California Chief Information Security Officer Peter Liebert told StateScoop Wednesday he plans to resign at the end of the month. Liebert, who announced his decision in an internal email to his 60-person staff earlier this month, said he plans to run a private IT security consulting practice while he evaluates opportunities in the private sector.
In his two-and-a-half years as California’s CISO, the state’s Office of Information Security created a security operations center, formed a public-safety working group, and developed software licensing programs and standardized cybersecurity maturity metrics. But it was finding and hiring the dozens of people who now run OIS that Liebert thinks will be his greatest legacy.
“We’ve hired some tremendous talent,” Liebert said. “I think that’s my proudest accomplishment is getting a group that could spearhead these changes and do so much.”
One of his office’s largest contributions was building and running the state’s security operations center, which opened in late 2017.
“It’s pretty phenomenal,” he said.
Liebert also oversaw the addition of a program called “software licensing program plus,” or SLP-plus, which allows any government entity within California, including schools, to purchase vetted end-point protection platforms to purchase end-point protection platforms at discounted prices under a common licensing agreement.
The office’s cybersecurity maturity metrics, which provide a benchmark for state agencies and inform where leaders of where the state’s security soft spots might be found, just completed its first phase, and “it’s working great,” Liebert said.
Most recently, Liebert said he sought input from 40 state departments and drafted a five-year cybersecurity strategy for the state’s executive branch agencies, to be called CalSecure. Liebert said it will the first time California’s executive branch has had a governmentwide cybersecurity plan.
Cybersecurity was the top IT priority of state governments when Liebert was hired in late 2016. And though California’s IT security has matured significantly since then, Liebert said his successor will have a lot of work to do as the state unfolds its new five-year strategy.
“We definitely have improved,” Liebert said. “But there’s still a lot to do. Every state would say the same. There’s a lot of challenges and the threat is always getting worse. We’re moving as fast as we can.”
Before joining the Office of Information Security, a division of the California Department of Technology, Liebert held analyst and advisory roles with IT security firm FireEye, the Defense Department and the U.S. Navy.
“I’m really appreciative of the opportunity California gave me,” Liebert said. “It’s been a phenomenal two-and-a-half years.”
Liebert’s deputy, Vitaliy Panych, will serve as the state’s acting CISO while the state searches for a replacement.