Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Federal Emergency Management Agency is expanding its footprint in the cloud. And they are doing it in a bit of a usual way.

FEMA is partnering with the Agriculture Department and developing a charge-back model to its mission areas.

Jim Rodd, FEMA’s cloud portfolio manager, said as part of modernizing the National Flood Insurance Program, the agency and USDA are using the Google Cloud platform.

“They’re actually doing it in conjunction with USDA. NFIP is bringing it up in a methodology that will allow us to absorb it into the FEMA enterprise cloud with no issue. It’s all our standards and everything,” Rodd said at the recent ACT-IAC Emerging Technology and Innovation Conference.

Rodd said the reason FEMA looked to partner with USDA is two-fold. First, the two agencies partner to help citizens impacted by floods. But secondly, and maybe most important to the discussion around cloud, is Rodd found USDA among the most mature organizations in applying the charge-back model for enterprise cloud services.

“When I first took the position over, I wanted to speak to some other cloud brokers that were in the federal government, and three that popped up was two at DHS, which were U.S. Citizenship and Immigration Service and the Customs and Border Protection directorates. I’ve talked to them, but neither one of them have a multi cloud solution with a chargeback methodology. So we wanted to make sure we were speaking to somebody in that realm as well. And USDA was pretty much the big dog on the block,” Rodd said. “They had a very mature cloud doing chargeback and it was multi cloud, so it only made sense to go and talk to them.”

Buying cloud services in a new way

This idea of a chargeback model for enterprise services hasn’t been easy for agencies over the last 50-plus years. Federal shared services for financial management and human resources have been out in front of this effort, but the agencies providing these services have struggled to make their case to large agencies for the most part.

The General Services Administration’s Cloud Information Center highlights several acquisition challenges, including advanced metering services from vendors and governance focused on who holds the responsibility of assessing cloud utilization reports for chargeback incentive purposes.

The Office of Management and Budget and the Federal CIO Council have been pushing agencies to implement the Technology Business Management (TBM) framework to measure the cost and value of IT services, not necessarily just cloud services. Agencies had to fully implement TBM cost towers as part of their 2023 budget requests that went to OMB earlier this year. But challenges around data quality and quantity have slowed down this effort over the last five years.

But understanding the costs in a multi-cloud environment is why FEMA is pushing forward with the chargeback model.

Rodd said with FEMA already is using Amazon Web Services and Microsoft’s Azure cloud instances and now adding the Google Cloud, it wanted to ensure it knew where and how much it was spending on these services. Former FEMA CIO Lytwaive Hutchinson said earlier this year that the agency’s goal to have at least 50% of all of their systems and services that are cloud ready moved into the cloud by the end of 2022.

“The thing with the chargeback model is being able to offset cost. That’s the name of the game,” he said. “All sudden our current cloud footprint is probably about $2 million-to-$3 million a year. If we can offset some of that, rather than what is happening right now where we’re carrying all of it, as we ingest more clients and more services, we should start to see an offset in costs.”

Big savings over time

Rodd said FEMA mission areas who have turned off on-premise or legacy technology are seeing costs reductions of 30% to 40%.

“It’s giving our internal and external OCIO clients, the opportunity to really be able to plan efficiently by having all of that in one place,” he said. “There’s obviously a massive cultural shift with moving to the cloud and FEMA is just as aware of that need for a culture shift as anybody else. We try to sell it on the scalability and flexibility, the ability to convert our redundant possibilities East Coast, West Coast, north, south, across this CSP, that CSP. We try to show all that, but they don’t really see it because that’s the back end. One of the things we like to do when we are briefing to a prospective client who has no knowledge of the cloud, I don’t make any promises on price because here’s the reality in any government agency for that first year or two, you’re running hybrid. You have to maintain that physical environment, especially for somebody with a mission like ours, where we have to be up no matter what. During that time, obviously, you’re costs are going to be substantially higher. So I actually stay away from that, or I brutally tell them look, this first year or two, it’s actually going to be more expensive. But as soon as we can start turning off your stuff in the physical environment, and shutting that stuff down and killing those contracts, that’s when you’re going to start to see your costs go down.”

Rodd added in a perfect world, he would like his cloud broker office to break even in terms of costs of providing the enterprise services and receiving funding from mission users.

“I don’t really ever think we’re going to get there, but even if we got to 50%, that’d be outstanding,” he said. “We developed a cost model. What we wanted is a one-stop shop so if a client comes to us and tells us their need, or we help them to develop a solution, we didn’t want them to then have to talk to the sustainment folks and get a price and then talk to the license folks and get a price. We tried to make our cost model as inclusive as possible. It covers everything from your basic compute needs, your migration, your authority to operate and your licensing. We’re actually adding cyber to it right now.”

Rodd said FEMA wanted to get a third-party expert to confirm its chargeback model would work, and received solid reviews from Gartner. He called it “elegant.”

The Baltimore Ravens football team may be better known for its winning ways on the field and its rabid fans in the stands.

But the Social Security Administration turned to the NFL team because of its prowess in using data to drive customer experience decisions. It also didn’t hurt that SSA headquarters is located in Baltimore County, Maryland, and many of the staff are big fans of the team.

Patrick Newbold, the assistant deputy commissioner and deputy chief information officer at SSA, said the Ravens are known for providing a great customer experience for their fans so it just made sense that the agency would reach out.

“One of the questions we asked the Baltimore Ravens was how business intelligence analytics changed their service delivery model?” Newbold said on Ask the CIO. “The Ravens shared an excellent use case with us on how data was able to challenge one of their assumptions on fan demographics. Early on, when they started to aggregate that data, that data disproved assumptions they had about their season ticket holders. Their fans were a lot younger than the marketing assumed. So that led them to change the music they played, the food and drinks they served and how they engaged those fans. The data provided the Ravens with some insights to fan demographics that they weren’t necessarily tracking and allow them to market to a growing demographic fan base be exposed.”

The Ravens brought their chief data officer or equivalent position to the table to meet with executives from SSA’s CIO, CDO and mission offices.

Like the way Ravens use data to drive decisions about how they serve their fans, SSA is looking to apply the same concepts to how they deliver their services.

“We want to use data to monitor and improve the way we do business and services, and deliver our services to our citizens,” Newbold said. “We also shared several challenges. One was the importance of data collection. The Baltimore Ravens leverage NFL-wide data as well as their Baltimore Ravens-specific data. They use that data to inform decisions. We, at SSA, want to create a primary source of SSA-wide data that is beyond assumptions and that supports that ad hoc, cross-cutting capability to do some data analytics. While we are completely different organizations, we have the same goals and mission desire when it comes to how we can use data to really inform the way we want to move forward.”

SSA’s scores better than average

The Ravens, Newbold said, have a mature data and business intelligence practice so gleaming lessons learned can only help SSA, which scored a 64 on the 2021 American Customer Service Index ratings. The federal government’s overall score was 63.4, while the Interior Department received the highest score under the ACSI with a 77.

SSA’s data for 2020 based on its surveys found 93% of the almost 1,700 respondents rated their field office experience as “satisfactory,” but only 47% called it “excellent.”

Newbold said among the biggest lessons learned from the conversation with the Ravens were about the importance of data governance, because the business intelligence platforms and tools are only as good as the data being put into those capabilities.

“Key points that we learned from Baltimore Ravens and throughout the discussions is really having that strong governance, but also they highlighted how they use data as a tool, not as the final answer,” he said. “That resonates with us because as we invest more beyond technologies as an agency, we also must recognize that other factors inform decisions, so data is critical and important, but not the only factor.”

The Ravens are just one of several public and private sector organizations SSA is meeting with to learn more about how they serve their customers.

Newbold said SSA also has met with JP MorganChase, the Federal Retirement Thrift Investment Board, Fannie Mae and the Target Corp.

“We also met with a couple of thought leaders since June, the former General Motors CIO Ralph Szygenda and the former IRS Commissioner Charles Rossotti,” he said. “We take these conversations and we’ve highlighted about three important lessons learned from these conversations, and we are baking those into our strategy. They are around governance, data and culture.”

New strategy coming

Newbold said SSA is updating its digital transformation strategy to include the customer experience lessons learned from all of these conversations.

SSA is partnering with the U.S. Digital Service on their modernization strategy and effort.

Newbold said his office and the mission areas are working with USDS to further expand their understanding of their customers and their journey to use SSA services.

“A key objective and expansion of our digital service offerings is a redesign of our website to enhance the user experience. To improve the customer service, we plan to deepen our understanding of our customers, including what drives their evolving service. We will learn about our customers’ journeys from various service channels and touch points, and one of those is a voice of the customer feedback. We want to capture real-time customer feedback, not only to use that feedback to assess what we have in place that is working, but to identify customer pain points to help us design those future digital services.”

To better understand those customer journeys, SSA and USDS held about 65 different sessions with multiple groups of people. This led to SSA using human-centered design techniques for the new beta version of their website that launched in April.

“For many of our services, and especially on mobile devices, we really want to ensure that we offer more digital capabilities that can be leveraged on mobile devices and from any location in it. We released an application that allows customers to express a protective intent to file for Social Security supplemental security income benefits online,” he said. “We have also prioritized within our plan the design and the mobile accessible online process that will upload forms and other documentation.”

Newbold added SSA has received positive feedback so far from the upgrades and plans to expand its interactions and testing with customers.

Reducing the burden on customers

Going forward, Newbold said SSA plans to continue to meet with the Ravens and other private sector organizations on a regular basis.

He said all the different public and private sector organizations help the agency learn more about how they can drive better customer experience. SSA also has begun to implement a customer relationship management (CRM) platform to further its efforts.

