There have been a lot of high profile cyber-related folks on the move recently with Chris DeRusha, the federal chief information security officer, leaving in May, and then Eric Goldstein, the executive assistant director for cybersecurity in the Cybersecurity and Infrastructure Security Agency in the Homeland Security Department, announcing his departure two days later.

While DeRusha landed at Google as its director of global public sector compliance, Goldstein waited until last week to announce his next job. He will be the managing vice president and head of cyber risk at Capital One.

“As with any role, transitions are essential. I’m thrilled that my dear friend Jeff Greene has stepped into the leadership seat for the Cybersecurity Division — there is no one better suited for the role,” Goldstein wrote on LinkedIn. “And I’m equally delighted to be starting the next phase in my journey at Capital One, where I’m joining an amazing team that is transforming the financial sector through innovation, scalable risk management, and a laser focus on customer experiences. I’m looking forward to new perspectives while continuing on our shared mission of keeping our country’s critical services safe and resilient against cyber risks.”

Greene came to CISA in May from the Aspen Institute where he was senior director for the cybersecurity program.  Prior to that, he was the chief, of cyber response and policy at the White House’s National Security Council from 2021 to 2022. He also worked at the National Institute of Standards and Technology for five years, for Symantec and was a senior counsel for the Senate Homeland Security and Governmental Affairs Committee for three years.

Along with the top level changes in federal cybersecurity, two more cybersecurity executives headed out the door.

Ross Foard, as senior engineer in CISA’s cybersecurity division, retired after eight years at the agency where he lead efforts on identity security and helping to shape the continuous diagnostics and mitigation program.

“It was a rewarding experience over the last eight years, on par with the eight years I spent as a U.S. Navy submariner at the beginning of my career,” Foard wrote on LinkedIN. “I have been honored to serve as a subject expert and elevate identity and access management (IdAM) and cryptographic capabilities across the federal civilian executive branch (FCEB) and beyond.”

Among the areas Foard helped lead included serving as CISA’s CDM program lead engineer and architect for IdAM capabilities.

He said this helped the CDM program provide identity management and privileged management capabilities to the largest federal agencies and establish the ability to understand who authorized users were by creating a master user record at each agency.

Additionally, Foard served on the Federal Mobility Group (FMG) Mobile Security Working Group, where he helped demonstrate how mobile devices can serve as important and secure sources of identity and enable phishing-resistant authentication.

Finally, Foard highlighted his time as the co-chairman on the Federal CISO council’s ICAM subcommittee.

White House leaders heading back to academia

Jake Braun is a fourth federal cyber leader to move on over the last two months. Braun, the acting principal deputy national cyber director in the White House’s Office of the National Cyber Director, is returning to the University of Chicago where he is a lecturer and on the faculty of the Harris School of Public Policy.

Braun was the executive director of the cyber policy initiative from March 2018 to February 2021 where he joined DHS as a senior advisor to the Management Directorate, which oversees all operations for the department.

He has been working at ONCD since June 2023 as what some would call the functional chief operating officer for the office where he oversaw the implementation of the national cybersecurity strategy.

“Helping run a startup in the White House has been one of the best experiences of my professional career. ONCD has accomplished so much in such a short period of time,” Braun said in an email statement. “I can’t thank the team at ONCD — especially Director [Harry] Coker and Kemba Walden — as well as President [Joe] Biden enough for giving me this opportunity.”

At the recent AFCEA TechNet Cyber conference, Braun spoke about the changes to ONCD over the last year, including growing to almost 100 people.

“One of the main things we are doing, and we haven’t had this before where there is one agency or White House office like ourselves whose sole job is driving federal cohesion on cybersecurity. We do that through implementation of the national cyber strategy. Nearly every agency in the federal government has some aspect of cybersecurity tied to their part of the Implementation of the national cyber strategy,” Braun said.

In a statement, Coker praised Braun’s dedication and efforts to improve the nation’s cybersecurity posture.

“From the beginning of the Biden-Harris administration, and even earlier, Jake Braun has been a fierce advocate for our Nation’s cybersecurity. At every opportunity, I’ve seen Jake be a champion for the implementation of the National Cybersecurity Strategy, rallying ONCD and our mission partners to collaboratively focus on achieving meaningful outcomes. I am especially grateful for Jake’s advocacy and action on behalf of our nation’s critical infrastructure owners and operators, helping them learn about and take advantage of the resources wisely allocated through the President’s investing in America agenda,” Coker said. “Along the way, Jake repeatedly heard organizations tell us they need two things: resources and trained workers. In every meeting, in every engagement, his focus on having an impact for those on the front lines of our nation’s cybersecurity has been unwavering — that’s leadership. I personally am grateful to Jake for not only his incredible leadership while he’s been here at ONCD, but also his guidance and friendship.”

Outside of the cybersecurity realm, one other federal technology leadership retirement that is worth mentioning. Terryne Murphy, who had been the chief information officer of the Railroad Retirement Board since August 2019, retired after more than 35 years of federal service.

“To my leaders along the way, thank you — I learned so much from you. Thank you for every opportunity to stretch and to grow, for your counsel, your cover, and your patience while I learned to get better at leading/serving!” Murphy wrote on LinkedIN. “To my colleagues, teammates, and my classmates, thank you — I learned so much from you, too. Thank you for the challenges and the tough lessons to always strive to take the high road and to give back better than what we received! I did my best to serve you all well.”

Rich Kramer is the deputy CIO for the RRB, but it’s unclear if he stepped into the acting role with Murphy’s retirement.

Along with her time at RRB, Murphy also worked at the Commerce Department for 18 months serving as the acting CIO for seven of those months.

She began her career with the Army as a telecommunications officer and after nearly 12 years of service, Murphy joined the civilian sector working at the Justice Department, the Homeland Security Department and the Census Bureau.

Beyond these departures, there are several federal executives who have found new roles in government.

For starters, Mike Wetklow, the deputy CFO for the National Science Foundation for the last eight years, is taking a new job at the IRS as its chief risk officer.

“I am excited to join an organization dedicated to public service and to help drive innovation, leverage data, and improve compliance processes,” Wetklow wrote on LinkedIn. “Most importantly, I look forward to collaborating with the talented team at the IRS and contributing to an environment where we can all thrive.

Wetklow also worked at the Office of Management and Budget’s Office of Federal Financial Management for four years as a branch chief and previously worked at DHS and the Government Accountability Office.

He also was the co-chairman of the CFO Council’s working group on improving the federal financial management workforce.

New leaders at HHS, Air Force

A second federal executive heading into a new job is Melissa Bruce, who is taking over as the deputy assistant secretary for the Department of Health and Human Services Program Support Center (PSC).

She joins HHS PSC after spending the last four years working in the Treasury Department’s Special Inspector General for Troubled Asset Relief Program. (SIGTARP) office. Bruce has been acting IG for the last 2-plus years. Previously, she spent 10 years at DHS in the management directorate and worked in the private sector.

Bruce takes over PSC after several turbulent years, including the cut back of its assisted acquisition services and controversial treatment of its leadership.

Finally, Darek Kitlinski is the new chief technology officer for the Air Force’s Manpower, Personnel and Services (A1). He comes to the service after spending the last almost two years as the chief of the cloud services division for the Army’s Enterprise Cloud Management Agency.

In this new role, Kitlinski serves as the senior civilian advisor on cloud computing, computer systems and information technology.

Kitlinski also has been CTO for the Defense Technical Information Center (DTIC) and chief technology advisor for enterprise architecture, cloud, cyber and governance for the Coast Guard.

The post People on the move: RRB CIO retires, IRS gets new CRO first appeared on Federal News Network.

