“The ‘No’ culture is dead and should have been a long time ago,” reflects Fairfax County’s CISO Michael Dent. “When you and your team are responsible for securing a large enterprise, you cannot expect everyone to get it. My role is to educate the leadership to ensure they understand the business value of cybersecurity as it relates to government services.
“Meeting with and engaging leadership to be accountable for the security of their systems and data is a key factor in developing a successful cyber program. The reality is that there is no 100% security; minimising the target by patching, upgrading and limiting the exceptions to policies and educating the users to their responsibilities is key to continued mitigation.”
A Digital Transformation journey
“We are by far from being done in our journey here at Fairfax County,” says Dent. “The bad actors do not rest so we can’t either. I like to call it continuous process improvement – crossing the gambit of people, process, and technology. All of them affect each other, so we need to keep improving across each one. Policy is in a constant state of renewal as technology is ever changing, the attacks get more sophisticated, and yes unfortunately the users keep clicking…”
Fairfax County’s journey to the cloud began years ago and currently maintains a hybrid model. “It’s simple, it’s about the customer and the data,” highlights Dent. “We work with our agencies to determine what is best for servicing the citizens and protecting that data they entrust us with. One area for improvement government as a whole needs to work on is ensuring citizens know what they have agreed to when it comes to the who, what, where and why their data is used.”