Ron JimersonPort of Seattle, Chief Information Security Officer
Resourcing Information Technology
21 October 2021
Port of Seattle Information Security Department
OverviewThe department provides strategies, operations, and controls for protecting the Port’s information systems and sensitive data while increasing business resiliency.
Key Objectives• Identify: Increase the Port's cybersecurity posture by
minimizing security risks• Protect: Consistently implementing and evaluating key
controls• Detect: Evolving threat intelligence, partnerships, and
employee behavior modeling• Respond: Reduce incident response recovery times and
effect on business services• Recover: Lead enterprise-wide IT security business
resiliency and investment strategies
2
2021-2023 Priorities
3
Governance• Policies & Standards• Compliance & Audit
Reporting• Communication &
Partnerships• Privacy Management
Risk Management• Risk Assessment- Software/Hardware- Capital Projects
• Gap Analysis • Change Management• Identity and Access
Management
Operations• Incident Management• Threat & Vulnerability
Management• Threat Intelligence • Business Continuity &
Disaster Recovery• IT Project Support• Legal/HRO Investigations• Vendor Management • Awareness Training• Forensics Oversight• IT Security Architecture
Key Functions
4
HOW DO I DO BUSSINESS TO THE PORT OF SEATTLE
• Businesses should have their marketing materials updated and designed to relate with Port of Seattle business functions
• Register your business on VendorConnect – Port’s contracting database
• Register to attend a PortGen – These are Port of Seattle training workshops
• Look at our Future Solicitations
• Email the Ports Diversity in Contracting
Ref: https://www.portseattle.org/business/bid-opportunities5
Potential IT & Security Contracting 2022
IDIQ Contracting for Enterprise Management System
IDIQ Contracting for General Services
IDIQ for Incident Handing
IT Security Assessment & Consulting
*IDIQ = indefinite delivery/indefinite quantity
6
Future Procurement Opportunity Summary
Report Capture Date: 10/15/2021Division Category Future Procurement Name Port Contact ROM Planned Ad Qtr-YrAviation Consulting Services WIFI IMPROVEMENTS PLB Mayo, Sofia TBD 1 Quarter-2022 Aviation Consulting Services Access Controls in Communications Rooms Martinez, Carmen $2-3M 1 Quarter-2022 Aviation Consulting Services TELECOMMUNICATIONS MEET ME ROOM - Design Mayo, Sofia TBD 1 Quarter-2022 Aviation Consulting Services KEYS FOR CARD READERS Mayo, Sofia TBD 4 Quarter-2022 Aviation Major Construction Telecommunications Meet Me Room Dilbert, Kyle TBD TBD Aviation Major Construction ARFF Dilbert, Kyle TBD TBD Central Services Goods and Services Peoplesoft IDIQ Sadler, Krista TBD 4 Quarter-2021 Central Services Goods and Services Wireless Frequncy Scanning IDIQ Jaquez, Clarence TBD 4 Quarter-2021 Central Services Goods and Services Virtulization Design and Install Services IDIQ Krutenat, Joe TBD 4 Quarter-2021 Central Services Goods and Services SAFE Upgrade Sadler, Krista TBD 4 Quarter-2021 Central Services Goods and Services Security Information and Event Management System Contract Authorization Jimerson, Ron $1M 4 Quarter-2021 Central Services Goods and Services Smart Restrooms Hale, Ken TBD 4 Quarter-2021 Central Services Goods and Services WiFi Upgrade Equipment Sadler, Krista TBD 4 Quarter-2021 Central Services Goods and Services Sea-Tac International Airport (STIA) Network Redundancy Dawson, Jim $1-1.5M 4 Quarter-2021 Central Services Goods and Services DNS/DHCP Manager Dawson, Jim TBD 4 Quarter-2021 Central Services Goods and Services Certificate of Insurance Management Software Ron, Shai $250K-300K 1 Quarter-2022 Central Services Goods and Services Maritime Security Cameras Sadler, Krista $1-2M 4 Quarter-2022 Economic Development Division Consulting Services Diversity Barriers Analysis Rice, Mian $100k 4 Quarter-2021 Economic Development Division Major Construction Pier 69 Underdock Utility Replacement Chou, Fred TBD 4 Quarter-2021 Maritime Consulting Services Planning Services IDIQ Del Vento, Emma TBD TBD
7
Use Cautionary Sales Tactics
Keep in mind that IT & IT Security decision-makers are constantly being solicited
Unsolicited Emails - Often ignored and deleted
Cold Calls- Can be burdensome - Do your research and offer a compelling reason for your call- Product demonstrations require time and effort
We would prefer to find you through our database resources
8
IT Procurement Process
IT requirement established Business case Budgeting Procurement
Project Manager Assigned
RFPRFQ
Architecture Review
Vendor Selection
Proof of concept
ContractingLegal
Purchasing
Solution Implemented
9
Procurement ProcessDirect Buy Goods & Services < $50.000
Three Quote Goods & Services < $150.000
Advertised Competitive Process Goods & Services > $150.000
Direct Solicitation Goods & Services =/> $150.000 Targeted to select vendors
Intergovernmental Cooperative Agreements RCW 39.34
10
Things to Consider
• Data handling, storage, and sharing
• Parameters for interfacing with Port information Systems (remote access, etc.)
• Incident handling obligations/expectations
Reference: NIST Security Standards
11
Integrating Services
*Federal mandate of Contract Management Capability Maturity Model (CMMI) is not required
SaaS and Cloud services- Security assessments are be conducted- SOC 2 considerations - Access control considerations
On Premises Services- Security assessments are be conducted- Access control consideration
12
Terms of Agreement
Network Connections. VENDOR agrees to allow the PORT to perform network assessments based on a schedule mutually agreed upon by the parties. In the event a network connection is created between VENDOR and the PORT, VENDOR agrees to maintain an alert status regarding all vulnerabilities and security patches or corrective actions by subscribing to an industry-recognized service.
……if VENDOR, at any time during the life of this Agreement, is granted remote access to the PORT’s network, or is telecommuting in any capacity, then such VENDOR will be subject to additional data security requirements of the PORT.
13
14
Questions
14