• It didn't take long for Chris DeRusha to find his next job, after leaving as the federal chief information security officer last month. DeRusha is joining Google Cloud as the director of global public sector compliance. DeRusha was the federal CISO from January 2021 to May 2024. He will work with former CISA executive Jeanette Manfra, who is the global director of security and compliance. In his new role at Google Cloud, DeRusha will focus on the expansion of Google Cloud’s growing suite of products and services — across AI, cloud computing and security to the public sector. Besides being federal CISO, DeRusha has worked as the chief security officer for the state of Michigan and worked at Ford Motor Company.
  (Former Federal CISO DeRusha lands at Google Cloud - LinkedIn)
• The Department of Homeland Security is bringing in some new artificial intelligence talent. DHS has hired the first 10 members of its new AI Corps. The group includes a mix of people with government and industry backgrounds. DHS plans to hire a total of 50 experts into the AI Corps by the end of this year. They will help lead high-priority AI projects across the department. DHS has named some initial use cases for AI, including detecting fentanyl at the border, combating child abuse, and training asylum officers.
  (DHS AI Corps hires an initial 10 experts - Federal News Network)
• Despite a growing caseload, the Equal Employment Opportunity Commission is dealing with limited resources. Managing workloads for EEOC caseworkers is becoming all the more difficult as the agency is currently under a hiring freeze. That means when an employee leaves EEOC, for any reason, they cannot be replaced. The workload challenges are especially true for investigators dealing with discrimination cases: “The average is about 100 per investigator, but we have some districts where we are way north of that. That is a real challenge and something that I personally worry a lot about,” EEOC Chairwoman Charlotte Burrows said in an interview. EEOC is trying to work creatively and doing the best with what they do have, but Burrows said more resources are going to be necessary.
  (Interview with EEOC Chairwoman Charlotte Burrows - Federal News Network)
• The Defense Department’s new IT advancement strategy is a roadmap for better aligning information technology efforts across the entire department. The Fulcrum strategy, signed by Deputy Secretary of Defense Kathleen Hicks, focuses on investing in IT infrastructure and delivering innovative solutions, while prioritizing user experience. Leslie Beavers, the principal deputy CIO at the Defense Department, said the strategy “crystallizes” what success looks like for the DoD in the digital age. The DoD chief information officer office will release an implementation plan this summer.
  (DoD releases IT advancement strategy - DoD)
• The White House plans to conduct a hiring surge to fill open federal cyber jobs this year, according to a new progress report on the national cyber director’s workforce and education strategy. The report said the Office of Personnel Management’s “Tech to Gov” initiative has extended 150 job offers to experienced cyber professionals over the past year. While OPM plans to conduct another Tech-to-Gov job fair this fall, White House officials are working on a longer term plan to transition most federal IT jobs to skills-based hiring starting next summer.
  (Report on “National Workforce and Education Strategy: Initial Stages of Implementation” - Office of the National Cyber Director )
• Federal employees with Flexible Spending Accounts have not been receiving any reimbursement payments on their FSA claims since as early as June 16. Federal News Network has learned that the Office of Personnel Management made the decision to suspend all payments in an effort to strengthen the program's security measures. The decision came after a recent surge in fraudulent activity affecting hundreds of FSAFEDS accounts. But FSAFEDS enrollees are raising concerns and frustrations about the pause on payments. Many said there was no communication from OPM or FSAFEDS about the suspension. The pause on reimbursements, however, has been lifted, and enrollees should see payments resume soon.
  (FSAFEDS update - Office of Personnel Management)
• New data from the Government Accountability Office shows in fiscal 2023, agencies spent $60 billion more on acquisition than in 2022. GAO found total acquisition spending hit $759 billion last year. Civilian agencies accounted for $303.2 billion and the Defense Department spent $456 billion. In 2022, agencies spent $694.2 billion. But it is not just total spending that went up. GAO said agencies spent more on services, on products, and through OTAs (other transaction authority) last year. The one area where an increase isn’t good news is around competition. In 2023, GAO found an overall competition rate of 66%, which is 2% lower than in 2022.
  (Federal procurement spending tops $759B in 2023 - GAO)
• The Defense Information Systems Agency will release its 2025-2027 data strategy in the coming months. The goal of the current data strategy was to understand the data the agency holds and to start breaking down data silos. The agency will now focus on data integration, establishing data governance, and setting data-related policies. Before releasing the strategy, the Office of the Chief Data Officer is gathering input from senior leaders, as well as the emerging technology team.
  (DISA to release data strategy in the coming months - DISA)

The post DeRusha finds new Google gig after departing government first appeared on Federal News Network.

The Department of Housing and Urban Development is looking for a new chief information officer. HUD is now one of five major agencies looking for a new technology leader.

But unlike the departments of Defense and Health and Human Services, and the Small Business Administration and the Centers for Medicare and Medicaid Services, the HUD CIO didn’t actually leave the agency to create the job opening.

Beth Niblock, who has been CIO since July 2021, moved to a new position as senior advisor for disaster management. The reason for the opening is purely political. HUD decided to move the CIO’s position back to a career one from a political one.

“[O]ver the past few years, HUD leadership determined the department would be best served by having a career CIO to ensure steady and consistent leadership, and to better position the department to deliver high-quality, transformative solutions enabling HUD to deliver on its mission,” said a HUD spokesperson in an email to Federal News Network.

HUD posted the CIO job on USAJobs.gov in mid May and applications are due today. In the meantime, Sairah Ijaz will step in as the acting CIO until a permanent career leader is selected.

Political CIOs close to leadership?

The decision by HUD to transition the CIO position back to career from political isn’t that unusual.

Over the course of the last 28 years — January 2026 will be the 30^th anniversary of the Clinger Cohen Act — several agencies ranging from the departments of Commerce, Energy, Treasury and Transportation as well as the Environmental Protection Agency and others have flipped the position back and forth between career and political to suit the needs of the leadership.

But HUD’s decision brought up a long-standing and healthily-debated question of whether CIOs, especially at this point in time of history where technology is at the center of every agency’s mission, are better off being political appointees?

To many, the answer continues to remain as it has for the last almost 30 years: It depends. But what has become clearer than ever is the role of managing, implementing and securing technology puts the CIO and deputy CIO on a higher plane across all agencies. Thus, requiring the federal community to continually re-ask the political appointee question.

“How the agency positions the CIO’s role in theory versus practice for the best possible function is really a question of how the head of the agency and the culture of that agency sets that role up for success,” said Dan Chenok, the former Office of Management and Budget official who helped with the Clinger-Cohen Act and now executive director of the IBM Center for the Business of Government. “Given the ubiquity of technology today, what is the right balance? My own personal view is a political CIO is more likely to be close to the head of the agency, and a career deputy CIO gives you continuity.”

Finding that seat at the table

But that closeness doesn’t always result in a CIO’s success.

If you look at the January 2024 Federal IT Acquisition Reform Act (FITARA) scorecard as one measure of CIO effectiveness, agencies with career CIOs versus those with politically appointed ones faired about the same. Agencies with political CIOs — the departments of Defense, Energy, Homeland Security, Veterans Affairs and HUD — received the same mix of “B” and “C” grades as those with career CIOs.

Simon Szykman, the president and founder of Cambio Digital Transformations and former Commerce Department CIO, said the role of the CIO is inherently not one that strongly aligns with any political ideology.

“Ideally it should not be necessary to make a CIO political appointment in order for that person to support the agency mission, or even the political leadership’s agenda,” he said. “However, the flip side to the argument for career CIOs is that no CIO will be successful if they don’t have that proverbial seat at the table. They need to be able to operate, influence and impact decisions at the senior-most levels. It can be a challenge for career senior executives to fully operate as peers to political leadership, and this challenge can be dependent on agency culture as well the leadership tone set higher up in the administration.”

Many times an agency hires a political CIO because the secretary wants a specific person in that role. That was the case, for example, with Steve Cooper, when he worked at Commerce from 2014 to 2017.

For other agencies like VA, Congress required the position be presidentially appointed and Senate confirmed — one of the few that requires Senate confirmation.

HUD’s great strides

But even then, there is no guarantee of success.

“Moving the CIO to political or a career position is situational and based on the candidates available and what’s going on at the agency at that moment,” said Margie Graves, a former deputy CIO at DHS and federal deputy CIO and now a senior fellow at IBM’s Center for the Business of Government. “A lot of times the decision to bring on a political CIO may be because the secretary wants a specific person on board to do something specific. I would advocate for choosing the best person for the moment. It’s really no different than what you’d do in private sector. And the times I’ve see the decision fail is when the person has no background in the technology management discipline and no expertise. I saw a couple of those at DHS.”

Graves added, at least for the CFO Act agencies, she would prefer to have someone in the C Suite who is “hearing” those political conversations as opposed to someone who is relegated as an “outsider.”

HUD’s reason for moving the CIO back to a career position is not entirely clear. The spokesperson said Niblock and her team have made “great strides over the past few years” to modernize the technology and improve the cyber posture of the agency’s infrastructure. But the spokesperson seems to insinuate there may be some bumpy roads ahead.

