Effective Solutions Through Partnership

Category Archives: Public Sector

Understanding IT Security and Cybersecurity Laws

Conferences, Cyber Security, Data Privacy, Government, Information Security, Information Technology, IT Security, National Cyber Security Awareness Month, Public Sector, Ransomware, Sacramento, Technology

By Jamal Hartenstein, JD, CISSP, CGEIT, PMP

(ISC)², a leading cybersecurity and IT security professional organization, is holding their annual Security Congress event in Orlando in a few months. At the conference, I will be presenting a panel called “Behind the Text: Laws on Data Privacy, Consumer Rights and Cybersecurity, Deconstructed.” Today I am sharing a little bit of insight into what I will delve further into at the (ISC)² event.

Data privacy and cybersecurity laws shape many aspects of an organization, from influencing the operational decisions an organization makes to the way IT security professionals do their jobs.

The purpose of data privacy laws is to provide regulatory compliance measures to protect personal data—depending on the industry, this could be the data of consumers, customers, private citizens, or others. Typically, the laws align with IT security frameworks (often created by academics or other experts) and companies write their data privacy policies to comply with laws and adhere to frameworks.

But, what’s missing? When you deconstruct the text of the laws that govern an organization’s industry—think private sector financial, health insurance, banking, etc.—you may find loopholes or obligations you didn’t know existed. Organizations can save themselves a lot of time and money by understanding the scope of their legal obligations.

Legislation is increasingly shaping the IT security professional’s field. Some laws that currently govern IT security have been on the books for 100+ years, but only recently have been interpreted to cover data privacy and cybersecurity violations. These changing legal interpretations, along with the new laws being put on the books, means that there’s a level of legal understanding that can be daunting for organizations and the security professionals they employ. Collectively, we need to dissect the wording used in the popular data privacy and cybersecurity laws and break it down so IT professionals can truly understand what we’re working with.

As an IT Security professional, I understand the threats, technology, and strategies to mitigate threats. Having a legal background makes it easier for me to understand laws that determine exposure to compliance obligations and laws that influence how I develop strategies. For example, when organizations comply with a deletion request, or “the right to be forgotten” (aka: of your own personal data records held with an organization), this can be an expensive process, especially if the data is on offsite backups and housed with third party data processors. But the law is particularly tricky with explanations on why, how, and when an organization must process a deletion request, or even if the request must be performed at all. Consequently, a lot of time and money can be saved if IT Security professionals understand the text of the laws.

Interested in learning more? During my discussion at the (ISC)² Security Congress, we’ll cover the following:

  • Identifying loopholes in laws. For example, whether you must comply with a consumer’s request to be “forgotten”/deleted.
  • Identifying widely unknown obligations. For example, the requirement to appoint an EU Representative under GDPR, distinguished from the DPO.
  • Understanding the rights of the consumers regarding data privacy provisions and IT security obligations.
  • Understanding factors used to determine whether you must comply with data privacy and cybersecurity laws…and to what extent.

Want to find out how to deconstruct and understand security law? Attend my panel at the (ISC)² Security Congress in October—I hope you see you there!

About the Author: IT Security Program Manager at KAI Partners, Jamal Hartenstein is a cybersecurity legal expert who has helped some of the country’s largest financial institutions, healthcare companies, and federal agencies develop their IT Security Roadmap programs. In his current role, Jamal provides guidance to executive staff and security professionals on laws, frameworks, and policies that help shape their strategic plan, and helps organizations innovate safely and securely. Prior to working for KAI Partners, Jamal served as an Electronic Warfare Sergeant in the U.S. Army Military Intelligence Corps, where he was a steward for Defense Information Systems Agency (DISA) framework. He earned his undergraduate degree from Georgia Military College and his Juris Doctorate from University of the Pacific, McGeorge School of Law in California.

Building a Business Community in Sacramento

Community Service, Conferences, Entrepreneurship, Event Recap, Innovation, Public Sector, Sacramento, Sacramento Metro Chamber, Small Business, Startup Company, Technology

Photo Credit: Sacramento Business Journal

By Lucie-Anne Radimsky, CSPO

KAI Partners is a community of diverse and talented individuals who believe in the value of service. We actively engage with our clients to find solutions that meet their goals and objectives. As a local small business, we are also involved in the Sacramento business community.

