Unit defends against a billion threats a day. City Employees play a critical role.

Alive! photos by Summy Lam

Zero trust. Full diligence. 

That’s the game plan of the City’s comprehensive Cyberthreat Prevention Program, a combination of technology, personnel, training and nonstop vigilance to thwart an incredible one billion cyberattacks against the City every day, just as they have also menaced the rest of the world. 

Unwanted and deceptive online cyberattacks – targeted, usually automated and often guided by artificial intelligence – are becoming one of the biggest threats to the City’s financial and administrative health.

The City of Los Angeles, recognized nationally for excellence in cybersecurity, has established a comprehensive Cyber Threat Prevention Program under the Information Technology Agency (ITA). Based on the industry-standard NIST Cybersecurity Framework, this program uses a Zero Trust security model to rigorously secure City assets—including users, endpoints, networks, applications and critical data.

Central to the City’s cybersecurity approach is the award-winning Integrated Security Operations Center (SOC), which processes more than one billion security events daily and proactively blocks approximately four million cyber-attacks on City websites each month. These proactive efforts have earned ITA’s security team recognition as the “Best Cybersecurity Team” by SC Magazine, highlighting their role in safeguarding essential municipal services and sensitive citizen information.

Additionally, ITA leads a robust Security Awareness Program that has educated and trained more than 40,000 City employees and Retirees, empowering them to actively contribute to a secure digital environment.

The City  also collaborates extensively with federal, state and local agencies, and private-sector partners to enhance cybersecurity measures for critical infrastructure, especially in preparation for major international events including the LA28 Olympics and the 2026 World Cup.

Through strategic leadership, proactive collaboration and continuous innovation, the City remains steadfastly committed to digital resilience and the safety of its communities.

The more our lives have become digital, the more we have needed to secure those digital services. Despite damaging cyberattacks reported in the general media nearly every week, millions of companies and governments are protected from these incidents through talented cybersecurity teams. This month, we spotlight LA’s cybersecurity team, the ITA Information Security Office.

Personnel

ITA’s Information Security Office (ITA-ISO) is led by Chief Information Security Officer Timothy Lee, Club Member. ITA-ISO’s mission is to provide advanced information security services and expert security guidance to ensure the availability, integrity and confidentiality of the City’s information assets and resources. The ITA-ISO is recognized by stakeholders as a leader in cybersecurity by demonstrating technical expertise and operational excellence.

The ITA-ISO does this through four dedicated sections:

Integrated Security Operations Center (ISOC) –
maintains the City’s cybersecurity posture with three teams: Cybersecurity Intelligence (handles threat awareness), Risk and Vulnerability Management (works for proactive risk identification), and Security Information and Event Management (SIEM) Administration (real-time monitoring and analysis).

• • Manager: Daniel Clark Lee
  • Sr SOC Analysts: Eric Lee, Aren Tahmasian
  • SOC Analysts: Joanne Scott, Jaime Hernandez
  • SOC Analyst Assistant: Sydney Duong

Governance – Cybersecurity Awareness and Training Program (We Secure LA), Policy and standard management, Pathway Internship Program 

• • Manager: Cesar Alvarado, 
  • Program Manager: Dean Victoria 
  • Student Interns: Sean Bickety, Steven Sosa, Caroline De La Cruz, Daniel Ramos, David Moya, Payman Kavousi, Yahyaa Parise

Security Admin and Project Management Office – Administration (budget, purchasing, personnel, contract, grants), ITA-ISO project management, compliance administration

• • Manager: Yukari Iwai
  • Grant Management Specialist: Kellye Ross

Special Project Coordinator

• • Manager: Madeline Dia

Everyone Has a Role to Play

While the teams listed above work full-time on cybersecurity, the reality is, all City employees are part of the Cyberthreat Prevention Program. Every City employee plays a critical role in preventing and responding to a cyberattack. The cybersecurity team requests that City employees complete their annual Cybersecurity Awareness Training and notify the ITA-ISO team if you see anything suspicious.

