IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

State CISO Gets Specific About Security Upgrades

California's Department of Technology wants to modernize the state's security posture. Peter Liebert, state chief information security officer, lays out the plans to do so.

This story is limited to Techwire Insider members.
This story is limited to Techwire Insider members. Login below to read this story or learn about membership.
peterliebertprofessional.jpg
California's Department of Technology wants to modernize the state's security posture.

Peter Liebert, state chief information security officer, laid out the plans to do so at CDT's Vendor Forum.

"Something we are trying to leverage in this new policy standard, we're basically raising the waterline capability," Liebert said. 

Liebert is focusing on the human element in cybersecurity with email and endpoint policies.

Projects that are being finalized are:

  • Email threat protection standardization: The state had no official policy on how to protect emails, and is now providing a platform to do so. 
  • Endpoint security standard: The state is laying out a prescriptive policy for endpoint security and anti-virus programs. 
  • Statewide pricing: Will offer the same licensing price for all departments, no matter how small. The first one will be for endpoint security software.
"We've been working with DGS [Department of General Services] on the SLP [software licensing program] platform to allow for statewide pricing," Liebert said.

At last spring's Vendor Forum, Liebert had discussed creating a statewide pricing model. At this forum, he emphasized that other selling options — like software licensing programs, California Multiple Award Schedules (CMAS) and small-business forms — would still be available.

Upcoming enhancements/procurements:

  • Orchestration platform for Security Operations Center (SOC): Will likely happen near the end of the fiscal year; market research and competitive feedback requests are coming. 
  • Identity access management for CDT's internal platforms: This will likely have an RFP in the next few months, according to Liebert.
  • Vulnerability scanning for CDT.
 Projects that are further out or have no estimated date yet:

  • Unified statewide governance risk and compliance platform: Centralized platform for all governance, risk and compliance tools; likely to happen in future fiscal years.
  • A packet injection, break and inspect tool. 
Kayla Nick-Kearney was a staff writer for Techwire from March 2017 through January 2019.