Cybersecurity Inside State Legislatures


webinar graphic

State legislatures are vulnerable to many different types of cyberattacks—politically motivated cyber attackers and hacktivists, organized attackers, disgruntled employees, or even benign computer trespassers. Legislative IT CIOs and managers are very familiar with these threats: They named cybersecurity as the number 1 priority in recent NCSL surveys. Learn how legislatures are dealing with cyber threats, including what kinds of funding, staffing, training, preparation and policies are needed to respond. Join us to discuss the current challenges legislatures face and actions they are taking to protect the institution.

Presented by the National Association of Legislative Information Technology (NALIT).



  • Cindy O'Dell, manager, Service and Support Center, Legislative Research Commission, Kentucky; Chair, NALIT


  • Jeff Ford, chief technical officer, Legislative Services Agency, Indiana
  • Michael Norris, cybersecurity administrator, LEG-TECH, Washington

Speaker Presentations

Speaker Biographies

Jeff Ford is the chief technical officer for the Indiana Legislative Services Agency and oversees security for the Indiana General Assembly. He currently holds both a CISSP and GSEC certification and is currently working on his GCED certification. Jeff joined LSA full time in 2003 after serving two years as the CIO of Pioneer Financial Services. Jeff started his IT career with WordPerfect Corporation in the early 1990s and later owned the consulting firm, Software Studios, Inc., that specialized in providing custom software solutions in the legal and legislative markets. Software Studios helped the Indiana Legislative Services Agency develop their current drafting solution, and they actively marketed the LegiSoft product line until 2001. Jeff completed his undergraduate studies at the University of Missouri - Kansas City. 

Michael Norris is cybersecurity administrator for LEG-TECH with the Washington State Legislature. He received his B.S. degree in computer science from The Evergreen State College. Michael is a 20-year IT professional and holds both a CISSP and a CISA certification. He has held other security certifications including a PCI-ISA and a PCIP. Michael started his security career with Weyerhaeuser and over the last 12 years he has worked both as an auditor and security professional. Michael has built and led both audit and security programs in health care, retail and the state legislature. Michael led disaster recovery efforts during Hurricane Katrina and has implemented cybersecurity incident response and disaster recovery programs for both MultiCare Heath Systems, REI and now the Washington State Legislature.

Cindy O’Dell has been the Network Service and Support manager for the Kentucky Legislative Research Commission (LRC) since 2009. She began her career with LRC in 1998 as a Network Service and Support Technician. Cindy later served in the role of Analyst in the programming section before returning to lead the Service Center. She has always remained focused on the customer experience. Prior to joining the legislative branch, Cindy worked in the executive branch of Kentucky state government.