Thank You

The Club thanks Maryam Abbassi, Assistant General Manager, Club Member; Daniel Clark Lee, Manager, Integrated Security Operations Center; and Madeline Dia, Special Project Coordinator, for their incredible assistance in setting up this important feature story. •

 

Cyber Sleuth Challenge We Secure LA cybersecurity outreach team sponsors annual Cybersecurity Awareness Citywide contest. Last November, Information Technology Agency again hosted its Cybersecurity Month, ending with a contest to crown the winners of the annual contest. READ MORE

 

Cat and Cyber Mouse

On April 3, Club CEO Robert Larios and Alive! editor John Burnes interviewed the “We Secure LA” team that manages ITA’s cybersecurity threat defense division – Ted Ross, General Manager and Chief Information Officer, Information Technology Agency (ITA), 21 years of City service, Club Member; Tim Lee, Chief Information Security Officer, ITA, 29 years, Club Member; and Dean Victoria, Sr. Systems Analyst I, ITA, 5 years.
Separately, Alive! interviewed Cesar Alvarado, Sr. Systems Analyst II, Governance Manager, ITA, 9 years of City service, Club Member, and wove his answers into this interview.

The Division

Alive!: Thanks for joining us today to talk about this very important subject – LA City cybersecurity. First, give us a brief summary of the path you took to get to your current position.

Ted Ross: I joined the City shortly after 9/11 from the private sector. I was passionate about working in government – I thought it could be a way to give back to my city and have a work/life balance. I started at Airports. I helped run their financial systems there. I then joined the Controller’s Office in 2008 to manage the $55 million financial management system project. And then I came to ITA in 2012 as an Assistant General Manager. It brought me to my current position.

I grew up in an engineering and technology family. I tried to be the black sheep and became an accountant! Next thing you know, I went from accounting to accounting software to enterprise software (HR, payroll, accounting, purchasing, etc.). Here I am, even more into technology than the rest of them!

Tim Lee: I started my career with the City at the Housing Dept. shortly after the Northridge Earthquake. The department had received a grant for post-earthquake rebuilding, and I was brought on as a Server Administrator. Back then, we wore many hats—handling everything from servers to desktop support.

From there, I moved to the Office of the City Attorney, then transitioned to the Information Technology Agency as a Network Engineer. Later, I took on a role at the Harbor Dept., and eventually returned to ITA, where I now serve as the City’s Chief Information Security Officer. It’s been a rewarding journey through several departments, each step building toward where I am today. 

Dean Victoria: I started at ITA in 2019 as a volunteer intern. I was able to self-study and get hired as an Applications Programmer, and then I was promoted to Systems Analyst in 2023. Last year I became a Sr. Systems Analyst by emergency appointment and then completed my permanent appointment this past January. I got a lot of support and a great team of managers who encourage me to keep growing, keep learning and keep building out my skill set here with the City of Los Angeles. I want to give a major shout out to Yukari Iwai and Madeline Dia. They have helped model the way to be an effective and efficient leader of technology here as well as laid the foundation for the future We Secure LA Team.

Cesar Alvarado: I worked for the Library Dept. for six years as a contractor doing desktop support. I had to leave the City because positions were frozen at that time, but I knew I wanted to work for the City then. I came back after two years as an Applications Programmer and Security Operations Center Analyst in the Integrated Security Operations Center (ISOC). While in this position, I was promoted to Systems Analyst, then to Systems Programmer. After being a Sr. SOC Analyst for a while, I was promoted to my current position as the Governance Manager.

How did you direct your career toward cyber security and We Secure LA? Where did your path lead you toward doing security work? 

Dean: I graduated from college in 2018. I was looking for different information technology positions, and I was very interested in cybersecurity as a profession because of the things you hear in the news. I have a business background from the University of California, Riverside. From there, I realized my passion really lies in this service. And because I have family members who work for the City, they recommended me to apply for this internship and see how I like it. I could have gone into private industry, but I learned very quickly that as a civil servant, it’s a privilege to serve. ITA is a supportive environment to grow as a professional.

Ted: Chief Information Officers (CIOs) are commonly asked the question, what keeps you up at night? The most common answer is cybersecurity. We’re in a world that’s increasingly digital. We use digital tools to do just about everything, so the importance of securing those tools is always top of mind. We need to cyber secure L.A. City technology so that these tools help employees protect our residents. Everyone at ITA understands the importance of cybersecurity. I even earned a CISSP credential, the highest U.S. cybersecurity certification, due to its importance. This topic is so important, even the General Manager is part of the team. 

Cybersecurity is a game of cat and mouse. Criminals try to take advantage of large organizations and hurt our residents. We can’t let that happen. Even other countries try to take advantage. Fortunately, we can defend ourselves. By equipping L.A. City employees, implementing the right kinds of tools, and building a culture of cybersecurity, we can protect employees and the public. 

Tim: I’ve observed technology evolve from networking via modem to dialup to the T1 for the entire City of LA. Now it’s fiber optic to move the massive amount of data the City is handling. How do you secure it? When I was the Network Manager at the Harbor Dept., I had an opportunity to get deeper into security to not only build the infrastructure, but also protect that infrastructure from cyberattacks. That was the first time I got into security. I started looking into cybersecurity for the entire City, with a strategy to coordinate security between all City departments to protect City assets and critical infrastructure. That vision eventually became We Secure LA. 

We’re all increasingly online, as you said, Ted, and so is government. Citizens increasingly access our government online. I would think that accessing our own government is going to require an increased focus on cybersecurity just to make sure that that connection to government is secure.

Ted: Absolutely. In 2018, I had the honor of being in Yinchuan, China, to discuss smart cities (cities that use technology). They showed a building that they were proud of because it could serve 15,000 residents in one day. In Los Angeles, we are doing the opposite. We are using apps and websites to keep residents from having to go to a government building whenever possible! Our job is to get everything online, highly accessible, and easy to use. That requires cyber security. It’s old-fashioned government to require people to travel to government buildings. Modern government says, “Don’t come to our building, let’s make secure digital tools available to residents on a smartphone or computer so that they can get what they need to get done when they need to get it done.” And that’s the modern digital experience the City of Los Angeles endeavors to provide every day. 

Yes, different perspectives on where government is going.

Ted: Yes.

Frameworks for Cybersecurity

Describe ITA’s cyberthreat protection and security blanket that you put around all electronics and communications. What is the current cybersecurity threat prevention program that ITA has in place? 

Tim: Our cyber strategy is based on the NIST cybersecurity framework. NIST – the National Institute of Standards and Technology, a federal framework for cybersecurity – is based on five core functions. Number one is to identify. We identify the City’s critical assets and infrastructure that we need to protect. Number two is determining the best ways to safeguard that infrastructure and sensitive data. Number three is detecting the threats when they come in – implement tools and processes to detect threats and unusual activities as early as possible. Number four is how to respond quickly and effectively when cyberattacks come in. And last but not least is the recovery. If you experience a breach, how do you recover and restore services efficiently from the destruction? Those guide us at ITA.

Then we build and follow Zero Trust architecture, which addresses human interaction. Human nature is one of the key pillars for cybersecurity. We identify the users with privileged access and critical data, to ensure their identities are verified and their access is limited to only what’s necessary. And after that, we assess the City’s endpoint devices, systems and computers – these are the things we need to protect with a zero-trust architecture. We make sure that when a user is trying to access the data, that every access request is legit. 

So, in short, the foundation of our cybersecurity program is a combination of the NIST Framework and Zero Trust principles. Together, they guide how we protect the City’s digital infrastructure from evolving threats.

Ted: It’s a globally recognized approach, and you’ll find very specific tactics within each of those categories. Awareness and training fit under those categories. Our security operations center and all of its technical tools are in there. We focus on protecting the software applications, the network, the data, and the human. L.A. City employees have seen our quarterly email phishing exercises where we try to trick you into clicking a link inside a suspicious email or our annual cybersecurity training. Within all of the categories Tim mentioned, we have many specific efforts to improve the cybersecurity of the City of Los Angeles, including some efforts that we can’t even mention. 

Dean: We need to protect the networks we use. We need to protect the software we use. We need to protect the data we have, and we need to protect the people who use those items. Within all of that, we have hardware and software that perform very specific cybersecurity functions. But most importantly, we have training and employees who help manage this whole operation. So we have very specific technical tools all the way to human beings just trying not to click on a link on an email.

