Local cyber leaders emphasize policy, people

For chief information security officers in local government, emphasizing governance and processes of cybersecurity hygeine can be as important as the technology itself.

Stephanie Smith, the IT security director for Mecklenburg County, North Carolina, tells StateScoop her role takes her “a little outside the technology realm.”

“I work with policies, procedures and a lot of folks within the executive realm to develop the path forward as it relates to IT security,” Smith says on the fourth episode of StateScoop’s 2019 LocalSmart Awards podcast series. 

Smith is one of six winners named in the inaugural group of LocalSmart Cybersecurity Leader of the Year awards last September:

  • Michael Dent, CISO, Fairfax County, Virginia
  • Timothy Lee, CISO, Los Angeles
  • Michael Makstman, CISO, San Francisco
  • Greg McCarthy, CISO, Boston
  • Marcelo Peredo, CISO, San Jose, California
  • Stephanie Smith, information technology director of security, Mecklenburg County, N.C.

Lee, who directs IT security efforts for the City of Los Angeles, says his main focus is to balance the business needs of becoming a smarter, more responsive city with the logistical and technical requirements of cybersecurity.

“City of Los Angeles is currently introducing many digital and smart city initiatives, which embrace new technologies,” Lee says on the podcast. “But at the same time [those initiatives] also make the city vulnerable to cyberattack.”

For Lee, that means a delicate balance between technology and processes that run in silos and ones that bridge the city’s departmental and expertise gaps.

“A lot of time, the CISO’s challenge is that we have implemented so many projects and tools that ran in silos,” Lee says. “The only way to have a successful strategic implementation is to have a coordinated implementation.”

McCarthy, the Boston CISO, says his focus is on educating staff on good information security practices.

“It’s really important to train our employee population on how to identify phishing emails, how to protect themselves when using technology and resources,” McCarthy says on the podcast. “It’s not all about technology, it’s about people as well.”

On the podcast:

  • Timothy Lee, CISO, Los Angeles
  • Greg McCarthy, CISO, Boston
  • Stephanie Smith, information technology director of security, Mecklenburg County, N.C.
  • Betsy Foresman, staff reporter, StateScoop

Things to listen for:

  • In Los Angeles, Lee is responsible for the execution of the city’s “Malware Analysis and Remediation Service,” which allows all city employees to report a suspicious email or file attachment in just two clicks.
  • Boston has launched an information-sharing consortium with eight other surrounding municipalities to share cybersecurity information and resources. 
  • Smith strives to be an effective communicator with elected officials in Mecklenburg County to communicate her understanding of current cybersecurity concerns.
  • Last year, Boston changed its cybersecurity leadership structure so that the city CISO reported directly to the city CIO — giving cybersecurity a voice at the executive level.

The LocalSmart podcast is a five-part miniseries highlighting the winners of the 2019 LocalSmart Awards. It’s written, produced and hosted by Betsy Foresman and Jake Williams.

Listen to all of StateScoop’s podcasts on Soundcloud, Apple Podcasts, Spotify, Google Play, Stitcher or Alexa’s TuneIn.