Five Questions With the State Cybersecurity Center’s Project Manager

Sandra Peterson, who has more than 20 years of state service in technology and compliance, was named in October to be the project manager for the California Cybersecurity Integration Center (Cal-CSIC), the strategic hub of state government’s cybersecurity events and part of the California Governor’s Office of Emergency Services. Peterson started her career in state government in July 2001, with the Department of Health Care Services. In the ensuing 10 years, she worked her way up through the ranks — from master file supervisor to HIPAA privacy subject matter expert and business analyst, then to civil rights investigator/counselor, then to project manager. From DHCS, she moved to the California State Teachers’ Retirement System as a senior project manager, and then to the Department of Motor Vehicles as supervising project manager, then to the Department of Social Services as project director before taking her current role at Cal-CSIC.

Peterson is a graduate of California State University at Sacramento and of the Project Management Academy, and she has numerous professional credentials and certifications. Off the job, she has been a sustainer/volunteer with the Junior League of Sacramento.

Industry Insider — California posed five questions to Peterson via email. Herewith is that exchange, edited lightly for style:

Industry Insider — California: What are your top priorities and goals for Cal-CSIC?

Peterson: Implementing quality solutions is my priority while ensuring stewardship with our critical partners and vendor relationships. I am charged with directly managing California Cybersecurity Integration Center infrastructure security projects, where I provide strategic technical leadership, influence and expertise that drives the organization’s use of technology toward constant improvements with the highest level of security measures.

My goals coming into Cal-CSIC are to learn how the state’s technology infrastructure can continue to be secured and translating that to implementing cybersecurity solutions, enforcing compliance with policies and requirements, and ensuring security and privacy controls across multiple information technology disciplines to protect data for California government and for its citizens.

Industry Insider: How has your previous project management experience from a large state organization prepared you for this new role?

Peterson: My previous experience working specifically at the Department of Health Care Services and the California State Teachers’ Retirement System prepared me for this role as the project manager in cybersecurity. For over five years, I worked on the HIPAA Privacy Implementation for the Medi-Cal Program to be successfully compliant with the federal regulation. This was a big part of preparing me for the role I am in today as it laid the foundation for my privacy and security knowledge base, its importance in documenting the flow of data, examining current safeguards, and developing policies and procedures to ensure that data is protected and encrypted. This led me to CalSTRS, where I established and administered formal project management processes and plans for the Pension Solution Project. I led infrastructure and operations technology projects across the enterprise while working side by side with some of the smartest professional experts in state government. They believed in me and taught me everything I know about the functionality and dynamic brain of the technology world including the Software Development Life Cycle (SDLC), the Information Technology Infrastructure Library (ITIL) and agile frameworks. It was my privilege to work with some of the finest people in state service that are in the technology domain. I immersed myself with these talented individuals, learned everything I could, and asked many questions which at the end of the day enhanced my technical knowledge and skill set.

Coming into Cal-CSIC, I recognize these same traits and mindsets in the team. This is the type of mindset that proves to me I am working with the best of the best California government professionals and experts in the cybersecurity domain. I am honored to be recognized as an expert in project management and risk management to ensure privacy and security measures are implemented to protect the state’s data and an active member of this top-class cybersecurity team. I’ve had some incredible people come into my life that I learned from, and now I look forward to working with this Cal-CSIC team to enhance California’s cybersecurity.

Industry Insider: Can you share any advice or lessons learned for other women moving up in leadership of state government?

Peterson: One of my lessons learned is humbly, “Where I am in my career currently does not define my future,” and “master where you are.” Right now is a place in time. Planning is what helps to define where you will be in the future. I am innately futuristic. I share that vision to help the team in its planning and execution of goals. I’m very ambitious, organized, solution- and goal-oriented, which makes me highly productive. There is a lot of work to be done that requires fast turnarounds when working in technology. My advice to women would apply to anyone wanting to become a leader in technology: Identify your goals. Write them down. Research what you can do to accomplish those goals. In technology you should plan to be a student forever and have the mindset that you want to learn, grow and advance. Develop a plan and timeline to complete those goals. Then share your accomplishments, tell other people of your plan to be a leader, and ask them for advice. Some of the best advice I received was because I asked the question and shared my career goals. If you don’t tell others you want to be in leadership, how will they know you want to be in leadership? And finally, start small. Don’t jump into the deep end without having some smaller leadership successes. Leadership doesn’t mean the highest rank in an organization. There are many amazing opportunities within an organization to be in a leadership role. As you grow and mature in your job, you will be pleasant and welcome challenges with a smile. Otherwise, you may be in over your head. Master where you are in your career currently.

Industry Insider: What should vendors expect or look for in the next six to 12 months?

Peterson: There are some activities that are being assessed to determine if vendor support would be needed. I would say that vendors should keep their eyes open for any future procurement opportunities.

Industry Insider: Is there anything else you’d like to add?

Peterson: Per Government Code. Section 1. Section 8586.5 (a): The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center’s primary mission is to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public- and private-sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state government’s cybersecurity activities and coordinate information sharing with local, state and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations.

We are looking for experts in cybersecurity that recognize the value of protecting data and the benefits of working for a government agency. Monitor job opportunities that support Cal OES Cal-CSIC.