IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Cross-Agency Planning Key to Cybersecurity in San Francisco

CISO Michael Makstman explains what it takes to secure San Francisco, how the city is approaching generative AI and the importance of sharing information in the Coalition of City CISOs.

Michael Makstman.
Michael Makstman
As San Francisco’s chief information security officer and interim chief information officer*, Michael Makstman is charged with defending a city whose international reputation frequently puts it in the sights of cyber attackers. In the role since 2018, he talked with Government Technology* about his cybersecurity approach and how the city has been closely watching federal and state actions as it looks to develop its own generative AI guidance. Makstman also co-chairs the Coalition of City CISOs, which launched in 2020 to help peers from large cities and counties share information and ideas.

GovTech: What are the challenges of securing San Francisco?

Makstman: Because of San Francisco’s unique space in the national arena, as well as international … with attention comes more cybersecurity risk. … We know that no matter what the technology we have, things happen. … So, as much as we’re putting attention on detection [and] prevention, we’re also doing a lot on responding. ...

We worked with our Department of Emergency Management to make sure that we have a unified plan. … It wasn’t enough to get IT and cyber folks together, we wanted the emergency side — the traditional emergency managers — to also understand their role in a cyber emergency. ... We had our first citywide exercise last December.

GovTech: How is San Francisco approaching generative AI?

Makstman: I’m part of the team that is working under the city administrator on AI — specifically generative AI — guidelines. ... We’re now getting ready to release the first set of guidelines [in December 2023]. We know this is a very changing environment and so it won’t be one-and-done. We want to support innovation that generative AI and AI can bring to city services, but in a very measured way that’s also considering the risks. …

Whatever the technology of the day is, we want it to be equitable. We need to make sure it doesn’t introduce bias into our interactions with San Franciscans and that it’s accountable and transparent. … In this environment, where generative AI is expanding rapidly, figuring out appropriate use cases will be an evolving question. How do we make sure that we don’t say go one way or the other way? … The best way to engage is actually thinking about the benefits and the risks [of GenAI], and then letting our departments evolve in a measured way … versus to say, “Use it for this specific service.”

GovTech: What is the Coalition of City CISOs focusing on?

Makstman: It has never been more important to share information than now. … As a coalition, we’re exploring models for, how do we share more and better? Traditionally it’s been very informal, but we’re looking at formal models for regionally sharing information, together with partners and CISA. Because when you get into an emergency situation ... unless there is a pre-signed sharing agreement, you might find yourself with limited ability to share with your colleagues.

We also are participating in building more bridges with the National League of Cities and U.S. Conference of Mayors, because … [cybersecurity] now really has risen to the agenda of mayors. And they want to know: What are the good practices? How do we measure ourselves? What should we expect from our cybersecurity teams?

GovTech: What are you focused on for 2024?

Makstman: A lot of our services are investing in even more digital. I’m personally excited to see how we as a cybersecurity team, and as … part of this larger IT committee, how we can enable even more and better delivery of government services. … I firmly believe in the power of technology — in the right hands, with the right intentions with the right principles — to improve the lives of San Franciscans and to improve the services that we can deliver. … We also know we will have to tighten our belts. So, we need to be clever, and we need to be smart about, with economic pressure, how do we continue to do what we do, but do it better?

*As of press time, Makstman had been named San Francisco’s interim CIO in addition to his role as CISO following Linda Gerull’s retirement.

This article originally appeared in the January/February 2024 issue of Government Technology magazine. GovTech is a sister publication of Industry Insider, and both are part of e.Republic.
Jule Pattison-Gordon is a staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.