We recently attended business events hosted by the Sacramento Metro Chamber and the Sacramento Business Journal. We gathered alongside other local businesses at two unique and important events helping to raise the profile of doing business in the Sacramento region and celebrating local businesses’ successes.

It is truly mind-blowing what transpires in a room filled with people from disparate groups who enter quietly…and who are then asked to engage and lean into conversations that ultimately unite them. Not only does the volume seem to exponentially rise, but the feeling of hope and potential seems to take hold, permeating the room and the bloodstreams of those in attendance.

Competitors become partners, strangers become friends, and dreams become reality.

KAI Partners attended a members’ meeting at the Metro Chamber, which gathers local business representatives to reconnect with the Chamber and allows them to engage with other local business members and those looking to join. We participated in a group activity which sought to better understand the why regarding membership in the Chamber. The results are below, and I don’t think you’ll be surprised by the answers:

Most everyone in the room seemed to be searching for a more personal connection to others in the community—they wanted to be part of something bigger than themselves and realized that in order to benefit from this important resource, they needed to actively engage.

The Fastest Growing Companies event, sponsored by the Sacramento Business Journal, was slightly more glamorous and involved a sit-down lunch, but it too was built on community and focused on raising awareness around the success that many businesses—50 to be exact—are experiencing in the region.

It is interesting to note that the combined revenue generation of the top 50 companies exceeds $500 million—an accomplishment that we can all get behind considering these are mainly small- to medium-sized businesses.

This event was a reminder that we can all be successful. In the words of Bret Fair of 360 Risk Partners, one of the companies highlighted at the event, “Focus on what you do best and do it so well that people start to talk about you.”

On that note, let’s all get back to work and do what we do best—and let’s act on that. Did you attend either the Metro Chamber or Sacramento Business Journal events? What were your key takeaways?

About the Author: Lucie-Anne has over 15 years’ experience in communications and business development in the U.S. and Europe, on behalf of start-ups and non-profits. She has represented clients within the technology, energy, and telecommunications sectors to government agencies, press, and industry analysts throughout the world. Lucie-Anne has both American and E.U. citizenship. She is fluent in English and French. Lucie-Anne is an active community volunteer and has served on numerous non-profit boards and led alumni groups in Paris, Washington D.C., and San Francisco. She holds a B.A. in Economics from the University of California, Irvine. She currently resides in Sacramento with her Brazilian husband and two boys.

How to Hack into an IT Career (No hacker skills required!)

Cloud Computing, Corporate Training, Cyber Security, Digital Transformation, Government, Information Security, Information Technology, Innovation, Innovation in the Public Sector, IT Modernization, IT Security, KAI Partners, Professional Development, Project Management, Project Management Professional (PMP), Public Sector, Sacramento, Technology, Workforce Development

By Jamal Hartenstein, JD, CISSP, CGEIT, PMP

I recently had the opportunity to speak to a group of civil servants through the organization, NxtGov. NxtGov is a professional network for people working in California public service, and those who are interested in public service. According to NxtGov, “We want to develop this network into a platform for collaboration across government and other sectors to develop innovative ideas to improve government service and restore trust and pride in public service.”

To achieve their mission, NxtGov promotes training and advancement of current government workers and actively recruits new talent. NxtGov adds value with opportunities on how to find and apply to government positions and training on how to sharpen skills to promote within.

My discussion focused on improving understanding of the Information Technology workforce within the public sector, including information on the different certifications and skills-building that might be beneficial. With so many public sector agencies undertaking large system replacements and other innovation projects, skilled IT professionals are needed now more than ever. And, IT professionals with different backgrounds—like project management and change management—are just as much in demand.

