The State Department’s intelligence branch is setting up a new open source office to improve how it shares analysis with diplomats worldwide under a new strategic plan that puts a major emphasis on upgrading the bureau’s IT operations.

Brett Holmgren, assistant secretary of state for intelligence and research, says the Strategic Open Source Coordination Office will serve as a “central point of contact” for policy, training and tradecraft around open source intelligence, or OSINT. The new unit will also test and procure open-source tools, help deliver them overseas, and manage contracts.

The Bureau of Intelligence and Analysis, or INR, provides intelligence to U.S. diplomats. But most diplomats, spread out at locations across the world, have sporadic access to classified U.S. intelligence assessments.

“Being able to leverage open source in a fundamentally different way than we’ve done so to date will allow us to share our best insights at the unclassified, FOUO, or the sensitive but unclassified level, on new platforms to our diplomats overseas,” Holmgren said on Inside the IC.

The intelligence community is increasingly looking to improve its use of OSINT, especially as Russia’s invasion of Ukraine plays out across social media feeds, commercial satellite images and other publicly available sources.

The open source office is part of the bureau’s new strategic plan, called “INR 2025.” It lays out five major pillars, starting with an imperative to “elevate strategic analysis and redefine intelligence support to diplomacy.”

Holmgren, who was sworn in last September, said that first pillar represents something of a return to INR’s roots of developing long-range, strategic intelligence products.

“We really want to kind of reinvest in that core capability,” he said. “Over the years, we’ve become a little bit overstretched in responding to a lot of the demand for current assessments, and we’ll continue to do that, obviously, to support our policymakers. But we really want to step back and make sure that in the intelligence community, we are one of those agencies that is thinking about where the world is headed, and trying to identify some opportunities and risks over the horizon to provide a warning, and also to help enable our policymakers to think through wise foreign policy strategies.”

INR’s digital vision

The strategy also prioritizes digital modernization. As Holmgren puts it, its about shifting away from an operations and maintenance mindset for IT toward “a more modern, agile, innovative technology team.”

In order to oversee that shift, INR created a chief information officer position. Raymond Romano is currently acting CIO for the bureau. He previously led the State Department’s cyber threat investigations division at the Bureau of Diplomatic Security.

INR is also creating a technology governance board to oversee the bureau’s IT modernization efforts and ensure technology is incorporated into its strategic planning process moving forward, according to Holmgren.

“It’s a cultural shift, but I think it’s vitally important, and it starts at the top in terms of how the leadership of our organization views technology and the role that it will play,” he said.

The bureau is already sketching out a new mobile strategy, according to the new strategy. Holmgren says mobile devices will be key to delivering more open-source and unclassified information to diplomats across the globe.

“Imagine a diplomat riding into work in the morning, or they’re getting ready at their home in the morning, and they’re somewhere in Asia, and they’re able to pull up the INR app on their mobile device,” Holmgren said. “We want to be able to provide real-time, relevant information to our diplomats in the most accessible manner possible, and we do view a mobile as a real opportunity for us to do so.”

Tech savvy, diverse workforce

Holmgren also thinks INR’s future workforce will continue to be more technologically savvy, even if they’re not all software engineers.

“They don’t need to be fluent in JavaScript and Python languages,” he said. “They don’t need to know how to code. But they do need to understand how technology operates. They need to understand and be comfortable with using modern technology, so that they can be successful in the future.”

Holmgren says it’s not just an imperative from an internal, business operations perspective.

“I think you’ll see more officers with some backgrounds in science and technology, just given where the threat landscape is evolving in the world, everything from global pandemics to emerging technologies and cyber, and how all of these technologies are applied in the military context as well,” he said. “I think it’ll be important to have experts on our team that not only understand the deep history of a particular region, or understand applied economics, but that actually understand and have a deep familiarity with some of the science and some of the education that underpins a lot of these disciplines.”

INR’s strategy also places a priority on recruiting individuals from more diverse backgrounds and perspectives. Diversity continues to be a challenge across the intelligence community.

“It’s making sure that we are being very deliberate about our recruiting strategy moving forward,” Holmgren said. “And we’re going to continue to invest in expertise, regardless of where it comes from. But we are going to make sure that we put a premium on forcing ourselves to think more critically about our recruitment strategies, and not just doing what’s easy, but doing what’s hard, because ultimately, that will make us better and more effective as a bureau in the future.”

For the last few years, the IRS has been changing its external reputation and internal culture of an agency that doesn’t take technology risks.

The Pilot IRS program may be one of the most well-known examples of this external evolution, reaching out to vendors to bring in innovation and new approaches to contracting.

Internally, the use of robotics process automation in the procurement and financial offices has been a strong influence on the workforce’s culture.

Shanna Webbers, the assistant deputy commissioner for operations support at the IRS, said a combination of short-term wins and agencywide collaboration helped drive two major changes.

“The technology enables our staff do other things or things that they may find more interesting, instead of just mundane, repetitive tasks. That’s really what we want to do. We want to create an environment where our staff want to come to work, where they’re excited to come to work, where they feel like they are making a tremendous amount of value to executing our mission at the IRS,” Webbers said on Ask the CIO. “How do we create that and beyond just upskilling and rescaling in areas with human resources-related to technology or robotic process automation? We really are looking at the whole person. How do we ensure that every individual in the organization has the right skill set, the right experience and the right knowledge to take on positions of greater responsibility?”

Webbers said that meant changing how they trained the workforce. Instead of focusing 80% of the training on the technical aspects of procurement, the use of RPA and automation has let the IRS refocus the training to 50% on technical and 50% on other skills like critical thinking, writing, leadership and collaboration.

Agency collaboration

The second initiative to drive the culture change is to create a partnership with the agency’s chief information officer’s office.

Webbers said the CIO’s office must give its final “blessing” before the bot can launch, the office has provided acquisition and financial with liaisons to help work through the documentation and security processes.

“We have a process in place where when we have ideas, we, through an intake form, submit them to the CIO and they get reviewed. There’s an IT advisory board that makes recommendations for how to move forward,” she said. “If we don’t have the capacity or the funding to move forward, the CIO’s office helps to prioritize the RPA investments.”

Across procurement and financial, the IRS has implemented a small amount of RPA bots so far, but expect to increase the number over the next year.

“We have other ones that are in the queue right now. In the next six to 12 months we are  focusing on RPA implementation that’s working around data reconciliation and management for our manual adjustments for refunds and deposits, that could save up to 35,000 hours per year,” said Teresa Hunter, the IRS’s CFO. “There’s a significant opportunity. We are a very paper-based organization. It’s just a matter of our IT organization having the capacity and the funding to keep up with the demand that is going to be coming their way. The CIO has a big job of making sure that we are secure and safe. It’s a balance between having a good relationship with your CIO office and understanding their perspective as well as the needs of the businesses.”

Hunter, like many CFOs, are seeing the value of bots for financial operations.

She said she is encouraging the staff to take a new way of looking at how they could do their work, which areas are repetitive and require mundane tasks that somebody had to do that.

“We know it does save time and effort on our staffs’ part,” Hunter said. “As we’re working on the automation, the innovation, the efficiency effort within CFO, we’re also looking at skill sets of our staff and how can we upskill or reskill them? What are the core areas that we want to focus on of making sure our staff are being trained to develop and grow in their role as we move forward with some of these shifts and changes? We aren’t looking to reduce full-time equivalents (FTE), but we’re looking at being able to be more analytical in our decision making and how we are approaching the work that we have to do so that we can be more successful and how we’re making decisions, how we’re coming to conclusions, and really getting ahead of any type of like audit issues or anything like that, where we’re really understanding our data and our workforce is really growing and developing along that path that would get us to the future of finance and the skill sets that are going to be required for people in a CFO organization.”

Relying on the innovation team

For both Hunter and Webbers, the continued move toward automation and using bots will be a balance of enthusiasm from the early adopters and managing those who remain cautious about it.

“One of the things that I believe helped us in that was just being open to hearing what they have to say about using bots. Every viewpoint was critically important to understanding the risk that may be associated with using a robotic process automation on a process that we had not proven out. So trying to take all of that input, letting them know that their input was important and mitigating the particular risks or accepting those risks, or coming up with a different approach to eliminate the risk, was our approach,” Webbers said. “At the end of the day, because I was in charge, I said, ‘Okay, let’s do it, we’re going to try and see.’ Fortunately, it worked out really well, and I think that those instances where we got those quick wins was important for people to gain confidence.”

She said the IRS looks back at every RPA implementation to create lessons learned and figure out where they can improve upon the process for next time.

Hunter added the CFO’s office created an innovation team to which employees can submit ideas for how to automate or improve a process.