Ted: It’s comprehensive. We have to protect applications that are hosted in the cloud. We have to protect applications that are hosted in a data center physically at the City of Los Angeles. We have hundreds of pieces of software that are accessible over the Internet. All of them need to be protected. We’ve got websites, we’ve got sensitive data, we’ve got 911 systems and public safety communications. There’s a long list of physical and digital items that require cyberprotection. And while some of the tactics can cross apply between them, some digital services require extra levels of defense since they are the most critical of software applications or data sources.

Tim: An attacker can use any one of those things to attack us. We must protect them all.

Growth

How much has the need for cyber protection grown?

Ted: It’s growing across a number of areas. It’s growing in the types of tools we need to use and maintain. It’s growing in the amount of data we need to analyze to find cyberattacks. Cybersecurity is sometimes like finding a needle in a digital haystack. The City generates almost 1 billion records every 24 hours, and we’re looking for cyberattacks within those records. In that way, every technology professional plays a role and is part of the cybersecurity team. Our programmers, our network professionals, our data center employees, and even our users who are just using email must be aware. When we start a new IT project, we always ask the question: What does it take to secure this? Everything and everyone is tied to cybersecurity in one way, shape or form. This has grown tremendously in the last 10 years. 

Tim: The bad guys are evolving and growing too. They’re relying on generated AI to craft all these phishing and automated attacks; they are more and more coordinated. If you look at all these recent data breaches to the public service sector, they’re all coordinated and AI-powered attacks. That means we also have to evolve to make sure we can cover all these things too.

Ted: Cybersecurity used to mean antivirus software on every computer and running a centralized firewall. That was sufficient. Now, cybercriminals are spoofing managers using AI to try and get employees to wire transfer them money. Last year, we even ran an AI workshop with the US Secret Service for all City employees called Preventing AI Financial Fraud. That topic had nothing to do with firewalls or email phishing. It shows you just how much this topic has evolved and will continue to do so every year. 

It sounds to me like every department within the City has to be increasingly aware of cybersecurity protections.

Ted: Yes. Cybercriminals often look for the easiest way in. When the tools and the firewalls and the technologies got better and better, then they started to target people. And so yes, the average employee at Building and Safety, at the Office of Finance, at the Department of Disability, as examples, are the ones being targeted. They’re actually also our greatest strength because if they’re cyber aware, if they remember their training, an if they’re attentive, they actually sniff out the scam and protect us as well as any of the fancy technology tools do.

Working Together

Is ITA responsible for the cyberprotections at all City departments, or do some departments cover their own?

Ted: We’re responsible for all Council-controlled departments. That means all of them except for Airports, LADWP and Harbor. However, we have very close relationships with our proprietary department colleagues and share real-time cyberattack data between us. 

Tim: We also formed a cybersecurity governance body called Cyber Intrusion Command Center, CICC. Ted and the Deputy Mayor for Public Safety co-chair that group. We coordinate that group with all Council-controlled departments. That group sets the vision strategy and roadmap for cybersecurity strategy for the City of LA as a whole. When we have a critical incident or critical attack Citywide, this group will come in to coordinate the cyberdefense. In getting ready for the 2026 World Cup and the 2028 Olympics, we need this group to coordinate across all City departments and with our federal partners. We take leadership on setting up the strategy and then the roadmap for overall City cybersecurity.

Ted: It used to be that if a cybercriminal attacked Airports or Harbor, it was all separate attacks. They could attack one at a time. But we now have an integrated security operations center and a shared mindset of “attack one, attack all.” Now, if you cyberattack one of us, we’re sharing that data in an automated fashion between each other so that we are truly operating like one City. While there may be different governance at Civic Center departments and Airports and Water and Power and Harbor, and they report to different people, there is a very close coordination and communication between cybersecurity teams across all these four groups.

Tim: The Integrated Security Operations Center is run by ITA. It functions much like the Emergency Operations Center for cybersecurity. It acts as a centralized “war room” for the entire City, providing real-time situational awareness – what’s going on, who’s attacking us and how do we coordinate to respond to that attack. That’s the role of the Integrated Security Operation.

