SBA CIO Bluestein takes leave of absence

Paul Cunningham, the chief information security officer at the Department of Veterans Affairs, is retiring at the end of February.

Three more big losses in the federal technology executive ranks.

Federal News Network has confirmed Keith Bluestein, the chief information officer at the Small Business Administration, has taken a leave of absence from his position starting today.

Additionally, Paul Cunningham, the chief information security officer at the Department of Veterans Affairs, is retiring at the end of February, Federal News Network also has learned.

And finally, Rona Bunn, the CIO at the International Trade Administration in the Commerce Department, left on Jan. 28 to be the CIO at the National Association of Corporate Directors.

Bluestein’s departure is most unexpected. He returned to SBA in June 2020 after being away for four years to work at NASA. Bluestein inherited a technology infrastructure and organization that had gone through a major transformation that seemed to pay off during the initial year of the pandemic.

Keith Bluestein has taken a leave of absence as the CIO at the Small Business Administration.

SBA didn’t immediately respond to a request for comment.

An email to Bluestein’s SBA account kicked back an out of office reply confirming he has taken time off from SBA, “I will be out of the office starting January 31, 2022. If you need immediate assistance during my absence, please contact Luis Campudoni (SBA Acting CIO) at Otherwise, I will respond to your emails as soon as possible upon my return.”

A message to Bluestein on LinkedIn seeking comment also wasn’t immediately returned.

While Bluestein is away, Campudoni takes over the top technology position. He joined SBA in January 2021, coming over from the Department of Homeland Security where he spent 12 years working in different technology positions.

During his tenure, Bluestein continued the modernization effort, relying on money saved and placed in the working capital fund. He told the House Oversight and Reform Subcommittee on Government Operations last July about how SBA is using the funds banked in the WCF. He said his focus is on modernizing SBA’s infrastructure, unifying and enhancing its customer experience tools internally and externally, updating its support technology for small business certification programs; and improving the systems that manage entrepreneurial development and learning.

It’s unclear when or if Bluestein will return to the SBA.

VA CISO retiring

As for Cunningham, VA is losing a CISO and assistant secretary who has been with the agency for more than three years.

Cunningham came to VA from the Energy Department in 2019. He began his federal career in 1984 when he joined the Navy and rose to Lt. Commander and retired after 22 years of service.

As CISO, Cunningham faced the tough job of modernizing VA’s cybersecurity efforts. The most recent Federal Information Security Management Act report found that VA continues to struggle, receiving a score of 2.4 out of 5 on the maturity scale from the inspector general and meeting only 70% of the Office of Management and Budget’s cross-agency priority goals. The Government Accountability Office gave VA a “D” grade on the most recent Federal IT Acquisition Reform Act (FITARA) scorecard for its FISMA efforts.

Despite this score, VA’s IG said the agency is making progress. In its fiscal 2020 FISMA report, as the 2021 report isn’t released yet, VA improved its security documentation, matured its predictive scanning process, enhanced boundary protections and further improved its use of its centralized audit log collection and analysis tool.

Cunningham helped further VA’s efforts by supporting the move to DevSecOps where cybersecurity is part of the foundational capabilities.

He also helped lead the move toward implementing a risk management framework to improve the decision making around systems and data.

Most recently, VA’s network faced a test with the SolarWinds hack and came away unscathed.

VA launched a new cyber strategy in October, the first update since 2016, which focuses on five goals that “takes into consideration existing and new federal cybersecurity requirements, technological advancements, innovations and world events that have evolved the way VA delivers services. It also factors in new and innovative ways to protect against today’s most sophisticated cybersecurity threats.”

VA didn’t say who would be the acting CISO until a permanent one is named. The Senate only confirmed Kurt DelBene in late December to be the new permanent CIO.

Over at the International Trade Administration (ITA), Bunn leaves after more than three years, including the last two as acting CIO and then permanent CIO. She worked in the federal government since 2015 when she joined the Justice Department after 20-plus years in the private sector.

Rona Bunn left after spending the last two-plus years as the CIO of the International Trade Administration at the Commerce Department.

In her new role, Bunn responsible for leading the National Association of Corporate Directors’ (NACD) digital transformation strategy, including the acquisition, evaluation and implementation of IT investments and the management of organizational risk.

As ITA’s CIO, Bunn had a head start with IT modernization. Former ITA CIO Joe Paiva moved most of the agency’s infrastructure to the cloud so Bunn focused on the next steps of digital transformation.

“We are heavy into solutions development. We manage over 50 applications that supports over 300 products and services so we are rolling out new DevOps tools that will ensure we have integrated and seamless processes,” Bunn said in November 2020. “We also are working to get to a mature implementation of Technology Business Management (TBM) so that we can gain new insights of cost and value of new services, which is critical for us to ensure we are making the right investments.”

May Cheng is ITA’s deputy CIO, but has not yet been named interim CIO.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories