June 25, 2024

#175: Ralph Johnson, Allen Ohanian, Martha Goodwin, and Dr. Muriel Reid – The Human Firewall: Cybersecurity's Next Frontier

The player is loading ...
The Public Sector Show by TechTables

Recorded at the 2024 Phoenix Live Podcast Tour at GMI on April 1st to 3rd.

Ralph Johnson, the State CISO, Washington State brings a wealth of experience to his role as having previously served as CISO for Los Angeles County and Chief Information Security and Privacy Officer for King County. His appointment was strongly endorsed by Bill Kehoe, who praised Johnson's skills, experience, and information security knowledge as assets that will enhance the state's enterprise security program and data protection efforts.

Allen Ohanian, the Information Security Officer for the Department of Children and Family Services in Los Angeles County brings 20 years of experience in cybersecurity, risk management, and IT across both private and public sectors. His impressive career includes establishing innovative security programs, leading countywide cybersecurity initiatives, and earning multiple Information Security Officer of the Year awards, all while pursuing advanced degrees in cybersecurity, business administration, and psychology.

Martha Goodwin, Senior Sales Engineer Director for SLED at SentinelOne is a seasoned SE Leader with over two decades of experience spanning pre-sales, customer training, post-sales support, and professional services in cybersecurity. Her expertise covers SIEM, deception, network, email, and endpoint security, coupled with a talent for translating complex technical concepts for audiences ranging from IT analysts to CISOs, making her a valuable asset in building strong customer relationships.

Dr. Muriel Reid, CIO for the City of Jackson, Mississippi is an accomplished leader and educator with over 20 years of diverse experience spanning information technology, talent acquisition, education, and customer service. Her expertise in administration, coaching, and staff supervision is complemented by her strong communication skills, making her a versatile professional adept at bridging technology and business needs.

In this episode you'll learn:

  • The critical components of a human-centric cybersecurity strategy for government agencies
  • How to design engaging cybersecurity training that resonates with public sector employees
  • Strategies for balancing AI and human judgment in threat detection and response
  • Best practices for building effective public-private partnerships in cybersecurity
  • How to cultivate a culture of security awareness across your organization and more!

Full transcript and show notes

Ralph's LinkedIn 

Allen's LinkedIn 

Martha's LinkedIn

Dr. Muriel's LinkedIn

***

RECOMMENDED NEXT EPISODES

#173: Doug Ducey, 23rd Governor of Arizona

Morgan Wright episodes (#120 & #168)

***

WHEN YOU'RE READY

📬 TechTables Newsletter

🎥 Upcoming Events

🤝 Sponsor The Public Sector Show by TechTables - Podcast & Newsletter

***

CONNECT
🤝
Connect on LinkedIn

🐦 Connect on Twitter

🏛️ Follow on LinkedIn Company

📽️ Subscribe on YouTube

***

PARTNERS

Thanks to our friends at SentinelOne for being our 2024 Podcast & Newsletter Partner

SentinelOne: Learn how SentinelOne empowers this state to stay secure or click here: https://assets.sentinelone.com/ghe/sentinelone-empowers

Verizon Frontline: The advanced network that keeps first responders connected when it matters most.

Check out the solutions built for first responders or click here: https://www.verizon.com/business/solutions/public-sector/public-safety/

SAP: Driving digital transformation in cities like Copenhagen. See how they’re making digital strides.

Download the Case Study Now or click here: https://www.sap.com/documents/2021/02/10c410bc-cc7d-0010-87a3-c30de2ffd8ff.html

***

SAY THANKS

💜 Leave a review on Apple Podcasts

🟢 Leave a rating on Spotify

Transcript

Joe Toste [00:00:00]:
Hey, what's up everybody?

 

Joe Toste [00:00:00]:
This is Joe Toste from Techtables.com and you're listening to the public sector show buy TechTables. This podcast features human centric stories from public sector, CIO's, cisos and technology leaders across federal, state, city, county and higher education. You'll gain valuable insights and current issues and challenges faced by top leaders through interviews, speaking engagements, live podcast tour events. We offer you a behind the mic look at the opportunities top leaders are seeing today. And to make sure you never miss an episode, head over to Spotify and Apple podcasts and hit that follow button and leave a quick rating. Just tap the number of stars that you think this show deserves.

