Like many federal agencies the Department of Veterans Affairs (VA) has struggled with cybersecurity and experienced its fair share of high-profile breaches. From failing 18 audits in a row, to facing more than 1 billion malware attacks in one month, to relying on a legacy database that has been “…repeatedly compromised since 2010,” CIO LaVerne Council has made certain to prioritize cybersecurity.
While Council has made an immediate impact on the VA’s cybersecurity posture, she has also acknowledged that hiring a CISO – who would be in the job for more than a few months – is the key to the agency’s cyber health. In a great step toward righting its course, the VA has hired Roopangi Kadakia as its new Chief Information Security Officer (CISO).
We checked in with one of our cyber experts, Tanium’s Federal Director, James Yeager, to gain some insight into what he sees as the attributes and experiences that make Kadakia the ideal CISO for the VA and poised for success. Here are his top 4 reasons:
- Kadakia Understands How Key IT Trends Affect Cybersecurity
In her previous role at NASA Kadakia built a reputation as an innovator when it came to cloud implementation. During her five-year tenure at NASA, she managed the movement of 160 of its systems into the cloud. These, along with all of the NASA website’s information, were stored in private, public and hybrid clouds. Kadakia said her success stemmed from the agency’s ability to adapt and embrace the cloud. While the cloud is often perceived as a security risk, a well-designed cloud infrastructure – with a mixture of public and private environments clouds, such as NASA has deployed — can actually reduce risk, improve agility, and increase efficiency not only for work product, but also for cybersecurity posture. This experience will fare well for the VA, whose CIO has voiced her intent to align with the White House’s Cloud First mandate.
- She’s Fiscally Savvy
The VA plans to more than double its budget for information security in 2017, and does not intend to have any of the funds go to waste. Kadakia’s time with NASA not only gave her experience in cybersecurity and management, but also with efficient use of resources. Moving systems to the cloud is expensive, but Kadakia more than made up for this expense almost immediately. After the completion of the migration, NASA’s operations and management costs plummeted by 40 percent and freed the agency up financially from O&M constraints.
- There’s No One with More Relevant CISO Experience
Kadakia has served as a CISO for almost a decade and has held the position at both private sector and public sector organizations. This includes being CISO at IFC, a private financial services company that works with the World Bank and the Department of Homeland Security (DHS). This mixture of private and public sector experience provides her with a relevant and diversified background in cybersecurity within complex organizations. Her proven ability to secure crucial and highly sensitive information could mean exciting things for the future of the VA.
- Kadakia’s Not Your Typical CISO
The career path for a typical CISO is fairly linear, but that is not the case for Kadakia. In fact, she worked as a therapist before getting her first job in IT with the Peace Corps in 1996. She holds a degree in social work and in Psychology and believes that her unorthodox path to cyber management has worked to her benefit. Kadakia says that her history with behavior studies helped her strike a balance between allowing for IT staff autonomy and the need to standardize service delivery and staff response.
The Department of Veterans Affairs has certainly experienced a great deal of change in the last two years. Now, though, with this critical information and cybersecurity role filled, the VA is well on the way to eliminating one of the biggest challenges the agency has faced in recent years.