Stacy Bostjanick, chief of defense industrial base cybersecurity in the Department of War’s Office of the Chief Information Officer, will retire from federal service on April 30 after a 37-year career, Federal News Network reported Thursday.
Bostjanick has led DOW’s Cybersecurity Maturity Model Certification program in the past six years and helped guide the initiative from its early development through multiple iterations to its current implementation phase.
As the Pentagon prepares for a leadership transition in its CMMC program, attention is turning to what comes next for defense industrial base cybersecurity. Industry and government leaders will explore these evolving priorities at the 2026 Cyber Summit in May. Sign up now to join the conversation.
Sources said Bostjanick is expected to transition to a role in the private sector.
Table of Contents
Who Will Succeed Bostjanick?
Buddy Dees, director of the CMMC program management office, is expected to assume leadership of the DIB cybersecurity program on an interim basis, according to sources.
According to his LinkedIn profile, Dees previously served as nuclear command, control and communications portfolio manager at DOW. He also held program management and analyst roles at SAIC and Harris.
He spent three years at the Defense Information Systems Agency, where he served as director of the Coalition Warrior Interoperability Demonstration. He also held leadership positions at the U.S. Air Force, including chief of the resources branch and head of future concepts.
Who Is Stacy Bostjanick?
In 1989, Bostjanick began her federal career as a secretary in the applied math branch at the Naval Surface Warfare Center’s White Oak division.
She later moved into contracting and held several acquisition roles across the department, including serving as a senior contracting official at the Missile Defense Agency and as head of contracting at the Defense Intelligence Agency.
Her acquisition experience led her to support the CMMC program in 2018, working with then-DOW CIO Katie Arrington following her involvement in the Protecting Critical Technology Task Force.
“Stacy is truly one of the nation’s greatest national assets. Her knowledge base of how government works and how to make it work for the right things is unparalleled. She will continue to be the heartbeat of the CMMC and ensuring that what is right is done for the right reasons,” Arrington, a previous Wash100 awardee who now serves as CIO at IonQ, told FNN in a statement.
Related Articles
U.S. President Donald Trump and Japanese Prime Minister Sanae Takaichi have announced a series of economic, energy, defense and technology initiatives to strengthen the U.S.-Japan alliance and enhance economic security and deterrence in the Indo-Pacific region. The White House said Thursday the initiatives are aimed at expanding market access for U.S. agriculture, accelerating Japanese investment in U.S. industry and enhancing bilateral cooperation across critical supply chains, energy, emerging technologies and defense. What Are the US Projects Under the 2nd Tranche of Japanese Investments? The second tranche includes up to $40 billion from GE Vernova Hitachi to build small modular reactor
The Defense Logistics Agency is integrating artificial intelligence and machine learning across its operations as part of a broader effort to strengthen supply chain resilience and accelerate digital transformation, according to Adarryl Roberts, DLA’s chief information officer, in an interview published Thursday. How Is DLA Integrating AI/ML Into Operations? Roberts, who was a speaker at the Potomac Officers Club’s 2025 Army Summit, said AI is helping unify disparate data sources, enabling faster, more informed decisions and allowing personnel to shift their focus from data collection to mission execution. Hear defense leaders, including Department of War CIO Kirsten Davies, talk about
The Federal Risk and Authorization Management Program is requesting public feedback on proposed updates to continuous monitoring requirements for cloud service providers under its Rev5 security baselines. The request for comments, open through April 22, focuses on clarifying expectations for how cloud service providers share continuous monitoring data — including vulnerabilities, assessment results and remediation activities — with all federal agency customers, FedRAMP said Thursday. What Changes Is FedRAMP Proposing? The draft updates revise the CA-7 continuous monitoring control to standardize reporting and coordination requirements across providers with multiple agency authorizations. Key changes include removing outdated references to the Joint