The State of Florida operates a sprawling infrastructure of mission-critical systems serving over 20 million residents across dozens of state agencies. The attack surface spans financial management (FLAIR), procurement (MyFloridaMarketPlace), unemployment assistance, professional licensing, healthcare claims processing, tax auditing, corrections operations, and public safety systems. MyFlorida.com itself is the public-facing portal anchoring access to state services - a high-visibility target with direct exposure to resident PII, payment data, and benefit records.
The technical domains under protection include revenue management systems, disaster recovery infrastructure, law enforcement databases, and critical health administration platforms. This is not commodity infrastructure; compromise of any single system ripples across dependent agencies. Threat models are concrete: credential harvesting against employee networks, ransomware targeting financial systems, data exfiltration from corrections or health records, and denial-of-service against public-facing portals during emergencies or tax seasons.
The scale and interconnection of these systems create a defensive perimeter problem. Teams span IT infrastructure, application security, identity management, and incident response across multiple agencies that don't always operate as a unified security organization. The work is infrastructure-heavy - patching legacy systems, monitoring for unauthorized access, responding to incidents affecting public services, and maintaining resilience when downtime directly impacts resident access to unemployment benefits, tax filings, or license renewals.