Interested in learning more? Here are some Q&A on IT certifications and professional development:

  1. Do I need an IT certification? Considering all the letters behind my name, I definitely think certifications are valuable! Plus, certifications are often mandatory checkboxes when applying for government positions. Even if it’s not mandatory, a certification can indicate to employers your interest in and dedication to a particular industry. A certification can also validate years of experience and capability.
  2. Which certification do I need? First you need to determine which certification is most valuable to you and your goals. A certification is only as strong as the certificate authority and how you use your credential. Remember that earning a certification often allows you to gain access to and participate in a new online community with membership by the certification authority. Resources will become available that otherwise were not offered, which only aids in your continued development.
  3. Is a PMP® an IT certification? Short answer: Yes! Many of us have been involved in IT project management, but just didn’t know it. A PMP® credential is a valuable IT certification and as of July 2019, there are nearly 900 open project management jobs in the Sacramento region. (Bonus: The average IT Project Manager position pays upwards of $95K annually).

The future of IT in the public sector is great and growing. Whether it’s through cloud migrations, third party software replacements, or an innovation we haven’t even thought of yet, now is the time to start taking your professional development up a notch. For a sustainable IT career, you should keep up with new certification and training and make sure you don’t stay stagnant in a position that isn’t growing along with the speed of technology.

How are you navigating the IT changes in the public sector? Be sure to check out NxtGov to learn more about the important work they’re doing to help improve government services.

About the Author: IT Security Program Manager at KAI Partners, Jamal Hartenstein is a cybersecurity legal expert who has helped some of the country’s largest financial institutions, healthcare companies, and federal agencies develop their IT Security Roadmap programs. In his current role, Jamal provides guidance to executive staff and security professionals on laws, frameworks, and policies that help shape their strategic plan, and helps organizations innovate safely and securely. Prior to working for KAI Partners, Jamal served as an Electronic Warfare Sergeant in the U.S. Army Military Intelligence Corps, where he was a steward for Defense Information Systems Agency (DISA) framework. He earned his undergraduate degree from Georgia Military College and his Juris Doctorate from University of the Pacific, McGeorge School of Law in California.

Using Data and Semantics to Improve Public Sector Services

Continuous Improvement, Data Management, Data Science, Government, Healthcare, Information Technology, Innovation, Innovation in the Public Sector, IT Modernization, Public Sector, Sacramento, Technology

An Interview with Dr. Josh Morgan of SAS


We recently had the opportunity to hear Dr. Josh Morgan, National Director of Behavioral Health and Whole Person Care at software developer SAS, speak at the SAS Institute Inc.’s SAS California Users Forum.

Dr. Morgan spoke about how important semantics and data are to solving complex issues in the areas of health care, homelessness, corrections, the environment, and more.

We were particularly taken with Dr. Morgan’s insights on how we define things can determine how we review and analyze them. He emphasized that the way we speak about a problem influences how we look at it and address it. (Spoiler: Below, Dr. Morgan shares a great story about how changing semantics in a public outreach and engagement program led to improvements to the public agency’s services.)

After hearing Dr. Morgan speak, we wanted to learn more about the work he does and his passion for improving whole person care and for helping solve complex issues. Today we’re thrilled to share this interview with Dr. Josh Morgan!

KAI Partners, Inc.: What is your profession/day-to-day work?

Dr. Morgan: I’m a licensed psychologist currently working as the National Director of Behavioral Health and Whole Person Care at SAS. I provide consultation to agencies on how to identify a more complete, accurate picture of community need as well as the impact of services, ideally from a more holistic perspective.

KAIP: How did you get into this field?

Dr. Morgan: I was planning to become a film director originally, but wanted to more directly help people, so I pursued psychology (after exploring multiple other fields). My doctoral program emphasized strengths-based, person-centered work that also acknowledged the role of systems and structures in our lives (versus an individual in isolation). But when I started working full-time in the field, I got frustrated by all the things we weren’t allowed to do because it’s not a covered benefit or not in policy. Our health world is focused very much on reducing symptoms and just on the individual. I made the move into the analytics/evaluation side as a way to use data to advocate for better services, systems, structures, and policies.

KAIP: What is your favorite part about your work and why?

Dr. Morgan: There are two parts. The core meaning of my work is in helping advocate for more whole person care across the country. On a more practical level, I love getting to see the creativity of people around the country in doing so much with so little and finding answers to complex questions despite barriers. I really have fun being presented with policy and evaluation questions and figuring out ways to answer them and even enhance them with more complete, accurate information.

KAIP: Why do you do what you do/what inspires you?

Dr. Morgan: Making a difference in our policies, systems, and structures so more people get the care they need in a holistic way.

