IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Michael Makstman

CISO, San Francisco

Michael Makstman, San Francisco CISO
Michael Makstman has helped San Francisco reimagine its cybersecurity approach. When he became CISO in 2018, each department had largely handled its own cyber efforts individually, and San Francisco lacked a citywide cyber defense or response strategy. But Makstman — who’s quick to say his successes reflect a team effort — pushed for seeing cyber through the lens of emergency management. That made cybersecurity a concern for city leadership, not just for technology staff. It also emphasized a potential cyber emergency’s enterprisewide impact and the need for a central incident commander able to coordinate a unified response.

This helped lead to the creation of the Office of Cybersecurity within the Department of Technology. Cyber and emergency management personnel came together for cross-training, so that everyone spoke the same language. The partners created a unified emergency preparedness plan and tested it recently with the first citywide cybersecurity emergency exercise. The cyber team’s disaster response was put to the test when it took point on the technology side of the city’s response to COVID-19.

As of this writing, Makstman is also serving as interim CIO, where he similarly aims to be a facilitator and collaborator, respecting individual agencies’ different IT and cybersecurity needs and contexts while using his central position to help coordinate and bring everyone together. He also wants to support departments’ tech ideas and let them pilot innovations. As CIO, he can help bring successful experiments citywide.

Makstman also co-founded the Coalition of City CISOs. The officials charged with keeping cities safe from deep-pocketed cyber gangs, hacktivists and nation-state threat actors face intense pressures, and conversations with colleagues convinced Makstman there would be mental health benefits for CISOs if they had a peer group with others who understood their situations. The group has since grown to include even international members, and it helps share threat information, offers trainings and webinars, and leads the Public Sector Day at the annual RSA Conference. The coalition now partners with the Cybersecurity and Infrastructure Security Agency, the Center for Internet Security, state agencies, and groups like the National League of Cities and United States Conference of Mayors.

This story originally appeared in the May/June 2024 issue of Government Technology magazine. Click here to view the full digital edition online.
Jule Pattison-Gordon is a senior staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.