“However, HUD’s IT only received 0.5% of the department’s fiscal 2024 budget, which is one of the lowest percentages across cabinet level agencies. HUD is continuing to work with its federal and congressional partners to build on the progress of the past several years, while also continuing to pursue the ability to leverage various funding flexibilities that other agencies are able to leverage, including a working capital fund for its IT needs,” the spokesperson said.

HUD’s IT budget for 2024 is $641 million, of which it is spending only $94 million on development, modernization and enhancement projects. The agency requested $540 million for IT in 2025.

The post Political vs. career: Role of CIO remains unsettled first appeared on Federal News Network.

Sherman has accepted a position as dean at the Bush School of Government at Texas A&M University, the same institution he graduated from in 1992 before becoming an Army air defense officer. He’ll start that position on Aug. 1, the school said in a statement.

“The spirit of service and focus on preparing students for the future they instilled in the school will be our guiding light as we look to the challenges the next generation of leaders will face,” Sherman said. “Liz and I are excited to get back home to College Station and beginning this next chapter in our lives.”

Defense officials did not immediately announce who would succeed Sherman in the DoD CIO role. One likely candidate, at least on an interim basis, would be Leslie Beavers, the office’s current principal deputy.

In a statement, Defense Secretary Lloyd Austin credited Sherman with leading the department through several major technology advancements over the past two and a half years, including a restructured cybersecurity approach through DoD’s first-ever zero trust strategy.

“Mr. Sherman has been a steadfast advisor and an innovative leader who has helped the department adopt and utilize modern information technology to keep our country safe,” Austin said. “His technical expertise has proven invaluable in tackling a variety of digital challenges. His focus on mission readiness has ensured that each of the services is equipped with both the capabilities and the digital workforce necessary for modern warfighting.”

Sherman spent most of his federal civilian career in the intelligence community, starting as an imagery analyst. He worked his way up through the IC over the next 20 years, including positions as the CIA’s deputy director for open source intelligence, and eventually as the IC’s chief information officer. He joined DoD as its CIO in December 2021.

At Texas A&M, Sherman will succeed retired Gen. Mark Welsh, a former Air Force chief of staff, as the Bush School’s dean. Welsh now serves as the president of the university.

“When President Bush laid out his vision for the Bush School of Government and Public Service and the importance of preparing new generations of dedicated public servants, he thought of people like John Sherman,” Welsh said. “John is a true public servant, having worked in government service his entire career, including 25-plus years in the U.S. intelligence community. He’s built an incredible professional reputation as a leader in public service and national security, but maybe more importantly, for how he treats others.”

The post DoD CIO John Sherman to step down at end of June first appeared on Federal News Network.

Through the pandemic, the IRS learned it can move with urgency. And now that the emergency has subsided, Nancy Sieger, the former IRS chief information officer, believes that lesson isn’t going to waste.

Sieger, who will retire on June 1 after more than 40 years of federal service, including the last one as the Treasury chief technology officer, said IRS is building on the IT modernization lessons learned over the past few years.

“I think technologists saved the day during the pandemic. As the IRS CIO, I had the opportunity to lead IRS efforts to ensure that services to the public were handled in the most efficient way possible. If you think back to that time, businesses shut down, cities were practically shut down, and our economy was suffering and human beings were suffering. IRS focused really hard to issue three rounds of Economic Impact Payments. I am most proud of how IRS leadership and employees rallied to get money to the people in this country who needed it the most,” Sieger said during an “exit” interview on Ask the CIO. “We had a principle that any new technology would be built in a modernized way. We were really good at relying on the older systems and delivering fast. One of the opportunities we had with the Economic Impact Payments, looking to the future, feeling like IRS might be called upon again to do something similar. We had to challenge ourselves to say that may be easy and fast to build upon old operations, but how do we do this in a modernized way so that it’s repeatable? There were three rounds of payments, each round of payments came faster and faster, culminating within 24 hours. The Economic Impact Payments and that processing were built using new tools, new testing methods, new quality assurance processes and built in a modernized way. If IRS has to do that again, the strong foundation will be there.”

Sieger said it took constant reminders to build the confidence of the developers and engineers to the point where she and then-IRS Deputy CIO Kaschit Pandya, who is now the agency’s CTO, met daily with the technology workers who were writing code and analyzing it.

“We often had to say to our folks, ‘no, no, you have my permission to do it this way. Not [the old] way. It was risky. We managed those risks,” she said. “But ultimately, it resulted in little-to-no rework. I would say to you, on behalf of Kaschit and myself, the hours we spent with a team doing this the way it needed to be done was very fulfilling.”

IRS can accept, manage risks

That experience has helped the IRS continue to launch modern services, such as the direct file application, launched in March across 12 states. The IRS said the direct file pilot helped more than 140,000 citizens file their taxes online and for free.

There are plenty more opportunities for the technology development lessons learned from the pandemic to continue to spread across the IRS. Commissioner Danny Werfel told lawmakers in April that the tax agency needs $104 billion for a multi-year modernization effort.

Sieger said the experience over the last three-plus years taught the IRS it can accept and manage risks differently than before.

“We took a lot of risks. We weighed those risks. We said, ‘the worst thing that could happen is this. What are we going to do when that happens?’” she said. “I think our greatest opportunity is not forgetting how we did that, and bringing that forward into future operations. I’m trying not to say don’t be risk averse, but I’m going to say it. Don’t be risk averse and accept measured risk; know what could happen, know how you’ll adapt, but let’s face it, in our personal lives, especially in the technology space, how many of us get an update on our smartphone that didn’t work. But we know the next day it will be updated and fixed. Now I am not suggesting something so aggressive in government. But I am suggesting that we look back to how the government served this country during the pandemic and bring some of those skills and learnings forward to be even more effective and efficient in government service.”

One of the biggest reasons for the IRS’ success, beyond the urgency of the moment, was the top-cover leaders gave the developers. Sieger said helping employees reduce the fear of failure and ensuring they know they are not going to be left behind should something go wrong was a huge factor in the agency’s success.

“At the time, it was Commissioner Charles Rettig who was constantly keeping his hand on the pulse of the employees, working with Treasury to ensure that we were delivering the payments and processing tax returns and the IT workforce knew they had support. They were constantly asked, ‘What do you need?’ Sometimes they would tell us what they needed. Sometimes, I saw what they needed, and they wouldn’t ask. There was a particular weekend where the team was working really hard,” she said. “This was not a case of the workforce being hesitant to do new things. This was a case of the workforce having the skills they needed to do this in the most elegant way, and once leadership let them know — from Commissioner Rettig through the different deputy commissioners to myself and all the front line executives at the IRS who helped them — they were able to get things done and help the country. It was an example of coming together at the right time in the right way for the right outcome.”

The post How the pandemic changed IRS technology for good first appeared on Federal News Network.

Federal News Network has learned Caron is heading to a new job in industry. The specifics about where he is going is unknown. His last day at ITA will be May 31.

Caron, who is well-known on the federal speaking circuit, has been the ITA CIO since February 2023.

Before that, he was the CIO for the inspector general office at the Department of Health and Human Services and worked for the State Department for 18 years, including the last two years as director of enterprise network management.

Caron also has played a big role in helping drive the development of zero trust concepts through the CIO Council’s Innovation Counsel for Zero Trust.

During his time at ITA, Caron focused on moving ITA to a more modern network and security infrastructure. For example, he implemented phishing-resistant multifactor authentication, in part, by sending each of ITA’s employees a “YubiKey” authentication device to meet MFA requirements.

“So we’re taking a lot of steps, we’re looking at some identity management things in order to mature identity management and automate our processes around that as well,” Caron said during a January 2024 panel.

He also has focused on ensuring ITA is managing its data so it’s protecting its most important and valuable data as part of its zero trust implementation.

Additionally, Caron said because ITA has been 100% in the cloud for several years, he has focused on understanding the costs of using cloud services and how to manage those costs.

“In the wake of the pandemic and the subsequent move to work from home, Gerry Caron was the right kind of leader at a critical time. Gerry helped galvanize the entire federal government around actual use cases for zero trust,” said Tom Suder, president of ATARC. “The effort led directly to several Technology Modernization Fund awards to agencies, specifically for zero trust that have been the model for funding cybersecurity.”

DISA executives move into new roles

Over the last few weeks, there also has been a few other noteworthy changes in the federal technology community.

