IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Municipal Security Manager: ‘There’s a Lot of Opportunity to Partner’

An image of Eudora Fleischman, IT infrastructure and security manager of the city of Fairfield, I think what we need to be doing is more partnerships together with the people around us, with the government agencies around us, from the state all the way down."
As part of Industry Insider — California’s ongoing efforts to inform readers about state agencies, their IT plans and initiatives, here’s the latest in our periodic series of interviews with departmental IT leaders.

Eudora Fleischman is IT infrastructure and security manager at the city of Fairfield, a role she has had since June 2018. Fleischman is a longtime city employee, joining in June 2004 as an IT project manager. Before becoming infrastructure and security manager, Fleischman was senior IT analyst lead over infrastructure for more than 14 years.

Her professional licenses and certifications include having ITIL4 (Information Technology Infrastructure Library) Foundation CPD certification from Axelos; having ITIL Foundation level certification from PeopleCert; and having her Microsoft Security immersion completion badge.

Industry Insider — California: As IT infrastructure and security manager at your organization, how do you describe your role? How have your role and responsibilities changed in recent years in terms of their intersection with IT and innovation?

Fleischman: I started with the city back in 2004, and I moved into having the title of project manager, then to senior IT analyst within infrastructure. It wasn’t considered an infrastructure manager. They called it, and they still do call it, a job class of IT manager, who was charged with taking care of the infrastructure. However, me and the other person who has since retired, he kind of took care of one half of the infrastructure and I kind of took care of the other half. And then when he retired, I kind of absorbed it all. And then it turned into security as well. And so, they renamed the title infrastructure and security manager because it requires me and our team together — and I hate to say “my” team, because we’re a group who’s been working together for a very, very long time, almost two decades. And we’ve built this infrastructure together over the years. We have a great holistic team here. I started also taking on the management piece — agendas, resolutions, paying the bills, all those kind of things. Lots of meetings with other department heads and how we’re servicing internally to the city of Fairfield. We take care of all of the communication infrastructure, all of the virtualization, all of our cloud instances and security across all of that, as well as, recently, we had one SCADA [supervisory control and data acquisition] water treatment plant that we were taking care of their systems, and from a virtual perspective. And then we inherited the second city of Fairfield water treatment plant. We have two water treatment plants. We are a drinking water facility and utility here, as well as water distribution for the city of Fairfield. And then we also partner with the city of Vacaville and help take on any type of delivery if they have downtime with their water as well. We work together within Solano County very holistically with our partners, here, at the city of Fairfield. We are also the county seat; the city-county main building is located in downtown Fairfield. And we work a lot with Solano County and their emergency [Project 25] P25 911 system. We have two of our own hills and a third just for water treatment. And then the other two participate in the 911 system. So, there’s a lot of infrastructure and IT across the city of Fairfield, which isn’t customary for normal, tiny, sleepy bedroom communities like the city of Fairfield.

IICA: Does your organization have a strategic plan, and may we hyperlink to it?

Fleischman: The city of Fairfield does have a strategic plan. It’s basically Information Technology 2022 Successes. And then underneath that, you have links that go off to several strategic plans that the city had reviewed. From a cyber and infrastructure and cybersecurity position, we went through numerous cybersecurity assessments with our eyes wide open, to take a really good look at opportunities for hardening. Where are our holes? I want to know all of that. I don’t want to have my head in the sand. So we, as a team, went through a year’s worth of assessments. To me, that’s an iterative process where you’re going to want to do that every few years. Just to make sure, as the threat landscape changes, you’re taking care of those newly formed holes that can be taken advantage of from threat actors. We have a citywide digital strategic plan relating to the IT technology portfolio. And also, we went forward with a GIS master plan. It’s really exciting because we’re taking the opportunity to map and create GIS layers that not only help internal employees, but we can give more transparency to our citizens so they can look things up that might be helpful for them. Mapping all the city trails in all of our parks, all of those kinds of things. And then we also have a cybersecurity resilience plan, which is a five-year plan. And it helps us gear our citywide budget to the needs, the actual needs, not wants or like-to-have, but what do we have to get done to serve the community.

IICA: At a high level, what big initiatives or projects are coming up? To the extent you can discuss, what sorts of developing opportunities and RFPs should we be watching for in the next six to 12 months?

Fleischman: Right now, the big initiative when it comes to the technology portfolio is going to be a new product called EnerGov. It’s actually a big initiative to upgrade and modernize our permitting system and multiple systems across the city that serve the citizens [and] developers. That’s going to be going live very soon. The other thing that we have going on [in] big initiatives, most of them actually are in the development of one new fire station [Station 36], out in the Green Valley area; and a replacement of a very old fire station [Station 39]. It desperately needs to be replaced. And then we also have what we’re calling, for Parks and Rec, it’s called the A4 development. And that’s going to actually be a new Parks and Rec center in downtown Fairfield, for the community. The other thing is, with the GIS master plan, we went through all the department needs, and we found out exactly what those needs were. We need to identify and map everything that the city of Fairfield owns, regardless of what the object is. Is it a communication tower or is it where are all the actual fire hydrants in the city? We want to know, where are all the trees in the city that we have to manage and maintain? That helps us not only know what we have, but it helps us with budgeting, to understand what we are responsible for and what’s it going to take to maintain all of these things across the city. No matter what it is. We are also creating dashboards for transparency that are going be going live on the city of Fairfield website, so that people can see exactly what we’re working on, to the extent that we can.

