FAIRFAX COUNTY VIRGINIA
DIT Security Awareness Day
2017 meaning that cybersecurity is a shared leadership responsibility, rather than leaving it just to the CISO.
“ We hold the entire organisation accountable, no executive exceptions, no silos and no disconnect between policy and practice,” Michael says.“ When leadership models the right behaviour, the organisation follows.
“ Doing more with less isn’ t easy but with clarity, collaboration and leadership will, it’ s possible. Fairfax is proof of that.”
It can be a challenge to balance the technical complexities of cyber defence with the need to communicate risks and protections to both county leadership and residents in an accessible way. In order to achieve these things, Fairfax County prioritises translation and trust.
Michael says:“ As the CISO of Fairfax County, I focus on building shared understanding with both county leadership and the public. When it comes to executive leadership, I translate risk in terms that align with their priorities: operational continuity, financial impact, service delivery and public trust. Connecting security decisions to mission outcomes is what drives investment and accountability.
“ For residents, it’ s about transparency without fear. We don’ t overwhelm people with jargon, but we also don’ t sugarcoat reality. We explain what steps we’ re taking to protect their data, how they can protect themselves and why cybersecurity is part of good governance.”
He highlights that this balance is possible because of strong leadership support within Fairfax itself.
fairfaxcounty. gov 11