Let’s start with the Defense Information Systems Agency where Sharon Woods, who led the agency’s hosting and compute center for the last almost three years moved to new role at the agency. She is now leading DISA’s Endpoint Services and Global Service Center.

“We deliver networking and endpoint solutions at all classification levels to the Department of Defense. This is a crucial mission, connecting the department’s globally dispersed workforce, from the Pentagon to the edge, with unified communications,” Woods wrote on a post on LinkedIn. “Incorporating my experience with cloud technology, I hope to drive modernization and propel J6 forward as the premier communications provider to the department.”

In her place, Jeff Marshall, who has been vice director of the hosting and compute center since February, is now acting director.

During her tenure as the head of the HACC, Woods helped usher the Joint Warfighting Cloud Capability (JWCC) through the implementation phase, launched DISA’s own hybrid cloud instance, called Stratus, and led the effort to provide a DevSecOps platform, called Vulcan, for DoD users.

Bill Dunlap, the acting deputy chief information officer for the information enterprise at the Defense Department, said on Tuesday at the AFCEA Enterprise IT Day that the defense agencies and military services have made 84 awards under JWCC worth more than $634 million.

Marshall joined DISA in February after spending the last 20-plus years in industry. He also served in the Army for 13 years before moving to industry.

New cyber execs at CTIIC, EX-IM Bank

Moving to the intelligence community, the Cyber Threat Intelligence Integration Center (CTIIC) hired Chris Zimmerman as its first director of the Office of Strategic Cyber Partnerships.

In that role, Zimmerman will “further the integration of commercial cyber threat intelligence in the IC and take an innovative approach to partnering with the public and private sector,” Laura Galante, the director of CTIIC and the IC Cyber Executive, said in a statement.

Zimmerman comes to CTIIC from industry where he held leadership positions with Symantec, FireEye, Palo Alto Networks, Cylance and, most recently, as President of FedStarts, LLC, where he led the deployment of software technology to enable stronger cyber defenses.

Finally, the Export-Import Bank has a new chief information security officer and new chief privacy officer. Darren Death joins the agency after spending the last nine years as the vice president of information security and CISO for ASRC Federal.

Death has worked in and out of government during his career, including stints at FEMA, the Library of Congress and the Air Force.

He also is active with cybersecurity education groups like InfraGard MD and is a fellow with the Institute for Critical Infrastructure Technology (ICIT).

The post ITA CIO Caron moving on to industry first appeared on Federal News Network.

CISA confirmed his last day will be in June, but didn’t say exactly when. A CISA spokesperson didn’t say who would be acting in his place after Goldstein leaves. Matt Hartman serves as Goldstein’s deputy.

Goldstein joined CISA in February 2021 from the private sector where he was the head of cybersecurity policy, strategy and regulation for Goldman Sachs.

In his role at CISA, he oversaw an assortment of initiatives to protect and strengthen federal civilian agencies and the nation’s critical infrastructure against cyber threats.

CISA Director Jen Easterly praised Goldstein’s contributions over the last few years.

“I could not be prouder of the work that Eric Goldstein has done to move CISA forward as an agency. He has helped catalyze a shift across the agency to data-driven risk reduction and built an inclusive team that has enabled CISA and our partners to confront the serious cyber threats facing our country,” Easterly said in a statement. “Under Eric’s superb leadership, we pioneered new models of operational collaboration, reshaped our ability to detect and address cyber risks and shifted the balance toward building technology that is secure by design. I consider myself fortunate to be Eric’s teammate and know that he will carry his dedication to a secure and resilient nation forward in his next adventure.”

Federal cyber leaders on the move

Goldstein’s decision to leave government comes two days after Chris DeRusha, the federal chief information security officer, announced his decision to move on.

The departures of DeRusha and now Goldstein are also causing several other changes across CISA. Mike Duffy, the associate director for capacity building in the cyber division, is taking a detail to be the acting Federal CISO. On top of Duffy’s leaving, even for a short time, CISA has also seen several other senior cyber leaders head out the door, including Sean Connelly, who led the federal zero trust and Trusted Internet Connections efforts.

Among his accomplishments during his time at CISA include leading an effort to create the first ever CISA cyber strategic plan last summer, which he said will fundamentally shift the way the agency works, how it prioritizes resources and how they work with their stakeholders.

During his tenure, CISA issued seven emergency cyber directives for agencies, including one in April around Russian hackers taking advantage of a Microsoft vulnerability, to address immediate threats.

Another big focus over the last three years was the Federal Enterprise Improvement Team (FEIT), which the agency funded through a portion of the $650 million CISA received under the American Rescue Plan Act of 2021.

This was Goldstein’s second stint in government. He worked from 2013 to 2017 at CISA’s precursor agency, the National Protection and Programs Directorate, in various roles including policy advisor for Federal Network Resilience, branch chief for Cybersecurity Partnerships and Engagement, senior advisor to the assistant secretary for cybersecurity and senior counselor to the undersecretary.

CNN first reported Goldstein’s departure.

The post Second senior cyber leader this week to exit federal service first appeared on Federal News Network.

Brian Epley, the principal deputy CIO at the Energy Department, will be the new technology leader at Commerce, Federal News Network has learned.

Epley replaces Andre Mendes, who left in in January to join Tarrant County, Texas to be its CIO. Epley will join Commerce on June 3.

Epley joined Energy in September 2022 as its principal deputy CIO and previously worked at the Environmental Protection Agency for six years as the deputy CIO and as the deputy assistant administrator for administration and resources management.

Multiple emails to Commerce seeking comment were not returned.

Epley has been in and out of government for his entire career. He served as the Homeland Security Presidential Directive-12 (HSPD-12) program director at the Department of Veterans Affairs from 2005-2007. He worked as a program manager at Northrop Grumman and CSC, and worked as a consultant for North Highland and for his own company InterSolve-IT.

During his time at Energy, Epley has led the CIO office’s day-to-day operations and assisted with the formation of the office’s strategic direction for the protection and modernization of IT, cybersecurity and data usage across the DOE enterprise.

Over the last two-plus years, Epley also led several specific IT initiatives. He helped moved the department forward to modernize its network and telecommunications infrastructure through the Enterprise Infrastructure Solutions (EIS) contract from the General Services Administration. In its April 2024 report, GSA says Energy has moved more than 80% of circuits to its new contract.

Additionally, Epley lead the effort to develop an artificial intelligence sandbox to safely test out capabilities and tools and led the recent project to establish a five-year enterprise license with Microsoft that is costing the department 19% less than previous contracts.

A third big focus areas for Epley over the last few years has been to update the Energy Department’s five-year IT strategic plan, which hadn’t been updated since 2022, and play a significant role in hiring the CIO office’s senior leadership team.

In coming to Commerce, Epley inherits a $2.9 billion IT budget, according to the Federal IT Dashboard. Of that, $2.1 billion is considered operations and maintenance or about 72% of all spending.

The dashboard also shows most of Commerce’s 98 major IT investments are in good shape, with 78 receiving a “green” rating, meaning low risk of failure. On the most recent Federal IT Acquisition Reform Act (FITARA) scorecard, Commerce earned a “C” grade, receiving low scores on its cybersecurity, transition to the EIS contract and its adoption of cloud computing requirements.

Epley also inherits a Commerce IT modernization strategy that has been focused on moving to software-as-a-service (SaaS) and a troubled financial management modernization project.

The post Energy deputy to take over as new Commerce CIO first appeared on Federal News Network.

The Office of Management and Budget confirmed DeRusha is leaving. Federal News Network also has learned that Mike Duffy, the associate director for capacity building in the cyber division at the Cybersecurity and Infrastructure Security Agency at the Homeland Security Department, will take over on an acting basis.

“Since day one of the Biden administration, Chris has been instrumental in strengthening our nation’s cybersecurity, protecting America’s critical infrastructure, and improving the digital defenses of the federal government,” said Clare Martorana, the federal chief information officer, in an email statement to Federal News Network. “I wish him the best, and know he will continue to serve as a leading voice within the cybersecurity community.”

Duffy will begin his detail next week, according to an internal email obtained by Federal News Network.

DeRusha joined OMB in January 2021, coming over from the Biden presidential campaign. He also worked as CISO for the state of Michigan and spent five years at DHS and two years as a senior cyber advisor for the White House.

