This Trump Administration has seen a great deal of turnover in career senior executives. The Veteran Affairs Department has definitely seen its share. For this month’s show, Cyber Chat’s host Sean Kelley sat down with a reflective Scott Blackburn. Blackburn served in many capacities while at the VA, including executive in charge of Secretary Robert McDonald’s MyVA Initiative, acting deputy secretary of VA and acting CIO.
Blackburn graduated from both MIT and Harvard and is an Army Veteran and a partner at McKinsey. He comes from a family of veterans and he is a disabled veteran, himself. He says he chose to work at VA because he “was called to serve.”
Blackburn’s leadership ushered in a great deal of progress in Information Security. He credits the leadership of the Dom Cussatt, VA’s chief information security officer (CISO) and the Enterprise Cyber Security Plan as some key pieces of the success.
Blackburn said VA’s cyber program is robust. “The past year, they handled 220 million intrusion attempts, 50 million blocked or contained cases of malware, and 366 million suspicious emails that have come into the system to name a few.” He said sustainment is the key to having the Agencies Material Weakness removed.
Blackburn said it’s difficult to attract the highest quality CIOs and CISOs because the federal government won’t offer the highest salaries. But it will never happen without an overall federal strategy to attract but also maintain IT leaders.
“[Leadership drain] happens in the private sector, but I have never seen it like this … it is a reality of government,” Blackburn said. “Any leader coming in can’t sit back for six months. You have to get up to speed very quickly. You have to trust the career employees. Where do you want to make change that really matters?”
Blackburn said he is “most proud of always putting the veterans first. VA is now more veteran-centric than it was four years ago. It is more principle based rather than rule based.”
Blackburn’s message for the folks who still work at the VA: “Keep pushing.”
- Leadership is needed for any sustained change.
- Empower the team, stay out of the way, support the team.
- The Enterprise Cyber Security Program has five parts:
- Protects Veteran Information and Data
- Protect VA Information and Infrastructure
- Ensure VA Cyber Ecosystem is resilient to existing and emerging threats
- Ensure a secure operation environment that supports effective operations
- Ensure VA recruits, develops and retains a talented cybersecurity and privacy workforce
- VA’s investment in front line employees made a huge difference.
- Ensure they are aware of handling sensitive data.
- Ensure they are aware of spoofing and phishing attacks.