The Office of the Chief Technology Officer (OCTO) is building its roster of industry leading professionals to steer the District of Columbia into a world class city in all sectors with the recent appointment of John MacMichael as DC’s new Chief Information Security Officer (CISO).
The CISO role is standard in business and over the last decade has become increasingly more common in government. In February 2016, the White House’s Cybersecurity Plan called for the creation of the CISO position for the federal government to be housed in the Office of Management and Budget. In DC, the District of Columbia’s Homeland Security Commission’s 2013 Annual Report called for the creation of a CISO position to establish and maintain a District-wide strategy and program to ensure the protection of Information management assets, and maintaining coordination with private sector counterparts.
After an extensive search, John was selected and brings nearly three decades of cyber security experience to the DC Government. A former Navy Captain, John was responsible for all strategic and long-haul communications and cyber security for the Pacific region while managing a team of 2,500 officers world wide and 1,000 at his base in Hawaii. He later served as Vice President with Charter Communications heading the data center migration project and then as Information Security and Compliance Director with Hawaiian Airlines.
Back at Home
Yearning to get back to public service, it was logical for this Alexandria, VA native to head back to the DMV area.
John plans to focus on many of the basics of Computer and Network Security which includes the National Institute of Standards and Technology security controls and the Center for Internet Security’s Top 5 CIS Controls as foundational steps. Additionally, John expects to see a larger emphasis on the development of a Risk Review Board and focusing on Governance, Risk, Compliance (GRC) as an integral method of managing risk. That said, John will work across government and the private sector to oversee and implement security policies and procedures across the District and throughout District Government agencies to help people and city government make smart risk decisions related to information security.
Already, John has received feedback from DC agencies that they “are looking for OCTO to be more directive in our Cyber Security policies.” To that effort, CTO Vemulapalli has a monthly Chief Information Officer (CIO) roundtable and John and his team are using that opportunity to communicate directly with agency CIOs to ensure our policies are aligned with business practices. In August, John hosted a CISO working group session with CISOs from New York City, San Francisco, and the Hague. The goal of this session was to develop a Cyber Security Resiliency Framework (CSRT) for the Internet of Things (IOT) as they apply to a SmartCity Framework.
If John’s credentials weren’t impressive enough, he also moonlights as a beekeeper. His fascination with bees, he says “stems from the multi-generational species planning and execution ability to build honey stores, live through the winter, come out on the other side and grow again.” His favorite is the female bees who do the work in the hive, and the queen bees significance in the rebuilding of future hives.
His hive at OCTO is a team of about 25 people broken into three groups: Governance, Risk, Compliance (GRC); Engineering Operations; and the Security Operations Center (SOC).
In addition to these professional goals, John has plans to accomplish his life goal next year: to surf the longest left break in the world located in Chicama, Peru. Surfs up, John!