“By reducing the burden on the public, we want to eliminate requirements to conduct business in person, present hard copies of original documents, remove requirements for signatures on a document or provide electronic signing options. These objectives will require SSA to reimagine business processes, program policies and enabling technologies,” Newbold said. “We also want to modernize our enterprise IT systems. For example, our system that administers benefits have been cited by GAO as one of the 10 IT systems across the executive branch in most need of modernization. We have begun to modernize the claims intake and adjudication software. But we want [to] continue to finish that work and retire the legacy systems and modernize our benefits system remains a focus to us.”

The Defense Department has been talking about the Cybersecurity Maturity Model Certification (CMMC) standards for more than three years.

And while the final version 2.0 standards aren’t going to be ready until next summer, the impact of just talking about improving cybersecurity among contractors is real.

Stacy Bostjanick, the chief of implementation and policy and deputy CIO for cybersecurity for the Defense Department, said contractors are definitely more accepting of the need to protect their data. But, she quickly admitted, they may not have fully embraced CMMC.

“The 7012 [Defense acquisition regulations] clause started that in earnest in 2013. We got a ton of pushback and finally got it into a rule in 2017. And then after that, we had a few incidents like SolarWinds, the Colonial pipeline, and now people are like, ‘Oh, yeah, maybe people are coming after me. Oh, maybe it is an issue,’” Bostjanick said at the recent AFCEA NOVA Small Business IT Day.

Dr. Kelly Fletcher, the principal deputy chief information officer for the Defense Department, said the current approach, based on self-attestation, creates a potentially unleveled playing field for contractors who choose to take the right steps to secure their data and those that just say they do.

“We know we have totally divergent compliance. If you’re complying now with what is in your contract, you’re competing against folks that aren’t, and I think CMMC is trying to get after that,” Fletcher said. “I don’t think CMMC is perfect. I think any solution we come up with isn’t going to be perfect. But it is our first attempt to get after that.”

25% of DIB met cyber requirements

While the problem may not be new, the data collected by the Defense Contract Management Agency (DCMA) shows just how troubling it is.

John Ellis, the technical directorate’s software division director at DCMA, said out of 300 assessments the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) did over the last few years, only 25% of the companies were compliant with the 110 requirements in the National Institute of Standards and Technology’s Special Publication 800-171.

“If roughly 25% of companies were fully compliant when we assess them, now, if you extrapolate that across the DIB, that’s why we’re informing some of the decisions. So if what CMMC is going to do for us in the future that we can’t do today is what we do today is largely a post-assessment activity. There are holes in those mechanisms, things are not fully implemented,” Ellis said at the Coalition for Government Procurement spring conference in Falls Church, Virginia. “CMMC is going to let us address some of that stuff that does lead to stronger prevention of ransomware attacks because it’s going to require companies to become far more fully compliant. If 75% of your companies can’t meet the requirements and they’re required to meet all of those before they can be awarded a contract, what does that mean, in terms of who can compete for contracts? It doesn’t bode well.”

Ellis said the DIB’s shortcoming based on their assessments and the need to bring more companies up to par faster is why DCMA is launching the early adopter program for CMMC. This is for defense companies to work with certified third-party assessment organizations (C3PAOs) before the CMMC 2.0 is finalized. Ellis said DCMA auditors would look over the C3PAO’s shoulder and offer feedback and insights, but not an official DIBCAC review.

“We started the planning for the early adopter program a couple of months ago, but we haven’t started the assessments yet. I expect us to start them later this summer,” Ellis said. “The assessments are on site, but also include a lot of coordination ahead of time with the company, the C3PAO and our folks. It’s a 45-60 day process that happens at the company’s site.”

Ellis said the C3PAO and the DCMA auditors will conduct a medium or high confidence assessment, which is more like a document review, where they, with the company, to through the system security plan to ensure that they’ve documented their requirements in a way that that articulates that they understand the requirements.

Benefits for DoD, vendors alike

The early adopter program is part of several ongoing initiatives DoD is pursuing to get a head start on CMMC. Bostjanick said earlier this year that DoD will do a series of tabletop exercises to test out the cyber standards.

Bostjanick said the early adopter program benefits the C3PAOs, DCMA and the DIB because all will get experience with CMMC standards.

“You will be given a DIBCAC high assessment in supplier performance risk system (SPRS), and our intent, which means our hope because lawyers told me we can’t promise anything because rulemaking is that, when CMMC becomes a thing, either as an interim thing next May or a final thing the following May, that companies certifications will still be good for an additional three years,” she said. “One of the things that you’re going to see in CMMC 2.0 is each company has a requirement to do an annual affirmation. Which states ‘Yep, I’m still good. I’m still in compliance. Nothing has changed. Nothing has caused me to go out of compliance. I affirm I still meet the requirements.’”

Ellis said there are about 20,000 companies in SPRS today and if, based on the DCMA review of about 300 companies, approximately 75% are not in compliance with the 110 controls detailed in NIST 800-171 today, there is a lot of work that still needs to be done.

“The data is in SPRS says the opposite. We see an awful lot of scores that are very, very, very high, and we’re a little concerned about that for a couple of reasons,” Ellis said. “One, we’re concerned about companies not really doing the things that they said they were going to do. And two, it gives a false sense of security both to the companies and to the government in the procuring activities that are relying upon that information.”

DoD is facing similar questions about its own systems’ compliance. A recent Government Accountability Office highlighted in late May the Pentagon’s struggles in meeting the same NIST 800-171 standards for internal systems.

Ellis said DCMA started reviewing about 300 contractors’ compliance to the NIST standards in 2019 and the hope is that those companies that were among the first, would be part of the early adopter program.

He said the NIST reviews alone have improved vendor cybersecurity.

“We had one company that was in the negative 200 range and now they are in the mid-two digit range, meaning they have improved remarkable over the last few years,” he said. “It’s really important that folks understand, this is not meant as a threat. We’re looking at it to derive knowledge and insight. We’re going to anonymize the results, unless we were to stumble into something that’s fraudulent and then that’s a whole another can of worms, by the way. But what we will do is share that information of what we learned with the companies that we’ve assessed so that people can see the goodness of the information that’s actually in the system. It should inform both government folks and quite honestly, it should inform the DIB. You don’t ever want to be in a position where you think you’re much better than you are, and then either the DIBCAC shows up or a C3PAO assessment is conducted, and you find that you’ve missed the mark, significantly. That’s not good for you as a company. And it’s certainly not good for us to rely upon somebody that doesn’t have that understanding.”

To prepare for the influx of work coming from CMMC, the DIBCAC is staffing up. DCMA plans to grow its staff in the DIBCAC to about 150 employees from 50 a few years ago.

The House of Representatives Chief Administrative Office is close to adding another shared service to the 100 or so it already provides.

These range from acquisition support to human resources to finance and logistics. But the one area where those services were missing and sorely needed was around digital transformation.

So in the coming months, the CAO will launch its new digital services office.

Alan Thompson, the House’s chief information officer, said over the last decade, and specifically over the last two-plus years, a lot of member offices, committees and caucuses have been trying to take advantage of technology in new ways. But many times their staff had limited knowledge or brought in consultants that cost a lot of money.

“We’d like to fill that gap for them,” Thompson said on Ask the CIO. “We’re going to have several different roles in this team. We’ll have a product manager role. We’ll have a user experience designer as well as software engineers. We really hope to bring in the capability to rapidly develop or maybe just consult on how an organization within the House member, committee or leadership office or a conference or caucus wants to achieve something. Really the hope is to be that resource there that can help them do that.”

The CAO, which first announced its plan to create a digital services office in March at a hearing of the House Select Committee on the Modernization of Congress, is hiring both new employees but also bringing in experts from the U.S. Digital Service as well as TechCongress, an innovation fellowship that places technologists with Congress for a year.

Catherine Szpindor, the House of Representatives chief administrative officer, said members or committees are trying to solve a specific problem, but don’t know exactly how to do that.

The CAO offers almost 100 cloud approved services, for example, and the new digital services team will be able to do more than just point them in the right direction, but help get offices from idea to implementation.

“We have traditionally been a typical IT support group. We support major applications like PeopleSoft in our HR and payroll applications, these large Oracle and other products that have been traditional, and that’s served us well,” Szpindor said. “But I think just since we really started integrating Office 365 and going to the cloud with so many other things, we started realizing that there was a real need for us to be able to provide consultative services and help with the development of some of these newer products that are automated in a way in which you don’t have to know a lot about the standard way to program. They’re low code, no code type applications. Allen’s bringing in Appian as one of those that we could possibly use. We are looking at robotics process automation. This was just a good time to do that. The time was right, the enthusiasm is there, and I think industry experts are backing us with ideas and how it’s being used in other places.”

The House started implementing Microsoft O365 in 2019 and brought in other cloud products like WebEx from Cisco and Zoom to address the fast growing need for remote work during the pandemic.

These tools have made hearings more accessible, but they have also help improve the connection between Washington, D.C. office and members’ district offices.

“I will point out that these the members have gotten very good at using these tools, which I’ve been very happy to see,” Thompson said. “I attended an event the other night hosted by Rep. [Eric] Swalwell (D-Calif.) when he was at home with his new baby in his arms while he was doing this meeting. The members have really taken to and, I think, have gotten used to this and have a lot more flexibility now. We required a lot of hands on from my team to support these meetings, and now we’re finding that, they’re like, ‘Oh, we got this, we can make this work.’”

That feeling of “we got this,” is part of the reason why the CAO is taking the next step with digital services.

Thompson said the digital services office will work directly with digital directors, who work for committee and member offices. While the CAO continues to set the office up, Thompson and his team are meeting with the digital directors to better understand what the trends, challenges and broad needs are across the House.

