Damian Oravez joined the City of Philadelphia’s Office of Innovation Technology as the new chief information security officer last month, but before that, he served as the CISO of Philadelphia International Airport.
Managing an airport, Oravez told StateScoop, was a complex job that involved monitoring a lot of moving pieces. During his five years with the airport, he said, his role included overseeing the security of everything from access control for doors, monitor sensors for security wait times and even the runway lights. He said he also regularly collaborated with federal partners at the Transportation Security Administration and U.S. Customs and Border Protection on security issues.
“It was challenging and involved a lot of life-safety issues as well,” Oravez said. “Think about the fire alarm system for a facility that size, keeping the lighting operational out on the runways and all the lights that lie on the runways. It was a challenging environment, but every day — even every hour — was different at the airport, and I really enjoyed it there.”
Prior to his time at Philadelphia International, Oravez was the Manager of Information Security at Ascensus, a college and retirement savings firm based in a Philadelphia suburb. He said the bulk of his IT experience was in financial services and he spent some time as an information security analyst with Sun National Bank in New Jersey.
Over his almost two decades of security experience, he said, his approach to cyber has evolved to prioritizing best practices that can withstand the increased threats from phishing and ransomware attacks.
“Cybercrime is just such a big business now. The stakes are high,” Oravez said. “So really in trying to make your organization more resilient to cyberattacks, I found that the best way to do that is to start with the fundamentals and the best practices.”
At the end of July, he joined OIT, which is currently led by interim Chief Information Officer Sandra Carter. (She stepped into the role after Mark Wheeler’s departure in June.) Andrew Buss, deputy CIO of the city’s public technology and innovation, said that bringing a cyber expert like Oravez in-house to lead a team of deputy CISOs was a step the city needed to take.
“I think it’s really cool to have someone like Damian on our staff,” Buss told StateScoop. “But I’ve always been of the mind — and I think Sandra, our CIO, is as well — that the more of this you can bring in-house, the better, because you have that contextual element there where people know the landscape already and particularly Damian, who came from the airport, there’s a Philadelphia familiarity there.”
Oravez described his first month as Philadelphia’s CISO as “drinking from a firehose.” He said he’s holding meetings, conducting site visits and gathering information to build the strategy for improving the city’s cyber program.
“One of my priorities right now is to just spend a lot of my early time in listening mode, honestly,” Oravez said. “So, understanding what the IT landscape is here, the IT leadership landscape, listening to management and determining desired outcomes for the security program.”
He said he wants to increase the city’s cybersecurity awareness training program and search its cyber incident response plans for potential areas of improvement.
“I am passionate about the defense side of the house and risk management, so we’re going to take a very risk-based approach to our program here. We’re going to prioritize those fundamentals and getting the best practices right,” Oravez said. “I really live for cyber risk management. It gets me excited.”