“What I wanted to do was make folks a part of the process, where, I’ll steal a quote from procurement, can you tell me what you hate so that I can make you love it?” she said. “What are those opportunities that you just dislike doing every day? Let’s take a look at it because maybe there’s opportunity to do the work in a different way or automated it or whatever the solution may be, but there’s got to be an answer. We’ve focused on that as well as the change management portion of it as we’re thinking about how we’re looking at our work products. It’s really the mindset of how can a bot help me in my day-to-day life?”

This time, the renewed focus on federal shared services isn’t just about the technology.

The terms human-centered design and customer experience have crept into the ever-changing approach to providing agencies with back-office shared services.

Jeff Schramek, the deputy commissioner for fiscal accounting and shared services at the Bureau of Fiscal Service in the Treasury Department, said his goal to further evolve financial management, human resources, acquisition and travel shared services is a combination of maturing the services his organization provides and understanding the customers they serve in a more specific way.

“We have employees working for us that have the experience of working our systems, the efficiency and scalability of our programs, with the goal of being able to provide timely data and information to the agencies so they can do their work and make their decisions. So it’s really now becoming more about standardization,” Schramek said on Ask the CIO. “But we also want to know what our customer experiences through the whole process. We generally get 90% customer satisfaction in our services offerings each year, but customer service and actually customer experience are a little different. We want to make sure we’re bringing the agencies in early whenever we’re trying something new or bringing in a new system.”

Bringing in the customer early on

Understanding what the customer wants isn’t a new concept to shared services providers. In 2015, the General Services Administration launched the Unified Shared Services Management (USSM) office and added a playbook that emphasized the providers listen more to the voice of the customer.

The challenge, however, has been not just to listen to agency customers, but implementing real changes to the systems and offerings.

Schramek said the change the Fiscal Service is going through is to take a human-centered, agile design approach.

“We are bringing the customer in early to gauge what is it that they like about the system? What don’t they like about the system? What can we change?” he said. “We’re focusing our skilled employees who do business process reengineering and automation to focus on those [13 service] areas. Just recently, we did a review of the commercial accounts receivable organization, and what I like about what I heard through that process is this review was done and came up with about 10,000 labor hours of savings, and possibly over $100,000 of cost avoidance because sometimes you still use those people to do something else, but they can get off the manual processes. Also what I like about this business process servicing reengineering groups that we’re doing is they actually came back and told us where you can get your savings is using a bunch of different things. So it’s not just one tool. We are incorporating a robotic process automation bot into our reporting processes, that’s going to save 5,000 hours.”

Schramek said using RPA and other automation tools will reduce the burden on their customers and increase efficiency of the Fiscal Service’s services.

87 agency customers and growing

He said in one instance, automation will reduce the manual process of answering agency emails, of which the office gets more than 100,000 a year.

“That’s going to save over 3,500 hours if we implement that. We’ve got an automation tool in our accounting software that is kind of like a bot and that you incorporate it for reporting. That’s going to save about 1,400 hours a year,” Schramek said. “We have a lot of people who come in and start working for us, and we need to train them. Sometimes that requires a couple of weeks’ effort. There’s some training that you just need once a year so we’re building an automated video to replace some of that.”

Using automation and bots to improve financial services or human resources offerings is part of the Fiscal Service’s broader plan to improve customer experience.

And the Administrative Resource Center has plenty of customers that they hear from.

Schramek said ARC provides 87 agencies from small commissions and independent agencies to large cabinet level departments with, ranging from the departments of Treasury and Housing and Urban Development to the Nuclear Regulatory Commission to the latest one coming on board this year, the Office of Personnel Management, a range of services from financial management to HR to acquisition to travel support services. He said about 50 agencies use their financial management shared services while 29 use some combination of the other offerings.

“We’re actually just finishing up a technology and data roadmap that we’ve created. What this really does is it looks at all four of our business lines, the systems in the software that we use in those four business lines, and where is the maturity level of those systems,” he said. “The good news for us from what we’re looking at is we don’t have too many that we have to really move off of and sunset. But there are a number, especially when they come out in the queue somehow that we’re going to need to make decisions: Do we stay on the version we’re on right now or do we do the investment to go and get the additional cloud based software services you can get on that? Those are the things we’re planning for.”

Data analytics on the horizon

Schramek added the roadmap also opens the door to bring more innovation into the shared services offerings. He said ARC will share their modernization and innovation plans with their customers whether it’s through the specific roadmap or through other ways is still to be determined.

Part of the roadmap is how ARC will bring more analytics to its customers. Schramek said currently his organization is providing data back to customers based on individual services whether financial management or HR.

Where ARC would like to go, he said, is for customer agencies to obtain data from all four business lines as they need it as well as provide analytics of that data.

“We can provide that information and provide them dashboards and some information back that then they can make decisions,” Schramek said. “I imagine some of our smaller commissions and agencies are probably going to use the dashboard and analytics we provide, whereas HUD and OPM would likely want to be able to get to the data and bring back to their analytics tools. But I think the data aspect is where we are going so we can give our customers timely data to the decision makers.”

Learning Objectives:

• Shared Services Provided by ARC
• Utilizing Automation in the Shared Services Realm
• Network Modernization
• Data Examination

This content is sponsored by 

Jones confirmed to Federal News Network that his last day is June 17, but didn’t say where in the private sector he was heading.

Glenn Miller, the principal deputy CIO, will become acting CIO until State names a new executive, an agency spokesman confirmed.

Jones is retiring after 38 years of federal service, including the last 16 months as the State Department’s CIO. He also worked for the Department of Homeland Security for 15 years in technology leadership roles at the U.S. Citizenship and Immigration Services and at the Immigration and Customs Enforcement directorates.

Jones also worked in the private sector after leaving DHS in 2018 for Deepwater Point Consulting and for his own firm, The Edgewater Group.

During his time at State, Jones focused on State’s IT modernization efforts, including cloud computing, mobile computing, improved service delivery of technology and initiatives to enhance cybersecurity.

One area of focus for Jones was to create a standard platform for DevSecOps to give the mission areas the tools and skills to develop applications and address the “shadow IT” challenge nearly every CIO faces.

Miller has been at State since 1991 when he joined the Foreign Service. He has been principal deputy CIO since August 2021. In that role, he manages all IT operations, including cyber operations, business management and planning, operations and foreign operations.

Previously, he served as deputy CIO for both operations and foreign operations.

State’s IT budget in fiscal 2022 is $2.8 billion with 41 major investments.

With Jones’ departure, State now will have its fourth new CIO in five years. Jones was the CIO for 16 months, while before him Stuart McGuigan last two years, and before him State had an acting CIO since Frontis Wiggins left in 2017 to 2019.

Before Maria Roat retired at the end of March, she made sure one important initiative was well on its way.

The former deputy federal chief information officer said the effort to create shared calendar and collaboration tools across all agencies is on the right track.

“When you talk about changing federal IT, we have to continue that work around interagency collaboration and communication. We have to keep in mind the federal enterprise, but also really getting things out of the way around data, using each other’s data, to make things better for the public. That’s ultimately about what we’re doing,” Roat said on Ask the CIO.

This is why the next federal deputy CIO needs not only to pick up this collaboration initiative and others, including modernizing the IT workforce, but also establish strong connections and understandings on the budget side and with agency CIOs. The Office of Management and Budget named Drew Myklegard as the acting deputy federal CIO when Roat retired in March and is reviewing resumes for a permanent deputy federal CIO after putting out the job announcement in mid March.

“Whoever’s coming in, really needs to pay attention to the budget cycle. It’s not moving the needle for just next year, it’s moving the needle for the out years, when you’re thinking through budget,” said Roat, who became the deputy federal CIO in 2020. “I would also tell whoever’s coming in to really build out the relationship with OMB, the desk officers in the Office of the Federal CIO. Their relationships with the agencies is so important, not just the desk officers, but for the deputy, whoever comes in to build the relationship across the federal community. I think that’s really important to stay connected and stay in touch with them. It’s about working on the relationships, have those relationships with the CIOs and keep in touch with them. I always had half of them on speed dial. I was texting them and things like that because the community is so strong and it is so connected, and certainly I could not be successful without having the relationships with the CIOs.”

Collaboration tools from pilot to production

Those relationships are how Roat was able to move the collaboration tools from idea to pilot. Today, the General Services Administration is leading the effort with a program management office stood up in October. It is working with agencies to implement the broad set of calendar and chat capabilities.

OMB oversaw the nine-month pilot effort with four agencies, the National Science Foundation, the Small Business Administration, NASA and the Education Department, in 2021 to prove out the value of this interagency collaboration capability.

