New CISOs come on board at VA, Transportation

The federal cybersecurity community is seeing an unusual amount of change.

In the last five weeks, no fewer than six chief information security officers or deputy CISOs took on new positions across the government.

The movement among cyber executives may not be surprising given new data ISC² that says there are more than 2.72 million open cyber jobs worldwide with opening reaching 3.5 million by 2025. Additionally, from the Enterprise Strategy Group that 60% of respondents in recent study says it takes two-to-five years to become proficient in cybersecurity and 17% says it takes more than five years.

At a micro level, agencies and contractors are using, in some cases pay — think financial services agencies — and in most cases, mission appeal as the way to attract experts from other organization.

Basically, as we’ve heard over the last decade, the competition for cyber talent is hot and these executives moving to new positions or taking on new duties is expected given the seemingly never-ending desire for these skillsets.

Let’s start with Jay Riberio who joined the Department of Transportation as its new CISO and associate chief information officer on Aug. 28.

He comes to DOT from the Justice Department’s Bureau of Alcohol, Tobacco, Firearms and Explosives as the CISO. He was with ATF since 2018. Prior to that, Ribeiro worked at the Federal Election Commission and the State Department in senior IT roles.

Riberio takes over for Andrew Orndorff, who had been DOT’s CISO and associate CIO for strategic portfolio management for the last two years.

In coming to DOT, Riberio inherits a $345 million cybersecurity budget in fiscal 2022, up from $334 million last year. DOT requested $391 million for 2023.

More specifically, Riberio is on tap to receive as much as $48 million, up from $39 million in 2022, in direct cyber funding from Congress. In the House version of the 2023 spending bill, lawmakers wrote the money would be for “essential program enhancements, infrastructure improvements and contractual resources to enhance the security of the department’s computer network and to reduce the risk of security breaches.”

VA promotes Sherrill, Roy

Another CFO Act agency turned to a familiar face to be its new CISO.

The Department of Veterans Affairs named Lynette Sherrill as its new deputy assistant secretary for information security and CISO also on Aug. 28.

In an email to staff, Assistant Secretary for OI&T and CIO Kurt DelBene said Sherrill, who had been acting CISO for seven months, will lead cybersecurity programs and risk management activities.

“In her seven months as acting CISO, Ms. Sherrill has already led high-profile efforts, including the development of VA’s new zero trust first cybersecurity strategy — the heart of OIT’s approach to security excellence. Additionally, she is driving efforts to implement continuous evaluation of systems and metrics, allowing OIT to respond to cyber threats in real time,” he wrote. “As she begins her role as the permanent CISO, I’m confident she will continue to lead with vision and passion in service of our nation’s veterans.”

Sherrill has been with VA since 2004 starting out in IT security after working in industry and for the Army earlier in her career. Before she became acting CISO after Paul Cunningham retired in February, Sherrill was executive director of the enterprise command operations where she oversaw tools and capabilities to understand the dependencies across VA’s large network and monitor the IT infrastructure to address problems before they impact the network.

As the CISO, Sherrill inherits a cyber budget of $450 million in 2022. VA requested a $137 million increase in 2023.

Joining Sherrill is Faith Roy as her new deputy CISO and executive director for cybersecurity integrations, logistics and planning in the Office of Information Security.

DelBene said Roy is responsible for implementing cybersecurity programs, policies and strategies. She had been acting deputy CISO since Sherrill moved up in February.

“Ms. Roy brings a wealth of public and private sector expertise in information technology, human capital and financial management. She is also a U.S. Army Veteran,” DelBene wrote.

Similar to Sherrill, a few others ascended to new positions in their agencies.

Treasury, CBP hire new executives

The Treasury Department named Christopher Adams its new CISO for departmental offices in headquarters in August as well. Sarah Nur remains the Treasury CISO.

He has spent much of his career in working for the Air Force and is currently an Air Force reservist with the 7th Space Operations Squadron where he is assistant director of operations.

Treasury has a $829 million cyber budget in 2022 and a significant increase to $970 million budget if Congress funds the 2023 request. Adams doesn’t control the entire budget, but some of the funding will go to securing departmental offices systems and data.

More specifically, House lawmakers approved $135 million for Treasury’s cybersecurity enhancement account, which is $55 million more than it received in 2022, but $80 million less than it requested.

Lawmakers said in its report on the bill that CEA is “a dedicated account designed to identify and support departmentwide investments for critical IT improvements, including the systems identified as high value assets.”

Once the spending bill becomes law, Treasury will have 60 days to submit a quarterly spend plan to Congress detailing how they will obligate funds, any carryover funding from previous years and how that money will be spent.

After serving for two years as the deputy CISO, Scott Davis took over as the top cyber executive at the Customs and Border Protection directorate in the Department of Homeland Security.

He joined CBP in 2020 after spending two years as the Labor Department’s  deputy CISO. He joined the government in 2010 coming from industry to work on cyber issues for the old National Protection and Programs Directorate at DHS. NPPD is now they Cybersecurity and Infrastructure Security Agency.

Finally, the Defense Department brought in a familiar face to take over some key cyber activities.

Ray Letteer started in a new position as the principal deputy director for risk assessment and operational integration at DoD CISO on Aug. 15.

“It has been an honor and privilege to serve in my prior roles in the Marine Corps, and I will carry with me those lessons and examples learned over the past 19 years into my new position. Semper Fi!!” he wrote on LinkedIn.

Letteer spent the previous 19 year with the Marine Corps where he was compliance branch deputy chief for cybersecurity and its authorizing official for the last two-plus years. He also served as the Marines CISO and chief of the cybersecurity division for 16 years.

SSA’s new cyber, technology leaders

One last new person in the cybersecurity community is Tim Amerson, who became the deputy CIO and deputy CISO at the Social Security Administration on Aug. 12.

He joins SSA from VA, where he was the director of infrastructure operations cybersecurity management for the last four years. Amerson worked at VA for nine years and spent 32 years serving in the Army National Guard before retiring in 2018.

And finally, one non-cyber related move that is valuable.

Sudhanshu ‘Sid’ Sinha is the new chief technology officer (CTO) at SSA, filling a position that has been vacant for some time.

Sinha comes to SSA after spending the last eight years with the IRS, where he was director of enterprise architecture. In that role over the last 11 months, he helped lead the architecture strategy and modernization planning and execution for the American Rescue Plan Act (ARPA).

“[I] had a great start the first week, meeting with the solid leadership team at SSA. I am looking forward to continuing my public service, improving outcomes and experience for the American public that rely on the SSA,” Sinha wrote on LinkedIn. “[I] wish to also convey thanks to my IRS colleagues and collaborators, for an amazing run over the last nine years.”

He previously worked as the deputy CIO for the U.S. Mint and worked in assorted IT roles in industry.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.