Lloyd Indig has been agency information security officer at the California Health and Human Services Agency since June 2019. He was previously information security and privacy officer at the California Department of Social Services for more than seven years; and before that, served as manager for internal audit at Redwood Trust in the San Francisco Bay area, according to his LinkedIn profile.
He holds a bachelor’s degree from Hunter College of the City University of New York and is Information Technology Information Library framework (ITIL) certified.
Techwire: As AISO of your organization, how do you describe your role; and how have the role and responsibilities of the AISO changed in recent years?
Indig: My role as California Health and Human Services Agency (CHHS) agency information security officer (AISO) is a bit different. As a part of CHHS’ Office of the Agency Information Officer (OAIO) that provides information technology guidance and direction to CHHS and all CHHS departments and offices, my role as AISO is to ensure that cybersecurity and related efforts meet the operational and strategic imperatives for the agency while addressing the business problems that improve services to Californians. This includes overseeing the member department cybersecurity and data security posture, including not only the departments and offices, but many ancillary functions within the agency. Specifically, the AISO has key responsibilities, as defined by the state as well as providing strategic cybersecurity leadership and direction to the departments, boards and programs it oversees, to reduce duplication and fragmentation among CHHS entities in cybersecurity and to improve coordination among entities on common cybersecurity programs to ensure programmatic integrity, and to advance CHHS’ and the state’s priorities on cybersecurity issues.
Techwire: How big a role do you personally play in writing your organization’s strategic plan?
Indig: My role is to contribute to the cybersecurity and data integrity portions of the plan. The plan is a collaborative effort amongst CHHS and its entities.
Techwire: What big initiatives or projects are coming in 2021? What sorts of RFPs should we be watching for in the next six to 12 months?
Indig: Each CHHS entity has its own set of priorities for initiatives or projects for their unique program needs. I will be continuing a CHHS cybersecurity strategic assessment of all CHHS departments with a focus on moving towards a more coordinated/aligned approach across all CHHS departments and offices.
Techwire: How do you define “digital transformation,” and how far along is your organization in that process? How will you know when it’s finished?
Indig: To me, digital transformation means moving away from siloed on-premise systems to integrated platforms that can be shared by CHHS and its departments and customers. The agency and its entities are all in the process of supporting and moving towards ‘digital transformation.’
Techwire: What is your estimated IT budget and how many employees do you have? What is the overall budget?
Indig: Each CHHS entity has its own IT budget and IT budget responsibilities with the agency providing guidance and oversight. I do not have direct reports but have all the agency departmental ISOs working with me on common cybersecurity goals and objectives.
Techwire: How do you prefer to be contacted by vendors, including via social media such as LinkedIn? How might vendors best educate themselves before meeting with you?
Indig: It is not so much how they communicate, but prior to reaching out, my expectation is that vendors have done their homework before meeting with me to understand the state’s and agency’s cybersecurity objectives and needs and use me as a connecting point to agency departments. In addition, I expect vendors to understand the state procurement process and to be certified to do business in California.
Techwire: In your tenure in this position, which project or achievement are you most proud of?
Indig: I have only been here over a year as AISO; that said, my proudest achievement is transforming the AISO role from a task completion role and exercise to creating an agency-wide cybersecurity group where agency departments can freely discuss and communicate common cybersecurity matters and keep up with the various state and federal compliance efforts as well as represent CHHS in various cybersecurity initiatives.
Techwire: If you could change one thing about IT procurement, what would it be?
Indig: I guess it would be to make it less bureaucratic and more open to competition. I think the state is headed that way, but there’s more work to be done. I would also like to see the state offer additional common shared services as opposed to each entity having to acquire similar tools and services.
Techwire: What do you read to stay abreast of developments in the gov tech/SLED sector?
Indig: In addition to Techwire, I focus on news and publications related to the health and human services and HIPAA (Health Insurance Portability and Accountability Act) sectors’ cybersecurity matters. I also try to stay abreast of most cybersecurity and other industry trends and issues.
Techwire: What are your hobbies, and what do you enjoy reading?
Indig: I love spending time with our pets the “Garfield” cat and our two dogs, an Australian cattle dog who I guess is my BFF; and our new edition, our mini-dachshund puppy. Oh, and of course, our cutting horses who are in professional and non-professional competitions. I still read one of my favorite authors, Wilbur Smith, and just finished On Leopard Rock.
Editor’s note: This interview has been lightly edited for style and brevity.