 

Joe Toste [00:00:34]:
Today we're thrilled to have Ralph Johnson, state chief information security officer for Washington State, Doctor Muriel Reed, chief information officer for the City of Jackson in Mississippi, Alan Ohanon, chief information security officer for the Department of Children and Family Services in Los Angeles county, close to home and Martha Goodwin, senior sales engineer director for sled at Sentinel one. Welcome to the public sector show by tech tables. Ralph, let's start with you. For those who haven't got the other episodes, just give us a quick background, quick intro on yourself.

 

Ralph Johnson [00:01:06]:
I'm Ralph Johnson. I'm the state chief information security officer for the state of Washington. Been a CISO for 19 years, first at King county, which is Seattle, Washington area, then chief information security officer for Los Angeles county. At one point, Allen over there claims I was his boss. I really wasn't, but. And I then left government service for a short period of time to become the chief information security officer for the Los Angeles Times. And about 15 months ago I was recruited to come up to the state of Washington, back to great northwest, my home for many years.

 

Joe Toste [00:01:38]:
Love that.

 

Dr. Muriel Reid [00:01:39]:
Hello, everyone. I'm so glad to be here. And greetings from Jackson, Mississippi. I'm doctor Maria Reed. I am the director of information technology, also known as chief information officer. I'm also a professor at Bellhoping University in the area of computer information systems. And I'm just loving technology and some seriously sparkly nails.

 

Ralph Johnson [00:02:04]:
I'm just noticing.

 

Joe Toste [00:02:06]:
And if you ever end up virtually meeting with her, she's got a great sign in her office. Positive vibes only.

 

Dr. Muriel Reid [00:02:13]:
Absolutely.

 

Allen Ohanian [00:02:14]:
Yeah.

 

Joe Toste [00:02:14]:
So I love that. Martha.

 

Martha Goodwin [00:02:16]:
Hi, Martha Goodwin, thank you for having me here. I have been in technology since the early two thousands and in cyber since about 2004 in a variety of roles. I am currently the Se director for the public sector for Sentinel One. Prior to that, I've had roles in SIM technologies as well as network detection and response. Done everything from training professional services as a consultant as well as sales, engineering.

 

Joe Toste [00:02:41]:
Love it, Alan.

 

Allen Ohanian [00:02:43]:
Thank you for having me. It's such a pleasure to be here, Jared, with all great members as well. Alan Ohanian, DCFS information security officer growing up, I was always in technology. So I've been in technology for about past 20 years or so. I come from a computer science background, programming, building things, breaking things in a way, hacking word, if you will, and then got into cybersecurity. Then I realized cyber security is about business. Then I got my MBA in business administration. All was great until I realized and matured enough to know it's all about the people.

 

Allen Ohanian [00:03:16]:
So now doing psychology, PhD in understanding human behavior, I had a luxury and pleasure of building numerous cybersecurity programs from ground up, from a current place, and going back to my prior places that I work at. County council being one of the largest nations law firm, and then now dcfs being the largest child welfare agency in our nation.

 

Ralph Johnson [00:03:40]:
And when I was Cecil for Los Angeles County, I held a competition for department information security officer of the year, and Alan won. Oh, let's go.

 

Joe Toste [00:03:51]:
Congrats, Alan.

 

Ralph Johnson [00:03:52]:
I was back in what, 2019, 2020? Something like that. It was before the pandemic because we had to stop doing them.

 

Allen Ohanian [00:03:59]:
Thank you. I can't under your leadership and things that you accomplished in LA county, it's great success.

 

Joe Toste [00:04:05]:
And I love what you said, allen, and it dovetails really well. The episode title is the human firewall, cybersecurity's next frontier. And Ralph, I want to give you the opportunity to talk about your experience at the state level cybersecurity, and how WTAC is leveraging the human element to enhance its cybersecurity posture.

 

Ralph Johnson [00:04:24]:
Humans are always involved. Every cybersecurity incident, every piece of malware, everything that is cybersecurity related. How's the human binding? There's somebody out there pushing the buttons, typing on that keyboard, sending that phishing email. So we've always got a human on that end. We've got humans on our end that are watching our telemetry, that are looking at those anomalies, and they're there to stop that bad guy from getting to our stuff. And it's a tough place to be. Right? We've got to catch them before they actually get to our stuff.