KAIP: How does data and semantics inform your work and how you approach problems?

Dr. Morgan: My dissertation was qualitative (on exemplar Muslim and Christian interfaith peacemakers), so I’ve long been a skeptic of quantitative data’s ability to represent human experiences and true outcomes. However, I’ve increasingly recognized we live in a quantitative world, and discrete numbers are really helpful for telling a story of broad impact. It’s easy to complain about the metrics we currently have, but I decided it was better to get a seat at the table and influence the metrics to push for more whole person, strengths-based indicators and data rather than just have it all imposed upon me.

This is core to a lot of my work, finding ways to be creative in meeting required, symptom-focused metrics while contributing more contextual information to tell a more complete, accurate story. I had a great team when I was the Chief of Behavioral Health Informatics at the San Bernardino County Department of Behavioral Health, and we found ways of even using claims data to get a more complete story!

In that role, I got to present at the SAS Analytics Experience conference and discovered text analytics and natural language processing. I talked the ear off the product manager because it brought me back to my grad school days with my dissertation and some computation linguistics work we did. Advances in technology are helping unlock narrative and qualitative data which, especially in behavioral health, is so rich and gives an opportunity to give an even more whole person perspective.

We can explore more robust mixed-methods designs by leveraging technology to present both quantitative and qualitative data. That’s truly more whole person analytics!

KAIP: Can you explain the intersection of data and semantics in the public sector, and why it matters?

Dr. Morgan: First, we need to remember that data is a very inclusive term. People usually think about structured, quantitative information when they hear the word data, but all information is data. This interview is data. Semantics usually refers to narratives, language, and other qualitative data. As my dissertation was qualitative, I deeply value and appreciate the richness that can be found in semantics. There’s human nuance that just cannot be captured in a quantitative way. Further, when we talk about things like health equity and civic engagement in the public sector, the voice of the consumer, the citizen, the patient, etc., is of paramount importance. Wouldn’t it be great to literally gain insights from the voices our public agencies serve?

The public sector is also unique in that it is the only institution that is truly responsible for all lives and making our communities better holistically. All other private entities have sub-segments, geographies, or populations.

Public agencies cross all industries. Therefore, there is a unique ability to gain a true whole person view into the community that no other institution can really gain.

In this way, though, I believe public agencies have a responsibility to get as complete a view as possible, meaning both quantitative and qualitative data.

KAIP: Can you give an example of using data and semantics to create policy and drive change in the public sector?

Dr. Morgan: When I was with the San Bernardino County Department of Behavioral Health, we developed a program to conduct outreach and engagement with “resistant, non-compliant” people. One of our evaluation metrics was pretty basic, looking at counts of outpatient utilization pre and post engagement. The first time my team ran the numbers, we showed dozens of visits in the year before engagement. But these were supposed to be those who weren’t in treatment because they were called “resistant and non-compliant.” Digging into the data a little more, we found the nature of the services was overwhelmingly crisis visits and assessments (often multiple assessments with different providers). People who are repeatedly seeking assessments and even crisis visits within a 12-month period are really hard to classify as “resistant.”

This started a conversation internally about whether our language in describing people was accurate in the first place. Then we were able to gain more context from the stories of the consumers served and the care coordination staff who engaged with these folks and even went to appointments with the consumers. Plus, we had focus groups and other narrative stories.

These stories (i.e., semantic data) gave context and insight into the quantitative data we saw, shedding light on the ways our system can be challenging to engage with. It started changing our semantics in describing people in need. No longer did we see these folks as “resistant and non-complaint,” but rather desiring help and facing legitimate barriers to care. That also led to quality improvement policy work to change our system to be more accessible. These insights are also helpful in larger policy conversations about how to engage the harder to reach, high utilization, and expensive populations. It may not be that the consumers need to change as much as the systems aimed to help them need to change.

KAIP: What questions should we ask ourselves to make sure we approach/analyze data in the right way?

Dr. Morgan: Who are we not including in the data? Who are we not including in the interpretation process? In the many conversations around biased algorithms and AI ethics, there’s increasing recognition that we can unintentionally have biased data and results by the absence of some populations. We may not be able to include everyone but attempting to do so is a start. It is critical that we are very clear and intentional about who is included and not included and that we are sure to avoid generalizing results to excluded populations.

