Pentagon installs Garstka as acting CISO for acquisition and sustainment

John Garstka is a DOD veteran and former chief technology officer for the Joint Chiefs of Staff.
Pentagon, Department of Defense, DOD, federal IT, cybersecurity, Washington, D.C.
The Air Force Memorial and the Pentagon in Arlington, Virginia. (REUTERS / Joshua Roberts)

Former U.S. Air Force officer and long-time cybersecurity specialist John Garstka has taken up the role of acting CISO for acquisition and sustainment at the Department of Defense, FedScoop has learned.

In the new post, Garstka will be responsible for leading the integration of security and cyber efforts within the Office of the Under Secretary of Defense and work to ensure security within the department’s technology supply chain. According to sources, he takes over the role on an interim basis from Katie Arrington.

Garstka is a Pentagon veteran, having worked in military research and development since 1984, including over a decade within the space division of the U.S. Air Force. Since 2012, he has held leadership roles within the Office of the CISO at the DOD, most recently as director of cyber programs. Between 2000 and 2002 he was CTO for the Joint Chiefs of Staff.

It is not immediately clear how much of a role Garstka will play in the management of the Cybersecurity Maturity Model Certification Program (CMMC). Recently-installed Deputy Assistant Secretary of Defense for Industrial Policy Jesse Salazar in May told Congress that he now has oversight of CMMC.


One of the core responsibilities of a CISO for acquisition and sustainment at the DOD is to ensure the digital security of weapons systems across the military.

Services have struggled with cybersecurity risks within the defense supply chain. In 2019, a landmark report by the Department of the Navy found that the service had failed to account for the fact that defense companies it contracts with would be aggressively targeted by foreign hackers for their valuable data.

The DOD, in response, has ramped up its implementation of measures such as the CMMC program.

In November last year, the Department of Defense appointed Dave McKeown, a long-time government IT and security official, as chief information security officer. He replaced former CISO Jack Wilmer, who departed in July to lead a private security company.

The DOD declined to comment.

Latest Podcasts