 

Joe Toste [00:05:01]:
So let's move into talking about a specific initiative or training program.

 

Ralph Johnson [00:05:05]:
Yes, the training program. So we are looking very extensively, not only at our end, user awareness training and totally revamping that by putting together, I do a monthly newsletter that goes out to a very large group of recipients. They forward it on because we can't send it to all state employees. That's just not the way things are done. So we send it out to our agency contacts and various things. It goes to a number of our legislators as well. It does go to the governor's office. Whether the governor actually reads it or not, I have no idea, but I know it goes to representatives in his office.

 

Ralph Johnson [00:05:41]:
Also, whenever there's an important piece of information that comes from our federal or state partners could affect our employees, even in their personal lives, we will get an alert that says something like Google Android is upgrading your operating system. We send out a little alert that says, hey, when you see this on your phone, be sure to click update because it's fixing problems with your phone or your mobile device. We're totally revamping our video modules for our end user awareness training. We bought new content, we're implementing it. We will be starting that program in a much more formalized manner starting in July at the beginning of our fiscal year. We also support things like National Privacy Day in January and national Cybersecurity Awareness Month in October. We have multiple events throughout the month. So we do all of this for our end users.

 

Ralph Johnson [00:06:36]:
But we're also taking a real hard look at how we train our cyber professionals. In the past year, we have brought in training for the holistic information security practitioner course for 135 state employees. And that's a course that, it's a non technical course, but it's framework based. It integrates concepts from ITil because we believe that information security, we're not a, we're not a profit center, we're a cost center. Therefore, we have to be a service to the organization. We want to teach you about service management, how to properly design services and implement them and control them and manage them and retire them appropriately. It then integrates that with ITIL for governance and then ISO 27,001 and two for security controls. We also teach that if ISO isn't your framework of choice, you can map that to NIST 853, NIST CSF, cIs critical controls, whatever framework you should so choose.

 

Ralph Johnson [00:07:38]:
It is the, in my view, the best class that I've ever taken. I've been certified in it since 2007. And when I got my CISSP in 2002, I came out and I thought, hey, I know what to do with all this. This is great. Went and tried it, got nowhere because I wasn't thinking from the business perspective. I wasn't thinking about what my agencies, my departments needed. That course taught me this is how to work with your businesses. It was great.

 

Joe Toste [00:08:04]:
Mural, as a leader in cybersecurity, how do you balance the fast paced change of technology with the human centered cybersecurity approaches in the city of Jackson?

 

Dr. Muriel Reid [00:08:13]:
The way that we do that, we've grown to do that. I can say that initially we were a division under another department, and now we've moved to a being a standalone department. And what that means is more work, accountability, setting up processes, procedures, the whole nine yards. And one thing at the city of Jackson that we're doing is trying to get our users to be more comfortable and more confident in using the technologies. So one thing that we've implemented is when new hires come into the city of Jackson, we have a short course on just some basic information on fishing, making sure you set strong passwords and things like that. We're trying to break down the wall of the scariness of technology, because every time you turn around, you see someone's being hacked. We just had a really big organization nationally hacked, or whatever the case may be. I think that's one of the things that we should focus on when we're talking about the human experience.

 

Dr. Muriel Reid [00:09:26]:
The human firewall is making sure that the people that we're working with is comfortable with using the technology. And if they're not, we should get them there.

 

Joe Toste [00:09:35]:
That's great, Alan. In the context of protecting sensitive information for a vulnerable population, how does the human firewall concept apply to the department of children and Family Services? Talk about a scenario where the human firewall was a key to averting a potential security breach.

 

Allen Ohanian [00:09:51]:
Absolutely. I love what governor said this morning. It's all about people, and we have to get it right every single time. The bad guys have to get it right only one time. I try to separate technology versus human psychology and behavior. Technology grows in a very fast pace. We have to catch up with technology, bring new tools, best of the breed and so forth. But on the other hand, the human operating system, which is our psychology, doesn't grow as fast.

