superintendent, or your executive staff, in a county, county councils, city, city council.

Those folks need to understand that cybersecurity is a whole of government problem. It’s not. It impacts everybody when the network goes down, and it influences, you know, how the citizens interact with their local government or with their school district. So, I would say that having that executive sponsorship and building that culture from the top down and not forcing it either.

Educating as you’re influencing across the board is critical. You want to make sure that your end users, as I mentioned, the person that punches in or the person that might just check their email, understands that they play a critical role and an important role in securing their environment by making sure they’re not clicking on bad links in emails, reporting something that looks suspicious, or even when it comes to physical security, physical cybersecurity, making sure that you’re not letting someone in the front door that shouldn’t have access.

Josh Henderson: I think that’s all really great advice. And now I’d like to shift the conversation a little bit into the more tactical side of things and talk about what organizations can do to build stronger, more resilient cybersecurity teams. You know, many public sector organizations, especially some of the smaller ones, are working with lean cybersecurity teams. So how can they stay resilient and effective in defending against sophisticated attacks even without large security operation centers?

Tim Walsh: Absolutely. So, a couple of statistics that I like to point out whenever I talk about this topic. I always like to bring some statistics because that’s my background. Right?

I like stats. I like numbers. In 2024, 82% of organizations were impacted by a cybersecurity incident. So, eight out of ten organizations in the country in the world were impacted by something.

That could be as simple as an email phishing attack. It could be as broad as a widespread ransomware attack. So, you need to have full coverage 24/7/365.

Feeds into my second statistic that I bring up; 90% of organizations reported in a survey last year that they have a shortage of IT talent, specifically as it pertains to the evolving threat of AI and cloud computing.

So, this is where I say, we need to look from the outside in as leaders in the space and as public sector leaders too and figure out what are our teams staffed for? What are they good at? And then fundamentally, what should we augment? And what should we engage with a third party partner or engage with our other communities or other agencies, organizations around us?

I think that 24/7 coverage is critical to making sure that things don’t happen while you’re asleep at night, while your office is out on holiday. So, I think that engaging strategically on certain initiatives, for example, engaging with the security operation center that can, for the most part, provide you that 24/7 coverage for less than the price of one FTE is critical to having that that 24/7 coverage. And then fundamentally, looking at other areas and saying, well, we can do this potentially internally, or we don’t have that expertise on staff. And

instead of looking through the talented workforce, there is a talented cybersecurity workforce, but I think last year alone, there’s something to the tune of a 250,000 job deficit in the United States. That’s only growing year over year. So, to sum everything I just said, engage where it makes sense and engage with partners that understand the public sector. There are plenty of companies and organizations out there that want to help and have good intention but make sure that they’re not specialized in high level banking or health care institutions.

Look for a partner that understands the unique challenges of a public sector organization because we all know that accounting operates very different than your local bank or credit union or any other sort of example you can think of.

Josh Henderson: And I think those statistics that you shared really do paint the picture of why cybersecurity remains such a huge priority in the public sector and has been for quite a while.

Tim Walsh: Well, I think facing the reality that building a team in house is for the I can pretty broadly say not going to be for a for a small, even medium, and maybe even a large local government isn’t going to be practical or cost effective.

Josh Henderson: Stay tuned. We’ll be right back with more of the Tyler Tech Podcast.

Every day, public sector leaders are rethinking how technology supports their communities.

Jade Champion: And more than ever, they’re finding the answer in the cloud.

Josh Henderson: From streamlining operations and reducing technical debt to creating the flexibility to adopt AI and other emerging tools, cloud infrastructure is transforming how governments deliver services.

Jade Champion: It’s not just about migrating systems. It’s about building a smarter, more resilient foundation for modernization, security, and innovation.

Josh Henderson: At Tyler, we understand how governments are making that shift, the trends driving adoption, ways to maximize long term value, and the steps to make your journey a success.

Jade Champion: Check out the resources in our show notes to learn more about the cloud advantage and how you can take the next step towards a government that’s built to adapt.

Josh Henderson: The future of government is in the cloud. Now let’s get back to the Tyler Tech Podcast.

Now I wanted to touch on the talent shortage a little bit as well. What have you seen to be some of the key challenges when it comes to recruiting, retaining, and growing cybersecurity talent in the public space?

Tim Walsh: Our team manages a portfolio of solutions that are to help augment the public sector. I find in our organization and what I see in the public sectors, invest in the people that you already have.

Get them the trainings that they need to stay up to date and incentivize them and encourage them to learn more. The talent that you already have is often some of the best talent that you’re going to retain.