IICA: In your opinion, what should local government be doing more of in technology?

Fleischman: I personally think it’s kind of technology-adjacent. I think what we need to be doing is more partnerships together with the people around us, with the government agencies around us, from the state all the way down. An example of that — and these opportunities for synergy that actually help align government with best practice across the board — is North Carolina. The state put in laws, you will not pay a ransom, period. No matter if you’re a county, if you’re local, city, if you’re a university or community college in that state, you will not pay a ransom. The other thing they did was, they outfitted their National Guard with a cybersecurity team within it. And then, no matter where the ransom event or malicious attack occurs, that National Guard will be deployed, to the city, the county, or whatever government agency or educational agency needs help. That really helps streamline the process and direct funds into the cybersecurity for the entire state. And they’re all in lockstep. That is powerful. We should be doing more of that across the board, and we should be looking to proven and effective collaborations like that; and tools, technology tools that have been proven effective for what we want the end result to be. That’s a huge heavy lift, but the conversation has to start somewhere. There’s a lot of opportunity to partner and go with proven processes and technologies that are already working elsewhere and showing effective metrics.

IICA: From a high level, what have been your key security challenges or issues in 2023; and how do you anticipate that changing in 2024?

Fleischman: Well, what we all saw come to market was [generative artificial intelligence]. We’ve been using AI in the market for a very long time. Machine learning-based AI has been around forever. Not forever, but at least over the last eight, nine years it’s been around. We see it in our automated defenses for endpoint security and things like that, behavioral analysis based off machine learning. Generative AI is different in that you have these large language models that it’s working off of, where you can actually put something in and it will give you an answer. That is a huge step in technology in general. The other side of that, which is a challenge, is the bad guys have already commoditized it, packaged it, put it into toolkits and said, here, your kid at home can now do a mass attack without any help or any know-how, because he’s got a generative AI kit that they have tweaked. So, all the boundaries that are supposed to be prohibited have the guardrails taken off and they can just use it and then attack us. And in 2024, we’re already seeing an uptick in attacks, and I think we’re going to see more of that. So, what we need to do is learn, what are the tools coming to market from the big players that we can take advantage of as quickly as possible? And properly do our research and safely implement in strategic places within our infrastructure and across our technology portfolio, where it makes sense to protect us from these things. And that’s what the research and POCs [proofs of concept] help us do. We’re doing some of that as well. Without naming names or vendors, that’s what we’re looking at here at the city of Fairfield, how to better protect ourselves for this next wave and next generation of malicious attacks.

IICA: What is your estimated IT budget and how many employees do you have? What is the overall budget?

Fleischman: We have 20 people in the IT department as a whole, and we have four people in infrastructure and security for the city’s infrastructure. In the council’s wisdom, they have approved our division for two more IT analyst bodies, which are really going to be very helpful, especially since we haven’t grown since probably 2006 in infrastructure. It’s been a really long time and, in fact, we lost a person because someone retired back in 2018. Right now, $5 million has been given to the cybersecurity resilience plan over the next five years. We’re going to be spending those funds directly tied to cyber initiatives that we deemed need to be done, and we have a completely drilled down and specific, laid-out project internally for that. All the way down to tools that are needed and that will help fill the gaps. Then we also have our overall IT budget, and that is about $13 million. And we’ve been instructed to actually decrease that budget because of future possible deficits in the next two years that we’re seeing in the market. Also, with less tax revenue coming in, we have to adjust. We’ve been going through those adjustments strategically and thoughtfully, and we’ve been able to achieve significant savings of about 5 percent, 5.5 percent to 7 percent.

IICA: How do you prefer to be contacted by vendors, including via social media such as LinkedIn? How might vendors best educate themselves before meeting with you?

Fleischman: I think the best thing to do is to contact me via email. I have, usually, back-to-back requirements that I’m dealing with every day, all day. I’m even working. It’s par for the course in IT, right? I don’t know any other IT technologist who isn’t having to work this weekend or the next weekend every so often. And then, I am on LinkedIn. It depends on what the vendor is. I can’t say a blanket statement on the best way to educate themselves on the city of Fairfield. But they can go to our government technology website under, and then [to] departments and you can choose Information Technology and you can take a look at what you can find there. But you can shoot an email to discuss whatever it is you want to discuss, and if it’s something that we are in the market for, or that we’re open to at that time because we have the budget behind it, then I’m going to spend time and talk to that vendor. If it’s something that is not funded, and if we’re status quo, then I’m not going to waste anybody’s time.

IICA: In your tenure in this position, which project or achievement are you most proud of?

