Joe White, the inaugural chief risk officer at the California Secretary of State’s Office, joined the agency in mid-October, just weeks before the Nov. 6 general election — around the same time Cruz Nieto, the agency’s first-ever chief technology officer, arrived.
Security has long been a deep interest, the former U.S. Marine told Techwire, and it shows in his resume, which reveals that White was previously a security architect at the Department of Justice; before that, he held roles at the California Conservation Corps including information security officer. Among his plans:
• The mission of the chief risk officer is to enhance department security and risk management, White said — and the agency is developing what he called “a continuous assessment program” to quickly identify and address risks before they can be exploited. The initiative is still taking shape, but White emphasized its significance to the state.
“You can’t really wait for an assessment of a third party, be it CDT (the California Department of Technology) or another professional entity, to do it on an every-other-year process. You need to be able to address your threats quickly. It’s just a reality of where we are in today’s threat landscape,” White said.
• Security within the Secretary of State’s Office isn’t the province solely of its chief risk officer. White characterized it as a “joint responsibility” and said that to be successful, officials must engage operations, IT’s strategic side, and agency program leaders. Nieto, agency CIO Rita Gass and division chiefs “often collaborate” on that joint mission, White said, noting that officials need to understand how employees execute projects to meet customer needs in order to fully inform security strategies.
• Concern around election security has been something of a help by elevating the issue, Sam Mahood, press secretary to Secretary of State Alex Padilla, told Techwire. Much of the election night security planning for Nov. 6 was underway when White arrived; the new chief risk officer immediately worked on “interfacing” with federal intelligence officials and establishing more efficient information sharing protocols ahead of 2020.
The state has also funded the Office of Voting Systems Technology Assessment (OVSTA) during the current and previous fiscal year state budgets, White said — enabling monies to be pushed out to counties to assist them in replacing aging voting equipment. The Secretary of State’s Office has said it will decertify voting machines that don’t meet the latest certification standards, but White indicated “almost every county” should be able to migrate to a certified system by the 2020 general election.
• During the next six to 12 months, White said, officials hope to assess and migrate current and new applications into “a more scalable and resilient architecture,” and leverage cloud resources. The Secretary of State’s Office, he said, has a “cloud-first methodology.”
Asked what advice he would give prospective vendors, the chief risk officer recommended that tech companies make sure their products can be procured through the California Department of General Services (DGS), which acts as the state’s business manager.
“They could have the best product out there, but if we don’t have a way to procure it, there’s not much we can do,” White said.
