VA CIO: Zero Trust at the Core of Agency’s Vision, Security-Focused Workforce
CIO Kurt DelBene stresses the importance of building the agency’s vision and workforce upon the fundamental aspects of zero trust.
The Department of Veterans Affairs is taking its cybersecurity posture to the next level by enhancing its mission-first vision and building a dynamic workforce.
This mission-first mindset has been a prominent guiding force for the agency’s modernization efforts that include initiatives like electronic health record modernization, PACT Act-related benefits and payout expansions, and bridging the digital divide. Now faced with critical directives around cybersecurity, VA Assistant Secretary for Information and Technology and CIO Kurt DelBene is honing in on integrating zero trust.
“I’m a very big proponent of Zero Trust. I was at Microsoft when I got my hands around doing this internal transformation, and I said what’s the theme I should be talking about with what our investments around security are?” DelBene said during GovCIO Media & Research’s CyberScape: Zero Trust event. DelBene said that’s zero trust, “not because it’s a set of products, but because it’s a framework for thinking about security.”
DelBene said key to VA’s zero trust journey will be its increased focused on integrating its principles within the workforce.
“We reworked the team and set a vision of being vision oriented, having great execution operational rigor, security rigor and focusing around a delightful end-user experience,” DelBene said. “Then finally people excellence and making sure we have a great workforce and that they are paid appropriately, it’s really about anchoring on those fundamental pieces.”
DelBene acknowledged zero trust as a powerful framework for security. If it’s implemented well in an organization, he said, people should know the key aspects inside and out. He believes security should be a part of an employee’s passion and how they think about everything that they do at an agency.
“First thing we should do is get a workforce that fundamentally believes security is the most important thing,” DelBene said. “The people driving your system need to have a sense of what zero trust means to them. Designers and developers have to have that inherent thought that security is at the core of what they do.”
Like the rest of the industry and government more broadly, pay has been a longstanding concern for recruiting and retaining technical talent. This is something DelBene also feels is important for the VA workforce.
“The pay that we have relative to the people in industry is a big difference. We have spent time quantifying that difference and working with [the Office of Personnel Management] to create salary grades that are actually closer to reality,” DelBene said.
DelBene is working to address other challenges within specifically the veteran workforce around hiring authorities. Many people who come off active duty pursue cybersecurity as a personal passion, for example.
“In many cases we find a great person, but we don’t have direct hiring authority, so they get put into a pool of people and we have to interview multiple people even when we know certain candidates are qualified and we want to bring them on directly,” DelBene said.
Over the next year, VA is working on an internal roadmap for implementing zero trust also using a zero trust scorecard.
“Another great thing about zero trust is you can create a scorecard of measures that kind of define how close you’re getting toward what you think your nirvana looks like,” DelBene said. “We also need people to be inherently thinking first from a perspective of vision and how the roadmap connects to a vision that’s in terms of the outcome for vets, their families and caregivers.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Looking Back at the First Trump Administration's Tech Priorities
In his first term, Donald Trump supported cybersecurity, space policy and artificial intelligence development.
4m read -
Securing the Expanding Attack Surface in Cyberspace
Agencies undergoing digital transformation face a more intricate threat landscape and a wider threat target for adversaries looking to exploit vulnerabilities. This panel dives into strategies agencies are undertaking to safeguard these complex environments, including zero-trust architecture, vigilant monitoring and robust cybersecurity training.
30m watch -
Labor CAIO Outlines Responsible and Ethical AI Priorities, Use Cases
Department of Labor Chief AI Officer Mangala Kuppa outlined how her role is shaping the agency’s artificial intelligence strategy.
20m watch -
Elevating Cybersecurity in the Intelligence Community
The Intelligence Community is developing strategies to protect data and strengthen resiliency against emerging cyber threats.
30m watch