“There’s a lot of outreach going on reaching out to even chiefs of staff in member offices, trying to understand what problems are they having, where’s the gaps so you can consider it a listening tour, if you will, doing a lot of research about what kinds of tools or things or initiatives that they’re trying to perform,” he said.

Thompson said as a pre-cursor of sorts to the digital services office, the CAO has been improving the technology infrastructure for the House over the last few years.

He said from improving Wi-Fi access in the office buildings to a new pilot in the district offices to improve their wireless connectivity, the goal is to make it easier to connect offices and people.

“We’ve also put a virtual private network (VPN) concentrator out on the West Coast, this is all about are trying to improve service for the district offices. They’re those satellite offices that two or three people are sometimes one person in them, but still having them be connected and being able to collaborate use all the same tools that we do here on the Hill,” Thompson said. “We opened up two new pops, or point of presence, if you think for a national backbone in the Southwest and the Midwest. We have about 900 plus district offices out there in the members’ home districts that need to be connected, just like they would be here. Now, these offices can jump on our network faster and have less latency getting to our infrastructure services.”

Szpindor added since the CAO put the network and infrastructure upgrades in place, the number of calls they receive from member offices about dropped network connections or latency issues has dropped significantly.

“The thing that we have to do better with is when the offices have issues, whether it’s with their technology or their network, they have to know who to call to get help,” she said. “It breaks my heart when one of the district office directors or someone talks about all the network issues that they have in our office, and we were never contacted. I don’t know who she was talking to, but it never got down to our network staff. We are willing to do whatever it needs to improve, including getting on a plane and flying to the office to check things out or doing monitoring by checking the bandwidth or whatever to make it better. The communication on what we can do and how we can help is something we’re working on.”

Szpindor said the digital services office also will help current staff upskill through short or medium term assignments on projects.

“I try to look at the employee side of things, there will be a shift, and some of the work that’s been done to where maybe there’s a certain percentage of the work that we have been doing on our back end systems, that will shift here. So we want to keep in mind, the needs of our dedicated employees to try to help them to get to where they can be part of this as well,” she said.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Ask the CIO on Apple Podcasts or PodcastOne.

The impact of the Defense Innovation Unit shouldn’t be measured in the number of agreements awarded or the amount of dollars obligated. Both, by the way, are breaking new records each year.

Rather, the impact of DIU should be measured in number of problems it helps solve for the Defense Department.

Mike Madsen, the deputy director of Defense Innovation Unit, said one of the best examples came during the early days of the COVID-19 pandemic. DIU was overseeing the development of a new application called the rapid the assessment of the threat environment (RATE).

“It was a prototype used to predict when men and women in uniform are going to come down with an infectious disease like flu. This was pre-pandemic,” Madsen said on Ask the CIO. “Those kinds of things that would impact readiness and can spread potentially through your organization. Well, we were almost complete with that prototype when the COVID pandemic started. Instead of going back through a requirements process, we just pivoted, and applied it to COVID environment and ran the prototype of RATE in the COVID environment.”

Madsen said about 10,000 service members participated and the app collected data from devices like wearable watches and other on-person devices.

The application detects biometric measurements of various the service members and feeds the information into a database where it applies artificial intelligence to predict when folks would get sick.

“We were able to perfect it to the point where we were able to identify folks who are going to get sick with COVID 48 hours before testing or symptoms indicated that they actually had COVID,” Madsen said. “From a unit perspective, if I’m a commander, now I have awareness of someone who is potentially going to bring that into the larger unit and we can pull them out, isolate them before they’re even infectious. From our DIU operations perspective, [the pandemic] was relatively seamless, but there were opportunities to help leverage commercial technology to solve Defense Department problems.”

Record year in 2021

Solving those problems for warfighters is DIU’s ultimate goal, and that by which is the organization constantly is proving its value.

Madsen said this is why DIU is always looking for the companies that are on the leading edge and doing innovative work that could help some solve some of DoD’s biggest challenges.

Since 2016, when DoD launched the innovation office, it has awarded 279 contracts and brought in 240 non-traditional vendors, based on the definition in the law.

In 2021, DIU published 26 solicitations for commercial solutions for which it received 1,100 proposals. The solicitations on average received 43 proposals each.

DIU says 86% of companies that have received awards are considered nontraditional vendors with 73% being small businesses and 33% being first-time DoD vendors.

Madsen said 2022 also is looking strong. As of March, DIU has awarded $1.5 billion in total contract value. Between 2016 and 2021, DIU obligated $893 million.

“What that tells me is that we have proven our value to our DoD partners as a way to rapidly bring in that commercial technology to bear on DoD problems and provided our return on investment to them,” he said. “It also tells me that not only have we proven value to our DoD partners, but we’re proving value to our commercial partners as well as a way to simplify that process of working with the department. So we’re pretty excited about that.”

Madsen said DIU is seeking to continue to improve its process and prove its value. He said currently it takes about 100 days to award a prototype, but DIU would like to get that timeline down to as little as 60 days.

“We increase the transparency with a commercial partner. We increase competition for our DoD partners, lower the time the vendor has to obligate to the solicitation,” he said. “We’re able to get more solicitations in, which is great because we can cast a pretty wide net. We’re able to use our commercial engagement team to go out into the ecosystem and really understand where is that that large magnitude of commercial investment taking place in the technology ecosystem, who are the companies that are really on the leading edge and doing really some of the fantastic innovation and development in that areas that we think are going to help some solve some of DoD problems.”

Expanding DIU’s reach

DIU is expanding its reach with offices in Silicon Valley, in Mountain View, California, in Austin, Texas, Boston, Washington, D.C. and the newest regional office in Chicago.

The reason for the six regional offices is two-fold. First, DIU wants to search out companies that are outside the typical technology corridors. Second is to promote more competition.

“We also accelerate cooperation. In this era of the broader strategic competition, demands collective cooperation so we are shifting to a regional focus to align government innovation entities within those geographic regions to make sure we’re getting the best technology from across the country, not just the technology hubs,” Madsen said. “We want to find the best technology that the U.S. has to offer. We also want to demystify the complex procurement process. If we can get all the government innovation folks together and rowing in the same direction, and engaging with our commercial partners, in one voice that it’s going to help us demystify that.”

Over the last few years, DIU has moved several projects that are showing promising results in the prototype phase.

Madsen highlighted the development of a 5G tactical network for the California Air National Guard.

“We’re able to rapidly set up a secure 5G mesh network for humanitarian assistance, disaster relief and first responders. If you think about forest fires, now we’re able to set up a very rapidly a 5G network for cellular coverage for those folks that is discreet and secure for them to continue executing their activities,” he said. “We’re using AI for predictive maintenance. The commercial sector saw this a long time ago, not just the airline industry, but other industries that use very, very expensive machines with a lot of moving parts and failure of any of those parts would result in a catastrophic outcome. What we’ve been able to do is apply predictive maintenance using AI to multiple platforms across the Air Force. We’ve seen an increase in machine capable rates and a decrease in unscheduled maintenance time. We are looking to continue scaling that one across all the platforms.”

A third example is around drones and making sure they are both built securely from a cyber perspective and by American-owned companies.

“We’ve had several prototypes with the Army that resulted in CyberSecure drones,” he said. “We were able to field those in less than 48 hours in response to the humanitarian refugee situation in Germany when the US pulled out of Afghanistan.”

For FEMA, cloud services are a lifeline to disaster survivors.

There may be no better uses cases than when a hurricane or tornado strikes and FEMA must scale up its grants management or flood insurance program to tens of thousands of users in a matter of hours.

Lytwaive Hutchinson, the outgoing FEMA chief information officer, said the scalability and flexibility of cloud services along with the innovation from providers means the agency continually adapt to the changing needs of citizens.

“Our goal is to, by the end of this year, have at least 50% of all of our systems and services that are cloud ready to be moved into the cloud,” Hutchinson said during a recent panel sponsored by ACT-IAC, an excerpt of which was part of the Ask the CIO program. “I’ve had conversations with some vendors and some folks about lift-and-shift, lift-and-shift is my last resort. That is not something that’s viable. My first look is to take capability and actually either modernize them and/or move them into the cloud because they are cloud ready or if they are not, then they should remain on-premise.”

Hutchinson, who announced in March that she is retiring from federal service after 41 years, said some systems are better suited to remain on FEMA or Homeland Security Department data centers, while others systems are ready today or could be ready in the short term.

“We do have upwards of, I think, 53 systems that are cloud ready so that will be 50% of 53 for this fiscal year. We have another set of systems that are not cloud ready and will have to go through a modernization phase,” she said. “Our goal is by fiscal 2026 to have all of our systems and services in the cloud. That is inclusive of our financial systems. We will address each of our systems on a case-by-case basis.”

She said this IT modernization initiative must be part of how FEMA does business every day and responds to every disaster. This means the services must be less about the greatest and latest technology and more about ensuring citizens have access to FEMA’s services whether they have internet connections or not.

“Our goal is to ensure that our services do not become obsolete by just adding on a building on to current technology, but embracing new technology as that technology availed itself,” Hutchinson said. “You also heard us talk a little bit about our theme for this year, which is delivering digital equities. I know it’s a really nice little catchphrase, but it really does mean something to us. It is about delivering equity to our IT partners and to our citizens to be able to access being this data, not just access it, but access it securely. We also want to make sure that we are taking care of our disabled community, and that we’re ensuring that our systems, our services, our websites are ready for them to also be able to utilize. We have a lot going on across FEMA as it relates to systems and services that we would like to deliver to our partners and to our citizens to be able to take advantage of the capability that FEMA brings to bear especially during the time of need in a disaster.”