Roat said in February at an FCW event that the PMO has a scorecard keeping track of the progress through weekly meetings.

“The technical part is really easy around interagency collaboration. Right now, agencies are already working on their white lists so they can chat and share calendars with other agencies,” she said. “There was a lot of discussion out of the pilot that they needed a memorandum of understanding to talk to another agency. But it makes no sense to do a MOU with 30 different agencies so how about if we just do one? So we are working on that.”

Roat said this initial effort is a baby step of a much larger project that would let agencies collaborate, share data and information.

“This is one little thing that I think is hugely impactful,” she said. “I love what the Defense Department’s done using Office 365 and opening that up. On the federal civilian side, this is where we are heading, not just for Microsoft. We know we have other collaboration capabilities, whether it’s Google or pick your tool. We’ve got testing on with calendar sharing between Microsoft and Google. It’s much more than that. It’s much more than just the technology. We are looking holistically at what are the policies and things that need to be addressed because people always ask questions about FOIA and things like that. This is much bigger that just doing chat and calendar sharing. This is the first baby step into a much bigger vision of having broad interagency capabilities around collaboration across the federal government.”

Too many workforce initiatives

The other big initiative the next federal deputy CIO should consider is consolidating the IT and cyber workforce initiatives.

Roat said there are too many disparate initiatives whether at the CIO Council or from the Cybersecurity and Infrastructure Security Agency or from the U.S. Digital Service in OMB.

“I always thought that if there was a federalwide IT and cyber workforce strategic plan that brought a lot of this together, that incorporated recruiting, marketing, not just USAJobs or LinkedIn, but true marketing like the way DoD recruits for the military,” she said. “It would require agencies to be part of the strategic workforce plan to convert some of the higher graded GS-14 or -15 positions, turn them into career ladders for GS-5, -7, -9 grades or -7, -9, -11, -12 grades. It would bring in digital native high school and college students at the beginning of their careers and put them in a career ladder. While they’re digital natives, you have got to teach and train them. But you could trade in two GS-15 positions in and with that money get three or four GS-5, -7, -9 levels.”

Roat pointed to the data from OMB in the 2023 budget request that showed federal IT workers under 30 make up about 3.5% of the total workforce, while the number of workers under 30 years old is 8.1% across the entire federal government.

The White House is trying to address the low rate of young people by encouraging agencies to hire more interns. Agencies say they plan to hire 35,000 interns in 2023, which the administration said will be an increase over 2022 plans.

“How do they grow their career when they they’re a 30-year-old who has been working in government for a few years?” Roat said. “Can they move around inside the government or do they go back to the private sector? I think that’s about having that career path and being able to do something. I think it’s great to bring people into the federal government and infusing a lot of that talent in agencies. But we can’t forget about growing people in the government, who maybe like myself or others really love what they do and maybe want to stay and not jump back and forth with the private sector.”

Roat’s federal career started in the Navy as a 17-year-old working in a computer tape library. She continued to advance by working on mainframes and getting into operations and networking. She then rose through the ranks working at the Department of Homeland Security, later became the Transportation Department’s chief technology officer, and eventually she launched the Federal Risk Authorization Management (FedRAMP) cloud security program. All those experiences led her to be the CIO at the Small Business Administration and, finally, the deputy federal CIO.

“I don’t know that I’ve had the same job twice. It’s always been different. In my career, I’ve certainly zigzagged and I think that’s what allowed me to get to where I am, just having the exposure to so many different roles and so many jobs, and not always technical,” she said. “I’ve always just did a lot of different things and I really think that helped me to get to where I am today. And being curious, certainly, and moving around and learning and staying on top of technology as technology changed.”

Don’t call the $10.5 million infusion of funding the Department of Veterans Affairs received to modernize its identity management platform an “award” or a “loan.”

Federal Chief Information Officer Clare Martorana prefers to call it an “investment” by the Technology Modernization Fund Board. Martorana said the TMF Board is making an investment in VA to help veterans have seamless and secure access to digital services and benefits.

“We are used to simple and seamless interactions in our personal lives. I can log into Grubhub or I can do multiple things and utilize some of the technology available on my devices to have a simple experience. It isn’t that way in a lot of federal enterprises. We can’t transit from agency to agency and have that same identity move with us,” Martorana said on Ask the CIO. “Part of the opportunity is in agencies that have multiple identity systems, making those seamless, safe and secure. We know that we can then build on those lessons learned and actually start to have them help us as we transit across agencies.”

This is why the TMF has evolved from a “loan” or an “award” to that investment, especially given the $1 billion it received under the American Rescue Act Plan in 2021.

Raylene Yung, the executive director of the TMF program management office at the General Services Administration, said an investment like the one in VA is as much about modernizing an agency’s services as it is demonstrating the power of shared services across government.

“The first part of it is really building out that shared service, making sure that it works and can scale. That’s a great example of login.gov, which actually is used by over 40 million users across a few dozen federal agencies,” she said. “Then there’s that other side of the agency adoption of a shared service and that’s a great example of what the VA is doing. You have the two sides of the coin, and together through developing the shared service and then agencies adopting the shared service, that’s when you really get that governmentwide benefit. You can kind of have that build once and use many leverage that you get out of every taxpayer dollar that goes into both sides.”

Through the TMF investment, VA will move away from a fragmented identity and access management approach for veterans and their care givers. VA will use the TMF to implement Login.gov as a single, modern and easy to use sign-in service.

“[T]his project will support the seamless transition of existing users to Login.gov. Second, VA will create an in-person identity verification option for veterans unable to sign up online. Finally, VA will pilot physical security keys for multi-factor authentication to improve accessibility and make digital services more secure,” the TMF website stated. “This investment will not only improve the experience of veterans accessing VA benefits and services, but also reduce VA costs and the risk of fraud.”

Ninth award under TMF since September

The award to VA is the TMF Board’s ninth award to seven agencies from that $1 billion windfall. The board made six awards totaling $311 million to four agencies in September, and then made two others totaling another $9 million.

Yung said the board received 130 proposals from 60 agencies and components totaling over $2.5 billion demonstrating a huge demand to accelerate projects.

The influx of proposals were both good and bad for the board.

On the good side, Yung said the board continually evolves its processes and is hiring more staff to help agencies be more successful with their submissions.

The program management office now includes more than 15 employees and more are on the way. Yung said her office now offers more experience and expertise in building technology systems, user research and design, and, of course, cybersecurity.

“We’re continuously learning from engaging with agencies, the new proposals that we read and the new investments that we make. This unprecedented influx of proposals really taught us a lot more about what agencies are seeking to do, which then informed our criteria, our guidance and all of that,” Yung said. “We really do have this emphasis on not just the older proposals that may have focused on the technology modernization itself, saying we’re going to take that system from the old one to the new one. I think now what we’re really thinking and really asking agencies to show is what is that end user impact? It’s not just about the technical system improving, but it’s what does that achieve? How does the public’s experience with government meaningfully improve?”

Money moving slowly

But on the bad side, the proposal submissions were not always up to par causing some delays in getting the money out the door, which, in turn, is frustrating lawmakers and agency leaders.

Martorana said when the Office of Management and Budget issued new TMF guidance in May that changed the repayment requirements, the quality of proposals declined.

“We went from a 1.0 model that was in existence for three-and-a-half years and did those 11 investments to a 2.0 model. Our 2.0 model puts technologists at the front end of the investment review process and partnering with the board. The technologists are ensuring that these proposals are really worthy from a technical perspective of the investment that they’re going in the right strategic direction, that they’re utilizing best practices, that the teams are capable of actually delivering, that they have acquisition vehicles in place and all of the fundamentals that are needed for an investment, not only to get up and running, but to be capable of delivering the impact for the mission or for the customers,” she said. “We’ve really been able to see agencies making some internal investments, like doing a minimum viable product, doing some rapid prototyping, then coming to us and saying, ‘we have these key learnings now we need to actually accelerate our IT modernization.’ That makes it a lot easier for the board to make an investment decision because there’s a proven model at an agency.”

She added the initial set of projects lacked coordination within agencies.

“We had several agencies that submitted component submissions that didn’t go through a process with their CIO. We’d call the CIO to ask and they didn’t know anything about the proposal,” Martorana said. “There was a lot of enthusiasm from agencies and from programs in agencies that didn’t have that same upfront rigor that a prior TMF proposal went through.”

More transparency with Congress

The board’s long timeframe in making the awards or investments hasn’t gone on unnoticed by Congress.

In the 2022 omnibus bill, Congress zeroed out the TMF pointing to the more than $700 million remaining in the fund in March before the last three awards.

