As part of Industry Insider — California’s ongoing efforts to inform readers about state agencies, their IT plans and initiatives, here’s the latest in our periodic series of interviews with departmental IT leaders.
Walt Melton is information security officer at the California Commission on Teacher Credentialing, a role he has had since November 2019. He has been in state service since February 2016, first as lead business systems analyst at the California Department of Toxic Substances Control; then, from June 2017-November 2019, as solutions analyst at California Correctional Health Care Services. Melton’s private-sector career prior to joining the state included 15 years at EMC Corp. from 2000-2015 as senior solutions architect.
Melton has a Bachelor of Science degree in computer science from San Francisco State University.
Industry Insider — California: As information security officer at your organization, how do you describe your role? How have your role and responsibilities changed in recent years in terms of their intersection with IT and innovation?
Melton: As the ISO of our department, I am entrusted with the responsibility of safeguarding our digital assets, ensuring the confidentiality, integrity, and availability of our information resources. Given the size of our team and the breadth of our operations, my responsibilities often extend beyond the strategic and into the tactical. This means that, in addition to formulating and overseeing security policies and protocols, I am often directly involved in hands-on security activities.
IICA: Does your organization have a strategic plan, and may we hyperlink to it? How big a role did you personally play in writing that strategic plan?
Melton: Yes, our strategic plan is located here. I was not involved in the writing of the plan.
IICA: What big initiatives or projects are coming up? What sorts of developing opportunities and RFPs should we be watching for in the next six to 12 months?
Melton: In the coming months, our primary initiative is focused on enhancing our cybersecurity posture. Given the dynamic threat landscape and the increasing sophistication of cyber attacks, it’s imperative that our department remains resilient and ahead of potential risks. We are finalizing multifactor authentication and passwordless sign-on across our services and enhancing our cloud security measures. For vendors, keep an eye out for [requests for proposals] RFPs on cybersecurity training, penetration testing, and cloud security solutions in the next six to 12 months.
IICA: In your opinion, what should local government be doing more of in technology?
Melton: While reactive measures are essential, proactive strategies like regular threat assessments, penetration testing, and vulnerability assessments can prevent many cyber attacks. Given the sensitive nature of governmental data, it’s imperative to stay a step ahead of potential threats. In addition, with the rapid pace of technological advancements and evolving cyber threats, it’s vital to ensure that IT staff and the general workforce are continuously trained. This isn’t just about using software or hardware but about recognizing potential cyber threats, understanding the importance of data privacy, and ensuring best practices in daily operations.
IICA: How do you define “digital transformation?” How far along is your organization in that process, and how will you know when it’s finished?
Melton: Digital transformation, in my perspective, is the integrative process of leveraging modern digital technologies to evolve and optimize organizational processes, culture, and user experiences in alignment with changing business and operational needs. It’s more than just implementing new technologies; it’s about fundamentally reshaping how we deliver value, serve our constituents, and achieve our mission. Given the size and scope of our department, our journey through digital transformation is iterative. We’re currently in the intermediate stages, having integrated some digital tools and practices to enhance our operations. However, digital transformation is not a destination but a continuous journey. The technological landscape and the demands of our constituents are always evolving. While we can achieve milestones and objectives, the transformation itself is an ongoing process of adaptation and growth. We’ll measure our progress not by an endpoint, but by the agility, efficiency, and security with which we can meet new challenges and opportunities.
IICA: What is your estimated IT budget and how many employees do you have? What is the overall budget?
Melton: I prefer not to disclose exact budgetary figures for strategic and security reasons. What I can emphasize is that our team is streamlined and focused, allowing us to be agile and responsive to the unique challenges we face. Our resources are carefully allocated to best serve our department’s mission and the needs of the state of California.
Editor’s note: The California Commission on Teacher Credentialing’s portion of the state’s enacted 2023-2024 Fiscal Year budget is slightly more than $67 million. The commission is approved for 190 staff. (Numbers are rounded.)
IICA: How do you prefer to be contacted by vendors, including via social media such as LinkedIn? How might vendors best educate themselves before meeting with you?
Melton: When it comes to vendor outreach, I greatly appreciate a professional and direct approach. An initial email detailing the product, service or solution, and how it might benefit our specific needs, is the most effective way to get my attention. While I do maintain a presence on platforms like LinkedIn, I tend to reserve that space for networking and knowledge exchange rather than vendor interactions. As for vendors educating themselves before our meetings, I would advise them to familiarize themselves with the unique challenges faced by smaller government departments in California. Understanding our specific needs, constraints and goals will allow for a more productive conversation. Additionally, showcasing how their solution aligns with compliance requirements, especially for government entities, will provide added value. Lastly, patience and persistence, without being overly aggressive, are key. We may not always have an immediate need, but building and maintaining a genuine relationship can lead to opportunities down the road.
IICA: In your tenure in this position, which project or achievement are you most proud of?
Melton: Firstly, I’m incredibly proud of our transition to the cloud for all infrastructure servers, security tools and monitoring. This wasn’t just a technical shift; it was a strategic move that has enhanced our overall security capabilities, even with our lean team. We’ve also placed significant emphasis on education. The enhanced security and privacy awareness training we’ve rolled out is something I see as pivotal. With a small team, every individual’s awareness and vigilance matters immensely, and I’m pleased with how we’ve uplifted our department’s understanding of these critical issues. Moreover, addressing all the deficiencies identified in our recent state-mandated security assessment was a substantial undertaking. The fact that we achieved full completion, particularly with our limited resources, is a testament to our team’s dedication and expertise.
IICA: What has surprised you most this year in government technology?
Melton: In my role as ISO, I’ve had the opportunity to witness the ebb and flow of technological advancements and their impact on government operations. What has truly surprised me this year is the rapid pace at which government departments, even smaller ones like ours, have adopted and integrated cloud-based solutions into their infrastructures. This shift has highlighted the state’s commitment to leveraging the scalability, flexibility, and economic advantages that cloud technology brings. It’s both exciting and challenging because, while we’re able to deploy services and applications faster than ever, we also face a new frontier of security considerations. The silver lining is that it has invigorated a stronger emphasis on security best practices and collaboration among departments, ensuring that we’re not just advancing quickly, but also safely.
IICA: What do you read to stay abreast of developments in the gov tech/SLED sector?
Melton: At the top of my list are government publications and advisories. Websites such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) regularly publish bulletins, alerts and advisories regarding current threats, vulnerabilities and best practices. I also rely heavily on specialized publications like Government Technology magazine.* They provide comprehensive insights into trends, challenges, and opportunities within the gov tech and SLED realms.
IICA: What are your hobbies and what do you enjoy reading?
Melton: I have a passion for indoor rowing and a love for jazz music. As for reading, I’m particularly drawn to noir mysteries, especially those written in German.
*Government Technology magazine is a publication of e.Republic, which also produces Industry Insider — California.
Editor’s note: This interview has been lightly edited for style and brevity.
Commission ISO: Transformation an ‘Ongoing Process of Adaptation’
