President Biden has announced his intent to nominate John Sherman as chief information officer (CIO) at the Department of Defense. Sherman has served as acting CIO at DoD since January.
Sherman brings nearly 25 years of experience working in national security technology and innovation across the DoD and Intelligence Community, where he also served as CIO.
DoD said it will put the nominee on the shelf temporarily while the Senate acts on the nomination.
“During the confirmation process, Mr. Sherman will step down from his position as the acting DoD CIO,” a DoD spokesperson confirmed to MeriTalk. “Dr. Kelly Fletcher will be performing the duties of DoD CIO during the confirmation process.”
Sherman has been a highly vocal supporter of moving DoD toward zero trust adoption and improving agency cybersecurity amid the agency’s success in facilitating telework during the pandemic.
“I really want to use this opportunity to move toward zero trust” security concepts – which rely more heavily on constant testing of user authentications and privileges – Sherman said at MeriTalk’s “IT Modernization: 5 Keys to Success in 2021” webinar in March.
“It’s talked about a lot, but we are serious,” he said, adding that his office was working with the Defense Information Systems Agency (DISA), the National Security Agency (NSA), and the U.S. Cyber Command on the particulars. “We have the pieces to make this work [including] robust endpoint, middlepoint, [and] comply-to-connect.”
Sherman has since followed through on that zero trust promise, as the DoD released its own Zero Trust Reference Architecture in May, developed by none other than Sherman, DISA, NSA, and the U.S. Cyber Command.
“This is going to take a whole team effort to make this work,” Sherman said, while pledging, “we are going to be a leader for Federal colleagues” in showing the way to zero trust implementation.