Martorana said OMB and the board recognize they need to focus on transparency and accountability to demonstrate the fund’s impact and why continued investment is important.

“We put a process in place that we announce in advance of making the investment award. We do stop at the Hill and make sure that our stakeholder partners there are aware of the investment and understand the thesis,” she said. “We do a lot of work prior to going to the Hill to make sure we’re working inside OMB to make sure we don’t, we aren’t making duplicate investments and are really rigorous in that process because we want to make sure that the TMF funding is a partnership between Congress and the executive branch.”

She added OMB also is briefing committees and lawmakers to share insights into the trends they are seeing from agency submissions.

“It gives us a really good indication of what some of the demand is, what that pent up demand is across agencies, and then making sure that we are able to think about that as we’re going through our normal budgeting and appropriations process,” Martorana said.

Roberts, who announced in December he would leave at the end of the 2021, delayed his retirement for a few months but now is ready to move on.

A TSA spokesman has confirmed that the agency has chosen Yemi Oshinnaiye, the deputy CIO at the U.S. Citizenship and Immigration Services (USCIS), as its new permanent CIO.

Roberts will retire at the end of May and Oshinnaiye will start in early May to ensure there is an easy transition.

Oshinnaiye has been the deputy CIO at USCIS since March 2019, but worked at DHS previously from 2012 to 2017. He went into the private sector for a short stint before returning to USCIS.

During his tenure at USCIS, Oshinnaiye helped lead the effort to consolidate and improve how the agency uses cloud services.

In 2021, USCIS launched an effort called “clean my cloud.”

“There are so many cloud services at some point, we’re going to be a plethora of different clouds integrating and underlying our network. We took a step back and took a look at that and now anytime we move or build a new workload, we’re looking at what’s in the cloud already. That has enabled us to optimize. Now we have this thing where we’re looking at, our CTO called it ‘clean my cloud.’ So we’re looking at it every month. When you put something in cloud, if you haven’t done something to optimize it, we kind of call you out. So we gamified it a little bit,” Oshinnaiye said during a March 2021 panel.

That optimization effort led to savings that USCIS can put into other modernization initiatives.

Oshinnaiye said using virtual machines and automation are some of the ways his office increased the value of technology while reducing complexity and costs.

In coming to TSA, Oshinnaiye inherits a huge organization in the midst of a technology transformation.

Research firm Deltek estimated that TSA’s IT budget request for fiscal 2023 would be $967 million. This is less than the $1 billion IT budget it received in this year, but $161 million more than it received in 2021.

One of TSA’s big requests for 2023 is enterprise cybersecurity. The agency asked for $23.5 million to support 17 employees.

“This funding will enable early detection to dramatically improve the cybersecurity of TSA networks and provide a better ability to protect TSA’s sensitive data,” the DHS budget request stated. “In 2021, TSA investigated 2,412 cases in the calendar year, which subsequently yielded 84 confirmed incidents. A significant number of these cases (over 72%) were sourced from security logging, which captured unauthorized/malicious activity in TSA’s networks. TSA recognizes that to keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, decisive steps are necessary to increase visibility into threats while adopting security best practices for logging and performing threat remediation via enhanced investigation tactics and increased resources. In addition to implementing one of TSA’s key strategic priorities, these funds support requirements described in Executive Order 14028.”

Along with TSA, the Justice Department’s Executive Office for Immigration Review has a new CIO, and a familiar face at that.

Sanjay Gupta joined EOIR in March after more than five years the Small Business Administration’s chief technology officer.

Gupta became at least the fourth former SBA technology executive to move into a larger role over the last 18 months. He joins Guy Cavallo, who is now the CIO at the Office of Personnel Management, Nagesh Rao, who is now the CIO at the Commerce Department’s Bureau of Industry and Security, and of course Maria Roat, the former SBA CIO and recently retired deputy federal CIO, in leaving the agency for bigger opportunities.

Gupta helped lead the SBA’s technology transformation, moving applications and systems to the cloud, testing out leading edge cybersecurity tools and embracing more digital services delivery.

In joining the Executive Office for Immigration Review, Gupta enters an entirely new sector where he will be supporting lawyers and judges who are adjudicating immigration cases. EOIR conducts immigration court proceedings, appellate reviews and administrative hearings.

EOIR’s IT organization has four directorates:

• Chief architect
• Operations services
• Governance, planning and support
• Software development

In case you missed these CIOs on the move

There has been a lot of other agency CIOs coming and going over the last few months. Here are some others that you may have missed.

FEMA CIO Lytwaive Hutchinson is retiring after 41 years of federal service.

Hutchinson joined FEMA in April 2019 after spending her entire career with the Defense Department. She served 21 years in the Army and then spent 17 years working in various senior leadership roles in the DoD CIO’s office.

The CIA named La’Naia Jones as its new CIO and the director of the Information Technology Enterprise (ITE) within the Directorate of Digital Innovation at the CIA in February.

She took over for Juliane Gallina, who moved to a new role in February. Gallina is now the deputy director of the CIA’s Directorate of Digital Innovation. Jones came to the CIA after serving as the deputy CIO at the National Security Agency for the past year. She also served as the deputy CIO of the intelligence community in the Office of the Director of National Intelligence for two years.

Finally also in March, Director of National Intelligence Avril Haines selected Adele Merritt to serve as CIO for the Intelligence Community.

Merritt was most recently program manager at DreamPort, a cyber innovation nonprofit created by U.S. Cyber Command.

Michael Waschull had been acting IC CIO for the past year. Haines said he would stay on as Merritt’s deputy.

Two other job openings

The Office of Justice Programs finally put out the job announcement to fill its vacant CIO position.

Brian McGrath, who had been CIO at OJP for six years, retired in October.

OJP said in its job announcement that the CIO “[h]as full responsibility for the oversight and management of all OCIO functional areas, including enterprise architecture, application development, infrastructure and engineering, cybersecurity, policy and planning and project management. Ensures the implementation of an integrated enterprise through coordination of resources across the agency and collaboration with other components to deliver a fully integrated capability that supports internal and external customers. Develops performance metrics and data to determine goals and decides methods, plans and schedules work, adjusts staffing and procedures to allocate resources, sets and adjusts priority, and assigns work based on priority.”

The application deadline was April 15.

The National Highway Traffic Safety Administration (NHTSA) is looking to hire a chief data officer.

NHTSA outlined seven roles the CDO will fill, including “developing and continually updating a comprehensive data and information product portfolio strategy, and developing and implementing a data services strategy to maximize use of NHTSA data for internal users, including data warehouses, data sets (e.g. MAX data), business intelligence tools, utilizing DOT shared services offerings whenever possible and practical.”

Applications for the position are due by May 5.

Finally, Oki Mek, the former chief artificial intelligence officer and chief technology officer for the Department of Health and Human Services, is back after a short time off.

Mek announced he joined Equideum Health as its chief information security officer. The company says Mek ensures that Equideum Health’s critical infrastructure is protected through cybersecurity capabilities and uses artificial intelligence (AI) and blockchain technologies.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The U.S. financial system and the way it’s regulated, are fast moving to obsolescence. And the government is unwilling and unable to adopt the technologies to modernize them. That’s according to my next guest. He spent more than three years trying, as the first chief innovation officer at the FDIC. Sultan Meghji left the agency last month, and joined the Federal Drive with Tom Temin with why.

Interview transcript:

Tom Temin: Sultan, good to have you back.

Sultan Meghji: It’s great to be here, Tom.

Tom Temin: And you left, would it be fair to say you left in disgust towards that overstating it?

Sultan Meghji: I wouldn’t say that, I would say more a frustration and the bruise on my forehead didn’t go away for the last year.

Tom Temin: Well, what happened in there? You were brought in specifically with the title of innovator for an agency that goes way back, you know, almost a depression era agency, and back when gold standard and cash and that’s how banking was done. What’s the difference? What were you trying to do there?

Sultan Meghji: But as you said in the lede, the fact is, is the global financial system is evolving incredibly rapidly. And that pace of change is accelerating. You know, what used to take a few years, then took a few months, and now takes a few weeks. And you know, the vast majority of people and systems in our regulatory environment are designed for the analog era, not the digital era.

In the op-ed, I wrote, I specifically called out that we have a lot of analog people making digital decisions. And it’s a real uphill battle. And I came to the conclusion that it doesn’t really matter where you are in a lot of these agencies, you’re not actually going to be able to impact the change. And so you know, this is where I shifted my focus to looking at how Congress in particular should really start to get more involved and make some of these changes.

