In the wake of a ransomware attack that cost neighboring San Bernardino County a whopping $1.1 million to resolve earlier this year, Jeff Aguilar, the Chief Information Security Officer (CISO) for Los Angeles County, is diligently working to prevent a similar fate for the 38 county departments under his watch.
Aguilar, who took over as LA County’s CISO last year after serving in various high-level security roles since 2018, is well aware of the escalating vulnerability facing federal, state, and municipal agencies. Cyberattacks targeting public sector entities surged by 40% in the second quarter of 2023 compared to the same period the previous year. Despite LA County having successfully dodged a major incident thus far, Aguilar understands that maintaining such a record demands unwavering vigilance, determination, and, crucially, regular communication and coordination with both industry peers and county employees.
Eager to share insights that could benefit other state and local government entities in countering threats, Aguilar’s diverse background in government, healthcare, financial services, and transportation has shaped his collaborative approach. He strongly advocates for a culture of information sharing among government agencies, believing in the power of learning from one another’s successes and failures.
In an exclusive interview with Focal Point, Aguilar shed light on LA County’s unique reporting structure which operates on a federated model. He reports to the county’s Chief Information Officer (CIO), with each county department having its own CIO and information security officer responsible for implementing the cybersecurity policies set by Aguilar’s team at the board level. With two deputies reporting to him and plans to hire two more, Aguilar divides the county into clusters, assigning deputies based on their expertise and the needs of each cluster.
The recent data breaches at LA Unified School District and LA Housing Authority have certainly raised concerns for Aguilar, emphasizing the importance of constant vigilance and knowledge-sharing among CISOs of state and local municipalities. By fostering a culture of collaboration and transparency, LA County aims to stay ahead of potential threats through strategic incident response planning.
Managing cybersecurity policy for departments with over 100,000 employees poses a significant challenge, as ensuring compliance across all departments requires meticulous oversight. Regular internal audits play a vital role in identifying compliance gaps and internalizing cybersecurity policies, with federal audits conducted periodically to further validate adherence to security standards.
Given the susceptibility of employees to cyber threats, Aguilar stresses the importance of comprehensive awareness training tailored to individual business units within the county. By engaging employees through emotional narratives and practical exercises, LA County aims to empower its workforce to recognize and respond effectively to potential cybersecurity threats.
In light of emerging technologies and evolving threat landscapes, Aguilar emphasizes the importance of threat hunts and collaboration with industry peers to stay one step ahead of cyber adversaries. Engaging with federal partners and participating in threat briefs from organizations like MS-ISAC enable LA County to remain informed about evolving cyber threats and security trends.
Looking ahead, Aguilar acknowledges the growing importance of supply chain risk management and proactive measures to address emerging technologies like generative AI. By establishing stringent security and privacy protocols for third-party vendors, LA County aims to mitigate supply chain risks and uphold stringent security standards.
As part of a robust cybersecurity strategy, Aguilar also emphasizes the need for continuous adaptation and innovation to address future challenges posed by technologies like ChatGPT and quantum computing. Staying informed, proactive, and collaborative are at the core of Aguilar’s approach to safeguarding LA County against evolving cyber threats.
With a strong focus on collaboration, agility, and foresight, Jeff Aguilar has positioned himself as one of the nation’s top governmental cybersecurity chiefs, steering LA County towards a secure and resilient cyber landscape.