What questions am I not asking? Too often I find agencies, especially in the public sector and health, not asking questions because we don’t know how to find the answer. Often this is because of a lack of data or a lack of a data platform to truly unlock insights.

I think people have more helpful data than they realize. There are ways to be creative in answering questions.

It may not be perfect, but proxies can be really helpful in getting at certain ideas. Just because you may not have a perfect methodology or result doesn’t mean you can’t do something to start getting at the information. You can caveat any results so they are not over-interpreted, but starting to explore the questions we stop asking helps get us to more whole person perspectives.

KAIP: How should data be used to inform and drive decision-makers, policies, etc.? How should it not be used?

Dr. Morgan: Data should be the start of the story and conversation and not the end. Some people approach results as the end-all-be-all, but interpretation and application is key. Stakeholder engagement in this interpretation process can gain additional insights and conversations that may not have otherwise occurred if we took data at face value. Data doesn’t just inform decisions and policies; it brings us all together to build dialogue and more compassion for each other by having greater insights into context.

We also need to be careful about “perfect” methodology. A danger in a lot of policymaking and decision-maker requests for data is a default to an academic-like approach. I teach on the side and have published, so I love the academic world. However, laboratory research often doesn’t translate to the messy real-life world, especially in health and particularly in public sector health and social services. I’ve seen a lot of evaluation projects and data initiatives stall because there was any level of data quality challenges or an inability to achieve extreme rigor in statistical significance. We don’t want to dismiss rigor, of course, but when we look at trends across populations, numbers don’t have to be perfect. I use the example of suicide rates and opioid use and deaths. They’re both broadly recognized as undercounts because of the way they’re underreported. But we can still tell when there’s a problem or a trend in a good or a bad direction. Don’t wait for data perfection to start using the data and even starting policy conversations!

Thank you, Dr. Morgan, for your fascinating insights on using data to public policy and public services. Now, for a little fun and games…

KAIP: What was the last show you binge-watched or what is your favorite podcast?

Dr. Morgan: Star Trek Discovery. I grew up on The Next Generation and wore a Star Trek uniform for my fourth-grade school picture, so I’m a long-time Trekker. I watched this series and then thought after Season 2 that my wife would like it, so we just binged both seasons in time for San Diego Comic Con! 🖖

KAIP: What are your favorite productivity or life tips/hacks?

Dr. Morgan: Mindfulness. I was exposed to this more deeply in my clinical work during an intensive training in Dialectical Behavior Therapy (DBT) when I led a program for adolescent self-injury. As I’ve done intro trainings on mindfulness and DBT, I’ve shared many of the mindfulness principles that have been more helpful in my personal life than in my clinical work!

One example is the principle of effectiveness. I can get stuck in considering what’s right or wrong and delay decisions. When I frame things in terms of effectiveness, it helps reconsider what the long-term goals of the work are and what will practically get us/me there. When I remember to be mindful in this way, I can get unstuck pretty quickly.

KAIP: What are your favorite digital tools/apps?

Dr. Morgan: I travel a lot, so I love my headphones. To the point of mindfulness above, I’ve enjoyed the 10% Happier app as a way to dive deeper into meditation approaches and principles in a scientific way. I also just started subscribing to Calm. It includes a lot of music tracks that are great for flights or even just focusing (or relaxing for sleep). The free chair massages in some airports are a great way to spend some layovers!

Pocket is a great app to collect articles I don’t want to read immediately and then read (often on a plane). I use Evernote for a variety of personal notes and OneNote for my work notes, especially since it synchronizes across my devices. I have an electronic notepad that I can easily take photos of in OneNote and have them on my desktop later.

I also rely on the Associated Press app for news alerts and catching up on the day’s happenings. Although reading the news in bed isn’t the best way to mindfully prepare for sleep…

KAIP: What is your favorite professional book and why?

Dr. Morgan: Tribal Leadership was a book I was exposed to during a leadership course. Its principles have stuck with me, as it talks about corporate and personal culture and values in a new way that can help identify congruency with your own values and challenge where you and your company are. It helps reshape ideas about competition. In the highest stage of development, we’re not focused on “winning” over someone else (meaning they lose), but rather, we’re going to compete with major human problems, like poverty, cancer, homelessness, etc. Winning isn’t about another company, but about moving our world forward. This book helped me evaluate SAS as an employer and was a reason I took a job with SAS—the whole Data for Good initiative is focused on these higher ideals, and we are actually able to make a difference in our world across industries!

