Gary Stevens

Director, Office of Cybersecurity and
Program Manager for the VA Enterprise Cybersecurity Strategy (ECST)

Department of Veterans Affairs

Gary E. Stevens is the Director of the Office of Cybersecurity and the Program Manager for the VA Enterprise Cybersecurity Strategy (ECST) for the United States’ Department of Veteran Affairs. As the Director of the Office of Cybersecurity, he oversees Department efforts to advance the overall cyber security posture of VA through enhanced visibility in VA Information Technology (IT) systems and networks and by providing leading edge guidance, support and tools. In addition, as the Program Manager for the VA Enterprise Cybersecurity Strategy (ECST), he is responsible for the execution of the Office of Information Technology’s (OIT) cyber security strategy and for defining the comprehensive set of actions, processes, and emerging security technologies required to further enhance the security state of VA’s information and assets, while improving the resilience of VA networks. Mr. Stevens has over 20 years of public and private sector experience in various facets of IT and Information Security (IS) related activities, and has been with the VA’s Office of Information Security (OIS) for over 4 years.

Mr. Stevens leads a technical team of over 100 government and contract personnel to manage the cyber security program of the Department, while also providing programmatic oversight of the Enterprise Cybersecurity Strategy (ECST) and plan. In this capacity, he administers a multi-million dollar cybersecurity fiscal year budget and coordinates numerous complex, multi-year, multi-phased Department-wide cybersecurity related projects across the spectrum of cybersecurity and enterprise strategy related functions. He oversees and monitors the implementation of the Department’s compliance program, while simultaneously ensuring the appropriate internal and external governing bodies and leadership are continually notified of the compliance state of VA information systems and the overall progress of the VA cybersecurity program. Mr. Stevens also serves of the VA point of contact to the Department of Homeland Security (DHS) and their Continuous Diagnostics and Mitigation (CDM) program, where he provides oversight and accountability across each of the 3 CDM phases to assist the VA better identify cybersecurity related risks via enhanced tools and capabilities, while also bringing forth technologies to better prioritize risks based upon their potential impact to affect the VA environment.

Prior to his employment with the VA, Mr. Stevens worked at the Missile Defense Agency at the Department of Defense for eight years serving as the Special Programs Information Technology Director and Information Assurance Directorate Deputy Director. He also worked as a contractor with Scientific Applications International Corporation (SAIC) and a Senior Consultant with Arthur Andersen, LLP. Mr. Stevens served as an officer on active duty with the United States Air Force and as a Reservist with the United States Air Force Reserve.

Mr. Stevens received his Bachelor's degree in Business Administration from Southern Methodist University, and received his Master of Business Administration, concentration Finance, from Colorado State University. He is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and Certified Business Continuity Planner (CBCP).