Tim Schallfield, the city's newly hired information technology and systems manager, briefed the Finance Commission on Nov. 20 about cybersecurity and infrastructure resilience plans. Tim said the IT team aligned policies to NIST and CIS controls, ran a citywide cybersecurity awareness campaign with 100% staff participation, and executed a phishing exercise that produced a 2.6% click rate (well below industry averages) and a 57% reporting rate.

Tim described immediate steps: adding contractual exhibits for third-party cloud vendors to specify encryption, incident-response obligations and data disposition; implementing immutable cloud backups and a staged hardware refresh (roughly 20-25% per year) to address end-of-life equipment; upgrading network switches and firewalls; and rolling out multifactor authentication, especially for systems that access financial data. He also said the city plans a cybersecurity assessment by January 2026 to map gaps and prioritize remediation.

Commissioners welcomed the briefing and asked staff to coordinate on vendor contract language and to ensure critical finance systems are prioritized for multifactor authentication before cloud migration.