Tom Temin: And in your essay, and that was at Bloomberg.com, you mentioned, two halves of the problem, the way I read it. One is that there is not thorough enough understanding or widespread enough understanding of the changes in finance itself, with cryptocurrencies and the speed at which trading happens and all of these things. And then there’s also reluctance to learn the technology that might be needed to get a better handle on what’s going on. Fair way to put it?

Sultan Meghji: That is a very fair way to put it, you know, we have a situation where the market is moving at a tremendous pace, and many of the agencies are just not engaging with what’s happening out there. So bringing in the companies that are building this innovation is an uphill battle, and it’s a struggle. The second half of it is, the Federal workforce is definitely older, you know, the median age in the workforce is in its mid to late 30s. At this point, generally in the federal government, it’s in its late 50s. And so there is this almost generational disconnect. People in their 20s and 30s were born digital, they grew up with laptops and smartphones. And that’s how they work. And, you know, I worked with a lot of people in the federal government who had trouble doing anything besides opening Outlook on their laptop, or they still carried around big file folders, you know, talked about writing memos, and things like that.

The world is evolving fairly quickly. And one of the biggest challenges we have, I think, is not just attracting great talent to the federal government, but keeping them and growing them and the people that are in there, making sure they get continuing education, making sure that they understand that these things are moving them, that’s part of their job. But in many cases, you know, people are promoted based on tenure, not on capability or skill set. And I think we need to revisit how we do that.

Tom Temin: And I wanted to ask you something specific about the FDIC context, it’s the Federal Deposit Insurance Corporation. And essentially, it oversees banks to make sure that they have the right coverage for the deposits people’s personal savings that they have. What in the world, what’s out there in the world that’s changing, that you feel they weren’t keeping up with in that particular domain?

Sultan Meghji: Well, I don’t think we have five or six hours for the rest of this conversation.

Tom Temin: Well give us, you know, a few seconds, anyway.

Sultan Meghji: Yeah, no, I mean, the fact is, people still seem to think that digital banking is different than banking. And that banking is a thing. And digital banking is a small subset of it. The opposite is true. There isn’t a single part of our financial system that isn’t governed by technology, and we need to start addressing it directly like that. That’s number one. The second is the resilience of our financial system. You know, how it serves everyone, whether it’s you on your smartphone, or walking into a branch or whatever, is governed by technology and the threats against that, the risks against our systems are the highest they’ve ever been, and they’re increasing. And it doesn’t matter if we’re talking about floods in Miami, or Russian cyber criminals or anything in between. The vast majority of technologies in our banking system are 15 or more years old. The technologies we bought 15 years ago, and the technologies we buy today are radically different. If you were to go back and think about the Blackberry that you carried in the mid 2000s. And think about trying to order an Uber on that. It’d be impossible. Right? And that’s the same kind of thing we’re struggling with today.

Tom Temin: Yeah, let me tell you I still have a passbook from a savings account, I had a cooperative bank 50 years 60 years ago, where they had burrows machines that would type out in your deposit and blue in the interest of five cents that you earned in red. So yeah, it has changed a lot.

Sultan Meghji: I think five cents is about what I earn interest on my checking account last year. So I feel you.

Tom Temin: Something like that. We’re speaking with Sultan Meghji. Until recently, the chief innovation officer at the FDIC and just spend a minute, if you would, telling us what you feel the effect of cryptocurrency is because it’s not backed by a sovereign nation, presumably like the dollar, it’s backed by simply everyone’s agreeing to say it has this much value. And if you find one, it’s yours, it seems like a flimsy tissue to depend on.

Sultan Meghji: Well, there are certainly a lot of people out there who have stronger opinions on this than I do. I think, you know, it is important to note, you know, a few minutes ago, you made a comment about being on the gold standard for the U.S. dollar, which we moved away from in the early 1970s. And we went to what we now call a fiat currency. And so in a lot of ways, the U.S. dollar issue is worth what it is just because we kind of agree that that’s what it is. So it’s not quite as far as you think. The thing about the entire what I call the Web3 discussion, it’s much broader than individual cryptocurrency. It’s fundamentally about realizing that all of our financial systems are entirely digital and are moving to a place where they’re entirely automated. And so I’m not the biggest fan of most cryptocurrencies out there, I think they’re, they’re kind of toys, in some cases, maybe you know, Ponzi schemes in other cases. I’m much more interested in seeing how we make the U.S. dollar digital. I’m much more interested in seeing how we ensure that as we do that, we are maintaining the equitability and protections that Americans are used to having in things like FDIC insurance.

Tom Temin: So that’s really a Treasury issue more than an FDIC issue.

Sultan Meghji: There are over 100 different regulatory bodies in this country that touch one aspect or another of the banking system. And so to me, all of them have to be working together, collaborating together, and fundamentally under a single strategy. And the fact is, is because of how the various laws going back in some cases, 80, 90, 100 years are written, there’s a lot of ambiguity, there’s a lot of gray area, there are a lot of legal memos, and some of them were written in the 50s that really don’t have as much basis in reality as they need to. And so that’s again, I come back to, I think we’re moving to a point where this is a congressional issue, and the individual agencies are just not going to get where they need to get without outside an outside nudge.

Tom Temin: And fair to say our rival economies like China are getting very digital and currency almost doesn’t exist in the daily lives of people in China.

Sultan Meghji: Well, I would, you know, I think China is a great highlight, Tom, because they are in fact incredibly aggressive in terms of innovating in this space. And they’re doing a fantastic job at that, they’ve really made their economy digital very quickly. You know, the digital Yuan has been the most popular app in the app stores in Asia for ever since it came out. It’s just right up there. Right? So that’s a fascinating thing. But it’s not the currency doesn’t exist, it’s they’ve made it entirely frictionless. You can walk through a store, wave your arm at a teller and you just keep going. And that’s the thing that I think a lot of consumers, a lot of Americans are looking for. They want frictionless financial services, and we are far far away from being the best in the world at that.

Tom Temin: All right, so you have recommendations, then, on a couple of fronts. One is the human capital side of government, such that it has the people and manpower it needs to deal with these issues. And the other is the function of the government with respect to how it treats money, banking, finance and oversight. So let’s just briefly, the human capital side, what’s your big thought there?

Sultan Meghji: Well, we need to get more people who actually understand this technology into the system across it, whether it’s in the banks themselves, you know, we have a little over 4,000 banks in this country. And you know, they skew older, they skew more analog, we need people with STEM backgrounds and direct tech experience in the banks and in the regulatory space. We need far more. I was definitely a far outlier, in my federal experience in terms of having applied experience with these technologies. So that’s the kind of the big thought there is we just need more people. And in some cases, you get new people other cases, you train the existing people that you know, and then third is you collaborate. We don’t have to invent everything inside each agency from scratch. You know, agencies can work together, we can look at our international partners that have made great progress. The British government in particular is probably about a decade ahead of us in a lot of ways in these discussions. And so there’s a lot of great learnings there.

And then on the actual governance side, there’s been a long fight in this country about how to organize the relationship between the states and the federal government and then how the federal government should be organized. I will leave it to constitutional scholars and others who are far better served to talk about the nuance of it, but I will say that whatever the output or the outcome of any new legislation should be, it should be about creating single unified strategy and shared activities and outcomes. Simply saying that you’re working on something, which is every agency will say, oh, we’re working on this. We’re working on that. Well, that’s great if you’re talking about a five year program for something, these technologies are moving so fast that by the time you get two years into it, you’ll be having an entirely different discussion. And so the pace of execution is really the thing we need to fix.

Tom Temin: And you are a tech entrepreneur before coming to government. What are you going to do next?

Sultan Meghji: I don’t know, are you guys hiring?

Tom Temin: Well, yeah, but I still walk around with $100 cash in my wallet all the time. I’m one of those guys.

Sultan Meghji: Nothing wrong with keeping some cash. No, I’m a professor. I do some scholarship work. And I am actively exploring what I missed in the time I was in the government to see what looks interesting and will occupy my time.

Tom Temin: Sultan Meghji is former chief innovation officer at the FDIC. Thanks so much for joining me.

Sultan Meghji: Thank you, Tom. Great to be here.

Hutchinson confirmed to Federal News Network that she plans to join industry after a 41-year career in government.

“I hope the next chapter will bring an opportunity within the IT industry,” she said in an email.

She didn’t say when her last day at FEMA would be nor did she say who would be the interim CIO.

FEMA’s website lists two deputy CIOs: Monica Langley, who oversees disaster support, and Scott Bowman.

Hutchinson joined FEMA in April 2019 after spending her entire career with the Defense Department. She served 21 years in the Army and then spent 17 years working in various senior leadership roles in the DoD CIO’s office.

