IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Cybersecurity, IT Centralization Are Focuses for Santa Clara County CIO

Nearly 11 months after former EPA CIO Ann Dunkin became Santa Clara County's CIO, she reflects on an ongoing IT centralization and the importance of good "cyberhygiene."

Ann Dunkin, Santa Clara County’s top technology official, kept the same job title she’d had elsewhere when she joined the agency in February 2017.

But not surprisingly, the chief information officer’s focus changed substantially when she transitioned from CIO of the federal Environmental Protection Agency (EPA), then home to about 15,000 employees, to leading around 800 IT professionals who provide support to around 18,000 Santa Clara County staffers.

As expected, her role as county CIO is “really broad,” Dunkin said, noting that the EPA has “a very focused mission,” on the environment.

In contrast, the county is responsible for a wide breadth of functions — public safety, criminal justice, health care and social services, tax collection, road maintenance and an airport.

Santa Clara County CIO Ann Dunkin
Eric Vance
Dunkin's first priority is cybersecurity and maintaining control over everything touching the network. The CIO said Santa Clara County also maintains “multiple models” for how its information technology (IT) shop interfaces with different agencies.

“[It's] everything from my team supporting everything they do from an IT standpoint to them being completely independent,” Dunkin said.

She counseled other IT officials to remember in their career journeys that every organization is different, with its own playbook based on unique priorities and challenges.

“And so, you can’t carry too many assumptions about ‘Oh, I’m in the public sector, I know what that’s like,'" said Dunkin, who made a relatively rare transition from a federal agency to the county. “You can’t carry too many of those assumptions with you from level to level.”

Santa Clara County's IT modernization, already under way when Dunkin arrived, had resulted in the merger of its hospital and social services. But work remained to be done to fully unify the county’s Information Services Department with systems in the Health and Hospital System, and the Social Services Agency.

“Top of my list is getting my own house in order, and there’s two things. There is reorganizing, because what happened was we pushed three organizations together, we didn’t integrate. And we’re also working on making sure we have the right leadership team in place to support that,” Dunkin said.

The CIO added that officials are working on redesigning and updating IT job descriptions to reflect current duties and bring the positions more in sync with the job market.

Somewhat simultaneously, Santa Clara County is working on an upgrade initiative to public safety and criminal justice systems, creating and putting in place solutions that will replace a ’90s-era Criminal Justice Information Center mainframe to allow connection and privacy for agencies that — like the district attorney’s and public defender’s offices — may occupy adversarial positions.

The trick, Dunkin said, is ensuring confidential data remains confidential while maintaining easy access for those who need it. With those goals in mind, the county is building the systems, service processes and tools necessary to integrate systems within its data-sharing environment. Ultimately that will allow it to control access to data.

Though the process is complex, Dunkin said the department is decoupling systems by decentralizing and separating them, then setting up APIs for data-sharing. Currently the county’s IS environment is farthest along, while other systems vary in readiness from near-RFP to implementation phase.

Guiding IT at the county level also means being constantly watchful to avoid cybersecurity incidents and breaches. The CIO said Santa Clara County focuses on ensuring the security of its highest-value assets first; on practicing “good cyberhygiene,” which includes regular patching and eliminating vulnerabilities; educating users; reviewing access logs and limiting the number of staffers with administrative access to local devices.

“It’s about being vigilant and making sure that you’re paying attention and protecting all your assets — but extra protection to the most important assets,” Dunkin said.

One aspect of her new post that Dunkin found somewhat surprising and disappointing was the quality of some of the off-the-shelf software products available to county-level agencies.

It’s possible, she said, that the market is not large enough or lucrative enough to attract people in large numbers. At the same time, buying processes are often slowed by traditional RFPs and regular players become entrenched.

What that means, in her view, is that the market is ripe for vendors to do “modern development on modern platforms with good practices.”

“Given that there are thousands of counties in the country, these are pretty substantial markets and I find that in many areas the products are very immature,” she said.

Theo Douglas is assistant managing editor for Industry Insider — California, and before that was a staff writer for Government Technology. His reporting experience includes covering municipal, county and state governments, business and breaking news. He has a Bachelor's degree in Newspaper Journalism and a Master's in History, both from California State University, Long Beach.