Furthermore, when you’re looking, look outside the box. I think that when we it comes to recruiting in any area of public sector or the private sector, we’ve placed ourselves in a box that you must have these certifications, this number of years of experience, this specific degree. Right. And what I’ve what the way I feel about it is, can the person do the job, and do they have the willingness and the propensity to learn what that job takes? And I think we need to look at recruiting at a macro level and say, is this person going to be a good fit for our culture?

Are they going to be a good fit technically? Because I know folks who have associate degrees or no degrees at all that are star players on my team. And not to say that the folks like me that have a master’s degree in cybersecurity are not as talented or not as able to be beneficial in that workforce, but we have to look at the workforce as a whole list from a holistic view.

Josh Henderson: I think that’s a really great approach. And now, Tim, based on your experience working with Tyler clients and teams, what lessons stand out about what works and what doesn’t when it comes to building and sustaining effective cybersecurity teams?

Tim Walsh: So, for building a team, it’s investing in that team. As I mentioned before, encouraging ongoing training.

Also, investing in the tools that really make their job easier.

Don’t invest in a tool that’s going to create ten hours of extra work a week for them. Look for the tool that’s designed to reduce the amount of work and to keep them interested in the stuff that’s interesting. Right. Right?

Automate the processes that are, for lack of better terms, monotonous. Right? If it’s moving files from a to b, automate that. We know that’s easy, and most IT shops are already doing that and are in tune with it.

And for cybersecurity, the thing that makes people in this industry tick is the investigations, is that that blocking and tackling, is the proactive penetration testing and vulnerability scanning, and creating a culture and a space for cybersecurity to thrive. So even though I talked about solutions, that is how you retain the talent. That’s how you build a workforce. Keep them interested in what is interesting to them.

You know, you don’t want them you don’t want someone to come into work every day and feel like they’re just pressing the button and reviewing. So that’s what we’ve done in our security operations center that we provide for our clients is we’ve taken automation to the next level. We’ve enabled artificial intelligence where it’s responsible and makes sense and machine learning to bubble up the interesting events so that my team, instead of focusing on preparing reports every day, is focused on investigating real life client incidents and events that are occurring.

Josh Henderson: Now to kind of wrap things up wrap this conversation up, for public sector leaders listening today, what are some actionable steps they can take right now to start strengthening their workforce and overall cyber resilience?

Tim Walsh: I think starting an open and honest dialogue with their team. And that can be a team of one, and that can be a dialogue with yourself. I don’t want to say that this is something that requires a boardroom and a team of a hundred people. We work with governments that have six employees all the way up to 50,000 employees. So, I preempt my advice with this is scalable advice.

Have an open and honest conversation with your team. Understand what the strengths are, what are the weaknesses, what are the core gaps, and start to create a road map. You can engage with a partner to help create that road map or you can start to whiteboard it out yourself.

But really consider what are the tools that are going to make my life as the public sector leader easier, and what are what is going to make my team’s life easier, and what is going to augment my team? I think that’s incredibly important when we think about talent shortage, when we think of the evolving threats for AI in an evolving landscape.

And when we look at hiring for the next generation, when we look to hire that next IT analyst into the support desk role, look at the skill set that you want, not the skill set that you necessarily have. And I and I say take advantage of natural of the natural shift in workforce.

As we see folks retiring or moving on to new roles, don’t just fill the seat with the same qualifications in the same body. Look at it from a holistic view and understand what makes sense. You know, as AI burst onto the scene, I’d like to have somebody who has experience with it and experience with implementing it responsibly in a security environment. Just a few examples of what I would say but really go back to the whiteboard.

I’m a big white boarder.

Whiteboard out what where are you today? Have a realistic expectation. Don’t sugarcoat it. Right.

Say where we are and say where do we want to be in three months? Where do we want to be in six months? And where do we consider ourselves mature? And maturity doesn’t mean you’re done.

It means that you still have to continue to maintain and uphold that cyber hygiene.

Josh Henderson: You have to start somewhere, and then you have to kind of stay on top of things Absolutely. As things start to get implemented. Tim, thank you so much for joining me today. This has been such an informative conversation. We appreciate it.

Tim Walsh: Thank you so much, Josh.

Josh Henderson: As we heard today, true cybersecurity awareness comes from people, empowered employees, strong leadership support, and cultures that make security a shared value across the organization.

Tim’s perspective reinforces a central theme of this two-part series.

During Cybersecurity Awareness Month, it’s a reminder that public sector leaders can take steps now to prepare their teams and build long term resilience.

If you’d like to learn more, check out the show notes for additional resources, and we’d love to hear your feedback.

Fill out the listener survey linked in the notes or reach out anytime at podcast@tylertech.com. And be sure to subscribe, rate, and review the show so you never miss an episode. For Tyler Technologies, I’m Josh Henderson. Thanks for listening to the Tyler Tech Podcast.