San Francisco’s new CISO comes from Kaiser Permanente, Deloitte

The recent hire fills a gap in the city's IT security leadership that been left without a full-time replacement since May.

San Francisco found its new chief information security officer in the private sector.

San Francisco’s Department of Technology hired Michael Makstman earlier this month to manage cybersecurity for the city’s 54 departments and to build upon San Francisco’s information security management program. Makstman’s LinkedIn profile shows that he took the role after serving for nearly six years as Kaiser Permanente’s cybersecurity director and about seven years as a security and privacy services manager at Deloitte.

The new security lead replaces Joe Voje, who resigned in May 2017 for a CISO position at Oregon Health and Science University.

The city has asked Makstman to work with San Francisco Controller Ben Rosenfield to monitor cybersecurity operations. He will develop a risk assessment plan and work to fill security policy gaps, according the city’s job description.


At Kaiser, Makstman led teams to defend the national healthcare provider from cyberattacks. These efforts focused heavily on risk management, and Makstman says he specializes in cybersecurity analytics, governance processes, security training and risk strategy development. At Deloitte, Makstman providing cybersecurity consulting to Deloitte’s clients and designed what he described on LinkedIn as “the first cloud computing risk map for Deloitte.”

Latest Podcasts