skip to main content
Office Closures and Delayed Openings
YouTube icon image 
YouTube icon image
Home  |  Intranet  |  Contact  

Link to Texas Department of Criminal Justice homepage
connections logo

An employee publication of the Texas Department of Criminal Justice


October 2024

Battling the Bad Bytes

You are playing a game that never ends. There are no timeouts. There are no do-overs. Your opponents are sinister and do not play fair. They are constantly looking at every rule and figuring out ways to break them. You can’t see these evil opponents. They may be in your town, or they may be on the other side of the planet. You know that one simple mistake can cost you and your team any chance of success against these bad bytes.

“One of the things I like to tell people is we have to get it right 100 percent of the time. Criminals only have to get it right once,” said John Schimanski, Deputy Chief Information Security Officer for the Texas Department of Criminal Justice’s (TDCJ) Information Technology Division (ITD).

Billions of bytes of information are constantly flowing through TDCJ. The employees of ITD could be considered the referees in this game of good bytes versus bad bytes.  Schimanski has been in this game for many years and knows that the ITD must scan the whole playing field.

“We do everything from investigations to reviews of products that we're bringing into the agency to make it better, faster, and more convenient for everyone to work,” Schimanski said, “We review the computers for security posturing, the software, the tools in Mainframe, and the programs like Microsoft Teams. If we suspect a computer has been infected with a virus or with malware, we bring it into our office, we store that information for legal reasons. We also support the legal team in the Office of General Counsel.”

ITD is also looking to stop attacks before they happen. They monitor the dark web looking for any mention of the agency or high-ranking members who could potentially be a target for hackers.

ITD could be seen as the coaches of this game as well. Schimanski said, “We're the ones conducting the phishing exams, the fake e-mails trying to get your credentials. We also work with HR, teaching a new hire the employee orientation, to do contractor onboarding, to explain to them how important it is to keep that data safe, to keep the crown jewels safe.”

The crown jewels are not money, but the data itself. TDCJ consists of employees, inmates, parolees, and probationers all of whom must have their data protected. That is approximately 600,000 people’s data. ITD takes that seriously.

An inmate within TDCJ is considered a ward of the state. This protection is not just for the physical well-being of an inmate but also for their personal information. Computer hackers are constantly adding more bad bytes to the game. If those bad bytes win, the hackers can then sell that information through the dark web or use it themselves. A newly released inmate trying to integrate back into society may find his or her identity has been stolen, making their path to a new life even more challenging.

Sometimes it may not be a malicious attack, but simply a human error. In the summer of 2024, the cybersecurity company CrowdStrike uploaded a faulty upgrade which affected computer systems all over the world. Governments, businesses, and individuals had their computer systems shut down causing mass chaos and billions of dollars in financial damage. TDCJ was not completely immune to that CrowdStrike error.

“TDCJ as a whole faired fairly well. There were some things that we have in the state data centers that were affected, but we were able to get those fixed with the state data center employees’ help,” Schimanski said.

The best offense can be a great defense. One would think ITD would be the first line of defense, but it’s actually the employees themselves. Every TDCJ employee that interacts with data through computers, phones, or tablets are the real defensive line in this game.

Schimanski offers a game plan for this defense, “The biggest piece of advice I can give you, take a second and think, does this look right?”

A TDCJ employee should never share their passwords or accounts with anyone. Also, employees are encouraged to be skeptical of odd e-mails or strange data being processed through their departments. If something looks wrong, why does it look wrong? What is the context of the data? Should a link be clicked or rejected? The IT Division is always open to employees who may have questions or concerns about their data.

“So, what I want to impress upon is that you are not bothering us. You can call and cry wolf 15 times a day. That's what our job is, to investigate those types of things. It may take us two minutes, or it may take us two hours to figure out what's wrong and if we need to raise the flags on anything. That's what my team is for.”

In the TDCJ family, we are all in this together. The bad bytes are always out there, and the game never stops.