Securing software earlier on

One way FEMA is taking on this challenge is through a “secure by design” approach to developing new services.

Greg Edwards, the FEMA chief information security officer, said this is how the agency brings security closer to the acquisition process so they address potential and real vulnerabilities on the front end of the development phase.

“We spent a lot of time in terms of zero trust with our users and thinking about how they access our services and devices in a protected and a secure manner. In that area, we’ve made some improvements in terms of how we control our mobile devices and made some modernization in the network and in the applications,” Edwards said on the panel. “In terms of our network, we’ve done a heck of a lot of modernization of the assets themselves. That’s all about our journey to our FEMA enterprise cloud. Then there is the data from a cyber perspective, where we are focusing very heavily on data being encrypted at-rest, and also data being encrypted in-transit.”

The move to the cloud and the focus on zero trust is forcing FEMA to rethink more than just their internal protections, but also how the public must access the data and applications.

Edwards said this is where the secure-by-design framework comes in.

“What that is going to allow us to do is closely align our system development lifecycle with the acquisition lifecycle. So step-by-step, we’ll be looking at cyber activities from when you’re doing some software development to when you’re doing some critical design testing to when you’re implementing to when you are decommissioning the system,” he said. “We think this framework, secure-by-design, will be helpful to govern our overall processes and help us tighten the reins in that area.”

Through the secure-by-design approach, Edwards said FEMA is fixing vulnerabilities faster, reducing the cost of security and improving collaboration between the technology and mission areas of the agency.

Getting governance right

The biggest impact of secure-by-design, however, may be in how the system operates to serve the mission and citizens.

Edwards said by looking at problems more holistically, FEMA can ensure changes or updates don’t have downstream effects that may make one element less secure or more complex to use.

“We’re at the governance point still, and then we want to communicate the governance framework to our governance board so we get the buy-in from the whole community about the concept and methodology. We want them to have a good understanding of it before we start saying that we’re actually implementing anything in that regard,” he said. “But in our business, we’re always working in parallel. We’ll be partnering with our major programs so we do some prototyping, some understanding of some of the impacts of actually implementing this, and getting to a goal of ongoing authorization and things of that nature. While we work on the governance, we’re also working with programs to prototype how this would actually work. By the end of this year, we would expect to have our governance process solidly in place, and my boss has asked me to make sure that I have about three processes that we’ve fully implemented by the end of this year as well.”

Edwards said there are nine processes within secure-by-design and FEMA is looking at three of them, such security planning to auditing.

The State Department’s intelligence branch is setting up a new open source office to improve how it shares analysis with diplomats worldwide under a new strategic plan that puts a major emphasis on upgrading the bureau’s IT operations.

Brett Holmgren, assistant secretary of state for intelligence and research, says the Strategic Open Source Coordination Office will serve as a “central point of contact” for policy, training and tradecraft around open source intelligence, or OSINT. The new unit will also test and procure open-source tools, help deliver them overseas, and manage contracts.

The Bureau of Intelligence and Analysis, or INR, provides intelligence to U.S. diplomats. But most diplomats, spread out at locations across the world, have sporadic access to classified U.S. intelligence assessments.

“Being able to leverage open source in a fundamentally different way than we’ve done so to date will allow us to share our best insights at the unclassified, FOUO, or the sensitive but unclassified level, on new platforms to our diplomats overseas,” Holmgren said on Inside the IC.

The intelligence community is increasingly looking to improve its use of OSINT, especially as Russia’s invasion of Ukraine plays out across social media feeds, commercial satellite images and other publicly available sources.

The open source office is part of the bureau’s new strategic plan, called “INR 2025.” It lays out five major pillars, starting with an imperative to “elevate strategic analysis and redefine intelligence support to diplomacy.”

Holmgren, who was sworn in last September, said that first pillar represents something of a return to INR’s roots of developing long-range, strategic intelligence products.

“We really want to kind of reinvest in that core capability,” he said. “Over the years, we’ve become a little bit overstretched in responding to a lot of the demand for current assessments, and we’ll continue to do that, obviously, to support our policymakers. But we really want to step back and make sure that in the intelligence community, we are one of those agencies that is thinking about where the world is headed, and trying to identify some opportunities and risks over the horizon to provide a warning, and also to help enable our policymakers to think through wise foreign policy strategies.”

INR’s digital vision

The strategy also prioritizes digital modernization. As Holmgren puts it, its about shifting away from an operations and maintenance mindset for IT toward “a more modern, agile, innovative technology team.”

In order to oversee that shift, INR created a chief information officer position. Raymond Romano is currently acting CIO for the bureau. He previously led the State Department’s cyber threat investigations division at the Bureau of Diplomatic Security.

INR is also creating a technology governance board to oversee the bureau’s IT modernization efforts and ensure technology is incorporated into its strategic planning process moving forward, according to Holmgren.

“It’s a cultural shift, but I think it’s vitally important, and it starts at the top in terms of how the leadership of our organization views technology and the role that it will play,” he said.

The bureau is already sketching out a new mobile strategy, according to the new strategy. Holmgren says mobile devices will be key to delivering more open-source and unclassified information to diplomats across the globe.

“Imagine a diplomat riding into work in the morning, or they’re getting ready at their home in the morning, and they’re somewhere in Asia, and they’re able to pull up the INR app on their mobile device,” Holmgren said. “We want to be able to provide real-time, relevant information to our diplomats in the most accessible manner possible, and we do view a mobile as a real opportunity for us to do so.”

Tech savvy, diverse workforce

Holmgren also thinks INR’s future workforce will continue to be more technologically savvy, even if they’re not all software engineers.

“They don’t need to be fluent in JavaScript and Python languages,” he said. “They don’t need to know how to code. But they do need to understand how technology operates. They need to understand and be comfortable with using modern technology, so that they can be successful in the future.”

Holmgren says it’s not just an imperative from an internal, business operations perspective.

“I think you’ll see more officers with some backgrounds in science and technology, just given where the threat landscape is evolving in the world, everything from global pandemics to emerging technologies and cyber, and how all of these technologies are applied in the military context as well,” he said. “I think it’ll be important to have experts on our team that not only understand the deep history of a particular region, or understand applied economics, but that actually understand and have a deep familiarity with some of the science and some of the education that underpins a lot of these disciplines.”

INR’s strategy also places a priority on recruiting individuals from more diverse backgrounds and perspectives. Diversity continues to be a challenge across the intelligence community.

“It’s making sure that we are being very deliberate about our recruiting strategy moving forward,” Holmgren said. “And we’re going to continue to invest in expertise, regardless of where it comes from. But we are going to make sure that we put a premium on forcing ourselves to think more critically about our recruitment strategies, and not just doing what’s easy, but doing what’s hard, because ultimately, that will make us better and more effective as a bureau in the future.”

For the last few years, the IRS has been changing its external reputation and internal culture of an agency that doesn’t take technology risks.

The Pilot IRS program may be one of the most well-known examples of this external evolution, reaching out to vendors to bring in innovation and new approaches to contracting.

Internally, the use of robotics process automation in the procurement and financial offices has been a strong influence on the workforce’s culture.

Shanna Webbers, the assistant deputy commissioner for operations support at the IRS, said a combination of short-term wins and agencywide collaboration helped drive two major changes.

“The technology enables our staff do other things or things that they may find more interesting, instead of just mundane, repetitive tasks. That’s really what we want to do. We want to create an environment where our staff want to come to work, where they’re excited to come to work, where they feel like they are making a tremendous amount of value to executing our mission at the IRS,” Webbers said on Ask the CIO. “How do we create that and beyond just upskilling and rescaling in areas with human resources-related to technology or robotic process automation? We really are looking at the whole person. How do we ensure that every individual in the organization has the right skill set, the right experience and the right knowledge to take on positions of greater responsibility?”

Webbers said that meant changing how they trained the workforce. Instead of focusing 80% of the training on the technical aspects of procurement, the use of RPA and automation has let the IRS refocus the training to 50% on technical and 50% on other skills like critical thinking, writing, leadership and collaboration.

Agency collaboration

The second initiative to drive the culture change is to create a partnership with the agency’s chief information officer’s office.

Webbers said the CIO’s office must give its final “blessing” before the bot can launch, the office has provided acquisition and financial with liaisons to help work through the documentation and security processes.

“We have a process in place where when we have ideas, we, through an intake form, submit them to the CIO and they get reviewed. There’s an IT advisory board that makes recommendations for how to move forward,” she said. “If we don’t have the capacity or the funding to move forward, the CIO’s office helps to prioritize the RPA investments.”

Across procurement and financial, the IRS has implemented a small amount of RPA bots so far, but expect to increase the number over the next year.

“We have other ones that are in the queue right now. In the next six to 12 months we are  focusing on RPA implementation that’s working around data reconciliation and management for our manual adjustments for refunds and deposits, that could save up to 35,000 hours per year,” said Teresa Hunter, the IRS’s CFO. “There’s a significant opportunity. We are a very paper-based organization. It’s just a matter of our IT organization having the capacity and the funding to keep up with the demand that is going to be coming their way. The CIO has a big job of making sure that we are secure and safe. It’s a balance between having a good relationship with your CIO office and understanding their perspective as well as the needs of the businesses.”

Hunter, like many CFOs, are seeing the value of bots for financial operations.

She said she is encouraging the staff to take a new way of looking at how they could do their work, which areas are repetitive and require mundane tasks that somebody had to do that.

