Cybersecurity , Data Breach , Risk Assessments
David DeVries Seen as a 'Go-to Person for Getting Things Done' David DeVriesThe U.S. Office of Personnel Management - besmirched by a 2015 breach that exposed the personal information of 21.5 million individuals - turns to the military for its new chief information officer.
See Also: From Authentication to Advanced Attack Vectors: Top Trends in Cybercrime in Q1 2016
OPM announced Tuesday that the principal deputy CIO of the defense department, David DeVries, will be its CIO. The post has been vacant since Donna Seymour announced her retirement in February, following extensive criticism of her role in handling the breach (see Beleaguered OPM CIO Departs).
In recent months, DeVries has worked with OPM as it stands up the National Background Investigations Bureau, which will provide background checks on individuals seeking security clearances. Although housed at OPM, the bureau's design, development, security and operation of the background investigation IT system fall under the Department of Defense.
"David has decades worth of the technical and management experience necessary to hit the ground running as we continue our technology transformation efforts, and work with our partners at DoD," OPM Acting Director Beth Cobert says in announcing DeVries appointment.
U.S. Cyber Challenge National Director Karen Evans, a former federal CIO who has worked with DeVries, says DeVries understands the importance of people and how OPM is focused on the federal workforce. "His experience at DoD and the connections he has and what OPM is doing in partnership with DoD as relates to security clearances will be key to success of the clearance process in the future."
Replacing CIO Who Left Under Fire
Silent on the naming of DeVries to the top business-technology job at OPM is Rep. Jason Chaffetz, the Utah Republican who as chairman of the House Oversight and Government Reform Committee ran a series of hearings on the OPM breach. Through a spokeswoman, Chaffetz declined to comment on DeVries appointment.
Chaffetz was highly critical of Seymour and her boss, then OPM Director Katherine Archuleta, saying at a July 2015 hearing that they demonstrated "negligence" and "put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries. Such incompetence is inexcusable." (see Members of Congress Intensify Criticism of Agency.)
When Seymour left OPM in February, Chaffetz characterized her departure as "good news and an important turning point for OPM. ... On her watch, whether through negligence or incompetence, millions of Americans lost their privacy and personal data. The national security implications of this entirely foreseeable breach are far-reaching and long-lasting. OPM now needs a qualified CIO at the helm to right the ship and restore confidence in the agency."
Although Chaffetz wouldn't comment on DeVries appointment as OPM CIO, others who have worked with him have showered him with praise.
"While outwardly focused on enterprise management, David has strong operational and strategic expertise in information security and information assurance," says Henry Sienkiewicz, who worked with DeVries when he served as the CIO at the Defense Information Systems Agency. "He knows what needs to happen and how to make it happen. I feel much more confident in the future of OPM, in regards to information security, customer service and technology vision with David at its CIO"
'Broadly Skilled'
IT consultant Roger Baker, who as former Department of Veterans Affairs assistant secretary and CIO worked with DeVries on a DoD-VA initiative to improve electronic health record exchanges between the two agencies, characterizes the new OPM CIO as "a go-to person for getting things done in DoD."
"Information security is a critical part of what OPM faces, but they face many other challenges as well," Baker says. "This is why Dave is such a good choice. His DoD background has had a lot of infosec involvement, but he is broadly skilled to address the range of issues OPM faces, including delivering on new systems and capabilities."
DeVries, Baker says, is "very solid and disciplined" and will expect employees and contractors to effectively implement the security plans laid out and hold people accountable.
Champions Cloud Adoption
As DoD's principal deputy CIO, DeVries assisted Defense CIO Terry Halvorsen as the principal adviser to the defense secretary on information management and information assurance matters. He has served as principal deputy CIO since May 2014, first on an acting basis, then permanently beginning in March 2015. DeVries joined the DoD CIO staff in May 2009 as deputy CIO for information enterprise. DeVries has played a key role in moving DoD toward adopting the Joint Information Enterprise that's based on a single and secure DoD-wide IT architecture. At DoD, DeVries championed expanding cloud computing adoption and improving mobile communications capabilities.
A West Point graduate, DeVries earned a master of science in electrical engineering degree from the University of Washington in Seattle. He also graduated from the Army Senior Service College and served as a corporate fellow with IBM business consulting services as part of the Secretary of Defense Corporate Fellowship Program.