"I think at that time they agreed, it was not a hard sell because of all the things that were happening in the threat landscape," Peredo told Techwire in an interview.
$1 million was set aside to create the office and, after "a couple iterations," Peredo jumped on board as chief information security officer (CISO) to build out the entire office from scratch.
Peredo wants that office to be a small, responsive team.
"The vision is that, having the right blend of experience in the team and leveraging vendors that provide the capabilities in the tool box would allow us to accomplish that goal," Peredo said.
Another goal of Peredo's is to get San Jose involved in cyberthreat alliances with other cities and information security associations.
"That cyberintelligence will allow us to have extra time to see what's going on in the threat landscape and adjust to make sure we're ready to deal with those threats," Peredo said.
The city is working toward being the smartest smart city in the country by 2020.
"Cybersecurity needs to keep pace with that, when you look at that ecosystem that we need to build and the infrastructure that needs to be built," Peredo said.
Several IoT initiatives will be made public over the next few months, according to Peredo, and data privacy is a big consideration as the city moves forward. NIST guidelines and the NSA Defense in Depth strategy are the backbone for upcoming decisions.
In the next six months, the city will contract with a vendor to provide a virtual security operations center and all the tools for "threat hunting" and incident response. A security assessment program will also be created so a vendor can offer perspective on "how we stack up against our own policies," at least every other year. The city will use this information to lower its cost for cyberinsurance premiums.
The city will release an RFP in August to help provide employee security training and a cyberbreach response plan.