Fleischman: I do have a few amazing poignant moments in tech here at the city. One of them is virtualization, when we went to virtual systems. We have a very small IT data center. It is a tiny postage stamp. And we were about to exceed over 200 servers. We had all of our power circuits maxed out. And this was back in 2008, 2009. How are we going to fix this? Virtualization. I think it was back in May 2010, we went live, I believe, with the first virtual CAD 911 [computer-aided dispatch] system in the state of California. And I did do that. I can honestly say I did that. It was a success and it was a huge risk because my IT director at the time was taking a really big risk on a very much newer technology that vendors weren’t really happy about at the time. And to virtualize the actual 911 system was going to give us a lot of flexibility, disaster recovery ability, all the things that we like to have. But it was also a huge risk. But I did my homework and my research for a whole year prior to that. I reached out to the organizations that had a lot of funding and who had thousands of VMs and hundreds of hosts they were sitting on top of and talked to those CIOs and found out their pain points. And then I was able to take those lessons and make sure they weren’t repeated in my environment. And that’s usually what I do, because we’re a tiny organization, but we have massive infrastructure. The other one is, we just went live and migrated over after almost 10 years to a brand-new citywide phone system. That is a huge win for my team and myself that we’re just extremely happy with. And then, the old fire alerting system that had been in place probably for a good 26 years. We just migrated off of that to something that is very modern. It actually helps extend the life of our firefighters. It ties in beautiful alerting into shutting off of gas valves and slow lighting. So, if they’re asleep, they’re not just getting this loud screaming noise at them immediately, which actually causes heart damage over repeated subjection to that over time. A lot of our firefighters were upset about it. And we went live this year also, almost within one month of each other, the new fire alerting system at all of our citywide fire stations, tied into our dispatch PSAP [public safety answering point]. Those three things to me are just amazing, and are going to leave a lasting legacy for the city that’s better than when I came here and found it.

IICA: What has surprised you most this year in government technology?

Fleischman: GenAI. But then, I’m also really excited about all the new tech that vendors are rising to the occasion and coming out with. There are vendors out there that are taking the MITRE framework itself, which basically — the MITRE framework tells you, “OK, this attack happened, and if you had applied this portion of the MITRE framework in your configuration here, here, and here, that attack would’ve been thwarted.” But it’s a huge, huge framework. It’s almost a very manual process to look at that against your entire configuration set across endpoints, infrastructure, applications, API integrations with apps that exchange information — all of that, and lay it up against the MITRE framework. How do you do that? Well, guess what? There are vendors out there that are developing that for us. That would be a huge one, if you could take your entire network and your endpoints, look at all the configurations across that and lay it up against the MITRE framework and, in real time, see, “Oh, I have a gap here. Oh, I have an opportunity for hardening configuration there.” Easy. Making it easy for us. Giving us that visibility in those types of strategic technology tools is what will help us continue to protect and serve. I can’t tell you how much manual process work can be alleviated by the right strategic application of technology.

IICA: What do you read to stay abreast of developments in the gov tech/SLED sector?

Fleischman: Everything. I get alerts from CISA [the Cybersecurity and Infrastructure Security Agency], I read StateTech magazine. I read alerts from CNN, I read alerts from government agencies. The Municipal Information Systems Association of California (MISAC). And then also I stay abreast of CIO and all of those types of publications, magazines, and I get alerts on my phone all the time for that. Especially anything attack-related. No matter what organization, if it’s The Wall Street Journal, if it's The Associated Press, whatever it is. If there’s an alert regarding a malicious attack somewhere, I’m going to get that alert. For me, I want to know the anatomy. How did this happen? And where’s an opportunity to harden that area of tech on how they got through? Where’s my opportunity to harden against it? Or do I already have that in place? I wake up in the morning — and I usually wake up probably around 5:30 — and I start my day reading. And then before I go to bed, I end my day reading. And then I’m also working on my CISSP [Certified Information Systems Security Professional]. I definitely want to get that credential out and done. And then, I have to stay abreast of all of the legislation that’s coming out. All of these technology-related legislations, myself and my IT director keep track of, to make sure that we’re looking at what they’re asking for, working with MISAC to make sure we’re getting the right people up to the state to advocate for us, and then also making sure we’re implementing the right things.

IICA: What are your hobbies and what do you enjoy reading?

Fleischman: My hobbies are my family. I have three children, and I’m a grandmother expecting my second grandchild from my daughter. I’m the eldest in my family, so I have lots of younger brothers and sisters who are just now giving birth to all of my nieces and nephews. All of my free time goes to my family. And then, I like, when it’s not tech-related, I like to read fantasy. I love all kinds of fantasy books that have some type of supernatural in it or some type of space thing in it. I’ve read every single Anne Rice book there is, she’s one of my favorite authors because of the lyrical, vivid way that she wrote. And she’d taken all those historic notes of what was around the character at the time, which I find really interesting. And the other thing I love doing is, I love watching historical documentaries on history, anthropology, sociology. I’m very interested in all of those things, biology.

Editor’s note: This interview has been lightly edited for style and brevity.