“Paul Cunningham sees some similarities between his first stint in government service—flying helicopters as a lieutenant commander for the U.S. Navy—and his current role as chief information security officer at the Veterans Affairs Department.”
“Risk management—from the aviation and cybersecurity perspectives—are pretty important,” Cunningham told Nextgov, speaking from his office at VA’s headquarters in Washington, D.C. “You want to drive down risk to as close to zero as you can…”
“If we have one more dollar to spend, do we spend it on training employees on phishing scams or invest it in our firewall?” Cunningham said. In IT security decision-making, Cunningham said you first acknowledge risk and either accept it at face value, attempt to mitigate that risk or add value to the accepted risk. Decisions on whether to implement new technologies like artificial intelligence or internet-of-things medical devices, are weighed against other factors, such as total cost of ownership, security risks and potential returns on investment…” Read the full article here.
Source: How Veterans Affairs CISO Approaches Risk, Recruiting Talent and Proving Cyber’s Business Value – By Frank Konkel, March 5, 2020. Nextgov.
