Gerald Caron Begins New Role as ITA CIO
Former HHS OIG CIO Gerald Caron takes on a new role as ITA CIO.

Gerald Caron, who previously served as CIO for the Office of Inspector General at the Department of Health and Human Services (HHS), stepped into a new position as CIO for the International Trade Administration (ITA) on Feb. 27, Caron told GovCIO Media & Research. The ITA CIO position had been vacant since Rona Bunn left for the private sector in January 2022.
During his tenure as HHS OIG CIO, Caron led multiple high-profile efforts to improve security across his division, including building out a zero trust architecture and improving data and identity management. Caron is an upcoming recipient of the Flywheel Award, presented during the CyberScape: Insider Threats event March 2.
For Caron, the key to security is understanding data so that users can securely complete their mission.
โUnderstanding where our data is, where our data is going. Because if thatโs what weโre trying to protect, weโve got to understand what normal looks like. That will allow us to later do micro-segmentation,โ Caron said during GovCIO Media & Researchโs Zero Trust event last year. โAt the end of the day, weโre protecting data. โฆ Data to the right people at the right time.โ
Caron has also expressed the importance of authentication. He explained different methods of identity proofing lead to varying levels of risk.
โWhen I come up with my confidence score, how much I trust that common access card (CAC) or personal identity verification (PIV) card is going to probably have a lower risk than your username, password or some other methods of authentication,โ Caron said at an August 2022 ATARC summit. โThat will depend on what Iโm going to allow you to do โฆ once you get to that authoritative identity, you can start to look at automation of the provisioning and deprovisioning.โ
Zero trust has changed the role of the network to the โtransporter,โ moving identities from point A to point B, but there should be continuous authentication throughout that process, Caron added. Moving forward, he noted that organizations can no longer rely on an IT network as the โenforcerโ of security.
โThis is an architecture now, itโs not the silos. We have to get away from the siloed things. Everybody and everything have to be integrated,โ Caron said. โTake in all these factors and understand all this information, then bring it into this engine to create a confidence score in a dynamic fashion. Itโs going to move because things change. โฆ We have to bring all this telemetry in, so itโs important to do a lot of integration throughout this journey.โ
In his new role, Caron faces an agency mission to improve information and communications technologies exports by strengthening the global competitiveness through industry analysis, trade policy development, trade promotion and addressing trade barriers.
ITAโs Office of the Chief Information Officer is responsible for IT management of the agencyโs investments, systems, services and products. The CIO oversees policy, guidance and standard operating procedures required to manage this portfolio.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
VA Acting CIO Focuses Tech Strategy on 'Cyber Dominance'
VA OIT is restructuring its workforce, revamping risk management and modernizing tech acquisition to deliver secure, efficient services.
4m read -
GAOโs Advice for Bolstering Federal Cybersecurity
Federal agencies face persistent challenges in implementing cybersecurity best practices, but shifting culture, refining hiring practices and enforcing stronger requirements can drive long-term resilience.
10m listen -
Modernizing IT Systems for AI Adoption
USPS, NIH and Lumen discuss how modernization, data strategies and security are shaping AIโs future role in government.
32m watch -
Modernizing Critical Infrastructure in the Face of Global Threats
Officials are expanding the latest strategies in boosting defense infrastructure, including securing satellite communications, upgrading enterprise-wide technology, optimizing data management.
28m watch