Ted: With the 44 City departments, ITA is responsible for 41 of them.

History

When did cybersecurity start to become an issue? What’s the general history of LA’s cyberdefenses? 

Tim: When I started at Housing 29 years ago, there were no firewalls on the desktop computers. Not even every computer had antivirus software. From then to today, you can see all the demands and threats are increasing in parallel. Activity is moving up.

Ted: Some of us remember an era when we had to dial up to get to the Internet, right? 

I remember those days.

Ted: Exactly. Because people weren’t on the Internet continuously, criminals couldn’t get to our computers very easily. They had to try to get to us through virus-infected floppy disks or USB drives. As Tim said, when we started our careers, we had separated computers with little remote access. When they started to get connected to the Internet, that’s when cyberattacks really started to take off. Fast forward to today, with work from home, mobile devices, online shopping, social media, online banking, digital government services, artificial intelligence, etc. You can see why there was an exponential growth in cyberattacks and LA City cyberdefenses. 

Tim: Absolutely. Today, our Integrated Security Operations Center, operated by the ITA security team, analyzes more than one billion security events every day and blocks around four million cyberattacks within a 24-hour period.

Each month, we also detect and stop approximately 1,000 advanced malware attacks. These aren’t the kind of threats that traditional antivirus software can catch—these are persistent, highly sophisticated threats that require advanced detection and response capabilities. That’s the scale of the attacks we’re facing, and the level of protection we’ve built over the years from my early days at the Housing Dept. to now.

When you look at the data, it’s clear why human protection is just as critical. More than 90 percent of major data breaches stem from human error—someone clicks on a malicious link or opens a compromised attachment, and it triggers a ransomware attack. That’s why one of the core pillars of our security strategy is building a strong “human firewall”—empowering our workforce to be the first line of defense through awareness, training, and proactive engagement.

Ted: Imagine City employees in the 1990s starting to get computers. Then in the late ’90s to the early 2000s, they’re getting on the Internet. We started to add additional layers of security to protect ourselves from cybercriminals who were trying to access us.

One of the biggest issues for the City was that the 2008 Great Recession caused a tremendous reduction in staffing. ITA had around 850 staff members before 2008, but after the Great Recession, we were down to about 465. Areas like cybersecurity ended up getting cut. From 2008 through 2011, we had dramatically fewer people. To Tim’s credit and to the credit of other ITA staff, starting in 2012 through 2014, we started to get cybersecurity back at the top of the priority list. We replaced our firewall, our Security Incident and Event Management (SIEM) software that detects cyberthreats, installed endpoint protection and response software on every computer, and isolated critical assets. Then, there was the Sony Pictures hack [external to the City] that required us to start email phishing exercises, launch annual cybertraining for employees, etc. With the COIVD-19 pandemic, many employees were working from home and we started to add tools like Multi Factor Authentication, where you need to use your smartphone to confirm you are who you say you are. Each year, we add more tools to our toolkit to stay ahead of the cybercriminals. This evolution has been wild to watch, but it has become extremely important. Of course, we could never do this without the vigilance and mindfulness of all LA City employees. 

Relentless Attacks, Relentless Defense

Talk a little more about the number of attacks you’re defending against. It’s incredible. 

Tim: Yes, today, ITA’s Integrated Security Operations Center analyzes roughly one billion security events every 24 hours.

Ted: It’s a mind-blowing statistic. We have to consume around one billion digital events every day and find cybercriminal activity within it. Our tools scan network logs, system logs, user authentications, interface activity, et cetera. Through those billion events, we are looking for malware and cybersecurity attacks. Tim, within those one billion, what’s that number of automated attacks that we’re shutting down every day? 

Tim: We actively block between four to seven million automated attacks each day.

Ted: Four to seven million every 24 hours. Watching TV, you would assume a hacker is a young person wearing a hoodie and using a laptop at a Starbucks. But that’s not how most hacking occurs. Most hacking is automated. They use automated bots that scour the Internet. Tim uses the analogy they’re checking your door lock. So, imagine millions of automated bots walking up and down your street and checking your front door to see if it is unlocked. If the door is unlocked, they will come in and do something terrible that would impact City employees or the public. Our team is blocking four to seven million of these automated attacks a day. Thank God.