During her tenure at FEMA, Hutchinson focused on several IT modernization paths.

She said in February during an event sponsored by ACT-IAC that her four focus areas were:

• Cloud journey
• Cybersecurity
• Major program initiatives inside FEMA
• Customer/user experience, such as disaster survivors

“We are moving workloads into the cloud. By the end of this year, we will have at least 50% of all systems and services that are cloud ready to move into the cloud,” Hutchinson said at the event. “Just doing lift and shift is my last resort because the first thing is to look at which capabilities need to be modernized or moved into cloud because they are cloud ready.”

She said the cloud is an important factor in FEMA being able to reduce its costs and gain speed and agility to help citizens during any disaster.

So far, Hutchinson said FEMA has about 53 systems that are cloud ready with about 50% of those already in the cloud. She said another set of systems which are not cloud-ready will have to go through a modernization phase and then FEMA will move them to the cloud.

“Our goal is by fiscal 2026 all of our systems and services will be in the cloud,” she said. “That includes our financial management systems, which is one of largest modernization programs.”

FEMA posted the open CIO position on USAJobs.gov yesterday.

The CIO has “FEMAwide responsibility for the approval, management and oversight of FEMA IT and cyber security resources,” and “is responsible for implementing the programs necessary to align FEMA’s IT and cybersecurity personnel, resources, and assets including systems and infrastructure that support FEMA missions and activities,” the job announcement states.

Applications for the position are due April 12. The pay range is $163,333 to $203,700.

The new CIO could be in line for a serious infusion of cash. In its 2023 budget request to Congress, FEMA asked for $99.1 million for IT modernization efforts.

“The budget includes $51 million for grants management modernization to streamline grants management across the agency’s 40 plus grants programs; $36.1 million and 13 full-time equivalents for the enterprise data analytics modernization initiative to enable FEMA to work smarter through data analytics and ultimately deliver better outcomes for survivors and communities; and $12 million for financial systems modernization to modernize the aging 25+ year-old system,” DHS stated in its budget justification.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

A crucial part of the State Department has a new head of crucial function at a time of high world tension. Erica Jaume is the chief of the IT Security and Governance Branch of the Bureau of Educational and Cultural Affairs, and she joined the Federal Drive with Tom Temin for more discussion.

Interview transcript:

Tom Temin: Ms. Jaume, good to have you on.

Erica Jaume: Hey, good morning. Thanks for having me.

Tom Temin: Now, you’re fairly new to this job the last couple months, I guess. And let’s begin with the Educational and Cultural Affairs branch – Bureau, I should say, itself. What does it do in State and how does it fit into the whole State picture?

Erica Jaume: Yeah, we have a very interesting mission. The whole State Department does a wonderful job with diplomacy overseas, specifically our organization and few others. But our organization focuses on leading department efforts to expand and strengthen a lot of the relationships that we have from a U.S. entity overseas. So we work with foreign governments, their citizens, and we really help to build national interest, bringing to light opportunities things professionally, educationally and culturally, really, to exchange individuals work with them to bring them over here, highlight opportunities within the U.S. And, some of the most amazing things that I’ve heard are we build those lifetime bonds with individuals overseas so that they become part of State Department, they want to come back, they want to work with the State Department as some of our Foreign Service. So we’ve got that unique mission of having that soft touch point overseas with getting people interested in the federal government, the U.S. in general.

Tom Temin: And let’s talk about the IT Security and Governance branch. I get IT and security but governance, tell us what your job is.

Erica Jaume: This is a fairly new branch over here in the Bureau of Education and Cultural Affairs. We’re looking at how we can strengthen the bond for IT building into the mission. So we’re looking at any kind of governance around how we implement systems, how we bring IT security towards the those federal government systems within educational cultural affairs. It’s long been known that there are mandates, there are acts that tie the systems into secure posture, but that governance we’re looking to enforce and put in place and that program to build around, it really ties into how we do it, how management is communicated on, how we identify opportunities to continuously improve. We want to build up that opportunity for the Bureau so that we can help continuing to support their mission, their intent on bringing innovation, highlighting and and building that trust with overseas partners.

Tom Temin: How does it tie into the overall state IT structure? I mean, there is a State CIO.

Erica Jaume: So each one of the bureaus within the State Department has their own initiative. It’s kind of like segmenting our missions. Where the department CIO has ultimate responsibility for the agency, we report on a lot of our systems, we report on all of our systems, all of our purchases, everything that aligns to IT up through the chain of command into the department CIO. He has that ultimate, or he or she, has that ultimate responsibility for department direction in IT systems. So we look towards them to provide us with anything from capital to staffing to guidance. They do all of the coordination outside of the department, with agencies such as CISA [Cybersecurity and Infrastructure Security Agency] or anyone else where we really need to gain support. I found it really interesting in the last month, we received a lot of support from the ECA department CIO’s office in areas where we were hoping to leverage them and kick off conversations with other agencies. So they’re really there to strengthen those ties and build around opportunities to partner with other agencies where, happening within a bureau, we do work directly with external agencies, and their IT shops, but sometimes we don’t get as much direct engagement with them because it’s not, our mission’s so small compared to the department CIO’s clout and their impacts across the board.

Tom Temin: Sure. We’re speaking with Erica Jaume, she is chief of the IT Security and Governance Branch of the Bureau of Educational and Cultural Affairs at the State Department. And does the Bureau of Educational and Cultural Affairs have applications of its own that are those mission related that are separate from the State Department enterprise applications? Do you have your own applications to look over and make sure they’re updated and secured and so forth continuously?

Erica Jaume: Absolutely. So every Bureau has their own applications that are dedicated to towards their mission. Their applications branch chief, who’s looking at how we integrate data warehousing enterprise data for the bureau, and then how that even ties into the larger department. Working together we’ll be building out that governance, how we move forward, how we work with the larger department to keep consistency, communications and then also building on opportunities for the department and for our specific mission within the bureau. I’m in good hands as far as the mission goes and the people that surround me the leadership, the support I receive from my colleagues, and then also from the department to get on board with what that mission is and how we interact to support the mission of the Bureau of Educational and Cultural Affairs.

Tom Temin: Aside from zero trust, which almost everybody says in their sleep now reflexively, it’s become the the word of the day, what are some of the other initiatives, priorities for the IT and security branch and for the IT operation at Educational and Cultural Affairs?

Erica Jaume: Cybersecurity focused, we’re looking into, we just received a data call for security opt services from the department. So I’m hopeful and I’m looking forward to the department centralizing security operations, and then leaning heavily on them because there’s a lot of great guidance coming out from the department in the different areas on cybersecurity – doing a lot of initiatives on centralizing communications for anything that comes out for patch management. We had a whole ordeal with the Apache Log4j initiative, we had had an entire organization dedicated to remediating over 120 assets, systems, servers I should say, or systems within our environment to meet that critical need that came out of CISA back in December. And it was incredible the way they did it, they had everybody that had some kind of a tie between all the department bureaus on a call, had a conversation, led the initiative to identify the issue, the challenges, the issues, and dropped in templates. They gave out guidance, they set standards, they set expectations, and they had a reoccurring meeting where everyone would consistently report on the status of remediation of those systems. And that’s how it should be. I found a lot of value in that, meeting my colleagues across the department, and then exchanging information. They’ve done such a great job in such a short period of time that ECA’s OCIO has been on board.

Tom Temin: Sure, and your prior job, which is where we first encountered you, you were a technology accelerator-type person. Tell us what that was, mainly for how it’s informing what you’re doing in the new job? What did you learn as an accelerator of technology? Had your pedal to the metal.

Erica Jaume: Of course. So that vision, that came out of this extremely strong individual that I used to work with, she was my supervisor, indirect supervisor, I would call her a senior adviser. She’s been with the State Department and previously with Army Corps, she had this vision of putting in place the technology accelerator program, and bringing opportunities to my former Bureau, which was the Bureau of Overseas Buildings Operations. Things like IOT things, that the department is working on, but getting it specifically for construction, or specifically for the business within construction and facility management or anything for embassies overseas. So we were looking at bringing that latest innovative technology to the parameters of the embassies in construction or in maintenance. And that was a critical piece of the organization. It led a jumping off point to a lot of areas of opportunity, one of the most, one of the ones that is currently still being run by – the CIO – is called the OBO Smart Building Solution. And so they’re looking at putting in place opportunities to aggregate the data. And it all seems like this is old news. But for the federal government, this is resounding information where you’re pulling back an entire network of smart building services. I mean, you walk through a mall garage, how often do you see, there’s little green lights on the parking spots that say, oh there’s a spot available, versus it’s red, it’s not available. So things like that, figuring out how many cars are sitting in a parking lot, and at an embassy and pulling it back. You still don’t find those in many of the buildings in private industry. So they’re doing a great job.

