Learn about how Imperva products help municipal institutions catch cybercriminals, improve election security, and keep local governments running smoothly.
2019 was a tough year for government cybersecurity.
More than 70 state and local governments throughout the United States found themselves targeted by ransomware, with high-profile cases like Atlanta and New Orleans making national headlines. According to Barracuda Networks, two out of every three ransomware attacks in the United States targeted a government institution.
City and county-level institutions are especially vulnerable, and few people know this fact better than @Jason Park, an Imperva community member who works with the County of Los Angeles’ Internal Services Network Security. We reached out to Jason to learn more about the role that Imperva plays keeping the country’s most populous county, which encompases the country’s second-largest city, safe from cyberattack.
Introducing Jason Park
Jason’s career began in application development, then to server administration, and eventually advancing to network administration. Cybersecurity has always been a fascinating topic for him, and became his career focus after taking his first Certified Ethical Hacker course more than 15 years ago. He has been working with Imperva WAF technology since 2012.
The first week Jason started using Imperva WAF technology, he found someone hacking the County’s election database through an application vulnerability. That person was caught and charged with election fraud. This success paved the way for a rewarding career working alongside the Los Angeles County District Attorney, the FBI, and Homeland Security.
Jason has led the development of custom policies designed to meet Los Angeles’ unique needs. Imperva’s Cloud WAF solution is a relatively new addition to the County’s security infrastructure, distributing County applications through Imperva’s content delivery network and offering strong DDoS mitigation in the process.
The Imperva community is an important place for Jason, who draws inspiration from the exchange of ideas and takes advantage of the opportunity to learn new things from other security professionals.
When he’s not working, Jason enjoys bean-to-bar chocolate making. There is a degree of technical precision required to find the right beans, roast them to obtain a specific flavor profile, and have a perfectly-made chocolate bar as a product. The entire process rewards detail-oriented rigor, much the same way cybersecurity does. His latest creation is called gianduja, a delicious chocolate-hazelnut nougat that originates from the Piedmont region of Northwestern Italy.
Jason Park on the Cybersecurity Industry
Asked about what he enjoys the most about cybersecurity, Jason compares the process to a game of cat-and-mouse. There is a persistent thrill in learning to consistently one-up your competition, and always learning how to develop better security practices in order to keep people and systems safe from novel threats. The dynamic nature of the cybersecurity landscape makes it a place where it’s impossible to get bored.
If Jason were to get started in the cybersecurity industry today, he would focus more on honing his programming skills to keep up with the fast pace of technical development in the security industry. Like many security professionals, Jason sees a serious gap between the security knowledge of professional technicians and professionals outside the cybersecurity industry.
Jason’s biggest mantra is “Smartly designed, orchestrated, layered security should be the #1 priority of any security professional. Pulling the data together and acting on that data is crucial in the modern world.”
Jason Park’s Imperva Tips and Tricks
One of the things that Jason Park does to improve the security workflow for the County of Los Angeles is remove public remote access to the WordPress login pages under his supervision. Only trusted or known hosts can access these pages, making WordPress a far more viable platform than it would otherwise be.
Jason’s security environment has a large surface area, and it takes a great degree of communication to make sure the Security Division is made aware of new WordPress instances being hosted by members of the County government. If people associated with your organization are creating WordPress instances that are external to your environment on a hosted platform, that’s the weakest link in the entire security system.
He warns that even though removing remote access to all but trusted or known hosts limits the ability to create public blogs, the benefits of protection against WordPress attacks and web scraping makes it worth it in all but the most extraordinary cases.
#AllImperva
#ImpervianSpotlight#champion