“We know it does save time and effort on our staffs’ part,” Hunter said. “As we’re working on the automation, the innovation, the efficiency effort within CFO, we’re also looking at skill sets of our staff and how can we upskill or reskill them? What are the core areas that we want to focus on of making sure our staff are being trained to develop and grow in their role as we move forward with some of these shifts and changes? We aren’t looking to reduce full-time equivalents (FTE), but we’re looking at being able to be more analytical in our decision making and how we are approaching the work that we have to do so that we can be more successful and how we’re making decisions, how we’re coming to conclusions, and really getting ahead of any type of like audit issues or anything like that, where we’re really understanding our data and our workforce is really growing and developing along that path that would get us to the future of finance and the skill sets that are going to be required for people in a CFO organization.”

Relying on the innovation team

For both Hunter and Webbers, the continued move toward automation and using bots will be a balance of enthusiasm from the early adopters and managing those who remain cautious about it.

“One of the things that I believe helped us in that was just being open to hearing what they have to say about using bots. Every viewpoint was critically important to understanding the risk that may be associated with using a robotic process automation on a process that we had not proven out. So trying to take all of that input, letting them know that their input was important and mitigating the particular risks or accepting those risks, or coming up with a different approach to eliminate the risk, was our approach,” Webbers said. “At the end of the day, because I was in charge, I said, ‘Okay, let’s do it, we’re going to try and see.’ Fortunately, it worked out really well, and I think that those instances where we got those quick wins was important for people to gain confidence.”

She said the IRS looks back at every RPA implementation to create lessons learned and figure out where they can improve upon the process for next time.

Hunter added the CFO’s office created an innovation team to which employees can submit ideas for how to automate or improve a process.

“What I wanted to do was make folks a part of the process, where, I’ll steal a quote from procurement, can you tell me what you hate so that I can make you love it?” she said. “What are those opportunities that you just dislike doing every day? Let’s take a look at it because maybe there’s opportunity to do the work in a different way or automated it or whatever the solution may be, but there’s got to be an answer. We’ve focused on that as well as the change management portion of it as we’re thinking about how we’re looking at our work products. It’s really the mindset of how can a bot help me in my day-to-day life?”

This time, the renewed focus on federal shared services isn’t just about the technology.

The terms human-centered design and customer experience have crept into the ever-changing approach to providing agencies with back-office shared services.

Jeff Schramek, the deputy commissioner for fiscal accounting and shared services at the Bureau of Fiscal Service in the Treasury Department, said his goal to further evolve financial management, human resources, acquisition and travel shared services is a combination of maturing the services his organization provides and understanding the customers they serve in a more specific way.

“We have employees working for us that have the experience of working our systems, the efficiency and scalability of our programs, with the goal of being able to provide timely data and information to the agencies so they can do their work and make their decisions. So it’s really now becoming more about standardization,” Schramek said on Ask the CIO. “But we also want to know what our customer experiences through the whole process. We generally get 90% customer satisfaction in our services offerings each year, but customer service and actually customer experience are a little different. We want to make sure we’re bringing the agencies in early whenever we’re trying something new or bringing in a new system.”

Bringing in the customer early on

Understanding what the customer wants isn’t a new concept to shared services providers. In 2015, the General Services Administration launched the Unified Shared Services Management (USSM) office and added a playbook that emphasized the providers listen more to the voice of the customer.

The challenge, however, has been not just to listen to agency customers, but implementing real changes to the systems and offerings.

Schramek said the change the Fiscal Service is going through is to take a human-centered, agile design approach.

“We are bringing the customer in early to gauge what is it that they like about the system? What don’t they like about the system? What can we change?” he said. “We’re focusing our skilled employees who do business process reengineering and automation to focus on those [13 service] areas. Just recently, we did a review of the commercial accounts receivable organization, and what I like about what I heard through that process is this review was done and came up with about 10,000 labor hours of savings, and possibly over $100,000 of cost avoidance because sometimes you still use those people to do something else, but they can get off the manual processes. Also what I like about this business process servicing reengineering groups that we’re doing is they actually came back and told us where you can get your savings is using a bunch of different things. So it’s not just one tool. We are incorporating a robotic process automation bot into our reporting processes, that’s going to save 5,000 hours.”

Schramek said using RPA and other automation tools will reduce the burden on their customers and increase efficiency of the Fiscal Service’s services.

87 agency customers and growing

He said in one instance, automation will reduce the manual process of answering agency emails, of which the office gets more than 100,000 a year.

“That’s going to save over 3,500 hours if we implement that. We’ve got an automation tool in our accounting software that is kind of like a bot and that you incorporate it for reporting. That’s going to save about 1,400 hours a year,” Schramek said. “We have a lot of people who come in and start working for us, and we need to train them. Sometimes that requires a couple of weeks’ effort. There’s some training that you just need once a year so we’re building an automated video to replace some of that.”

Using automation and bots to improve financial services or human resources offerings is part of the Fiscal Service’s broader plan to improve customer experience.

And the Administrative Resource Center has plenty of customers that they hear from.

Schramek said ARC provides 87 agencies from small commissions and independent agencies to large cabinet level departments with, ranging from the departments of Treasury and Housing and Urban Development to the Nuclear Regulatory Commission to the latest one coming on board this year, the Office of Personnel Management, a range of services from financial management to HR to acquisition to travel support services. He said about 50 agencies use their financial management shared services while 29 use some combination of the other offerings.

“We’re actually just finishing up a technology and data roadmap that we’ve created. What this really does is it looks at all four of our business lines, the systems in the software that we use in those four business lines, and where is the maturity level of those systems,” he said. “The good news for us from what we’re looking at is we don’t have too many that we have to really move off of and sunset. But there are a number, especially when they come out in the queue somehow that we’re going to need to make decisions: Do we stay on the version we’re on right now or do we do the investment to go and get the additional cloud based software services you can get on that? Those are the things we’re planning for.”

Data analytics on the horizon

Schramek added the roadmap also opens the door to bring more innovation into the shared services offerings. He said ARC will share their modernization and innovation plans with their customers whether it’s through the specific roadmap or through other ways is still to be determined.

Part of the roadmap is how ARC will bring more analytics to its customers. Schramek said currently his organization is providing data back to customers based on individual services whether financial management or HR.

Where ARC would like to go, he said, is for customer agencies to obtain data from all four business lines as they need it as well as provide analytics of that data.

“We can provide that information and provide them dashboards and some information back that then they can make decisions,” Schramek said. “I imagine some of our smaller commissions and agencies are probably going to use the dashboard and analytics we provide, whereas HUD and OPM would likely want to be able to get to the data and bring back to their analytics tools. But I think the data aspect is where we are going so we can give our customers timely data to the decision makers.”

Learning Objectives:

• Shared Services Provided by ARC
• Utilizing Automation in the Shared Services Realm
• Network Modernization
• Data Examination

This content is sponsored by 

Jones confirmed to Federal News Network that his last day is June 17, but didn’t say where in the private sector he was heading.

Glenn Miller, the principal deputy CIO, will become acting CIO until State names a new executive, an agency spokesman confirmed.

Jones is retiring after 38 years of federal service, including the last 16 months as the State Department’s CIO. He also worked for the Department of Homeland Security for 15 years in technology leadership roles at the U.S. Citizenship and Immigration Services and at the Immigration and Customs Enforcement directorates.

Jones also worked in the private sector after leaving DHS in 2018 for Deepwater Point Consulting and for his own firm, The Edgewater Group.

During his time at State, Jones focused on State’s IT modernization efforts, including cloud computing, mobile computing, improved service delivery of technology and initiatives to enhance cybersecurity.

One area of focus for Jones was to create a standard platform for DevSecOps to give the mission areas the tools and skills to develop applications and address the “shadow IT” challenge nearly every CIO faces.

Miller has been at State since 1991 when he joined the Foreign Service. He has been principal deputy CIO since August 2021. In that role, he manages all IT operations, including cyber operations, business management and planning, operations and foreign operations.

Previously, he served as deputy CIO for both operations and foreign operations.

State’s IT budget in fiscal 2022 is $2.8 billion with 41 major investments.

With Jones’ departure, State now will have its fourth new CIO in five years. Jones was the CIO for 16 months, while before him Stuart McGuigan last two years, and before him State had an acting CIO since Frontis Wiggins left in 2017 to 2019.

Before Maria Roat retired at the end of March, she made sure one important initiative was well on its way.

The former deputy federal chief information officer said the effort to create shared calendar and collaboration tools across all agencies is on the right track.

“When you talk about changing federal IT, we have to continue that work around interagency collaboration and communication. We have to keep in mind the federal enterprise, but also really getting things out of the way around data, using each other’s data, to make things better for the public. That’s ultimately about what we’re doing,” Roat said on Ask the CIO.

This is why the next federal deputy CIO needs not only to pick up this collaboration initiative and others, including modernizing the IT workforce, but also establish strong connections and understandings on the budget side and with agency CIOs. The Office of Management and Budget named Drew Myklegard as the acting deputy federal CIO when Roat retired in March and is reviewing resumes for a permanent deputy federal CIO after putting out the job announcement in mid March.

“Whoever’s coming in, really needs to pay attention to the budget cycle. It’s not moving the needle for just next year, it’s moving the needle for the out years, when you’re thinking through budget,” said Roat, who became the deputy federal CIO in 2020. “I would also tell whoever’s coming in to really build out the relationship with OMB, the desk officers in the Office of the Federal CIO. Their relationships with the agencies is so important, not just the desk officers, but for the deputy, whoever comes in to build the relationship across the federal community. I think that’s really important to stay connected and stay in touch with them. It’s about working on the relationships, have those relationships with the CIOs and keep in touch with them. I always had half of them on speed dial. I was texting them and things like that because the community is so strong and it is so connected, and certainly I could not be successful without having the relationships with the CIOs.”