Tom Temin: All right. And final question: So are you an IT person, or a State person or a little both?

Erica Jaume: I’m both, I would say both. I think the mission drives me independently. But IT individually has been my core focus for the last 12, 15 years. So I’ve been a federal employee 10 years and then before that contracted, seems like so long ago now. I think I was contracted for five years. So State definitely, prior to that I was at Homeland Security. Loving every bit of State Department though, I feel so close with the mission now that I’m part of a bureau. So it’s been excellent.

Tom Temin: Erica Jaume is chief of the IT Security and Governance Branch of the Bureau of Educational and Cultural Affairs at the State Department. Thanks so much for joining me.

Erica Jaume: You’re welcome. Thank you, sir.

The federal government will finally pull the plug on the use of Dun and Bradstreet numbers and fully move to a brand new identifier for contractors, called the unique entity identifier (UEI).

On April 4, GSA will complete a major technology modernization project that started in 2012, picked up steam in 2016 and finally will come to completion after a six-month parallel test.

Memi Whitehead, the deputy assistant commissioner of GSA’s Integrated Award Environment, said all agencies will use the UEI, which is a government-owned identifier generated in SAM.gov, and are responsible for changing their systems across their business processes ranging from acquisition to finance.

“We’ve had a parallel operating environment for over six months where the agencies have had both the DUNS number and the unique entity ID available in all of the IT systems in the Integrated Award Environment (IAE),” Whitehead said in an interview with Federal News Network. “They’ve been able to send and receive tests that’s allowed them to plan the timing of their own transitions. Even before that, we’ve been communicating with them sharing the specifications. This really has been a multi-year project and a multi-year transition.”

The government’s move away from DUNS numbers will end a 40-plus-year relationship with Dun & Bradstreet where the government has spent hundreds of millions of dollars to use the proprietary system to identify companies. The costs of using the DUNS number has grown over the past decade or more. As of 2012, GSA spent roughly $19 million a year on its contract with Dun & Bradstreet, compared to about $1 million in 2002, according to the most recent report available from GAO.

GSA would give contractors a DUNS number free of charge, but it paid for the service on the front end.

In March 2018, GSA awarded Ernst & Young a five-year, $41.7 million contract to run the UEI initiative. Ernst & Young will provide services to validate the identity of each entity (company, individual, organization, etc.) wanting to do business with or receive assistance from the government, GSA stated in a release. The GSA said the contract will reduce unnecessary duplication across the government by ensuring individual agencies do not have to separately contract for these services, but will instead receive the service by way of SAM.gov.

UEI for the entire lifecycle of an award

The UEI is a 12-character alphanumeric identifier that is owned and managed by the government. It connects agencies and companies throughout the federal award lifecycle whether it’s writing a contract or managing a grant.

“The benefit that we see from the users’ perspective is that it’s going to be more convenient. They’re not going to have to go to multiple sites and they’re not going to have to interact with a third party directly. They’re going to be able to go to SAM.gov, provide the information or request a unique entity identifier, get the entity validation done and move on with whatever else they need to do,” Whitehead said. “That convenience factor, that ease of experience is something that we’re really looking forward to providing.”

Whitehead said there are several reasons the UEI implementation took so long. First, the Federal Acquisition Regulatory Council had to change regulations to remove references to DUNS numbers and replace them with UEI.

“That change allowed us to compete the validation and then decouple the fact that we were having an identifier, the thing that connects to the entity from the validation service, on the back end,” she said. “That’s a good thing over time that allows increased competition. It removes the proprietary nature of the identifier, and really means that no matter who in the future, were to provide the service, this huge giant governmentwide change only has to happen once.”

This one change, however, will impact seven IAE systems. GSA is planning down time on April 1 and 2 to implement the UEI changes.

Whitehead said it’s not just GSA’s system that need updating. Agencies have been developing, testing and ensuring they are ready for the move too over the past year.

“From the technical perspective, the agencies worked together to develop and design the changes. That was a really good process that was very interesting to watch because agencies came together and talked about what they needed to do, how they needed to do it, making sure that there wasn’t overlap with other identifiers, like the Social Security number,” she said. “Obviously, we had to create the thing to build the identifier, the generator on the backend. Just learning and peeling back the layers of the onion helped define all the different places where the DUNS number was used, and knowing that had to have a parallel insertion of a unique entity identifier. It’s been fascinating, certainly stressful at times. But we’ve got a really great team and the agencies have been great to work with.”

Preparing for challenge, hoping for the best

GSA has been working with agencies and talking about the move to UEI for the better part of the last year, displaying the UEI next to the DUNS number on SAM.gov.

Whitehead said GSA was trying to make the switch as easy and smooth as possible.

But, as GSA knows well, these changes can be fraught with challenges particularly in that first week.

“You hoped for the best and plan for the extremely focused support to the user. So we will be in a hyper monitoring, hyper paying-attention-to-everything phase, for the certainly for the first week,” she said. “We’ve got an integrated project team that’s ready to support users. We have folks from our IT support, from our hosting support and from all of the different aspects and facets that we need to make this work. We were planning for surge support around our service desk. We do expect that there will be those who are not aware of the change, and come in to do something on April 5 or April 6, then suddenly discover that it’s different than what they expected. So we anticipate some longer wait times at the help desk. But our focus is to really quickly identify what the major issues are and triage those. We’ve got planned windows so that we can make some changes fairly quickly, to iterate on anything that’s not working the way we need it to.”

Whitehead added GSA has posted information, videos, fact sheets and other helpful details about the transition to UEI from DUNS on its website. It also added a “big green button” that says “UEI transition help” so users can easily ask questions or solve problems.

From futuristic telephones with screens on desks in the 1990s, to punch card mainframes using FORTRAN, Janet Vogel, the former acting chief information officer and chief information security officer at the Department of Health and Human Services, has seen significant change in the federal technology sector.

Vogel recently retired after 40 years of federal service.

She said her experiences, from HHS and the U.S. Agency for International Development, to her political science background and learning technology, taught her several things about how to be successful in the federal sector.

“I would definitely recommend that they think big and lean forward. It’s a big job. There are so many moving pieces that you really have to focus on both compliance and operations at the same time because we do operate things departmentwide, and compliance can eat your lunch, and your dinner,” Vogel said during an “exit” interview on Ask the CIO. “So I would say think big, get views that are not just techie so that you understand the impact of choices. Listen, get the input, think about it, lean forward and definitely focus on resiliency. What’s your plan B? What’s your plan C? Because HHS holds critical infrastructure capabilities, and that’s on the shoulders of the IT and the cyber people. It really is, and everyone else, if you believe cyber is everything.”

And to that end about cyber, Vogel said the next HHS CISO and incoming CIO Karl Mathias — Vogel’s interview occurred before he was named the new CIO at HHS — should continue its focus on implementing the updates in Special Publication 800-53 from the National Institute of Standards and Technology as part of the move to zero trust.

“We put together a new HHS policy on zero trust, so that needs to be front and center. Zero trust and defense-in-depth are very important, so I would definitely focus on that kind of thing,” she said. “The skills of the people that are involved is also really important. When you have high performing employees, they like to be challenged. So take advantage of that. Take advantage of that as a resource, but also think about how to ask skill and make sure that everybody stays current on their skills.”

Landed in IT by accident

Vogel’s words of wisdom about training and cybersecurity were ones she lived by. She came to the federal government from a small farming community in Oregon. She studied political science at Colorado State University. After graduating in 1978, she earned an internship at HHS in Washington, D.C, and her career took off.

After her first stint at HHS, she worked for USAID, the Federal Aviation Administration, the Treasury Department and then the Centers for Medicare and Medicaid Services.

Vogel spent her last four years working as the HHS CISO and then acting CIO since May. She got her start in IT almost by accident.

“It was an HHS program, and I worked for the Office of Information Services, I believe it was called at the time. IT was called ADP, automated data processing, and I got a lot of experience there with great mentors,” she said. “I moved to the Office of the Assistant Secretary for Health, and I went through all of the process of how do you get an authority or an approval for an ADP project? I worked mostly with the National Institutes of Health at that time. It was really exciting because I got to see what it takes to put together a program and what it takes to manage it. We went through every acquisition, and went to GSA for approval for every IT acquisition at that time so it really gave me a thorough understanding.”

She said one of her first projects was to get approval for HHS to buy a supercomputer in the 1980s.

Vogel built on that experience while at USAID, where she worked on a project to help Pakistan with hardware and software development for their census.