OMB didn’t say when DeRusha’s last day would be nor where he is heading next.

“From the beginning of the Biden-Harris administration, and even before, Chris DeRusha has been a steady, guiding leader. As Deputy National Cyber Director with ONCD – while continuing his excellent work as federal CISO – he has been a trusted and valued partner,” said National Cyber Director Harry Coker, Jr., in a statement to Federal News Network. “Chris’s keen insights, experience, and judgement have been integral to the work we’ve done and what we will continue to do to strengthen our nation’s cyber infrastructure. I’m grateful for his commitment to the American people and to the Biden-Harris Administration.  All of us at ONCD wish him the very best in his next chapter.”

DeRusha has played a key role in advancing many of the White House’s cyber priorities, including the writing of and the implementation of zero trust strategy, and overseeing the federal agency responsibilities outlined in President Joe Biden’s cyber executive order, particularly around software security and applying phishing resistant multi-factor authentication.

Ross Nodurft, the executive director of the Alliance for Digital Innovation (ADI), an industry association and a former OMB cyber chief, said DeRusha’s impact across the government has been significant.

“Chris DeRusha, his teams at OMB and ONCD, and his partners at CISA and across the CISO community have made significant strides in making our federal government more secure and resilient. In many cases, Chris has guided federal agencies into security postures and architectures that are ahead of many commercial companies,” Nodurft said. “He has driven governance processes that prioritize risk management and helped make cybersecurity a consideration in the beginning of technology decisions as opposed to a bolted on afterthought.  The government will miss his leadership, energy and vision.  ADI is thankful that Mike Duffy will be stepping in to keep up the drumbeat of cybersecurity and zero trust implementation and modernization.”

Over at CISA, Duffy said Shelly Hartsook, the deputy associate director, would be taking over for him on an acting basis. During his tenure at CISA, Duffy took on several large priorities, including modernizing the continuous diagnostics and mitigation (CDM) program, helping agencies implement the zero trust maturity model and helping to stand up and advance several cyber shared services for agencies.

Duffy said in his email to staff that it was an “honor to answer the call” to be acting federal CISO and advance the administration’s cyber priorities during this time of change.

“Mike Duffy will do an outstanding job as the acting federal chief information security officer.  As associate director here at CISA, he has spearheaded efforts to evolve and operationalize our Continuous Diagnostics and Mitigation program, unveiled a new enterprise-wide approach to operational cybersecurity alignment, and led the expansion of CISA’s cybersecurity shared services to critical infrastructure,” said CISA Director Jen Easterly in a statement. “Mike’s vast experience, strong partnership acumen, and strategic approach to federal cybersecurity will make for a seamless transition and continue to drive sustained progress across the federal government.”

A former government official, who didn’t get permission to speak to the press, said Duffy is an excellent choice to be the acting federal CISO.

“I can only think of a few people who can hit the ground running as quickly and efficiently as Mike will in his role as acting federal CISO,” the former official said. “From continuing the modernization of the federal enterprise to collaborating with both domestic and international, private and public partnerships, increasing the focus on critical infrastructure and securing elections, Mike is well-positioned to lead the office.”

This story will be updated as more details emerge.

The post Federal CISO DeRusha leaving first appeared on Federal News Network.

• The Army's Chief Information Officer continues his march to revamp technology policy, with two new ones on tap in the coming months. The Army's next set of policy updates are around generative artificial intelligence and large language models, and the continuous authority to operate. Leo Garciga, the Army CIO, said the GenAI and LLM policy is weeks away. "It's really going to be focused around mostly data protection, and what we think the guardrails need to be and what our interaction between the government and industry will look like in this space," Garciga said, adding that the continuous ATO policy will focus on six critical controls. It is expected out later this summer.
  (Next Army IT policy update: GenAI, C-ATO - AFCEA NOVA)
• The Defense Innovation Unit launched a new emerging technology portfolio, which will focus on technologies including quantum, hypersonics, advanced materials and propulsion, microelectronics, nanotechnology and additive manufacturing. The portfolio will coordinate closely with National Security Innovation Capital, which funds companies developing emerging hardware technologies. This is DIU’s seventh portfolio. The portfolio’s first solicitation is already live.
  (DIU launches new emerging technology portfolio - Defense Innovation Unit)
• The Office of Personnel Management is brainstorming ways to make in-office work more appealing to federal employees. Things like special in-person events, team building activities and strategic planning sessions could help ensure in-person work makes sense, OPM Acting Director Rob Shriver said. At the same time, Shriver said OPM is also focused on bringing more attention to employees’ mental health and wellness, especially now in a hybrid work environment. OPM is looking to bridge together in-person opportunities and mental health awareness in the hopes of improving the overall employee experience.
  (From burnout to balanced: A conversation with the nation’s doctor - Office of Personnel Management)
• A watchdog report said breakdowns in leadership led to the Department of Veterans Affairs paying nearly $11 million in bonuses to career executives not eligible to receive them. VA’s inspector general office said the department gave critical skills incentives to more than 180 executives. But Congress authorized those incentives to retain in-demand workers, such as police officers, housekeepers and food service workers. VA said more than 90% of critical skills incentives went to eligible recipients and that it continues to recoup bonuses it shouldn’t have awarded.
  (VA improperly awarded $10.8 million in incentives to central office senior executives - VA OIG)
• The Federal Deposit Insurance Corporation (FDIC) is in need of "cultural and structural change" to reverse years of workplace harassment, discrimination and other interpersonal misconduct. Those are the findings of the Special Review Committee of the FDIC’s Board of Directors. The committee issued the report in late April, as requested by the FDIC board, after a scathing Wall Street Journal story in November found systemic problems with the workplace culture. In the report, the committee made seven recommendations, including developing a more transparent and timely process for communicating about workplace investigations, and implementing leadership and management training focused on creating a working environment that is psychologically safe.
  (Special committee concludes FDIC needs cultural, structure changes - FDIC.gov)
• DoD’s new software acquisition pathway has gone some way toward speeding up software development, but Defense officials said the procedures have not taken off as quickly as they hoped. To help speed up adoption, the assistant secretary of Defense for acquisition is standing up a cadre of software experts. Their job will be to consult with program managers on how to use the software pathway and adopt agile methodologies. Congress first ordered the creation of that team in the 2022 Defense authorization bill.
  (DoD stands up ‘SWAT team’ to help speed software acquisition - Federal News Network)
• Federal records requirements for UFOs are coming. The National Archives and Records Administration released guidance for information needed to create and manage the unidentified anomalous phenomena (UAP) records collection. The 2024 National Defense Authorization Act required NARA to establish the collection to make federally held information about unidentified aerial phenomena available to the public. Agencies have until October to review, identify and organize each UAP record in its custody for disclosure and transmission to the National Archives.
  (National Archives releases guidance on unidentified anomalous phenomena - National Archives and Records Administration)
• An in-depth Air Force study to Congress recommends moving all National Guard space missions into the Space Force. But pushing against the move are all state governors, a bipartisan group of 85 lawmakers and the Air National Guard. The 2024 defense bill required the Pentagon to examine the feasibility of giving the Space Force its own Guard component, leaving things as they currently are, or moving Guard space units to the Space Force. The study found that overall costs for all options are about the same and that the Air Force has the capability of executing any of those options.
  (Air Force study recommends moving Guard units into Space Force but opposition mounts - Federal News Network)

The post Army CIO Leo Garciga continues his march to revamp technology policy first appeared on Federal News Network.

OMB last week officially created the replacement for the Joint Authorization Board (JAB), called the FedRAMP Board. The new board will provide executive oversight and governance of the program.

An OMB spokesperson says the board, which is made up of seven people, including legislatively-mandated representatives from the General Services Administration, and the departments of Defense and Homeland Security, also includes representatives from the Department of Veterans Affairs (VA), the Department of the Air Force, the Cybersecurity and Infrastructure Agency (CISA) and the Federal Deposit Insurance Corporation (FDIC). Experts from GSA, DoD and DHS made up the JAB from the start.

“One of our key priorities in selecting members of the FedRAMP Board is to strike the right balance between retaining experience and institutional knowledge from agencies that were part of the Joint Authorization Board (JAB) while also including diverse agency viewpoints into the FedRAMP strategic setting process,” said Drew Myklegard, deputy federal chief information officer in OMB, in an email to Federal News Network.