 

Allen Ohanian [00:10:16]:
We, by default, are social beings. We have to be in contact with other people, historically and even now. But when the technology and humans collide, our psychology changes. So when we start using these devices and the devices, in a way, interact with us, our psychological behavior in this virtual realm, so to say, cyber world, changes significantly. And those are a lot of studies that needs to be done to understand what behavioral drivers are out there that shapes our behavior in the cyber world. For example, there's a research done that 60 70% of people tend to trust individuals on the cyber world far more than in the physical world. That's crazy. If you think about it.

 

Allen Ohanian [00:10:57]:
If I walk into someone and say, hey, give me your Social Security number, most likely the person is not going to give it to me. But online, we have this tendency because we are anonymous or it may not seem real, but we do trust individuals. So bringing this concept to our organization as DCFs, technology, yes, plays a critical role, but then understanding the business. I love what Ralph said. Security is about protecting business. When our social workers are out there, they want to understand cybersecurity. They need to understand why, they need to understand that. It's kind of a here going on question, but what do they need for me? What is it relevant for me? Why do I need to learn these new things and how I can employ or deploy in my current job? A true story.

 

Allen Ohanian [00:11:40]:
When I was in county council, we had attorneys and I decided to do live on site cybersecurity awareness trainings, because I realize these count trainings are great. However, if it's not relatable and employees don't know, what is it for me to learn this? Most likely the rate of success is going to be low. So the approach of having attorneys come to a cybersecurity training straightforward is not going to work. Nobody's going to know, not an attorney is going to sit down and listen to a cybersecurity training unless there's something for them. So I talked to the state bar of California. I realized I can make a course, a CLE credited course for cybersecurity awareness training so they can attend and they can get educational credit towards their licenses. It worked fantastic. Everybody came.

 

Allen Ohanian [00:12:24]:
They loved it. And it became an annual, so to say, habitual things for them to do and then going backwards. I realized when the employees first come on board, they go through so many different type of trainings and orientation. Why not include cybersecurity as part of the get go training? When they first start bringing all these elements together and understanding what motivates people, understanding the organizational culture, the politics, the hierarchy, all combined together helps us to strategize our approach or next steps that we have to take. Real stories are numerous that we get phishing emails left and right. Very recently, we had a phishing incident where one of our partners account was hacked. This is a big entity that we're talking about, law enforcement entity as a matter of fact, but we do business with them all the time. We got email from this individual.

 

Allen Ohanian [00:13:15]:
There was a sense of urgency asking for a certain amount of payment due to the fact that our staff had training. They realized something is not right here and they reported us. Fortunately, we were able to contain the incident from spreading and we were able to report that and cut that, so to say, bleeding.

 

Joe Toste [00:13:29]:
Martha, from a private sector perspective, how does sentinel one work with public sector clients to reinforce the human aspects of cybersecurity? Tools or strategies do you recommend to enhance the human firewall in government?

 

Martha Goodwin [00:13:43]:
Yeah, absolutely. So I think one of the biggest misconceptions is we're protecting the perimeter, we're protecting the email coming in, we're protecting what links they're clicking on, but what we're not looking at is their identity. And I'll just give an example. Someone will use their work email to create an account on a site that they use for work, whatever that site might be. Maybe it's for socialization, for networking, whatever it is. But they're using the same credentials that they use internally to create that account because they consider it a work thing. And if that entity gets breached, their identity is now out there with valid credentials. So what we're seeing more and more is that there is nothing internally that will alert you that something went wrong.

 

Martha Goodwin [00:14:28]:
It's because of this other breach that now you have someone in your network with valid credentials doing things that they're allowed to do, or that doesn't look suspicious because it's a real account. So really it's about looking not just for the malware that's coming in. As we know, a lot of breaches these days happen with no malware. It's not necessarily a phishing all the time, but sometimes it's just that identity has been compromised. So now you really need to look at what is that identity doing? Are they acting the way they should be? Is it someone that shouldn't be acting that way? Is it outside of their normal behavior? And so that's one of the things that we've really focused on with our customers is let's look at that whole picture, because we are seeing more and more breaches. There is no behavior analytics to look at because they're using Powershell. We allow Powershell on our network, they're using Linux scripts, we allow those scripts, and it's a real user with real passwords. So what are we going to do? How are we going to combat that? And really it's about looking at that identity in addition to everything else we're already doing.

