San Jose’s first CISO braces for ubiquitous connectivity
San Jose has set a goal to become the most innovative city on the planet by 2020, and if it’s successful, Marcelo Peredo could become one of the busiest people anywhere in government. In April, Peredo became the Silicon Valley city’s first chief information security officer, responsible for securing a digital environment that grows in size and complexity each day.
The Internet of Things — the name given to the world’s evolving ad-hoc network of connected devices and sensors — should be the cybersecurity community’s biggest concern, Peredo said, and likewise it will be one of the key challenges he faces as San Jose strives toward putting self-driving vehicles on the road and building out its next generation wireless infrastructure .
“The proliferation of devices in our environments and increasing the footprint is essentially a problem the industry in general will need to face,” Peredo said.
Having worked as a software engineer, IT director, and security officer for various private-sector firms, including Hewlett Packard, Hewlett Packard Enterprise, and the HP spinoff DXC Technology — where he was contracted out as the chief information security officer for San Diego County — Peredo now joins one of the nation’s most ambitious city government organizations.
San Jose Mayor Sam Liccardo announced a Smart City Vision in 2016 with many of the same descriptors seen in similar efforts across the country. The city committed itself to using technology to be “safe,” “inclusive,” “user-friendly,” and “sustainable.”
The difference, Liccardo explained at a SXSW conference interview in Austin last year, is that San Jose sits in the center of a region where innovation will happen with or without government’s involvement.
“Our job is to be as innovative as the community we serve,” Liccardo said. “I’ve really worked in the last couple years since I’ve been in office in seeing how we can get out of the way for the innovators and try to bring many of the innovators into City Hall.”
Working alongside Chief Innovation Officer Shireen Santosham and Chief Information Officer Rob Lloyd, Peredo told StateScoop his job now is to realize the security goals the city set when it created its cybersecurity division in 2016. In the next couple weeks, he said, the city will issue a procurement for a wide range of security tools that will transform San Jose’s security operations and enable him to support the organization as it strives toward its goal of being a smart city. The RFP will also allow four hires for his team.
“That RFP will allow us to get a contractor to perform security assessments,” Peredo said. “We want a virtual security operations center outsourced, as well as an incident-response capability that will allow us to do appropriate forensics and communications and the legal aspects of any incident in case something were to happen.”
The RFP also covers cybersecurity training — “showing people what to click, and what not to click, which is more important,” he said — and a purchasing contract that will allow the city to buy security tools quickly without needing to re-enter the procurement process each time it needs to adapt.
Peredo said he’s made strategic inroads with cybersecurity intelligence organizations around the country, like (ISC)² and the Multi-State Information Sharing and Analysis Center. Privacy, though not central to his role, will also be a concern, he said, particularly as the California Consumer Privacy Act becomes active in 2020.
Looking forward is crucial, Peredo said.
“As the threat landscape changes, some of the things that we think are a priority today may have a different priority tomorrow,” Peredo said. “And that’s part of the reason why when we have a vendor come in and do our security operations center, we will have the best-of-breed tools that will allow us to evolve in the next five years to deal with the current threats.”