Lars Schmekel has served as the county’s CISO since 2001. During his tenure, he also served as the county’s telecommunications director until 2007.
As CISO, Schmekel oversees the county’s information security and risk reduction strategy and recommends and implements security policies. He also manages incident response, compliance, security auditing, vulnerability assessments and investigations.
Last year, Industry Insider — Florida covered a panel discussion featuring Schmekel, who discussed how organizations can build more resilient cybersecurity frameworks.
One point he focused on in particular was securing critical infrastructure as much as possible.
“We have a significant amount of critical infrastructure out there, and more and more, we have seen directed attacks,” Schmekel said. “We’ve seen them attempt to take out water treatment plants; we saw the result of the attack on the gas pipeline. Elections are also considered a critical infrastructure sector, and as we get closer to elections, we will be heightening our capabilities, response and monitoring of the sector.”
Regarding the latter, Schmekel emphasized the importance of receiving credible threat intelligence from federal and local government partners.
“Through [the Cybersecurity and Infrastructure Security Agency] and [the Multi-State Information Sharing and Analysis Center], as well as through our own managed security operations services that we take advantage of, they’ll tell us of chatter they’re picking up, and then we’ll direct our attention to those types of events on our systems,” Schmekel said. “Keep in mind that many of these systems are or should be isolated.
“It’s a good idea to audit your systems,” Schmekel added, to ensure everything works properly and is secure.
Now, the county is advertising for candidates for his position. The new CISO will be expected to ”establish and maintain the enterprise strategy and architecture with a multiyear roadmap to ensure the county’s assets are protected.”
Other specific job duties and responsibilities include:
- Establishing operational objectives and performance standards for enterprise-level cybersecurity divisions
- Formulating enterprise policies, strategies and objectives
- Assuming program management responsibility for major security countywide initiatives
- Coordinating the secure integration of emerging technologies and methodologies into a diverse multiplatform business portfolio
