The Department of Health and Human Services has a new CISO — a Nebraska Navy vet who has worked in IT inside and outside government.
Christopher Wlaschin retired after 28 years in the Navy in 2008 as a lieutenant commander and has held a variety of civilian jobs since, including several stints at major health care companies in his home state. He came to HHS from the Nebraska-based, for-profit National Research Corporation, where he was senior director for information security and infrastructure for NRC Health.
The HHS position is a career civil service appointment. Wlaschin, who started work Jan 9, got in under the wire of the new administration’s hiring freeze — which affects all current vacancies and any new hires with a start date after Feb. 22 — but said his office has 30 open cybersecurity positions that might be frozen.
“We hope fill these critical vacancies under the guidance” interpreting the freeze that will be issued shortly, Wlaschin told CyberScoop.
The hiring freeze includes exceptions for vital national security and public safety positions, but until the guidance is issued, it’s not clear what that means or who has the authority to invoke it.
Wlaschin’s last stint with a federal agency was for the troubled Department of Veterans’ Affairs, where he was associate deputy assistant secretary for security operations for one year beginning in August 2012. He joined VA from Military Sealift Command, where he was the civilian CIO 2010-12. Prior to that, he was the assistant director for unified communications at the Missile Defense Agency.
“As a member of the U.S. government’s Senior Executive Service … Wlaschin will lead the cybersecurity program across HHS, with a goal to foster an enterprise-wide secure and trusted environment in support of HHS’ commitment to better health and well-being of the American people,” the department said in a statement.
Wlaschin himself said his top priorities for the first year would be:
- To complete the rollout of the DHS-managed Continuous Diagnostics and Monitoring, or CDM, program across the department.
- To prioritize future security investments based on risk-management principles.
- To “work with our public and private sector healthcare partners to improve cyberthreat information-sharing capability.”
- To improve awareness of cyberthreats and cyber hygiene measures across the HHS workforce.