 

Joe Toste [00:15:29]:
And I have two episodes in particular with Morgan Wright, who was the chief security officer at a sentinel one. One, if you want a super deep dive, is 3 hours long. It's Fire podcast. Yeah, it's pretty fire. And then we did a 90 minutes one in person. Morgan can talk, but I'll link it to the show notes. It's really good, but we cover, we go deep. Ralph, looking ahead, what emerging technologies do you see playing a pivotal role in the future of cybersecurity for Washington state? I know the blocking and tackling is super important, but anything emerging that you're looking at right now?

 

Ralph Johnson [00:16:03]:
Well, from a cybersecurity perspective, we're looking at automation because machine learning, artificial intelligence, whatever aspect of that you wanna call it, can react faster than a human. It notices the anomaly, it notices the strange behavior or whatever, and it can take an action. That's where we're looking from a cybersecurity perspective. We're looking at it in our sim activating soar capabilities. Soar playbooks. There's a lot of concern about that, though, in the not just the cyber community, but the operational community. Because if it suddenly takes an action, it's making a decision based on what it sees, as opposed to a human making a decision. Right.

 

Ralph Johnson [00:16:44]:
The point that I make to these folks is, look, would you rather have one or two or a couple of people impacted short term until a human gets a chance to look at that? Or would you like to have an actual incident where data is breached or exfiltrated or whatever the impact happens to be? That's where we're going from a cyber perspective. We're doing it in a bunch of other areas, too. We're making many of our mundane processes much automated using robotic process engineering. Because we've got people that they get an email, they get a download or a feed of data, they then have to take that information and they have to put it into this web page, or part of it in here and then part of it in there. And I've talked to people all over the state, and they're all doing this stuff. If we can automate that, we can save so much time. We've got one project underway that we figure is going to save. I believe I heard something like 5000 man hours a year.

 

Ralph Johnson [00:17:45]:
Think about the cost savings of that in clerical time. Yeah, granted, they're clerks. They don't make a lot of money, but that gives them an opportunity to do something else, right? To do other important work. So that's where we're going, is looking at automation. We're also looking at it from connecting our citizens to our services finding ways to make that more efficient by creating a single constituent portal. You come in one stop shop, everything is right there. You want to get a driver's license, you, you go there, you log in once. If you're still on the same site, you need to interact with DCFs or you need to file a police report with Washington State Patrol.

 

Ralph Johnson [00:18:30]:
You can do it all from the same place, all at the same time.

 

Joe Toste [00:18:34]:
Mural in the city of Jackson so I was curious, so, working with the users, especially in this era of gen AI, what does the governance look like? We just don't want users dumping stuff into chat. GPT, where are you in the governance process, and what does that look like?

 

Dr. Muriel Reid [00:18:50]:
So, for us, and we're gonna piggyback off of all of my colleagues up here by sharing a short story that may or may not have happened. Okay.

 

Ralph Johnson [00:19:02]:
Ooh. So may or may not.

 

Joe Toste [00:19:04]:
And then I might double click on.

 

Martha Goodwin [00:19:05]:
That after the first one.

 

Dr. Muriel Reid [00:19:06]:
And I'm sure everybody up here can say yes to this. The couponing nurse, they're on your network. They're clicking on these coupons, they're doing the digital download. They're getting the codes and copying and pasting. It causes problems. Okay. So what we're doing is trying to make sure that we put in, of course, great people that's willing to do the work and track these threats down. And also we're implementing new tools and resources that we have never had.

 

Dr. Muriel Reid [00:19:47]:
And so that component alone, we have to go through with training and developing strong partnerships with the platforms that we're using. And over the last year, we really focused on locking down our network and not allowing so much freedom. That part by itself, people get upset about that. And then you have to explain to them that these are the reasons why, because of these threats, because of you not knowing where these links lead to, what you're copying and pasting, and just, I call it craziness. Why would you do this? Craziness. But we are really moving forward with just making sure that we train our end users. We're really focused on that. That's been the last.

 

Dr. Muriel Reid [00:20:39]:
Over the last year is really getting them engaged in, this is how we should operate so that we can protect our environment, protect our data, your data, and not clicking on or making profiles with third party company, using your credentials, your company credentials. So I think that's really important that we really just get people to understand that these are security risk and we should take it seriously every day.