Tim: And those numbers only reflect the targeted, filtered attacks. We’re not even counting the random noise—if we included those, the number would be in the hundreds of millions.

Regarding those one billion events: For example, if a user mistypes their password three times, that would count as just one event in our system. So these are real, meaningful signals we’re monitoring continuously.

Ted: It’s growing, too. More apps, more websites, and more digital tools create more “attack vectors” for cyberattacks. However, the answer is not to go backwards and create fewer digital tools. We need to keep creating digital tools to benefit City employees and residents, but we must secure them at the same time. 

Tim: Phishing attacks alone have increased by more than 30 percent, and they’ve become far more sophisticated. We’re no longer seeing the obvious scams—we’re seeing well-crafted, highly targeted phishing emails, often generated with the help of AI. These emails look legitimate and are customized to the recipient, making them much harder to detect at first glance.

That’s why we rely heavily on advanced tools, automation and the expertise of our security team to identify and stop them. It’s a constant battle, and our team is working around the clock to stay ahead of these evolving threats.

Ted: Ransomware is still extremely popular. 

Tim: Yes, ransomware. We are seeing attackers increasingly target small and mid-size local governments. A lot of recent data breaches in the public sectors are local governments.

Ted: And a lot of email attacks. 

Tim: Email attacks, ransomware attacks, you name it. If you look around at the public sectors being breached, it’s all local. Attackers know these agencies manage critical infrastructure and sensitive data, but don’t have enough resources to protect these assets. Attackers change their tactics and strategies. That’s why we’re also constantly adapting with more coordinated defense strategies to match their tactics and techniques. It’s a neck and neck race between the attackers and defenders.

Where are the threats coming from?

Ted: Most of it is from organized crime because it’s become lucrative. Then you have a small percentage of young folks who download something from the Internet and are just experimenting with it. They are called “Script Kiddies” and they are not sophisticated, but can still be a threat. Sometimes world events create a surge of Hacktivists. They are not trying to defraud the City of Los Angeles, but are trying to send a political message based on local, national or world events.

And then you have sophisticated nation-state attacks from different regions of the world. These are full-time employees working for rogue nations. Sometimes they are trying to steal money for their nation, sometimes they’re trying to steal secrets that their government can use, and sometimes they are just probing our defenses to gain an advantage if they have a future conflict with the United States. 

The ITA has worked with the CIA, the FBI, the Dept. of Homeland Security, the US Secret Service, and others. We don’t share personal information about employees or residents, but we do share information about the cyberattacks we see.

Tim: It doesn’t matter who the attackers are. They either want to steal your data or disrupt your service or business operations, or they want to destroy your brand or your image. Or just for the financial gains.

Do you find these attacks as mostly indiscriminate, or more targeted?

Ted: Plenty of both, I would say. Kind of a mix. The more sophisticated ones tend to specialize. 

Tim: Yes, the more sophisticated attacks are definitely targeted and persistent. We call them advanced persistent threats or APTs.

Ted: They try the front door, they try the back door, they try the window, they try to get a ladder. Thankfully, our actions over the last ten years have been effective. The fact that we have not been in the news is a good sign we have been doing something right. However, we take this day by day. I’m extremely thankful to the work that Tim and the ITA cybersecurity team has been doing. I’m thankful for the leadership of our Mayor and City Council. And, I thankful to all technology professionals at the City of Los Angeles. This isn’t just some game; if we get this wrong it has huge consequences for City employees and the public. 

Team Approach Vs. Burnout

With the growth of cyberattacks and the relentlessness of them, is staff burnout an issue? 

Ted: Yes, it’s a very persistent job that never seems to end. It’s not just one opponent, but there are thousands of different threats. We have to monitor our teams to avoid staff burnout. Teamwork is key. Like a relay race, one team member is running while another team member needs to rest and vice versa. Only this relay race is also a marathon with no foreseeable end. So, we need to count on each other. We have to pace ourselves because we need to protect not only today, but next week and a month after, and three years from now. That takes stamina and vigilance. But, this team is up for the challenge.

