10,000 to 5: The Improbable Odds of Securing the Nation’s Largest Child & Family Services Agency
Security Voices - A podcast by Security Voices
Categories:
Continuing from our dialogue with Tomas Maldonado who has the unique job of securing the NFL, we have a conversation with Allen Ohanian whose day job is to protect the Los Angeles Department of Child and Family Services (DCFS). LA DCFS is the largest agency of its type in the United States, its central focus is its 10,000 social workers who help defend some of the most vulnerable people in Southern California. Allen’s role as CISO of the DCFS is to make sure that both the social workers– and all of the highly sensitive family data– stay safe and sound while they navigate some of the most complicated scenarios you can imagine. The army of people working in cybersecurity chartered with this mission? 5 people strong. Welcome to the government.When you’re outnumbered 10,000 to 5, the name of the game is leverage. Allen explains how his team harnesses cloud services in order to amplify their impact, such as migrating from their own facilities to services such as AWS Call Center. Beyond the cloud, his primary approach is treating humans as the first and last line of defense, aiming to ensure they keep themselves and their data out of trouble. Allen’s belief in this approach is deep enough to motivate him to pursue a PhD in psychology. He’s also no stranger to traditional security controls, having clamped down on USB drives and restricted the iPhones that power social worker data collection in the field. Lastly, partnerships with law enforcement and the major cloud providers also allow their small cybersecurity team to extend their reach.In this short interview, Allen describes the unique threat model of the DCFS and how ultimately it ends up with concerns that bear a strong resemblance to critical infrastructure where availability is the top priority. Urgent, critical calls from children and families in crisis simply have to get through. Social workers must be kept safe. No exceptions. We hope that his interview with Allen provides a much needed window into the practical challenges of running cybersecurity for a large-scale government agency. Mission-driven CISOs like Allen work long hours against seemingly impossible odds for pay that’s far less than their commercial counterparts. We owe them a debt of gratitude and where we can, a helping hand.