KAI Partners is committed to helping find solutions and improvements in our community—we know this is imperative to achieving a stronger, more resilient Sacramento—and we are excited that Dr. Morgan shares this passion with us!

About Dr. Josh Morgan: As SAS’ National Director of Behavioral Health and Whole Person Care, Dr. Josh Morgan helps health agencies use data and analytics to support a person-centered approach to improving health outcomes. A licensed psychologist, Dr. Morgan was previously San Bernardino County Department of Behavioral Health’s Chief of Behavioral Health Informatics. His clinical work includes adolescent self-injury, partial hospitalization, and intensive outpatient programs, psychiatric inpatient units and university counseling centers. Dr. Morgan earned his Bachelor of Arts in Religious Studies from the University of California, Berkeley, and a PsyD (Doctor of Psychology) in Clinical Psychology with an emphasis in Family Psychology from Azusa Pacific University and is trained in Dialectical Behavior Therapy.

Bonus reading: Here are a few articles by Dr. Morgan that we found compelling:

Improving the User Experience with Product Management

Agile, Certified Scrum Product Owner (CSPO), Certified ScrumMaster (CSM), Continuous Improvement, Healthcare, Innovation, Innovation in the Public Sector, IT Modernization, Process Improvement, Product Management, Project Management, Project Management Professional (PMP), Public Sector, Sacramento, Scrum, Technology, Waterfall

By Jamie Spagner, PMP, CSM, CSPO

As a PMP, I have nearly a decade of traditional project management experience. I’ve worked on several projects and helped implement solutions into production using the standard waterfall methodology. With a very scripted plan, traditional projects have pre-defined scope and a definitive end.

Something I’ve recently started to work on is Product Management. In my current role, I am helping to plan the modernization efforts for a legacy system in the health care industry. The idea of Product Management is a relatively new concept for the public sector—it shifts the traditional way of thinking and is less prescriptive and more flexible.

You may be wondering how Product Management works, so I wanted to share my thoughts on Product Management in general, as well as some of its challenges.

  1. Product Management doesn’t stop. Product Management is customer-driven by nature—there is no fixed schedule or end date by which to release a product or system. Features are continuously added or tweaked to make the system or product function better for the end-user.
  2. Product Management is centered around the Agile approach. (Also true of some traditional projects.) Teams are self-motivated to determine how and when they’ll do the work. Product Management is not done in a vacuum—the development of the product is still structured using typical scrum tools like daily stand-ups and sprint planning.
  3. Product Management is not perfect. As with any new way of doing things, implementing a Product Management approach is not without its challenges. The idea of a product never being truly “finished”—because the product is continually improved to make sure it meets and exceeds customer needs—can be a tough concept.
  4. Product Management requires buy-in. Product Management often requires a culture change, as well. Coaching of executives and leadership is common—instead of directing their team, leaders should empower their teams to self-organize.
  5. Reporting Product Management’s progress. Another challenge of Product Management is reporting and being able to show progress against a plan. Since these are inherently waterfall tasks, there is a challenge in how to measure and show progress with a continuous process like Product Management. I believe using the tools of Agile can help in reporting and measurement. Developing a product roadmap, building a backlog, holding daily standup meetings, and overall accountability—you should trust in the agile process to develop and improve a great product.

Product Management is starting to be used more widely in public sector technology and innovation endeavors because it focuses on the people, processes, and technology. Product Management is a team effort to make sure a product thrives and meets the needs of the end-user community it supports.

Have you used a Product Management approach before? How is it working for you? Leave a comment and let us know!

About Jamie: Jamie Spagner is an Executive Consultant for KAI Partners, where she works as a Project Manager for a public sector health care client. She graduated from California State University, Sacramento with the Bachelor’s Degree in Communication Studies/Public Relations. She is a loving mother of a teenage son named Wyatt. In her spare time, she enjoys shopping, spending time with family/close friends, and working out.

next page »