Collaboration tools from pilot to production

Those relationships are how Roat was able to move the collaboration tools from idea to pilot. Today, the General Services Administration is leading the effort with a program management office stood up in October. It is working with agencies to implement the broad set of calendar and chat capabilities.

OMB oversaw the nine-month pilot effort with four agencies, the National Science Foundation, the Small Business Administration, NASA and the Education Department, in 2021 to prove out the value of this interagency collaboration capability.

Roat said in February at an FCW event that the PMO has a scorecard keeping track of the progress through weekly meetings.

“The technical part is really easy around interagency collaboration. Right now, agencies are already working on their white lists so they can chat and share calendars with other agencies,” she said. “There was a lot of discussion out of the pilot that they needed a memorandum of understanding to talk to another agency. But it makes no sense to do a MOU with 30 different agencies so how about if we just do one? So we are working on that.”

Roat said this initial effort is a baby step of a much larger project that would let agencies collaborate, share data and information.

“This is one little thing that I think is hugely impactful,” she said. “I love what the Defense Department’s done using Office 365 and opening that up. On the federal civilian side, this is where we are heading, not just for Microsoft. We know we have other collaboration capabilities, whether it’s Google or pick your tool. We’ve got testing on with calendar sharing between Microsoft and Google. It’s much more than that. It’s much more than just the technology. We are looking holistically at what are the policies and things that need to be addressed because people always ask questions about FOIA and things like that. This is much bigger that just doing chat and calendar sharing. This is the first baby step into a much bigger vision of having broad interagency capabilities around collaboration across the federal government.”

Too many workforce initiatives

The other big initiative the next federal deputy CIO should consider is consolidating the IT and cyber workforce initiatives.

Roat said there are too many disparate initiatives whether at the CIO Council or from the Cybersecurity and Infrastructure Security Agency or from the U.S. Digital Service in OMB.

“I always thought that if there was a federalwide IT and cyber workforce strategic plan that brought a lot of this together, that incorporated recruiting, marketing, not just USAJobs or LinkedIn, but true marketing like the way DoD recruits for the military,” she said. “It would require agencies to be part of the strategic workforce plan to convert some of the higher graded GS-14 or -15 positions, turn them into career ladders for GS-5, -7, -9 grades or -7, -9, -11, -12 grades. It would bring in digital native high school and college students at the beginning of their careers and put them in a career ladder. While they’re digital natives, you have got to teach and train them. But you could trade in two GS-15 positions in and with that money get three or four GS-5, -7, -9 levels.”

Roat pointed to the data from OMB in the 2023 budget request that showed federal IT workers under 30 make up about 3.5% of the total workforce, while the number of workers under 30 years old is 8.1% across the entire federal government.

The White House is trying to address the low rate of young people by encouraging agencies to hire more interns. Agencies say they plan to hire 35,000 interns in 2023, which the administration said will be an increase over 2022 plans.

“How do they grow their career when they they’re a 30-year-old who has been working in government for a few years?” Roat said. “Can they move around inside the government or do they go back to the private sector? I think that’s about having that career path and being able to do something. I think it’s great to bring people into the federal government and infusing a lot of that talent in agencies. But we can’t forget about growing people in the government, who maybe like myself or others really love what they do and maybe want to stay and not jump back and forth with the private sector.”

Roat’s federal career started in the Navy as a 17-year-old working in a computer tape library. She continued to advance by working on mainframes and getting into operations and networking. She then rose through the ranks working at the Department of Homeland Security, later became the Transportation Department’s chief technology officer, and eventually she launched the Federal Risk Authorization Management (FedRAMP) cloud security program. All those experiences led her to be the CIO at the Small Business Administration and, finally, the deputy federal CIO.

“I don’t know that I’ve had the same job twice. It’s always been different. In my career, I’ve certainly zigzagged and I think that’s what allowed me to get to where I am, just having the exposure to so many different roles and so many jobs, and not always technical,” she said. “I’ve always just did a lot of different things and I really think that helped me to get to where I am today. And being curious, certainly, and moving around and learning and staying on top of technology as technology changed.”

Description:

In August, the White House laid a monumental task on the the Homeland Security Department. Through Operation Allies Welcome, President Joe Biden charged DHS to lead and coordinate ongoing efforts across the federal government to resettle Afghans in the United States.

DHS took over the program from the State Department, which led the effort to transition Afghan nationals to the U.S. The interagency initiative found success vetting and settling more than 80,000 evacuees, in part through the use of a technology approach that could be updated and developed on the fly.

“This work — that was really largely DHS, State and the Defense Department, along with many other agencies that played a role — required us to stand up a new processes in almost real time,” said Eric Hysen, DHS chief information officer, on Ask the CIO. “There were areas where we couldn’t go through a normal IT development cycle to build software to support them. We were able to leverage some platform as a service tools to stand something up very quickly. That really enabled and accelerated that work. I was thrilled to see that.”

DHS took over the platform from State and put the development into what Hysen called “hyperdrive.” He said the “as a service” model that State initially used meant DHS stepped right in and didn’t miss a beat.

The cloud approach “also required us to rethink our governance of some of these platforms and our as a service offerings. They enable work that gets much, much closer to this ideal of citizen development or whatever term you want to call it,” Hysen said. “But it’s also important for us to be mindful of how we are governing and overseeing that work, how we are ensuring that we are still rigorously testing and understanding what functionality we are putting out there.”

Additionally, he said it led the team working on the program to think about what DHS’ long-term dependency on various platforms and offerings might be over time — and how it can think avoid lock-in scenarios. ” It’s an area that I think will only become more and more important,” Hysen added.

Three Homeland Security priorities drive technology change

In the 15 months since he became Homeland Security CIO, Hysen, who previously was executive director of digital service, has been focusing on three priorities: cybersecurity, customer experience and using data to drive decisions.

Each of these priorities is about the continued maturation of technology and services to support DHS mission areas, which Hysen said  has been one of the biggest, but also most pleasing, surprises that he experienced in coming back to the agency.

Most recently, DHS completed the first bug bounty program, during which vetted cyber researchers helped find vulnerabilities in key agency systems. Hysen said 450, researchers participated, finding 122 vulnerabilities, including 27 deemed critical, across five departmentwide systems. DHS paid over $125,000 in bounties to those researchers.

“This is something that has made a demonstrable improvement in security across the network and across the department,” he said. “The initial phase where we were collecting information from researchers was, I think, just under two months. So really the pace that we found these was just much more than we were expecting. The value we got out of this was so significant. Then our teams were hard at work as soon as we were getting things confirmed and working to remediate them as quickly as we could.”

The success of the bug bounty program led DHS to issue a new draft solicitation at the end of April to expand the effort.

“We’re still working out the exact schedule, but it’s something that we want to be a regular occurrence, given what we saw,” he said. “We’re looking at different parts of the department, different critical systems and also , in some cases, even introducing in person elements to this as we think about interacting with the operational technology environments as well.”

Improving internal and external customer experience

Under the customer experience priority, DHS is taking a multi-pronged approach.

Hysen partnered with Stacy Marcott, who is performing the duties of the chief financial officer, on proposals to win funding from the Technology Modernization Fund (TMF). The two offices brought together different component business cases to create one agencywide proposal for the Southwest border and won $50 million.

“Our Southwest border technology integration program is not just Customs and Border Protection, actually, it also includes work at Immigration and Customs Enforcement and U.S. Citizenship and Immigration Services. We did that deliberately. Each of them had their own projects that they wanted to seek TMF funding for, and we said we’re not going to do that. We’re going to put them all together. It caused a lot of learning across our teams,” he said. “Ultimately, it allowed us and forced us to really think about how we were working together across our organizations and agencies to deliver on the same mission.”

Although DHS hasn’t received any of the $50 million award yet, Hysen said DHS expects to shortly and it will help accelerate the connection among disparate systems, improve cross-agency collaboration and support data-driven decision-making.

New DHS-wide steering committee

Even without the additional funding, Hysen said CBP, ICE and USCIS are making progress. For instance, almost three-quarters of all Title 8 immigration encounters are signed digitally by Border Patrol agents and almost three-quarters of those as well are transferred digitally and reviewed digitally by ICE, which means that people are spending less time in custody and moving through the system more efficiently, he said.

“Our border patrol agents and our other law enforcement officers are spending less time working through systems and signing paperwork and more time out in the field doing their jobs,” Hysen said. “That’s been incredibly exciting and rewarding work so far, and we have a ways to go. That will only intensify over the coming months.”

DHS also is awaiting word from the TMF Board about several other proposals, including one focused on modernizing the Homeland Security Information Network (HSIN) to further develop a mobile application that lets state and local law enforcement partners access intelligence from DHS on their iPhones and soon on their Android devices. A second proposal would to help the Transportation Security Administration modernize the traveler experience through smarter use of technology.

On the external customer experience side, Hysen said, DHS has several ongoing initiatives, but isn’t trying to take a one-size-fits-all approach given the breadth and depth of its customer base.

“We’ve launched a Customer Experience Steering Committee across the department that Deputy Secretary John Tien kicked off for us. That brings senior operational and IT leaders from each of our operating components together,” he said. “I’ve established a team under my office that’s grown out of the great work that the U.S. Digital Service has been doing at DHS, since I was last here, to drive this forward and provide resources to all of our all of our organizations.”

As an example, he pointed to the Federal Emergency Management Agency. It is rebuilding its individual disaster assistance experience so that it is faster for people to get support from the government to rebuild following disasters.  The goal is to make it easier for FEMA to provide citizens information that they need, Hysen said, adding “that it’s more equitable and that we are ensuring that what we’re asking for is equally accessible to all of our all of our customers.”

