NASA appoints new information security chief

Former USDA IT official Valarie Burks is named space agency's new deputy CIO for IT security

NASA this week appointed Valarie Burks as its deputy CIO for Information Technology Security.

Burks replaces Jerry Davis, who left NASA last July to take over as the security chief at the Department of Veterans Affairs. NASA describes Burks as experienced in IT infrastructure development and management.

Burks was previously the associate CIO for cyber and privacy policy and oversight at the U.S. Department of Agriculture and was responsible for managing the department's governance, risk, crisis management and compliance functions. Burks is credited with developing and implementing a center of excellence for information security at the USDA.

Burks previously handled IT management functions at the White House Office of Management and Budget, Department of Commerce and the Government Accountability Office.

Burks' appointment to her new role is likely to be closely watched by security analysts.

Davis is credited with creating at NASA an operations-oriented information security, rather than one that focuses purely on maintaining compliance with the Federal Information Security Act (FISMA) standard.

Alan Paller, director of research at the SANS Institute, an organization that provides security training and certification services for many government organizations, said that NASA CIO Linda Cureton's is looking to Burks to continue that strategy.

"Cureton is just the second (federal CIO) to move an operations person who is also a good leader, into the top role," in information security, Paller said. The only other federal CIO to adopt such an approach is Roger Baker at the VA, he added.

"[Some] federal CIOs have awakened to the fact that their CISOs are compliance rather than operations people," Paller said. "They were getting reports instead of secure systems."

Some federal CISOs have proved somewhat inept at managing and improving security because of their focus on compliance management, he said. "All they [can] do is wave FISMA around and say 'you have to do this or that,'" Paller said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is

Copyright © 2011 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon