“It is an industry best practice to always have a third party come in and conduct a deep penetration test on your environment,” says Beto Juarez, senior vice president of IT and CIO, San Diego Housing Commission
“A company like CDW has the ability to leverage a vast array of tools, and the more that you can throw at a network to try to find vulnerabilities, the better prepared you are. We want to be able to withstand these attacks from all these different open-source and commercial tools,” he adds.
In San Diego, the assessment showed cybersecurity systems in good working order. “There were a couple of devices on the network that needed to have their firmware updated and things like that, but there was nothing that was in the red. We had some yellows and we had a lot of greens as well,” Juarez says.
San Diego’s housing agency is not alone in this approach. The Albuquerque Bernalillo County Water Utility Authority, for example, recently teamed with Cisco to conduct a cyber assessment of its digital controls on the operational side.
“We realized that we knew very well the security posture of our IT environment, but in the operational technology environment, there were a lot of unknowns,” says CISO Kristen Sanders. “We can’t protect what we don’t see. With the convergence of IT and OT, we needed to ensure that we were protecting both.”