 

Joe Toste [00:21:11]:
So now I want to double click on something, and I got it because I actually wrote down the iPad right now real quick. I'm not familiar with the state of Mississippi. Speak to the. What, the whole of state? Is there a whole of state? Are you just like, out on your own? What's the environment for that?

 

Dr. Muriel Reid [00:21:25]:
Yeah, so one thing that I really wish that we had was a platform like this, that we can all meet and come together and share ideas we don't have, that we're operating more in silos. Now that I'm stepping back from the day to day because, like I said, I have a new department, and I've been really hands on with trying to drive them from Mayberry to enterprise. So getting people out of the Mayberry mindset and moving to enterprise has been important over the last two years. So now that I'm at a point where I can step back and reach out to other organizations, agencies and entities and say, hey, what are you doing? Can we meet when I return? I have some appointments already set up with local universities so that we can develop these partnerships and hopefully we can provide like work study slots for college students and things like that. So the overall thing is not to work in silos any longer and to just reach out to everyone and say, hey, this is what we're doing. Can we get some feedback? And we're just sharing the knowledge, like our mayor says all the time, collective genius. And that's what I really want to do with moving the department forward is just making sure that we connect with people and really get people to understand. Technology is not bad, but you do have to be cautious on how you use it.

 

Joe Toste [00:23:02]:
Allen, with DCFS, how are you staying ahead of cybersecurity measures, and what does that look like on the day to day with your team?

 

Allen Ohanian [00:23:11]:
DCFS is one of the far complex environments I've ever worked for. El county is combined of 34 five different departments. Dcfs being one of them is the fourth largest in the county and the largest in the nation. We have a very complex environment, different sectors, different sections. They do all do have different processes in place overall, keeping up with security or cybersecurity threats is basically attending a seminars or conferences like this, listening to the podcast, collaborating with peers, understanding what's coming, what's ahead, getting out there, collaborating with public and private sectors, both including homeland, including law enforcement agencies. So we get the intel, we know what's doing, assessment of intel, gathering of what's going on and what's potentially to come. I think my main focus for the past couple years has been on human element. We have seen numerous data bridges across our great nation that it just took a phone call to reset a password.

 

Allen Ohanian [00:24:08]:
For example, MGM data breach, which most likely everybody's aware of it. It took a less than ten minute phone call. Someone called the tech support, I said, I'm such and such got the password reset before all the systems were on lockdown. They have the budget, they have the resources, and I'm sure they have pretty good cybersecurity measures in place as well. But understanding, again, that human factor plays a key role, my attempt is again, every section, at least in our organization, is very unique and different. Understanding the culture, understanding what motivates them, how we can better equip them with the knowledge that is relevant, relatable, and they care. So what's in it for them? As I said earlier, that has been my focus, to move forward and bring people up to speed and making them understand this is not just dcfs, it's about your own personal privacy and your own security. Not just you, your loved ones, and everybody else's who was around you.

 

Allen Ohanian [00:25:03]:
With AI coming into play. So definitely all organizations are moving to this new platform, if you call buzzword AI. But then it definitely has its own dangers because the AI can take certain elements, data points, and create something fictitious, or as they call it, hallucinate. So I think part of our human role, regardless of what role or levels we are in, understanding what's real, what's fake, again, I think was about a month ago there was a scam website with Elon Musk's face voice advertising free giveaways, including SpaceX travel. So people were asked to send bitcoins, a fraction of bitcoin so they may win. A lot of people did that and they got scammed. So I think in a very near future, the key distinguisher will be understanding what's real, what's fake, and how do you validate that?

 

Joe Toste [00:25:51]:
Martha, how does sentinel one envision the evolution of the human role in cybersecurity with its purpose, AI, its sock in a box. As an analyst at your fingertips, I.

 

Martha Goodwin [00:26:01]:
Dont think AI is going to replace humans. I think its really going to be about AI and human teaming. Really what were looking for with purple AI is to uplevel the junior analysts and make the senior analysts work that much faster. So for example, we actually had an internal contest where our expert on writing queries was up against folks who didnt write queries using purple AI. And he no matter how fast you type and no matter how well you do with query writing, he still came in six out of ten people. And that was what he does. It's just that much faster. If you can uplevel your level three analysts to be able to ask a question of the system and get the results so that they can make that deduction, because you're never going to be able to say, oh, we're getting rid of the human element.