DHS looks to reduce burden on citizens in additional ways

In another effort, TSA and DHS in April announced a partnership with Apple to roll out mobile driver’s licenses on the iPhone’s Apple wallet feature. Right now, DHS and Apple are testing this concept in Arizona.

“We’re excited to see that expand more broadly,” Hysen said. “Then, we also are looking at ways that we can use biometrics so that you’re not handing over a document, you’re not touching your phones or anything. Your face can be your identity in a responsible private, respectful way — from curb to gate at the airport — which is something that Delta and TSA are working to pilot in a few airports right now.”

Finally, DHS also is looking internally to reduce the burden on its citizens by addressing challenges under the Paperwork Reduction Act. The department found it puts 190 million hours of administrative burden on the public every year, Hysen said.

“I just signed a challenge to our departments to say that by the middle of next year, we want to cut that number by 20 million hours,” he said. “All of our agencies across DHS are now working to look at how we can use technology, how we can use human-centered design and how we can really use just smart policy process practices to significantly reduce the burden that we place on the public in the form of paperwork. … It’ll be the first time that number goes down instead of up, which is really, really the intent of that effort.”

Learning objectives:

• IT progress at DHS
• Cybersecurity initiatives
• TMF support at DHS
• Examining customer experience and workforce
• Industry analysis

In partnership with   

Complimentary Registration
Please register using the form on this page or call (202) 895-5023.

Don’t call the $10.5 million infusion of funding the Department of Veterans Affairs received to modernize its identity management platform an “award” or a “loan.”

Federal Chief Information Officer Clare Martorana prefers to call it an “investment” by the Technology Modernization Fund Board. Martorana said the TMF Board is making an investment in VA to help veterans have seamless and secure access to digital services and benefits.

“We are used to simple and seamless interactions in our personal lives. I can log into Grubhub or I can do multiple things and utilize some of the technology available on my devices to have a simple experience. It isn’t that way in a lot of federal enterprises. We can’t transit from agency to agency and have that same identity move with us,” Martorana said on Ask the CIO. “Part of the opportunity is in agencies that have multiple identity systems, making those seamless, safe and secure. We know that we can then build on those lessons learned and actually start to have them help us as we transit across agencies.”

This is why the TMF has evolved from a “loan” or an “award” to that investment, especially given the $1 billion it received under the American Rescue Act Plan in 2021.

Raylene Yung, the executive director of the TMF program management office at the General Services Administration, said an investment like the one in VA is as much about modernizing an agency’s services as it is demonstrating the power of shared services across government.

“The first part of it is really building out that shared service, making sure that it works and can scale. That’s a great example of login.gov, which actually is used by over 40 million users across a few dozen federal agencies,” she said. “Then there’s that other side of the agency adoption of a shared service and that’s a great example of what the VA is doing. You have the two sides of the coin, and together through developing the shared service and then agencies adopting the shared service, that’s when you really get that governmentwide benefit. You can kind of have that build once and use many leverage that you get out of every taxpayer dollar that goes into both sides.”

Through the TMF investment, VA will move away from a fragmented identity and access management approach for veterans and their care givers. VA will use the TMF to implement Login.gov as a single, modern and easy to use sign-in service.

“[T]his project will support the seamless transition of existing users to Login.gov. Second, VA will create an in-person identity verification option for veterans unable to sign up online. Finally, VA will pilot physical security keys for multi-factor authentication to improve accessibility and make digital services more secure,” the TMF website stated. “This investment will not only improve the experience of veterans accessing VA benefits and services, but also reduce VA costs and the risk of fraud.”

Ninth award under TMF since September

The award to VA is the TMF Board’s ninth award to seven agencies from that $1 billion windfall. The board made six awards totaling $311 million to four agencies in September, and then made two others totaling another $9 million.

Yung said the board received 130 proposals from 60 agencies and components totaling over $2.5 billion demonstrating a huge demand to accelerate projects.

The influx of proposals were both good and bad for the board.

On the good side, Yung said the board continually evolves its processes and is hiring more staff to help agencies be more successful with their submissions.

The program management office now includes more than 15 employees and more are on the way. Yung said her office now offers more experience and expertise in building technology systems, user research and design, and, of course, cybersecurity.

“We’re continuously learning from engaging with agencies, the new proposals that we read and the new investments that we make. This unprecedented influx of proposals really taught us a lot more about what agencies are seeking to do, which then informed our criteria, our guidance and all of that,” Yung said. “We really do have this emphasis on not just the older proposals that may have focused on the technology modernization itself, saying we’re going to take that system from the old one to the new one. I think now what we’re really thinking and really asking agencies to show is what is that end user impact? It’s not just about the technical system improving, but it’s what does that achieve? How does the public’s experience with government meaningfully improve?”

Money moving slowly

But on the bad side, the proposal submissions were not always up to par causing some delays in getting the money out the door, which, in turn, is frustrating lawmakers and agency leaders.

Martorana said when the Office of Management and Budget issued new TMF guidance in May that changed the repayment requirements, the quality of proposals declined.

“We went from a 1.0 model that was in existence for three-and-a-half years and did those 11 investments to a 2.0 model. Our 2.0 model puts technologists at the front end of the investment review process and partnering with the board. The technologists are ensuring that these proposals are really worthy from a technical perspective of the investment that they’re going in the right strategic direction, that they’re utilizing best practices, that the teams are capable of actually delivering, that they have acquisition vehicles in place and all of the fundamentals that are needed for an investment, not only to get up and running, but to be capable of delivering the impact for the mission or for the customers,” she said. “We’ve really been able to see agencies making some internal investments, like doing a minimum viable product, doing some rapid prototyping, then coming to us and saying, ‘we have these key learnings now we need to actually accelerate our IT modernization.’ That makes it a lot easier for the board to make an investment decision because there’s a proven model at an agency.”

She added the initial set of projects lacked coordination within agencies.

“We had several agencies that submitted component submissions that didn’t go through a process with their CIO. We’d call the CIO to ask and they didn’t know anything about the proposal,” Martorana said. “There was a lot of enthusiasm from agencies and from programs in agencies that didn’t have that same upfront rigor that a prior TMF proposal went through.”

More transparency with Congress

The board’s long timeframe in making the awards or investments hasn’t gone on unnoticed by Congress.

In the 2022 omnibus bill, Congress zeroed out the TMF pointing to the more than $700 million remaining in the fund in March before the last three awards.

Martorana said OMB and the board recognize they need to focus on transparency and accountability to demonstrate the fund’s impact and why continued investment is important.

“We put a process in place that we announce in advance of making the investment award. We do stop at the Hill and make sure that our stakeholder partners there are aware of the investment and understand the thesis,” she said. “We do a lot of work prior to going to the Hill to make sure we’re working inside OMB to make sure we don’t, we aren’t making duplicate investments and are really rigorous in that process because we want to make sure that the TMF funding is a partnership between Congress and the executive branch.”

She added OMB also is briefing committees and lawmakers to share insights into the trends they are seeing from agency submissions.

“It gives us a really good indication of what some of the demand is, what that pent up demand is across agencies, and then making sure that we are able to think about that as we’re going through our normal budgeting and appropriations process,” Martorana said.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Ask the CIO on Apple Podcasts or PodcastOne.

When the Defense Information Systems Agency decided to end its milCloud offering, it didn’t mean the end of on-premise cloud options for its Defense customers.

DISA is replacing that long-time, possibly underutilized offering with something new called Stratus.

Sharon Woods, the director of Hosting and Compute Center at DISA, said Stratus is taking the best of milCloud and improving it to help military services and defense agencies meet their ever-changing IT modernization needs.

“It’s its own offering in its entirety. The idea with any kind of on-premise cloud capabilities that you want it to mirror commercial cloud as much as you can. You want it to be elastic. You want it to be automated. You want it to be self-service, and self-provisioning. I think the self-service component gives control to mission owners so that they can go in there and very quickly spin something up and spin something down. Everyone associates that with commercial cloud,” Woods said on Ask the CIO. “The idea with an on-premise cloud is to replicate those characteristics as much as you possibly can, except that the servers are in our data centers because some applications are not ready to operate in commercial cloud. Stratus is this nice in-between step where they can get their applications and workloads more virtualized and operating in a way that can actually consume and use that technology where it’s not so tied to the hardware, which often is what happens now that this application only works if you have this very specific piece of hardware.”

DISA decided to end the milCloud initiative in December after Lt. Gen. Robert Skinner, the director, decided it no longer made financial or operational sense. Users of milCloud 2.0 and 1.0 must move off of the platform by May.

DISA awarded a contract to CSRA in June 2017 to develop and run the commercial cloud offering. GDIT bought CSRA in April 2018 for $9.7 billion.

The milCloud 2.0 contract included a three-year base with five one-year options, and it was worth as much as $498 million. This June would have been the third option period for the program.

Best value for hybrid cloud

Woods said Stratus will help DISA customers improve how they manage data, particularly around the cost of moving data between on-premise and commercial clouds.

“Stratus lets you say, ‘OK, this is the dedicated hardware for you, you’re going to put your data here so that you know how much it costs and then you will do your transactions accordingly.’ There’s a number of use cases or Stratus makes a lot of sense. As mission owners get smarter and smarter and smarter about working in commercial cloud,” she said. “We’re focused on delivering of best value capability. It needs to make sense in terms of how the requirements are met. It needs to make sense in terms of the price. And if it doesn’t, then it needs to be sunset, and Stratus is no exception. We’ll certainly be managing it and watching it closely. But I do think a hybrid cloud capability is a requirement that exists now and will for a while. And so we have to deliver something and right now Stratus is the capability that we think is best value.”