New policy still in draft

OMB initially introduced the idea of the FedRAMP Board as part of its draft policy update released in October. The spokesperson didn’t offer any insight to when the OMB would issue the final memo.

But Federal CIO Clare Martorana said the new memo and related efforts come at a key time for FedRAMP, which is relying on guidance that is more than 10 years old.

“This is a pivotal moment to evolve the FedRAMP Program, aligning it with the dynamic cloud landscape of today and tomorrow,” Martorana said in a statement. “Our schedule included time for an inclusive and collaborative policy design process, where we actively solicited feedback from government agencies, industry, and the general public. By considering diverse perspectives, OMB will help to ensure that our new policy will stand the test of time.”

The Office of Information and Regulatory Affairs in OMB’s Regulations.gov website shows Martorana’s office received 290 comments on the draft guidance.

GSA today also added another piece to the FedRAMP revamp, making changes to the membership and chairperson of the Federal Secure Cloud Advisory Committee (FSCAC), which are effective May 15.

The FSCAC advises FedRAMP on the adoption, use, authorization, monitoring, acquisition and security of cloud computing products and services.

GSA named Larry Hale, GSA’s deputy assistant commissioner in the Office of Information Technology Category Management in the Federal Acquisition Service, the new chairman, and added two new industry members and extended two current committee members.

GSA established the FSCAC, which will hold its next meeting on May 20, in February 2023. Its recommendations complement the FedRAMP Technical Advisory Group, an advisory body of federal technical experts, as well as the FedRAMP Board.

Chairperson, vice chairperson to be named

While OMB sorts through the comments on the draft FedRAMP memo, it went ahead and replaced the JAB with new members.

OMB says the board CIOs, chief information security officers (CISOs) as well as a deputy CIO, whose focus is in engineering, and CISA’s technical director for cybersecurity.

OMB and GSA will each designate a non-voting member to be chairperson and vice chairperson of the board, who will manage its overall agenda.

The spokesperson said one of the board’s first actions will be to approve a charter that will finalize details around terms. In general, all members of the board will serve time-limited terms and are expected to rotate over time. DoD, DHS, and GSA will consistently have representation on the FedRAMP Board, as established by the FedRAMP Authorization Act.

The spokesperson says the board will have similar responsibilities as the JAB such as reviewing and approving FedRAMP policies and requirements. It will oversee the overall health and performance of FedRAMP, and will work within the federal community to expand the authorization capacity of the FedRAMP ecosystem

The board, however, is not expected to participate in the approval of individual authorization packages.

“We are currently planning the inaugural FedRAMP Board meeting.  The FedRAMP Roadmap and feedback from the Federal Secure Cloud Advisory Committee (FSCAC) will inform the board’s overall agenda,” the OMB spokesperson said. “The FedRAMP Board’s early priorities will include ensuring a smooth transition from the JAB and its provisional authorizations and any work in progress that directly affects customers, engaging with the federal community to increase the number of FedRAMP authorizations performed by one or more agencies, and working with the FedRAMP program to support updated performance metrics, greater consistency across authorization processes and continuous monitoring, and other FedRAMP roadmap initiatives.”

The post OMB forms replacement for FedRAMP JAB first appeared on Federal News Network.

Zscaler makes a key hire of a former federal technology leader to expand its global reach and influence.

These are two of the most recent federal executives on the move.

Eric Hysen, the DHS chief information officer, announced on Monday that Hemant Baidwan will be the new CISO, taking over for Ken Bible, who retired on March 29.

“Hemant has been instrumental in enhancing the department’s cybersecurity posture,” Hysen wrote in an email obtained by Federal News Network. “His background spans both the public and private sectors, where he has excelled in IT development, agile application deployments and strategic expansion globally.”

Meanwhile, Zscaler is hiring Brian Conrad, the former acting director of the cloud security program known as FedRAMP, Federal News Network has learned.

Conrad, who left the General Services Administration on March 22, will be the new director of field compliance authorizing authority liaison.

“We want Brian to own all the relationships with all the FedRAMP-type of agencies or organizations across the globe,” said Stephen Kovac, the chief compliance officer and head of global government affairs at Zscaler. “Many countries have similar organizations like FedRAMP, which act as an authorizing agency. Many are going down the path of secure by design as well, which we think will be huge internationally, so you’ve got programs that are maturing and may not be where FedRAMP is today, but all are trying to mature their processes. Brian has worked with all these folks over the years, but has been more of a friendly coach to many of these agencies. By him joining, this will allow us to build out global practice and build those relationships.”

Kovac said companies ranging from Japan to Singapore to Spain to India to United Kingdom are maturing their cloud security oversight organizations.

He said Conrad can bring a technical acumen to the conversation that will benefit Zscaler as well as the organizations themselves.

“From the earliest days of the FedRAMP program, Zscaler has been an innovator, working to ensure the federal government can deliver modern digital government services, securely,” Conrad said in a release. “Implementing a zero trust cybersecurity framework is mission-critical for every organization, and we must stay focused on separating the signal from the noise. I’m excited to join a team that aligns with my vision of building a secure global digital ecosystem.”

Conrad’s decision to join Zscaler comes after he spent the last five-plus years working for GSA. He was the acting FedRAMP director for the last three years.

GSA is hiring a new FedRAMP director and held information sessions about the position on Monday and today.

Before joining GSA and FedRAMP, Conrad was an officer in the Marines Corps where he worked the Marines Systems Command, the Marines Corps College of Distance Education and several other commands. After retiring from the Marines Corps, Conrad worked at Booz Allen Hamilton before coming back to federal service.

Similar to Conrad, Baidwan joined the government after spending the early part of his career in industry.

Baidwan has been the deputy CISO at DHS since 2021 and has worked in the CIO’s office since 2015 in an assortment of cyber roles.

He also worked at the Immigration and Customs Enforcement directorate as the governance and risk management section chief.

With Baidwan taking on the new role, Hysen said Antonio Scimemi will be the acting CISO. Scimemi has overseen the CISO cybersecurity assessments division and led the effort to develop the agency’s unified cyber maturity model.

He also was the deputy CISO and acting director of IT operations at ICE.

The post DHS hires new CISO; Former cloud security lead lands new job first appeared on Federal News Network.

Up until about a year and a half ago, the 16,000 employees who make up the Office of the Secretary of Defense were the biggest technology user base in the Defense Department that didn’t much resemble an IT enterprise. Collectively, the organization is bigger than the Space Force and many large DoD agencies, but from an IT perspective, the nearly two dozen entities that comprise OSD were largely left to their own devices — figuratively and literally.

But an enormous amount has changed since October 2022, when DoD created a new CIO position to unify 17 OSD staff assistant offices and four agencies into a coherent IT management structure. Most recently — just this month — everyone involved signed a memorandum of agreement to make clear all assigned roles and responsibilities.

“Over the past 10 to 15 years of IT efficiency and consolidation drills, there was a lot of movement of money and resources, but nothing was written down,” Danielle Metz, OSD CIO said during Federal News Network’s DoD Cloud Exchange 2024.

“Since we weren’t really united and no one viewed themselves as part of a collective, everyone had different expectations, different thoughts. And because we didn’t have a memorandum of agreement that articulated the common services that were going to be delivered by the service provider — and the price points and metrics associated with that — there wasn’t an understanding of whether what was being delivered was considered good, what was considered not so good and how to correct that. All of that needed to be sorted through. And so just getting that baseline is what we’ve endeavored on in the past 18 months.”

The service provider is the Defense Information Systems Agency, which has been delivering IT services to tenants inside the Pentagon and the National Capital Region through its joint service provider since 2015, when DoD ordered an earlier consolidation of its IT service providers.

Buying, managing IT services at an enterprise level

But until recently, each OSD organization has been on its own when it comes to ordering and implementing those services, depending on their needs, and figuring out for themselves how to use them.

“We’re now acting as an enterprise instead of individual fiefdoms, and that it works two ways,” Metz said. “One is that we have collective buying power, but we also are able to advocate for the resources that we all need and not just the piece parts by those who were able to navigate the Planning, Programming, Budgeting and Execution process on their own, which is what was happening. There were a lot of organizations that were struggling, and the whole point of a CIO is to democratize access so that we don’t have winners and losers.”

In its initial stages, beyond creating usage, spending and user experience baselines, Metz’s new office — part of the Pentagon’s Directorate of Administration and Management — has had some early wins in deploying common services to the parts of the DoD “fourth estate” that fall within the new OSD enterprise portfolio.

