The Department of Veterans Affairs has named Lynette Sherrill as permanent deputy assistant secretary for information security and chief information security officer, FedScoop can reveal.
Her appointment concludes a months-long process to appoint a new cybersecurity leader at the agency following the departure of Paul Cunningham in February.
Sherrill has carried out the responsibilities of CISO at the agency on an acting basis since the departure of Cunningham. Previously, she was the executive director of enterprise command operations at the VA, in which role she oversaw the enterprise service desk, enterprise command center and major incident problem management teams.
In an internal email announcing her appointment on Monday morning, which was obtained by FedScoop, VA Chief Information Officer Kurt DelBene said: “I am proud to announce that effective August 28, Ms Lynette Sherrill will be the Deputy Assistant Secretary for Information Security and Chief Information Security Officer (CISO) of the U.S. Department of Veterans Affairs (VA). As CISO, Ms. Sherrill will lead cybersecurity programs and risk management activities to protect Veterans and ensure secure and reliable operation of VA information systems.”
He added: “In her seven months as Acting CISO, Ms. Sherrill has already led high-profile efforts, including the development of VA’s new Zero Trust First Cybersecurity Strategy – the heart of OIT’s approach to security excellence. Additionally, she is driving efforts to implement continuous evaluation of systems and metrics, allowing OIT to respond to cyber threats in real time.”
Among the challenges facing the incoming CISO at the VA will be responding to concerns about the pace at which the department addresses cybersecurity concerns. At a House committee hearing in June, the VA’s OIG highlighted that the VA’s fiscal year 2021 Federal Information Security Modernization Act (FISMA) audit showed “limited progress.”
Giving evidence to House lawmakers in the same hearing, VA CIO Kurt DelBene said his agency was working as quickly as possible to appoint a permanent CISO.