Suffolk County names John McCaffrey its top tech officer as cybersecurity chief departs
Suffolk County has appointed a new chief technology officer, officials confirmed, while the top cybersecurity officer hired during the Bellone administration has been released.
Suffolk on Friday said John McCaffrey, a former chief information officer for Westchester County, will take the top CIO role at the county, replacing Scott Mastellon, the former commissioner of the Department of Information Technology.
McCaffrey, who starts next week, most recently served as chief information officer for H2M architects + engineers, where he spent four years. He previously served as chief information officer for the LiRo Group as well as Westchester County. He was also commissioner of information technology for Orange County, director of information technology for the Village of Skokie, Illinois, and deputy commissioner of finance and technical support manager for the Town of North Hempstead.
The appointment came at the same time Suffolk released Kenneth Brancik, who in May was hired to be the county’s first chief information security officer. Brancik was appointed after the county’s computer networks had been hit by a Sept. 8, 2022, cyberattack that crippled county services for months and led then-Suffolk County Executive Steve Bellone to declare 16 consecutive states of emergency through December 2023.
Suffolk last weekend was subjected to a countywide phishing email attempt in which attackers sought to hijack user password and log-in information to gain access to the county’s sprawling network, officials said. The attack was unsuccessful.
Suffolk County spokesman Michael Martino declined to discuss Brancik's departure, citing personnel policy, but confirmed the phishing attempt and said it was handled by two deputy IT commissioners, Michael Azzara and James Kiley.
County Executive Ed Romaine, in a statement, thanked the two men and said Suffolk “continues to assess the IT systems and look deeper into the damage that was done by the cyberattack.”
Romaine said McCaffrey's “experience and expertise will play a critical role in protecting the county's infrastructure.”
Brancik, who made $184,214 a year, was appointed in May after a search conducted by former county consultant Michael Balboni, Bellone said in a Newsday interview in 2023. Brancik’s job was to create a recovery plan for potential cyberattacks in the future, Newsday reported. Brancik had previously been cybersecurity chief for Mount Sinai Health System. He did not return a message seeking comment Friday.
Brancik was appointed the same day a special legislative committee on the cyberattack found the county did not have an emergency response plan specific to cyber breaches
The county in the years prior to and the months after the Sept. 8 attack had employed a “coordinator” of IT security operations who had retired and operated as an outside contractor. A 2019 county report had recommended the county hire a chief information security officer to centralize county cybersecurity policies and operations. Bellone has said he should have hired one sooner than May 2023.
The 2022 cyberattack cost the county $5.4 million in investigation and remediation work, but more recently county officials have indicated upward of $27 million had been spent replacing systems, software and security. County Comptroller John Kennedy earlier this month said he identified $13.8 million in unnecessary or redundant purchases, and Romaine has said he hired an outside firm to review the purchases.
Judge delays Trump sentencing ... Holiday travel forecast ... Navigating politics over Thanksgiving ... FeedMe: Holiday pies ... Get the latest news and more great videos at NewsdayTV
Judge delays Trump sentencing ... Holiday travel forecast ... Navigating politics over Thanksgiving ... FeedMe: Holiday pies ... Get the latest news and more great videos at NewsdayTV