Chief Information Officer John Rorke talks about the behind-the-scenes technology that keeps the City of Winder running. From cybersecurity threats and protecting critical infrastructure like water and gas systems to training employees and preparing for emergencies, Rorke offers an inside look at how technology quietly supports nearly every city service residents rely on. 

Q: Can you tell us a little about yourself and your background? 

A: My name is John Rorke. My family and I live in the City of Winder. We’ve been here since 2019. Previous to that, we were out in Gwinnett County, and spent a number of years in the private sector working for a Fortune 500 company. Then, I was able to  work at a school where my kids attended, and I was able to see them during the day. That was an amazing experience before they headed off for college and out of the house. Finally, I landed here in Winder working for the city.  

Q: Your title is Chief Information Officer. How is that different from a Public Information Officer? 

A: A chief information officer is generally the leadership title for what you would consider the technology department. A public information officer is somebody who is focused on the communications of the city—so any public statements or news releases  would come through the public information officer.  

Q: How would you describe what you and your team do for the city on an everyday basis?  

A: Our job is to keep the city running. We support and protect the technology. As a result, we protect the city. It's also our job to protect our critical infrastructure. The City serves water, gas, and other services. Cybersecurity is a big, big topic these days. It’s a very real issue. And we are very much under attack every day. Our job is to defend our infrastructure, resources and operations. 

Q: Is there a moment that you could share with everyone where technology quietly saved the day in some incident at the city and for residents, that nobody ever heard about?  

A: Sure. We see active attacks against the city every single day. We've put in safeguards to block those and to mitigate that risk.  

These are very real threats. They're coming from overseas. They're coming from Russia, Iran, China. We're seeing it from all over the world. We even see some domestically from within the U.S. And it's a constant. It's a full-time job just keeping up with these and making sure we are protected against them.  

Something as simple as an email comes in. That is often all it takes to get compromised. And next thing you know, they've got control of your computer or they’re in your bank account. And it's just a matter of being aware if something doesn't look right. If it's suspicious in any way, it deserves a second look and a second thought of, okay, is this really who this person claims to be? Are they really wanting what they claim to want and verifying that it is indeed legitimate? Or is it something that should be deleted and it's not real? 

Q: What's the one thing you would recommend in terms of cybersecurity?  

A: A lot of these attacks come in from overseas from people who are not masters of the English language, and they spell frequently used words incorrectly. Look at a person's email address. If it's claiming to come from your bank, is it Bank of America.com or is it gmail.com? Something as simple as that could be a red flag. 

Q: What is the biggest to threat to government in terms of cybersecurity? 

A: Phishing or social engineering. With the AI advancements, those threats are becoming very advanced and more difficult to spot. It's even gotten to the point where they are now capable of setting up live video calls.  

Q: How do you know the difference? How do you know if something is legitimate? For example, if I receive an email or a phone call or a text message from you that says ‘I'm in a meeting, I need you to go find me $500 worth of cards?’ 

A: You know, it sounds silly, but people do it. The most reliable way is for me to call you back at a known, trusted number and verify. ‘Jonathan, I just got this message from you. Did you actually send this? Do you really want $500 worth of Google currency?’ And I've seen that happen very frequently where somebody receives a text message or an email, usually from their boss or even their boss's boss saying, ‘I'm tied up, I need your help.’ And it's always urgent. They've always got to do it very quickly. It's easy for people to get caught up. By nature, most people are pleasers and they want to make people happy. They want to do a good job. Sometimes they just need to pause and think for a moment. 

Recently, we received an email from what appeared to be one of our vendors saying we need to change the payment address on this invoice for a fairly large sum of money. Our finance team recognized that. They reached out to the vendor directly at a trusted source to verify. Indeed, it was not legitimate. It was a scam trying to get us to send our money elsewhere.  

Q: How has technology changed during your time working with the city? 

A: One of the biggest changes has been the onset of AI. That has just turned so many things upside down. It's a wonderful thing and a terrible thing all the same time. Used properly, it's an amazing tool. But people are using it for illegitimate and nefarious purposes. A lot of my time thus far has been spent just getting our internal infrastructure and our internal operations up to speed. 

A couple of years ago, we rolled out a new planning and permitting website that allows a lot of our interactions to take place online now, which has been very helpful to not just our planning department, but hopefully our constituents and developers coming to town. 

Q: How do you make sure that employees are properly trained on what they should and shouldn't do? 

A: We have ongoing training available for all of our employees.  

We also have a number of tools in place that allow us to monitor and control our employee devices. We are able to manage those devices remotely and make sure that people are protected from themselves sometimes. 

Q: Is there a fun story or probably the most exciting thing you've ever been a part of?  

A: Our goal is to have an uneventful day.  

Q: How do you all deal with everybody wanting a different setup when you've got 900 different things you're trying to take care of? 

A: A lot of people view it as the Department of No. Okay. But in my department, I tell my guys that we should base our interactions on kindness and respect. 

Every interaction needs to be based on meeting people where they are. Have some patience and get them to where they need to be. 

The stereotype of a typical IT person is that we don't interact well with people, that we like to hide behind doors. The running joke is there's two types of IT people—one that you allow to interact with people, and those that you lock behind a closed door. 

It's difficult to trust somebody that you can't see and that you don't know. I've made it a priority with my team to have people who can interact with people who do have that kind, gentle spirit and are helpful by nature. 

Q: What role does IT play in disaster preparedness and public safety? 

A: A big part of our role is making sure that our systems are backed up and are redundant and hopefully have minimal downtime. If something happens to one location, we have alternatives ready. We test these systems regularly so we’re prepared if an emergency occurs. 

Q: What is your process to make sure we're proactive?  

A: A lot of it comes down to training and making sure we’re up to speed. It’s important that you have staff who are trained and ready to handle the different tasks. We're learning things every day. Our job us to know enough to get people the help that they need.  

Q: Because you came from the private sector, what are those transferable skills to come from the private sector to the government world? 

A: It's the soft skills that you can't teach a person. Technology you can learn. There are fundamental technology concepts that are consistent across just about any organization. There's a lot more specialized things that are very specific to local government that can be learned. 

Q: What’s one myth about government IT you’d like to clear up? 

A: We just don't hide under our desks and work from midnight to 8 a.m. 

We don't all go home and sit in our basements playing Xbox all day long after we go home from work. We've all got very different hobbies. We have families. 

Q: What really excites you about where technology can go from here and how it can make our lives more streamlined?  

A: I'm a big proponent of efficiency. I'm always looking for inefficiencies or better ways of doing things, to make something less expensive, go quicker, or reduce the amount of time for staff to get through that particular process. The possibilities are limitless there. I get excited about looking forward and thinking what else can we do to make our city operations more efficient and hopefully less expensive. 

Q: How has social media impacted your work?  

A: Most of our social media needs or issues are handled by our communications department.  

A lot of the public probably doesn’t understand that everything that happens on social media becomes an open record. When somebody comments on something, that comment becomes part of the public record. 

Anything that is posted by the city or on any of the city’s social media accounts—whether it’s Facebook, YouTube, or another platform—is considered an open record. Those records are captured, archived, and saved for future search or documentation, if needed. 

Q: Is there anything you’d like the public to know as we wrap up? 

A: We absolutely love this community. It's surprised us in a way. The people, the city staff, and the sense of community have all been wonderful. And it is a great place to live. Winder really does have great things going on, and we’re happy to be part of it.

Listen to to this Winder Works episode and more on Apple, Spotify, YouTube, or whever you enjoy podcasts.