CISO , Cybersecurity , Governance

Obama Taps VMware IT Executive as Federal CIO

Tony Scott's Past Jobs Included CIO at Microsoft, Walt Disney
Obama Taps VMware IT Executive as Federal CIO
New Federal CIO Tony Scott (VMware photo)

President Obama has tapped veteran CIO Tony Scott as the new federal chief information officer, the top government IT official whose responsibilities include overseeing agencies' compliance with FISMA, the law that governs federal government IT security.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

Scott, formerly CIO at Microsoft and The Walt Disney Company, had been serving since 2013 as CIO at VMware, a provider of cloud and virtualization software and services. He also previously served as chief technology officer of information systems and services at General Motors.

"Tony promoted out of the box thinking and ability to solve problems in a nonconventional manner," Kalyani Velagapudi, a former Microsoft colleague of Scott who now operates an IT consultancy, wrote in a LinkedIn recommendation. "He promoted 'outside in' thinking and clear focus on value driven portfolio management and execution. He is a great leader that brought IT closer to the business and established true foundations for outcome oriented IT."

Steven VanRoekel describes the role of the federal CIO.

Scott's appointment, announced Feb. 5, does not require Senate confirmation. He replaces Steven VanRoekel, another Microsoft veteran who left the White House job in September to become the chief innovation officer at the United States Agency for International Development, working with the agency's Ebola response team. He had served as federal CIO since 2013 (see Federal CIO's Exit: Impact on IT Security). VanRoekel's deputy Lisa Schlosser had been serving as acting CIO.

The 'E-Administrator'

The federal CIO, statutorily the administrator of e-government and information technology in the White House Office of Management and Budget, is the top government official whose sole responsibility is to oversee federal IT and IT security.

"Tony is the right person to drive the administration's Smarter IT Delivery agenda and the core objectives across the federal IT portfolio: driving value in federal IT investments, delivering world-class digital services and protecting federal IT assets and information," OMB Director Shaun Donovan and Deputy Director Beth Cobert said in a blog post .

But beginning with VanRoekel's predecessor, Vivek Kundra, and during VanRoekel's tenure, some key responsibilities of overseeing the implementation of federal government IT security programs shifted to the Department of Homeland Security's National Protection and Programs Directorate, with its deputy undersecretary for cybersecurity - now Phyllis Schneck - shouldering many of the executive branches' cybersecurity responsibilities. Still, the law enacted late last year reforming the Federal Information Security Management Act that codified DHS's role in implementing IT security among federal civilian agencies retains OMB's authority over government cybersecurity (see Obama Signs 5 Cybersecurity Bills).

When Obama named Kundra as administrator of e-government and information technology in 2009, he added the title chief information officer. The e-administrator, as the job was once known, was created during the administration of George W. Bush, and was previously held by Mark Forman and Karen Evans.

Government Struggles

Sen. Tom Carper, the Delaware Democrat who's the ranking member of the Senate panel with government IT oversight - the Homeland Security and Governmental Affairs Committee - says Scott's appointment comes at a critical time as the federal government struggles to efficiently manage its $80 billion IT budget. "Mr. Scott's decades of private sector experience will be a critically important asset to the Office of Management and Budget and should help him as he oversees the federal government's IT initiatives," Carper says.

Among those initiatives: consolidating data centers, reviewing annually agencies' IT portfolios aimed to eliminate duplication and waste and improving information risk management by making agencies' IT investments more transparent.

Scott received a bachelor of arts degree from the University of San Francisco and a law degree from Santa Clara University.


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network