Dean: We have certain deadlines that we set for ourselves. But what I like the most in the Information Security Office is that it’s a team effort. We balance things with each other. Can we take on this question, or can we set aside time to plan for this initiative? What’s really great is that with that teamwork, we have leadership that’s also very supportive and gets us what we need in terms of timing, support and communications across different departments. A lot of that comes down to good management and making sure that we have a team that’s really working together.

Every City Employee Plays a Role

You’re critically important in the City. But are you well known? 

Ted: I believe the ITA Security Office is well known, but people don’t necessarily recognize it. For example, everyone gets our suspicious emails, known as email phishing exercises, and we try to get them to click on a link. If they click through the suspicious email, we warn them to avoid this and the harm it can do. But they may not always realize that these come from us. We do mandatory annual cybersecurity training, we do monthly email newsletters, we do virtual presentations with special guests. One time I was down at the Harbor and an employee was staring at me and said, “You look familiar.” And I said, “Was it the annual cybersecurity training video?” And they said, that’s it!

With that said, we always want more visibility and more attention for this message. Living in a digital age, cybersecurity has become a critical issue for our time. We are not looking for credit, we just want City employees to be prepared for cyber criminals both at work and at home. We’re like the old Vidal Sassoon commercial: We don’t look good if they don’t look good. We just want them all to be cyber safe.

Tim: I totally agree with Ted. Users know and trust the We Secure LA Team. They take our communications very seriously. We can tell by the amount they report back before the training sessions, and then after. Their trust level is improving. The behavior change is noticeable.

Do City employees play a role in protecting the City from cyberthreats?

Cesar: This is a resounding yes! Every City employee plays a role in cybersecurity, including the ones who do not use computer devices, such as gardeners or truck drivers. These employees need to be trained on social engineering tactics, such as: what to do if they receive a fraudulent call (vishing) or text message (smishing); recognize if someone is trying to trick them into… revealing sensitive information (pretexting), or understanding physical security such as not letting someone piggyback into a building after badging in.

Ted: City employees are stewards for the City data they have and for the digital tools they use. We need everyone to understand that they play a critical role. I’m responsible, they’re responsible. What we do at work can affect millions of people in Los Angeles. I can make a bad decision with a suspicious email that can ruin the life of other people I work with or members of the public. We all need to take our annual cybersecurity training seriously. We all need to be vigilant and mindful, especially around suspicious emails, phone calls, websites, downloads, or text messages. Everyone is a frontline defender. Every employee is our eyes and ears. If they see something and it looks out of place, please let your cybersecurity professionals know.

Tim: Cybersecurity is ongoing. It’s not a one-day or one-time thing. Think before they click: When employees open up an email, think about the bigger picture or bigger purpose. All City employees are part of this team.

Ted: IT professionals do a lot to cyber protect us, but they can’t do everything. It’s really important for every employee to know that they play an essential role for securing the City’s digital tools and networks. 

Training Programs

Tell us about your cybersecurity training program.

Cesar: Sure. Cybersecurity and Training falls under a program we call “ITA We Secure LA.” This program is designed to create a foundation of cybersecurity consciousness to City employees while at the same time providing them the skills needed to implement secure practices, such as what to do when they receive a suspicious email or accidentally click a phishing link.

We have a full calendar of activities and events during the year. For example: In January, we have a kickoff meeting with cybersecurity training coordinators from the different departments, send an initial newsletter City-wide, and kick off our first activity called Data Privacy Week. It’s a weeklong activity where we teach about safely handling data and safe online privacy. We also invite a speaker from top cybersecurity companies to present on data privacy.

In October, we have a monthlong activity called Cybersecurity Awareness Month (CAM) targeted to online safety. In this month, we touch on different topics and behaviors that we would like to train on. We align our training for this month to the National Cybersecurity Alliance (NCA) and Cybersecurity and Infrastructure Security Agency (CISA). Each week of the month, we bring well known cybersecurity presenters from NCA, CISA, DHS, FBI, and other agencies; send newsletters; provide information; and motivate employees to be cybersecure. The CAM ends with a ceremony where we provide letters of commendations to cybersecurity training employees who go above and beyond to acquire a high completion rate of the mandatory cybersecurity training, as well as prizes and recognitions to employees who participate in all our activities during the year.

