In remarks that opened the event in downtown Sacramento, state Chief Information Officer Liana Bailey-Crimmins, who is also the director of the California Department of Technology, reminded an audience of hundreds that the state is on the receiving end of more than 400 million malicious online probes each day.
“The good side of that story is, we’re not in this fight alone. We are a community of IT and security professionals that defend Californians and what is most precious to all of us: California resident privacy, sensitive and confidential data and our critical state assets,” Bailey-Crimmins said. Miriam Barcellona Ingenito, the undersecretary of the California Government Operations Agency, and Vitaliy Panych, the state chief information security officer, who followed her at the dais, also emphasized collaboration and partnership while highlighting key state needs. Among the takeaways:
- Maintain the state workforce: Ingenito, who was appointed to her current role in August by Gov. Gavin Newsom, was previously the first director of the Financial Information System for California (FI$Cal), a post she held for nearly seven years. She cited the statistic Bailey-Crimmins quoted and said having received a similar stat every morning as FI$Cal’s director was “just a sobering reality.” She praised state staffers for having “evolved with the threats to help fend off and protect the state.” The task at hand, said Ingenito, is to keep their numbers strong — while competing for new hires with the private sector and across the world.
“Our greatest asset is our people and that’s why we must build new pipelines for state employees to come, as well as to develop the skill sets and make sure that you continue to evolve with the growing threats,” Ingenito said, adding: “In my role as undersecretary, one of the key things we are working on is looking at the pipeline to bring qualified and talented people into the state.” Panych, appointed CISO by Newsom in January 2021, struck a similar tone, pointing out the most recent number showed 200 to 300 security professional job openings within state government. - Partnerships are vital. Working together, Panych said, can be a force multiplier — and it’s something bad actors already exploit. “The attackers are doing that on the dark web every day, providing as-a-service-type activities to each other. We need to do that better. We need to one-up those adversaries,” he said, recommending building relationships through events like the Summit and through CDT’s academies, which include the Information Technology Leadership Academy and the Project Management Leadership Academy.
- In cybersecurity, awareness is key. Just as everyone uses computers, tablets and cellphones online, everyone needs to improve their cybersecurity posture, the CISO said. In practice, this means making “our executives our security professionals, our HR people, our public information officers.”
“Security doesn’t start within just the IT community, it starts with the people and the people are embedded within every facet of the organization,” Panych said. “I implore everybody to bring in an executive and educate them ... to start learning cybersecurity, to start figuring out what risk mitigation is.”