Cybersecurity Leadership In Action

Nelson Gonzalez, Assistant Innovation And Technology Director / CISO

Nelson Gonzalez is a seasoned professional with over 15 years of experience in network design, telecommunications and cybersecurity infrastructure. Currently serving as the assistant innovation and technology director/CISO at City of Coral Gables, he specializes in managing complex networks and highly regulated cybersecurity environments. Fluent in both English and Spanish, he has a proven track record of working across diverse industries and managing critical, large-scale projects.

In an exclusive interview with Govt CIO Outlook, he shared his invaluable thoughts on telecommunications and cyber security infrastructure.

Key Responsibilities In A Dynamic Role

I wear many hats in our 25-employee department, where we manage government operations, including police and fire services, and run the Emergency Operations Center (EOC). It’s a large and diverse portfolio of services.

On a typical day, I am involved in tasks ranging from assigning budgets and funding for company improvement projects, which could include remodeling a building or constructing a new one, to overseeing an outdoor project such as installing a hyper-physical system or expanding a fiber corridor. At the same time, I direct funding for cyber security initiatives, whether they are upgrades, overhauls, or urgent repairs.

It’s very dynamic, and I am still hands-on. If my team needs assistance, they come to me, and we collaborate, brainstorming solutions to tackle the problem.

Cyber Security Challenges And Infrastructure Management

Numerous concerns must be addressed in cybersecurity, with continuous improvement being a primary challenge. It is a 24/7, 365-day responsibility, and we continuously monitor the life cycle of the equipment, software, and technologies that support our cybersecurity infrastructure. This includes updating systems, performing proactive maintenance, and completely replacing outdated components when necessary.

We are in the final stages of a major infrastructure overhaul. Cybersecurity is at the forefront of our enterprise and smart city initiatives—an absolutely critical aspect, though its application varies. We manage cyber-physical ecosystems that generate data, often through small IoT devices. These devices can be complex in functionality, so we remain vigilant in monitoring their life cycles and maintenance schedules.

 

“We Continuously Monitor The Life Cycle Of The Equipment, Software, And Technologies That Support Our Cybersecurity Nelson Gonzalez Infrastructure”

To manage risk, we implement physical isolation. When physical isolation isn’t feasible, we use logical isolation. Regardless of the method, we aim to ensure these devices remain isolated from the broader enterprise network to minimize potential risks.

Strategic IT Asset Management And Cyber Risk Mitigation

We combine processes, people, and technology to address the challenges. A key aspect of our approach is IT AssetManagement (ITAM), which ensures a robust and wellmanaged lifecycle for software and hardware. Every purchase must be NDAA-compliant, and any equipment serving the police department must be on the city’s approved list.

We apply the same enterprise strategies to protect the organization from cyber-physical threats, ensuring they remain contained. We implement isolation through dedicated fiber optics or segmentation at every level. Each layer is segmented to prevent interference or reversals. Additionally, we apply logical rules on switches at the service point to prevent unauthorized traversal into the enterprise network.

For systems requiring internet access, we provide dedicated internet links and a dedicated firewall for that specific space, ensuring the traffic remains isolated and does not interfere with the broader network. This approach keeps the traffic on its island, minimizing associated risks.

AI Governance And Strategic Adoption For Productivity

AI is undeniably important, and our organization and many others focus on governance. There must be clear guidelines regarding which AI technologies the enterprise will adoptand how they will be used. As with any technology we implement, a comprehensive management strategy and governance framework must exist. This ensures employees understand what is approved, how to use it, and the processes for making requests.

Governance is not just about setting limitations; we must equip employees with the tools they need to succeed. We are currently in the process of testing AI for general use. We have been utilizing AI in key departments to enhance citizen services. However, our focus has not been on employee productivity—until now. With the rise of generative AI, we are starting to adopt it for productivity purposes, marking a shift in how we incorporate this technology.

Key Advice For Seamless Organizational Processes

Maintaining a balance between control and productivity is essential. When implementing AI, finding an application that meets our needs and is supported by a proactive, ongoing maintenance plan is crucial. There should be a clear roadmap for continuous improvement, much like we have for operating systems and other systems we use. The AI solution must be practical and widely applicable, ensuring employees can easily integrate it into their workflow. They will either avoid using it or seek alternatives if it’s too complex or fails to support their objectives.

Once the right AI solutions are in place, a blueprint that includes technology and governance is necessary. This blueprint should outline what has been tested, what works for the organization and how AI can be applied. It must also define the process employees follow to request and implement it on their devices—whether a computer, mobile device or an IoT device for technicians. Additionally, robust security measures, including firewalls, must be in place. Above all, governance is key—just as we apply it to other areas, it must be at the core of our AI strategy.

AI

IoT

Firewall