Ted: We can’t use City funds to pay for that prize, so we take up a collection from our own ITA managers because we feel it’s that important.

Dean: We awarded a laptop and an iPad.

Ted: It was a fast laptop too! We give away some good stuff.

Cesar: Other activities that we offer during the year include: running mandatory cybersecurity training to all non-proprietary departments, send out bi-monthly newsletters, offer bi-monthly presentations called “Cyber Office Hours,” manage quarterly simulation phishing exercises, and produce an end of year report.

Dean: Cybersecurity training is mandatory. Notices are sent out to all City employees. We also offer bonus training to different departments that want to take specific training that caters to them. For example, Personnel wanted anti-phishing training to dive deeper into that topic, so we launched assignments for them.

A Passion for Security

What do you love about what you do? 

Dean: The We Secure LA team loves when we hear feedback from people about our newsletters, about our activities that we offer. We want to hear exactly what threats you see. Are there any suspicious emails that you want to report? Do you agree with the topics that we want to train on? Do you have more things you want to see that you want to hear about, for example, the safe use of AI or AI tools, or how to very simply construct a strong password.

But more specifically about my team, everybody’s great and supportive, and it’s always a pleasure to work with people and put out something that people like.

Do you like the fact that you’re protecting people?

Dean: Absolutely. We’re moving in the right direction for our mission, which is to build a more cybersecure culture.

Cesar: I believe that we all love to think that our work and efforts make a difference in the lives of others. I certainly do, but it is receiving feedback like this one that assures me that our group’s efforts make a difference. This feedback was received shortly after we sent one of our newsletters describing Toll Road texts [texts claiming to be from a toll road operator with a fee requested] as a tactic being used to phish users:

“Just wanted to compliment you on the information you send! I got a Toll Road text and it just so happened that I had been in NorCal and had used a Toll Road recently as I was waiting on the bill to come in the mail. I almost clicked on it … but then I remembered what you all had said about that scam and deleted the text. I waited for the bill and paid it online at the official website. Thank you for all the awesome info!”

Ted: That’s great to hear, and that’s an important message: The lessons we learn at work, we should apply them at home. Pay attention to your training and spread the word to family and friends. Let’s keep cybercriminals from getting rich off of our identity or data. Take care of yourself and take care of the City of Los Angeles at work. It’s a win-win.

Tim: I love two things about this work: First, cybersecurity is science and art. It involves using cutting-edge tools and technologies, which I’m passionate about, and it also requires teamwork and collaborating with people. And the second major thing is being part of the bigger mission. What I do daily protects critical City services for four million residents. That sense of purpose motivates me and keeps me going. I love technology, I love strategy, and I love contributing to something that really matters. That makes me love what I do daily.

Ted: Problem solving. It’s a challenge to understand and outsmart motivated cybercriminals. I joined the City after 9/11 to help give back to Los Angeles. I believe government has an important purpose and role. It’s kept me here for more than 20 years. We have hard working Police Officers and Firefighters for physical public safety. At ITA, we have hard working cybersecurity professionals who provide digital public safety too. In our modern era, that has become increasingly important. 

I love the continuous learning and the innovation of this job. There is always something new to learn. The world’s changing, and we have to change with it. That keeps the job interesting. 

Very, very good. Tim, Cesar, Ted and Dean, thank you so much for taking the time to share your story and the details about what you’re doing with cybersecurity; it’s a fascinating topic. And thank you on behalf of all of us here at the Employees Club of California for your dedication and service.

Ted: Thank you for recognizing the hard work of our ITA Security Office. And thank you for publishing all of the great work that many different City employees and departments do. Alive! plays a very important role in our lives.

Tim: Thanks.

Dean: Thank you. •

---

BEHIND THE SCENES Club COO Summy Lam (in background) photographs ITA General Manager and Chief Information Ted Ross, Club Member, and Club CEO Robert Larios in ITA’s Integrated Security Operations Center downtown. Foreground: Joanne Scott, System Administrator.