 

Martha Goodwin [00:26:47]:
It's just not possible. And I'll use an example that I've used before. If you have someone who's traveling overseas, AI is saying, hey, this looks weird. They're logging in from somewhere they've never logged in from. They're on vacation, and they have family in the Ukraine, for example, which is usually a hotbed. It's suspicious, possibly because of everything that's going on there. The human's gonna know and deduce, oh, that person's on vacation. And I'm using a simplistic example for the purpose that everyone understands it.

 

Martha Goodwin [00:27:15]:
You're never gonna be able to replace that. AI is not going to know that one of your employees went on vacation and where they went and when they're there. So it's one of those things where AI makes your life easier, make your level three analysts mean time to detect, mean time to respond that much faster, give you the synopsis that you need. And those level one analysts, they're going to learn, they're going to write out a question, and they're going to see what it prompts them and then see follow on suggestions. So it's just going to make your team that much better. And that's what we're looking for. Let's educate people. Let's get them to that next level.

 

Martha Goodwin [00:27:47]:
Cause that's what we need. The threat actors are using AI. They're one step ahead. And I believe you had mentioned this earlier. We only have to be, we have to be right every time. The threat actors have to be right once. So let's give our analysts as much power as possible to get to that next level.

 

Ralph Johnson [00:28:03]:
Your example of traveling to Ukraine is exactly what I was talking about. AI can see it happen. They can see the anomalous behavior. They can block the anomalous behavior behavior. But it then takes a human to say, no, we know this guy's traveling to Ukraine, so we're gonna let him in. He's disrupted for a period of time, but it protected you from a bad guy, from logging in from Ukraine under his account.

 

Martha Goodwin [00:28:27]:
Exactly.

 

Joe Toste [00:28:28]:
That's fantastic. Ralph, could you share an example of a successful partnership between WWTAc and the private sector or other agencies that have enhanced your cybersecurity strategy, specifically on human collaboration.

 

Ralph Johnson [00:28:42]:
We've got some really good partnerships. We've got really good partnerships with our vendors. We treat. We look at our vendors not as somebody to provide us with a product or a service, but as a partner to help us to solve problems. We have a problem, they have a possible solution, and we work with them to define the problem. And it came out in the earlier podcast that sometimes they actually help us define the problem more clearly. But we also have a couple of other really, really good partnerships, especially with Wa Tech, our military department. We collaborated with our military department on writing the SLCGP statewide grant plan that was very successful.

 

Ralph Johnson [00:29:25]:
We have a technology services board cybersecurity subcommittee. It's part of our governance model. The technology Services Board has existed for a long time. That is the body that approves all state it policies. Once they approve them, those become our effective policies, rather than having them go all the way to the legislature. It's comprised of some legislators and a couple of department folks in the last biennium, not the one that just legislative session, not the one that just happened, but the one a year before. The legislature codified the Technology Services Board cybersecurity subcommittee. And we are now reconstituting that cybersecurity subcommittee.

 

Ralph Johnson [00:30:08]:
And we're going to be having people from private industry, from our community partners, our municipalities, as members. They will be part of our governance process. So they're going to be collaborating with us on how the state does it, and they are going to be one of our process steps in approving our policies. Our policy process is very extensive. It goes through months of vetting for each individual document before it ever gets to the technology services board. And we get hundreds of pieces of feedback on these documents. And we have revised our entire policy stack in just over a year. And it's been amazing.

 

Joe Toste [00:30:50]:
No, that's really great. Mural collaboration has been a huge theme today, super important in cybersecurity. Talk about a partnership that has helped bolster the city of Jackson's cybersecurity posture.

 

Dr. Muriel Reid [00:31:02]:
Absolutely. As a matter of fact, we have a new partnership with Sentinel one, and we are absolutely enjoying that partnership. What we're looking for is a partner that provides us with solutions and of course, watching the budget. We have to have someone that's mindful of our budget and that's willing to work in the parameters of what we have to spend. And so I can say that the new partnership with Sentinel one is working very well, and we look forward to, of course, continuing that partnership. We do have local partners that really have come in to help assist us in even volunteering hours to get our department to where it needs to be. And I'm appreciative of those efforts. I can say this.

