Paul Cunningham sees some similarities between his first stint in government service—flying helicopters as a lieutenant commander for the U.S. Navy—and his current role as chief information security officer at the Veterans Affairs Department.
“Risk management—from the aviation and cybersecurity perspectives—are pretty important,” Cunningham told Nextgov, speaking from his office at VA’s headquarters in Washington, D.C. “You want to drive down risk to as close to zero as you can.”
At an enterprise as large as VA, eliminating risk entirely is impossible because it’s simply too big. VA currently employs some 404,000 people across 170 hospitals, 1,200 clinics and 130 across more than 25,000 acres of property. VA manages the largest medical network in the country—providing care to approximately 10 million veterans annually—and each year processes about $120 billion in financial transactions. VA’s Office of Information Technology alone is comprised of several thousand federal IT professionals, managing programs and overseeing networks across the country.
“If we were a private-sector company, we’d be in the Fortune 10 or Fortune 5, on par with companies…
