State Office of Cybersecurity

Related links

Cybersecurity polices


OCS provides strategic direction for cybersecurity and protects the state government network from growing cyber threats. The office's team of cybersecurity experts, detect, block and respond to cyberattacks on state networks. The office helps prevent and mitigate threats before they can cause significant damage.

In addition, OCS works with state, local government and military agencies to build more secure networks and has teams that can respond on a moment's notice to help agencies deal with cyber threats.

Our office also is working to make everyone more aware of cyber threats through educational outreach, holding public forums and providing tips and advice about how to stay safe online.

Our Vision:

Establish Washington state's Office of Cybersecurity as a model and national leader in the protection of information assets.

Our Mission:

Promote and facilitate effective information security.

Value Proposition:

Ensure a high degree of information security in the daily activities of Washington state agencies, commissions, workforce members and partners (private and public) while supporting their business operations.

State Chief Information Security Officer (CISO)


Ralph Johnson

As Washington state's Chief Information Security Officer (CISO), Ralph Johnson is responsible for establishing and leading the strategic direction of cybersecurity and advising the state Chief Information Officer (CIO) and agency leaders on key cyber issues.

Ralph oversees the Office of Cybersecurity and its team of cybersecurity experts who detect, block, and respond to cyber threats. The office also works to prevent and mitigate future risks through proactive steps to continually strengthen the state's security posture.

Since 2005, Ralph has held several positions as CISO. He supported the Los Angeles Times and the San Diego Union-Tribune through his position as CISO of NantMedia Holdings LLC. He also has served as CISO of Los Angeles county in California and King county in Washington. In King County, he held a dual role as the county's Privacy Officer. His breadth of knowledge as a Holistic Information Security Practitioner (HISP) and more than 28 years of experience in information technology provides a foundation of excellence in managing risk.

Directory of OCS services:

  • Security engineering: The Security Engineering design review process provides agencies with a security assessment of their new or updated systems. OCS works with agencies to validate that their security controls and processes are in compliance with the state's IT security policies and standards. Contact:
  • Security Operations Center: The OCS Security Operations Center, using a suite of enterprise platforms works to proactively identify threats and alert agencies. The OCS Computer Incident Response Team (CIRT) works with impacted agencies to determine the severity of the incident and assist with remediation and restoration of services. Contact:
  • Cybersecurity Risk Assessment: This service targets the need for a consistent, repeatable assessment methodology. Organizations use cybersecurity risk assessments to identify, estimate and prioritize risk resulting from the operation and use of information assets. The purpose of cybersecurity risk assessments is to inform decision-makers and support risk responses by identifying the potential impact of a threat exploiting an information system. Contact:
  • Small Agencies: The WaTech Information Security Program provides Information Security Services to WaTech and supported small agencies. WaTech and our supported small agencies benefit from a centralized security service that provides dedicated security analysts, vulnerability management of agency assets, risk and security assessment assistance, and state security compliance assistance. Contact: