California Names New Chief Information Security Officer

The state has tapped FireEye executive Peter Liebert for the position, which has been vacant for about eight months.

by / November 14, 2016
The California State Capitol in Sacramento. David Kidd/Governing

California has appointed FireEye executive Peter Liebert as the state's chief information security officer, the governor's office announced Monday. In the position, Liebert also will serve as director of the Office of Information Security within the California Department of Technology.

The state had been without a permanent CISO for about eight months, since Michele Robinson left the post in March. Scott MacDonald, who is the director of CalCloud, the state's cloud, has been serving in the role in an acting capacity.

The 38-year-old Liebert, a resident of Washington, D.C., comes to California with credentials in both the private sector and the federal government. Most recently, Liebert was a senior product manager for FireEye and a threat assessment manager for the company from 2015 to 2016.

He was a Navy officer from 2000 to 2008, according to the governor's office, before moving on to work in several federal government positions. He held several positions at the U.S. Cyber Command, such as special assistant in the Office of the Secretary of Defense for Cyber Policy from 2014 to 2015 and senior cyber policy analyst from 2013 to 2014. Liebert served as cybersecurity and logistics analyst in the Office of the Chief of Naval Operations from 2011 to 2013 and Palestinian logistics mentoring and warehouse IT program lead at DynCorp International from 2008 to 2010.

Liebert has a master's degree in public administration from Harvard University's John F. Kennedy School of Government and a master's degree in international security from Cranfield University.

He'll be be leading an information security office in California that's changing and in transition. An unflattering statewide audit completed in 2015 found that many agencies and departments self-reported that they aren't fully compliant with existing cybersecurity procedures.

On the heels of that audit, the governor created through executive order the new California Cybersecurity Integration Center (Cal-CSIC) that went live in 2016. State lawmakers this year also passed new legislation requiring departments to undergo security audits, craft incident response plans, and report their annual spending on cybersecurity to the Legislature.

in recent months, California's information security office has been developing a streamlined list of security objectives for state agencies and departments to follow that's intended to address high-risk issues. MacDonald and other state officials hope the 30 objectives will help put the state's computer systems onto a common baseline and standardize controls. Furthermore, some of the information security office's staff are now co-located at Cal-CSIC.

In September, California state CIO Amy Tong said she anticipates the state's Information Security Office will evolve: "Maybe because of the leadership style that I bring forward to this organization, as well as the heightened visibility of information security and working with the four partner entities," Tong said, referring to her department, California Highway Patrol, California Office of Emergency Services and the Military Department, "I think the way this office will be operating will change."

This story was originally published by TechWire.

Matt Williams Contributing Writer

Matt Williams was previously the news editor of Govtech.com, and is now a contributor to Government Technology and Public CIO magazines. He also previously served as the managing editor of TechWire, a sister publication to Government Technology.2