b'A two-year-old California law requires each of some 120 state agencies to have an information security officer, but not every agency ISO is well-versed in IT security.'