For unclassified email and collaboration services, all 21 of the organizations have now moved to DoD 365, the Pentagon’s cloud-based implementation of Microsoft 365. As of this month, all but one of those organizations has also migrated to their secret-level systems to the new classified version of DoD 365, eliminating the need for a hodgepodge of aging information sharing tools at Impact Level 6.

Migrating those systems to a single cloud environment also helps mitigate the network fragmentation DoD organizations have been creating for the last several decades.

“It doesn’t make those fragmentation issues irrelevant, but it helps us prioritize the fact that we do need to do some network simplification, both on our unclassified and classified networks. That’s what DISA has been leading with what they call DoDNet,” Metz said. “We’re working with DISA to accelerate their plans to have that in the Pentagon, so that you don’t have like a Pentagon local area network that’s kind of sandwiched in between all these other various networks, whether it’s classified or unclassified. We really do need to streamline and simplify the network because we have a lot of network outages. We have performance issues.”

Moving toward a single budget for OSD IT

Another major objective: figuring out how to create a unified IT budget for nearly two dozen organizations with widely varying missions, expertise and needs.

Metz said the most sensible way to provide for each organization would be to create a single working capital fund for the entire enterprise’s IT expenditures, rather than forcing each of them to plan their technology budgets via DoD’s arduous and rigid PPBE process.

“In that model, you’re using your crystal ball to assess what is the technology that we need to be able to implement, and then you have to get a lot of details to be able to come up with a funding profile over five years — but you’re doing it two years out, and you’re going to be wrong. And even if you have it programmed, if you’re operating under a continuing resolution, you don’t have access to those dollars. It really slows your ability to drive the important changes that need to take place. In a working capital fund or fee-for-service model, you’re able to make those capital investments and technology insertions a lot more gracefully instead of having to do big bang approaches — which we know in technology never ever works.”

Discover more articles and videos now on Federal News Network’s DoD Cloud Exchange event page.

The post DoD Cloud Exchange 2024: OSD’s Danielle Metz on moving from ‘fiefdoms’ to coherent IT enterprise first appeared on Federal News Network.

From the Education Department to the Homeland Security Department to the Air Force to the Defense Information Systems Agency (DISA), federal leaders are retiring or heading to new opportunities in the private sector.

Starting with the Education Department, Luis Lopez, the chief information officer since December 2022, is leaving on March 22 for a job with INOVA Healthcare.

An Education Department spokesman confirmed Lopez is leaving for the private sector.

“We are preparing for a smooth transition by posting the position before he departs,” the spokesman said.

It’s unclear who will be acting CIO when Lopez leaves. Education already put out the job announcement to hire a new CIO. Applications are due by March 14 so only a two-week opening.

Federal News Network has learned Lopez will be vice president of IT operations for Inova Health Care Services.

Lopez has worked in federal service since 2008 and been with Education since 2017.

In his short time as CIO, Lopez said in a recent interview that he set up a customer advisory council last summer to help explain to non-IT executives why the 2014 law matters to them and it’s more than just a technology priority. He also led the effort to consolidate and standardize the number of video teleconferencing and collaboration tools used by Education Department employees.

Along with his work at Education, Lopez also worked at the Defense Health Agency and the Walter Reed National Medical Center.

Joining Lopez in heading to the private sector are two other technology leaders.

Federal News Network has confirmed Drew Malloy, the technical director for DISA’s Cyber Development Directorate, and Robert Wood, the chief information security officer at the Centers for Medicare and Medicaid Services, also are leaving for new positions outside of government.

Malloy, who has been with DISA for 14 years and served in government since 2003, will join a small systems integrator.

Malloy has led DISA’s cyber directorate since 2020 where he oversaw the agency’s portfolio of cybersecurity capabilities, including identity and access management, the Joint Regional Security Stacks, cybersecurity situational awareness and zero trust.

He wrote on LinkedIn that he also “developed the modernization strategy for our network and security architecture in accordance with zero trust principles resulting in Project Thunderdome for the DoD enterprise.”

It’s unclear when Malloy’s last day will be or who will replace him even on an acting basis.

In addition to running the cyber directorate, Malloy ran DISA’s services development directorate and was the chief engineer for the Cyber Situational Awareness and Analytics Division.

He also worked at Naval Research Laboratory before coming to DISA.

CMS CISO Wood taking new role

As for Wood, who has been CMS CISO since November 2020, he will join a new venture with Sidekick Security, while also continuing to invest in and grow the non-profit Soft Side of Cyber.

Federal News Network has learned that CMS deputy CISO Keith Busby will be stepping up to lead the program until a permanent CISO is hired.

During his time at CMS, Wood focused on improving the culture at CMS around cybersecurity, building a security data lake to break down silos and advancing the technology strategy through cyber enablement.

Before joining CMS in 2020, Wood spent most of his career in the private sector working in cybersecurity positions with Cigital, Simon Data and N95.

Retirements at DHS, Air Force

Two other federal technology leaders decided it was time to call it a career.

Ken Bible, the Department of Homeland Security’s chief information security officer, and Eileen Vidrine, the Air Force’s chief data and artificial intelligence officer, have submitted their retirement papers.

Bible said his last day will be March 29 and has no firm plans for his post-federal life.

“I am looking forward to taking some time to enjoy my home in Charleston, S.C. and perhaps engage in helping in both the education arena as well as helping at the state and regional policy levels in the future,” Bible said in an email to Federal News Network.

He has been DHS CISO since January 2021 and worked in government for almost 39 years. Bible, who received a 2023 Presidential Rank Award,  started his career in 1985 at the former Charleston Naval Shipyard, where he rose to be a nuclear qualified engineering supervisor for three engineering branches.

During his time at DHS, Bible launched a pathfinder last summer to begin evaluating existing contractors with cyber hygiene clauses in their contracts and focused on addressing broader supply chain risks through a strategy.

Before coming to DHS, Bible served under the headquarters Marine Corps Deputy Commandant for Information as the assistant director for the information command, control, communications and computers division (IC4). He also served as the Marine Corps’ deputy CIO and CISO. Additionally, he worked at the Space and Naval Warfare Systems Command (SPAWAR) for almost two decades.

Vidrine is retiring on March 31 after 38 years of federal service.

She has been the Air Force chief data officer since 2018 and CDO/CAIO since January 2023 when she returned to the service after a one-year detail serving as the senior strategic advisor for data to the Federal Chief Information Officer in the Office of Management and Budget.

Last March, Vidrine told Federal News Network that her new title reflects the central role data has in getting AI projects off the ground.

Vidrine said AI readiness for the department comes down to establishing a baseline set of data and AI skills for airmen and guardians, as well as making sure they have access to the digital infrastructure and tools needed to advance breakthroughs in AI research.

Vidrine began her government career in 1986 as an enlisted member of the Army where she received her commission in 1987 through the U.S. Army Officer Candidate School Program as an Army transportation officer.

From 2006 to 2012, Vidrine served in various positions of leadership at the Office of the Director of National Intelligence culminating as the chief of staff for the Assistant Director of National Intelligence for Human Capital.

Army PEO-EIS leader moving to new agency

Finally, one federal executive who isn’t leaving federal service, but is on the move to a new role.

Rob Schadey, the acting deputy program executive officer for the Army’s PEO-Enterprise Information Systems (PEO-EIS), is joining the Defense Counterintelligence and Service Agency (DCSA) to be the program manager of the National Background Investigation Services.

Federal News Network has learned Schadey’s last day will be in March and it’s unclear who will take over for him even in an acting role.

Before stepping into the acting deputy PEO-EIS role in January, Schadey served as the assistant program executive officer and as the director of the business mission area, both at PEO-EIS.

As the program manager for NBIS, Schadey will have to continue to modernize the systems that help federal employees obtain security clearances.

OMB recently approved the Personnel Vetting Questionnaire (PVQ) in November, according to the third quarterly update on the “Trusted Workforce 2.0” initiative from the Performance Accountability Council. The questionnaire consolidates the SF-86, “Questionnaire for National Security,” along with several other vetting questionnaires used for federal jobs, including public trust and non-sensitive positions.

DCSA is now working on plans to integrate the PVQ into the new “eApp” web portal for background investigation applications as part of its NBIS.

The post Education, DHS among agencies seeking new IT leaders first appeared on Federal News Network.

Since September, the Office of Management and Budget has been working in policy overdrive. Six draft or final memos came from OMB’s Office of the Federal Chief Information Officer.

On Sept. 23, OMB issued the long-awaited digital services memo to implement the 21^st Century IDEA Act.

About a month later, OMB offered draft updates to the cloud security initiative called Federal Risk Authorization and Management Program (FedRAMP) for the first time since 2011.

A week after that, the draft guidance for implementing the executive order on artificial intelligence detailed a host of new requirements for agencies.

Then there is the annual Federal Information Security Management Act (FISMA) guidance that dropped in early December with a specific focus on operational technology and internet of things devices.

And finally, OMB offered an early Christmas present in the form of the new requirements to ensure agencies are meeting the accessibility standards under Section 508.

Hopefully, the OMB staff took a breadth and some time off after that sprint.

Two months into calendar year 2024, OMB is revving back up to finalize many of these policies.

Federal News Network checked in with Federal CIO Clare Martorana to see what stood out to her in 2023 and what her priorities are for 2024. The following email conversation is edited only for style and clarity.

FNN: 2023 was a busy year for the Office of the Federal CIO. What are some of your office’s efforts that may not have received as much attention or notice, but will have a big impact on federal IT sector in the years to come?

 Martorana: Above all else, our north star is delivering for the American people. We need to ensure that Americans’ experience with government matches the quality and experience of the private sector — and I think we have made great progress on this.

One of the things I’m most proud of is the work we’ve done in partnership with other federal offices — that’s how we can make a big lasting impact on federal IT, which benefits how Americans interact with government. For example, the Executive Order on Improving the Nation’s Cybersecurity was released early in the administration and it called for a transformation of federal cybersecurity, based on universal adoption of strong authentication, encryption and zero trust principles across the government. As a result of the efforts of my office, our partners at the Office of National Cyber Director and the Cybersecurity and Infrastructure Security Agency (CISA), we are seeing significant cultural and technological change across the federal enterprise to strengthen our cybersecurity posture.

We also partnered with CISA on CyberStat, a holistic program which strengthens agency defenses by addressing individual agency challenges, reducing the potential for successful attacks, and bringing risks to the attention of executive leadership when necessary, all while maximizing limited OMB and CISA resources. With over 6,000 attendees across 16 engagements in 2023, we provided agencies with the information and tools necessary to achieve specific security outcomes in a more consistent manner.

My office also works closely with the General Services Administration’s Technology Modernization Fund (TMF) Program Management Office (PMO). The TMF works in complement with the appropriations process, allowing agencies to quickly access capital to tackle the IT modernization needed to keep up with the fast pace of changing technology. In fiscal 2023, the TMF invested more than $177 million in 18 projects that improve how the federal government provides services to the American people, increasing public trust and making it easier to get the services they need.

Over the past year, we worked closely with GSA Technology Transformation Service (TTS) to ensure an integrated approach to tackling our biggest IT challenges. We continue to meet with GSA leadership on a weekly basis and our teams are engaging daily to support the implementation of our policies, such as helping develop and provide agencies access to tools that will help them deliver a digital-first experience to the public.

Lastly, I want to highlight the strong connection my staff has established with our budget colleagues to ensure funding and resources are aligned so that agencies can best secure their infrastructure and be on the road to digital transformation.

FNN: Of the policies/guidance your office did issue in 2023, which ones do you think will have the biggest impact in 2024 and why?

Martorana: Building off the customer experience executive order and the President’s Management Agenda Customer Experience Priority Area, in September, we released digital experience guidance to help agencies move faster to deliver the simple, seamless, and secure experience that the American people deserve. Some 430 federal agencies and sub-agencies provide information and services to more than 400 million individuals, families, businesses, organizations and local governments each year.

Digital is increasingly becoming the primary way that the public interacts with government and accesses the information and services they depend on. In order to provide the best possible customer experience — we must fix the digital experience.

Right now, everyone is talking about artificial intelligence and the power and potential that it yields. Our pending FedRAMP guidance will significantly scale the size and scope of the FedRAMP marketplace.

Another piece of guidance issued in 2023 that is having an immediate, positive impact in 2024 is our Digital Accessibility guidance, which is based on the idea that all Americans should have equal access to government. Sixty-one million adults in the United States have a disability, an estimated 15 million or more people have a temporary disability, and an estimated 40 million people are caregivers who provide support to a person with a disability. There is nothing more heartbreaking than someone being unable to use accessible technology to complete what should be a basic task. That’s why our Digital Accessibility guidance is so important; it helps build and sustain an accessible Federal technology environment that delivers for everyone.

FNN: What are your top 3 priorities for 2024 and why?

Martorana: Strengthening Office of the Federal CIO’s foundation to enable our staff to grow and thrive. They are working on the front lines across the Federal ecosystem to drive progress and positively impact the way services are delivered to the public each and every day. And while there is a lot of external attention on our policies, there is often little discussion on the people behind the policy. As I look at 2024, I’m so excited by our team and what we will be able to achieve together.

Supporting agencies in operationalizing the policies we issued over the past few years. Every agency is at a different place on their journey — our job is to ensure they have the executive support, shared services and tech talent needed to deliver results.

Ensuring continuity so agencies and tech teams across government can continue making progress in modernizing technology. We’ve delivered and we’ve built a strong foundation of tech policies that will span from year to year and across administrations. The American people deserve good government every day. Technology is critical to delivering a government that meets today’s expectations — and we must continue moving forward.

FNN: There is a lot of excitement around artificial intelligence in the public sector, how is your office trying to balance the excitement with all the challenges that come with AI?

Martorana: AI presents tremendous opportunities to improve public services, such as making it easier to access benefits, preventing drug shortages, or fighting wildfires. While we harness AI’s power for good, we also need to protect people from its potential risks. My goal as the Federal CIO is ensure the federal government is a leader in both using AI and managing its risks. That’s why we’re issuing extensive guidance to federal agencies on their use and governance of AI, which will be finalized this spring.

In the meantime, the AI EO directed agencies to name a chief AI official (CAIO), a senior agency representative responsible for driving consistent implementation of AI practices across their agency. I recently convened and [led] the first meeting of the CAIO Council, a new executive council that will coordinate the development and management of AI across agencies. We know that innovation relies on great minds coming together to rethink what is possible. Ensuring that the U.S. is a world leader in AI will require all of us — across government, academia, civil society, and industry — to be successful.

FNN: There is a lot of excitement over the special salary rate for IT/cyber workers, but agencies are struggling to implement and fund it. How is your office, with your partners in OMB, addressing this opportunity to use the SSR to help agencies recruit and retain the best talent?

Martorana: Now more than ever, we need technologists at the table to collaborate with our nation’s leaders and provide expertise on how best to launch products and services that are secure by design, digital by default, and accessible to people of all abilities. There are many entry points to federal government and we are continually trying to reduce barriers.

Late last year, we launched a new page on CIO.gov to serve as a “front door” into government for technologists at all levels. When you navigate to CIO.gov, you will see a banner with a call to action to join us.

If you are thinking about a career in civil service, I encourage you to check it out and consider putting your tech superpowers to work for your families, friends and neighbors.

FNN: What is your message to non-technology federal IT leaders, such as those in the finance or acquisition or mission areas?

 Martorana: Technology today is deeply integrated into nearly every facet of our federal operations and services. It presents both opportunities and threats that we cannot afford to overlook. All leaders — regardless of background — need to make technology a core priority. We can deliver a government that rivals our favorite consumer brands.

What it takes is a C-Suite — leaders beyond CIOs, CISOs, and chief data officers (CDOs) — it will take chief human capital officers (CHCOs), chief acquisition officers (CAOs), CFOs, general counsels and public affairs teams to align their efforts to support an agency’s technology journey map to modernize how they deliver products and services. They’ll reduce administrative burden for their workforce, improve employee engagement and inspire others to join us in the effort.

FNN: What is your message to federal IT vendors?

 Martorana: Read our final guidance to understand the federal government’s requirements and our draft guidance to understand where we are heading.

Know where agencies are on their IT modernization journeys and sell them the appropriate tools, technology and solutions — meet them where they are.

Let’s collaborate: we get the best ideas when we share lessons, challenges, and opportunities for delivering faster.

The post Federal CIO Martorana’s top 3 priorities for 2024 first appeared on Federal News Network.