IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New Seattle CISO Talks Data Security Agility, Adaptability

Seattle's acting CISO was hired in a permanent capacity, and says that when it comes to data security, the government's responsibilities increasingly align with those of the private sector.

The city of Seattle has filled its chief information security officer (CISO) vacancy -- Chief Technology Officer Michael Mattmiller today announced that Bryant Bradbury, who has served as acting CISO for about one year, officially has the position. 

Mattmiller, who was hired in June, noted the importance of the CISO role. “Bryant has proven himself while serving in the role on an acting basis for the past year. His skills and knowledge are well-suited to continuing to serve the city in this role,” Mattmiller said in a press release.

Bradbury has more than 25 years of experience in the technology sector, including private-sector service in the insurance, commercial software, airline and air cargo industries, and public service tracing back to 2007 when he began with the Seattle Fleets & Facilities Department. Bradbury joined the Seattle Department of Information Technology in March 2013.

Bradbury said he’s honored to be charged with such an important role in Seattle. “There’s roughly 12,000 employees in the city of Seattle and a million-plus constituents," Bradbury said, "and they all look to this office to do the right thing for the right reason every day from a security standpoint, and I take that responsibility very seriously."

Doing the right thing from a security perspective means focusing his efforts in a few key areas, Bradbury said, one of which includes building on the city’s IT security foundation and adhering to best practices.

“Using or deploying best practices is a very dynamic, very ever-changing kind of environment,” he said. “That’s one of the priorities that I’ve got, to move the needle a little bit farther, keep making improvements, and making sure that we are able to adapt to whatever comes along.”

Bradbury also noted that cities like Seattle are businesses, and so the responsibilities of government increasingly align with those of the private sector when it comes to data security.

“Our aspiration is to be as agile and as responsive as we can be, and to make sure that we can kind of anticipate what the trends are and, to some degree, that’s where we focus some measure of our attention is looking at the threat landscape, for example, and trying to assess based on what is going on what may be coming at us as a result,” Bradbury said. “Best practices, I have a sense of what that’s going to mean in the long term. In the short term it basically means staying aware and figuring out what’s going on in the world and reacting as quickly and as appropriately as we can.”

Continuing the work of his predecessor, Michael Hamilton, Bradbury said the city will build upon a regional data sharing program Hamilton designed. The program, called PRISEM, will soon be renamed, Bradbury said, to avoid confusion with the infamous PRISM surveillance program led by the National Security Agency.

The Seattle region is home to Boeing, Amazon, Microsoft, Costco, military installations, government offices, and the University of Washington, making the region a significant target for cyber-attacks.

“We do information sharing within this region to identify if a particular threat that’s seen is something that is it being targeted at a particular entity, or is this something that is more distributed? Is everybody seeing the same threat?" he said. "So keeping those connections and broadening those connections, approaching this more regionally rather than just from the city standpoint [is another focus]. Because if somebody is going to get attacked, [it's] likely we all are." 

In February, Hamilton explained the project at a local conference. “This cybersecurity monitoring and real-time alerting system is the only one of its kind in the country,” Hamilton said of PRISEM in a statement. “It processes event logs for seven cities and counties, six maritime ports, and others. An analyst, who works with the monitored jurisdictions to respond to security problems, continuously monitors the system. Funded by the Department of Homeland Security, this unique, visionary effort is expected to form a model for similar systems in other states.”

Bradbury’s new title with the city was effective Oct. 22.

Colin wrote for Government Technology and Emergency Management from 2010 through most of 2016.