 

Dr. Muriel Reid [00:31:55]:
The local partners that we do have, they do invest in the community, and most of them live in the city of Jackson. So we are looking at trying to make sure that the city where we do business, that they are supporting us as well. I think that's a great component. So not only are we looking at partnerships, we looking at the economic advantage as well.

 

Joe Toste [00:32:19]:
Alan, what approach does DCFs take towards collaboration in cybersecurity and how the partnerships benefited the department's human centric efforts?

 

Allen Ohanian [00:32:27]:
I'm going to piggyback on what everybody else said, Ralph as well. So when we partner with our vendors, the point is not just to provide us with products, but provide us with intel that is transformational, not just transactional. So we get that we better ourselves, improves ourselves to understand what the threat landscape looks like and how we can make ourselves better and stay ahead of the game. Again, collaboration with law enforcement agencies. We do have monitoring all the time by Homeland, Bi and other folks, which they do monitor our networks for cyber threats potentially coming in or trying to compromise our systems. So we get that intel, and I think the most important piece is actionable intel, what we can do with the intel that we get, how much we can leverage. And what does that mean for our organization and La county as a whole? So we come together as one when it comes to intel sharing and collaboration. So, as I said, 34 five departments we do meet every single month to talk about different threat actors, incidents, potential changes in the cybersecurity landscape.

 

Allen Ohanian [00:33:29]:
So we bring all this together, people share their experiences. So this is one stepping stone to make ourselves better, because as a whole, we stand as one unit, even though we have separate entities, totally separate business models. But as a whole, we are one single entity.

 

Joe Toste [00:33:43]:
Martha, close us out. How does Sentinel one foster partnerships with public sector entities to help strengthen their cybersecurity posture and collaborations?

 

Martha Goodwin [00:33:52]:
Yeah, absolutely. So we don't see it as we're selling a product, we're really partnering. We want to work with the organizations that, whether you buy us or not, really, we want to be a good cyber partner all overall. One of the initiatives that we have is that during cybersecurity Awareness monthly, our internal teams have developed k twelve cybersecurity awareness training. Any of our employees can go to their local schools and provide training to these students. And that's one of the things that we feel that we as an organization want to give back. It's not, we don't expect a kindergartner to be buying our product. We're really doing it as a way to educate and also foster the idea that cybersecurity is important and encourage more in that sector that we don't have enough people going into cybersecurity.

 

Martha Goodwin [00:34:39]:
And as you get into those older levels, into that high school, it's about talking about what are the threats out there, how you can protect yourself and really how that industry goes and foster some interest in that type of business. I know we sponsor things like women in cybersecurity. We're really focused on working with colleges and universities that have those chapters. And that's some of the stuff that we're really looking at in the public sector is, yes, we're going to partner with all of our customers, but even if you aren't our customer, if you want us to go in and do cybersecurity training for your k through four, your high schoolers, we're happy to do things like that. We have folks located all over the country, all over the world. We've done some of these sessions in foreign countries. So it's one of those things that we really want to make sure we're giving back as an organization and helping the cyber community as a whole and not just looking at selling product with that.

 

Joe Toste [00:35:27]:
Thank you for coming on the public sector show buy tech tables. Hey, what's up everybody?

 

Joe Toste [00:35:30]:
This is Joe Tossi from techtables.com and you're listening to the public sector show buy tech tables. This podcast features human centric stories from public sector, CIO's, cisos, and technology leaders across federal, state, city, county and higher education. You'll gain valuable insights and current issues and challenges faced by top leaders through interviews, speaking engagements, live podcast tour events. We offer you a behind the mic look at the opportunities top leaders are seeing today. And to make sure you never miss an episode, head over to Spotify and Apple podcasts and hit that follow button and leave a quick rating. Just tap the number of stars that you think this show deserves.

Ralph Johnson

CISO, State of Washington

Martha Goodwin

Senior Sales Engineer Director for SLED at SentinelOne

Allen Ohanian

Information Security Officer for the Department of Children and Family Services in Los Angeles County

Dr. Muriel Reid

CIO for the City of Jackson, Mississippi