Stratus is already operational, received its authority to operate (ATO) at the unclassified, classified and secret levels and is open for use by DoD customers.

Woods said DISA is making Stratus as self-service as users want it to be, meaning they can ask for help or just send money and take care of standing up a virtual machine instance on their own.

As for milCloud, Woods said all users must be out of the platform by May 20.

“We are involved with every single mission partner that is in the milCloud 2 environment to help them get to whatever target environment they want to get to. It’s all about being an honest broker. We did not push them to go in any particular place. I’d love to see them go to Stratus, but some folks were ready to go to commercial cloud. And we absolutely had a number of mission partners go to commercial cloud or they are going to commercial cloud instead of Stratus,” she said. “Anything and everything that mission partners need to get out of the environment, we are there a phone call away. We’re trying to be really aggressive about making sure we’re are providing the support and not just hanging back and waiting to see if there’s a problem.”

Two other cloud services

While Stratus is their latest initiative, the HACC also has been pursuing several other cloud-related efforts, including infrastructure-as-code and containers-as-a-service offerings.

Woods said these and other pilots are part of how the HACC is creating hybrid capabilities that helps customers modernize applications and take advantage of commercial-like technologies.

In DISA’s strategic plan released in December, the HACC received 10 lines of effort across the five broad lines of effort. The HACC released its own action plan to meet those goals.

Woods said few of their goals focus on automation to enable and accelerator the use of cloud services, whether on-premise or in the commercial sector.

The containers-as-a-service and infrastructure-as-code are two examples of how the HACC is doing that.

Woods called the containers-as-a-service a “bellwether” for their entire cloud strategy.

“I’m extremely excited about and I’m really proud of the team because one of my mantras is that we need these microsuccesses where you’re delivering minimum viable products from ideation to the delivery of an initial prototype in six months or less. That’s not necessarily something that people are used to seeing within the federal government,” she said. “But that’s what the HACC is going to be doing. Containers-as-a-service is an example where that is, in fact, what happened. The premise, and why I say it’s a bellwether for the HACC strategy, is that it’s taking Kubernetes, OpenShift in particular, and rather than deploying it in the cloud, it’s deploying it in the traditional data centers.”

DISA’s offering Infrastructure-as-code

She said DISA customers are deploying web servers as part of the pilot using virtual machines that come secure and ready to be used.

“By using a web server that’s containerized, we can take the container and can make sure that it’s configured as well as it can be. That becomes the thing that you deploy, and if a mission partner has a presence in the cloud as well, you’ve created a situation where now the technologies are standard and they’re able to communicate across each other from data center to commercial cloud,” she said. “We’ve given them a capability that gives them a really awesome jumpstart to integrate with commercial cloud services. That started in November as an idea and we’ve already delivered a prototype. We’re working right now to implement it with our first customer.”

The infrastructure-as-code effort is a bit further ahead from an operational standpoint.

The Army Corps of Engineers already tested it out with the HACC developing an application in a few hours instead of something that may have taken as much as 38 weeks to do previously.

“It was automated. It was validated. You start removing some that human error component as well, which just improves security and improves speed to mission and all these things,” Woods said. “That’s what infrastructures code is, these automated pre-configured cloud environments with privileged identity and continuous monitoring security policies around it. We have well over a dozen customers so it is one of the success stories because we took it from ideation to delivery in less than six months. We’ve had well over a dozen different customers consume it both in a research capacity as well as production.”

Roberts, who announced in December he would leave at the end of the 2021, delayed his retirement for a few months but now is ready to move on.

A TSA spokesman has confirmed that the agency has chosen Yemi Oshinnaiye, the deputy CIO at the U.S. Citizenship and Immigration Services (USCIS), as its new permanent CIO.

Roberts will retire at the end of May and Oshinnaiye will start in early May to ensure there is an easy transition.

Oshinnaiye has been the deputy CIO at USCIS since March 2019, but worked at DHS previously from 2012 to 2017. He went into the private sector for a short stint before returning to USCIS.

During his tenure at USCIS, Oshinnaiye helped lead the effort to consolidate and improve how the agency uses cloud services.

In 2021, USCIS launched an effort called “clean my cloud.”

“There are so many cloud services at some point, we’re going to be a plethora of different clouds integrating and underlying our network. We took a step back and took a look at that and now anytime we move or build a new workload, we’re looking at what’s in the cloud already. That has enabled us to optimize. Now we have this thing where we’re looking at, our CTO called it ‘clean my cloud.’ So we’re looking at it every month. When you put something in cloud, if you haven’t done something to optimize it, we kind of call you out. So we gamified it a little bit,” Oshinnaiye said during a March 2021 panel.

That optimization effort led to savings that USCIS can put into other modernization initiatives.

Oshinnaiye said using virtual machines and automation are some of the ways his office increased the value of technology while reducing complexity and costs.

In coming to TSA, Oshinnaiye inherits a huge organization in the midst of a technology transformation.

Research firm Deltek estimated that TSA’s IT budget request for fiscal 2023 would be $967 million. This is less than the $1 billion IT budget it received in this year, but $161 million more than it received in 2021.

One of TSA’s big requests for 2023 is enterprise cybersecurity. The agency asked for $23.5 million to support 17 employees.

“This funding will enable early detection to dramatically improve the cybersecurity of TSA networks and provide a better ability to protect TSA’s sensitive data,” the DHS budget request stated. “In 2021, TSA investigated 2,412 cases in the calendar year, which subsequently yielded 84 confirmed incidents. A significant number of these cases (over 72%) were sourced from security logging, which captured unauthorized/malicious activity in TSA’s networks. TSA recognizes that to keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, decisive steps are necessary to increase visibility into threats while adopting security best practices for logging and performing threat remediation via enhanced investigation tactics and increased resources. In addition to implementing one of TSA’s key strategic priorities, these funds support requirements described in Executive Order 14028.”

Along with TSA, the Justice Department’s Executive Office for Immigration Review has a new CIO, and a familiar face at that.

Sanjay Gupta joined EOIR in March after more than five years the Small Business Administration’s chief technology officer.

Gupta became at least the fourth former SBA technology executive to move into a larger role over the last 18 months. He joins Guy Cavallo, who is now the CIO at the Office of Personnel Management, Nagesh Rao, who is now the CIO at the Commerce Department’s Bureau of Industry and Security, and of course Maria Roat, the former SBA CIO and recently retired deputy federal CIO, in leaving the agency for bigger opportunities.

Gupta helped lead the SBA’s technology transformation, moving applications and systems to the cloud, testing out leading edge cybersecurity tools and embracing more digital services delivery.

In joining the Executive Office for Immigration Review, Gupta enters an entirely new sector where he will be supporting lawyers and judges who are adjudicating immigration cases. EOIR conducts immigration court proceedings, appellate reviews and administrative hearings.

EOIR’s IT organization has four directorates:

• Chief architect
• Operations services
• Governance, planning and support
• Software development

In case you missed these CIOs on the move

There has been a lot of other agency CIOs coming and going over the last few months. Here are some others that you may have missed.

FEMA CIO Lytwaive Hutchinson is retiring after 41 years of federal service.

Hutchinson joined FEMA in April 2019 after spending her entire career with the Defense Department. She served 21 years in the Army and then spent 17 years working in various senior leadership roles in the DoD CIO’s office.

The CIA named La’Naia Jones as its new CIO and the director of the Information Technology Enterprise (ITE) within the Directorate of Digital Innovation at the CIA in February.

She took over for Juliane Gallina, who moved to a new role in February. Gallina is now the deputy director of the CIA’s Directorate of Digital Innovation. Jones came to the CIA after serving as the deputy CIO at the National Security Agency for the past year. She also served as the deputy CIO of the intelligence community in the Office of the Director of National Intelligence for two years.

Finally also in March, Director of National Intelligence Avril Haines selected Adele Merritt to serve as CIO for the Intelligence Community.

Merritt was most recently program manager at DreamPort, a cyber innovation nonprofit created by U.S. Cyber Command.

Michael Waschull had been acting IC CIO for the past year. Haines said he would stay on as Merritt’s deputy.

Two other job openings

The Office of Justice Programs finally put out the job announcement to fill its vacant CIO position.

Brian McGrath, who had been CIO at OJP for six years, retired in October.

OJP said in its job announcement that the CIO “[h]as full responsibility for the oversight and management of all OCIO functional areas, including enterprise architecture, application development, infrastructure and engineering, cybersecurity, policy and planning and project management. Ensures the implementation of an integrated enterprise through coordination of resources across the agency and collaboration with other components to deliver a fully integrated capability that supports internal and external customers. Develops performance metrics and data to determine goals and decides methods, plans and schedules work, adjusts staffing and procedures to allocate resources, sets and adjusts priority, and assigns work based on priority.”

The application deadline was April 15.

The National Highway Traffic Safety Administration (NHTSA) is looking to hire a chief data officer.

NHTSA outlined seven roles the CDO will fill, including “developing and continually updating a comprehensive data and information product portfolio strategy, and developing and implementing a data services strategy to maximize use of NHTSA data for internal users, including data warehouses, data sets (e.g. MAX data), business intelligence tools, utilizing DOT shared services offerings whenever possible and practical.”

Applications for the position are due by May 5.

Finally, Oki Mek, the former chief artificial intelligence officer and chief technology officer for the Department of Health and Human Services, is back after a short time off.

Mek announced he joined Equideum Health as its chief information security officer. The company says Mek ensures that Equideum Health’s critical infrastructure is protected through cybersecurity capabilities and uses artificial intelligence (AI) and blockchain technologies.