Cybersecurity Veteran Aguilar Named L.A. County’s CISO

Jeffrey Aguilar, a longtime cybersecurity specialist with a background in the public and private sectors as well as academia, has been named Los Angeles County’s chief information security officer (CISO).

Aguilar has been in cybersecurity leadership with the county since November 2010, having served first as CISO for the L.A. County Mental Health Department for seven years before being named the county’s deputy CISO in May 2018. He served in that role until then-CISO Ralph Johnson moved to the private sector in September 2021, at which point Aguilar was named acting CISO. His appointment to the top spot was made final last month.

In an interview Wednesday with Industry Insider — California, Aguilar laid out his priorities in no particular order as he settles into his new role overseeing security for a county government with more than 100,000 employees and another 20,000 to 30,000 volunteers and interns.

“No. 1 would be cyber risk management with an emphasis on third-party contracts,” he told Industry Insider — California. “The county is a large organization, lots of lines of business, and we have thousands upon thousands of contractors, so it’s really getting your arms around that third-party risk component.”

Another of his goals, he said, is understanding “the pain points from a business perspective.” And that, he said, entails an acknowledgement by county line-of-business leaders that cyber risk isn’t just something for the CISO’s team to manage; it’s also a direct threat to — and something that needs to be addressed by — those very lines of business.

“I want the business to weigh in on what they feel the priorities should be with respect to the businesses,” he said, adding that he’ll “take the results of all that feedback and data, and then use that to drive the next iteration of the strategic plan.”

He said the county is in the information-gathering phase of developing the strategic plan, and he declined to speculate when it might be published — which he said it will be.

On the topic of purchasing and procurement, Aguilar said he’s addressing “regional collaboration, engaging local jurisdictions and states and bringing them to the table to understand where are pain points in the government community? There is opportunity, looking for master service agreements or contracts that we can leverage across the board.”

In terms of vendor opportunities, Aguilar has a straight message: “Let’s engage conversations within three to six months, for a couple of reasons: We’ll have buy-in on what the strategic plan’s going to look like. When it’s completed, I’m going to put it online.” He noted that state CISO Vitaliy Panych, of the California Department of Technology (CDT), publishes his department’s strategic plan, and Aguilar supports that transparency.

“They (CDT) published it and put it on LinkedIn, and it was a great resource for folks to look at and understand — how are these complex organizations addressing complex issues? If we can be transparent within reasonable limits, there’s no reason we can’t share our strategic plan.”

Aguilar urged those selling technology to government to stay abreast of the county’s plan — “That’s the best bang for the buck for the vendor.”