“With USAID, the money has to be spent on U.S. products, and so I was able to see the companies, the quality of their proposals and help show the people there how to look for those things and what to do next. So it was helping them actually implement the technology in their country and a little bit of education,” she said.

Too many IT regulations, laws

All of her experiences left an indelible imprint on her about how difficult federal acquisition and technology can be.

“The federal IT sector is governed by over 100 laws, rules and regulations, and it is weighed down by that. I would simplify the compliance and the auditing so that we could focus being more effective with IT and cyber. That said, it’s not one office that can do this. We need to make sure that others are engaged. So I would simplify the oversight and all of the legislation that we’re constantly reporting on,” she said. “I think that the evolving nature of cyber makes it a little more difficult because it’s not quite as mature yet. I’m not sure it’ll ever get there because we have a lot of bad actors and all they want to do is disrupt some things that are important.”

Vogel also said agency CIOs need more authority and direct funding for cybersecurity.

“It really does make a difference if you have multi-year funding in your ability to plan and execute strategic operational activities. That would be a big improvement,” she said.

During her time at HHS, Vogel said she was proud of the work the team did to reimagine the Health Sector Cybersecurity Coordination Center (HC3).

“The HC3 takes cyber information that we know about threats or vulnerabilities and puts it into a language that is understandable to the medical community,” she said. “We send out those bulletins to the cyber contacts in the health care industry, we have thousands of them, telling them about a threat, what it means to you, here’s how you could identify this if you have the problem and here’s what you do. Our outreach to the health care sector has been enormous, and, I think, it’s been very beneficial. We’re able to put things in more medical and operational terms than just techie talk.”

HHS CIO council matchmaking

Now HHS receives more requests for cyber information to the HC3 than ever before and it’s reaching more cyber and non-cyber experts because the information is more easily accessible and understood.

Another area where HHS has changed is the internal coordination among bureau CIOs. Vogel said she reinvigorated HHS CIO council meetings to create connections across the bureaus to improve sharing, specifically of cyber data.

“One of the things in our council meetings that I did was how I sponsored what I called speed matching. The instructions were each of you bring three things that you do really well, and three things you want to improve on. And through our meeting, we paired folks up and had sessions where each of them in that pair would talk about the things that they did well and share information,” she said. “As a result, we were able to improve the sharing of everything from training on privacy or security to products so we don’t have to reinvent the wheel.”

Vogel said she has no plans for what comes next after some much-deserved rest and relaxation. She said she may do some volunteering.

“It definitely is hard to step away from because I have real, deeply-rooted sense of patriotism and dedication. And so stepping away to make a change was a really hard decision,” she said. “I did think about it over the last couple years, and this time just seemed opportune for me to try something new. I like to learn something new every day, and this gives me the opportunity to do a lot of that. So [a] difficult decision, but it’s just the right time.”

The Department of Homeland Security expects around 70,000-80,000 employees work remotely any given day of the week. That fluctuates based on training, schedules and leave, while frontline workers have always been on site through the pandemic.

Some technologies only work in a physical office but with cloud technologies and the security tools put in place, DHS has maximized the technological capability of teleworkers and field workers in organizations such as FEMA, Border patrol and the Coast Guard.

“We try to give the greatest capability possible to folks who are teleworking. I think, initially there were some limitations with the things like printing. Printing was one of the ones that everybody had to get accustomed to a different model and a different approach,” said Elizabeth Cappello, deputy chief information officer at DHS, on Federal Monthly Insights — Secure Tools for a Telework Future. “But I do think for the most part, we have done a really outstanding job of making all of the collaboration and back-office capabilities available to everyone who’s teleworking.”

Cappello has repeatedly credited a heavy snowstorm several years before the pandemic with teaching DHS to invest in remote network capability. It also prompted a transition to Microsoft Office 365 cloud software, as well as a cultural shift in the mindset around telework.

“When you have a large law enforcement component, or as you mentioned a large field component, it’s difficult to make that mental shift to not being in the office, to not being with your colleagues, and to using the technology in a far different way than you maybe had ever done previously,” she said on Federal Drive with Tom Temin.

With people working from home for months on end, day-to-day workflows were adjusted. Printing to PDF became the go-to solution for many, but furthermore the teleworked boom likely pushed DHS to use less paper overall, Cappello said. She speculated people have grown more comfortable with working electronically and using collaboration tools, such as video calling.

“We found that with some of the older laptops that folks had, we had to provide better cameras so that they could actually be on video calls. In some cases, additional keyboards, and whereas if you were only working from home one or two days a week, you might have been comfortable just working on your laptop without an additional keyboard or an additional mouse or some of those ergonomic add-ons. We found that that was not the case after a couple of months of working at home; folks really needed to establish maybe a little more permanence in their workspace,” she said.

The permanence of this widespread telework has implications for virtual private network capacity. DHS started a working group to investigate zero trust technologies before the pandemic started. The group looked for alternatives to support the end user, support the workforce and ensure that they were not introducing additional cyber vulnerabilities, Cappello said, declining to go into specifics on those zero trust technologies.

“We’ve reduced the number of network hops, which translates into better performance with enhanced security. But if you think about zero trust, it’s not a perimeter defense model, right? It’s literally you’re not trusting the resource,” she said. “So you’re doing trust on a continuous basis. So while it improves the access to resources, it also enhances the security posture around those resources.”

The agency has a methodology for people to work in a zero trust environment or without a VPN. Cappello said DHS implemented zero trust in conjunction with the standard HSPD-12 PIV card, and in her opinion they have not added challenges to the end user. Although she acknowledged the initial transition may have come with hiccups.

As for “composable enterprise,” meaning a kind of a dispatch to which one can add capabilities to better accommodate scattered users, “much of that’s going to be driven by the specific component needs, and what flexibilities make most sense for them in meeting their mission,” Cappello said. “A FEMA mission, obviously, is going to be very, very different from what, say, the U.S. Border Patrol is doing within Customs and Border Protection. So I think that, as we examine at DHS headquarters, within the CIO’s office, how we provide guidance to the components, we’re going to have to remain flexible and agile and respectful of their particular mission sets.”

The management lines of business — the chief financial officer, the chief human capital officer, acquisition and Cappello’s team in the CIO office — have to work together to respond dynamically as federal offices turn more hybrid in-person and telework.

“We’ve learned a lot of things in the last two years at a very, very accelerated pace. I don’t think we’ve actually had time to breathe and really spend some time thinking about what the future is going to look like,” she said. “But we do know we’re going to have to remain agile, we’re going to have to remain flexible, and we have to remain resilient.”

Haines announced the news in a statement Monday. Merritt has held several positions in the intelligence community during a career spanning more than two decades.

She began her career at the National Security Agency, served as principal deputy CIO for cyber at the Department of Energy, and director and acting senior director for intelligence programs on the National Security Council during the Obama administration, according to ODNI.

Merritt was most recently program manager at DreamPort, a cyber innovation nonprofit created by U.S. Cyber Command.

“Dr. Merritt will lead our ongoing modernization efforts to transform the IC Information Technology Enterprise, ensure the security of the IC’s Information Technology systems, and enhance IT cooperation within the IC,” Haines said.

Michael Waschull had been acting IC CIO for the past year. Haines said he would stay on as Merritt’s deputy.

Merritt’s appointment comes as intelligence agencies are in the early stages of transitioning from the legacy “C2S” cloud program to a new “C2E” contract with multiple providers. The CIA awarded C2E in November 2020 to Amazon Web Services, Google, IBM, Microsoft and Oracle. The C2S contract, awarded in 2013, is exclusive to AWS.

Meanwhile, artificial intelligence, machine learning, data and computing technologies continue to be top priorities under ODNI’s fiscal year 2022 to FY-26 science and technology investment landscape. 

Karl Mathias, the CIO for the U.S. Marshals Service since 2015, will join on March 14, according to an internal email obtained by Federal News Network.

“We are fortunate to have someone of Karl’s caliber take on the mantle of OCIO leadership, and I know he looks forward to hearing directly from all of you as he steps into this role,” wrote Cheryl Campbell, the HHS assistant secretary for administration in an email to staff.

Mathias replaces Perryn Ashmore, who was the last permanent CIO and retired in May. Since Ashmore left, Janet Vogel was acting CIO until she retired in December and then Dr. George Chambers has been acting for the last few months.

Chambers will return to his original role of executive director of the Office of Application and Platform Solutions.

In coming to HHS, Mathias also becomes the eighth permanent or acting CIO in the past seven years. The lack of stability in the CIO role has been troubling to many current and formal employees, who say it’s having a real impact on the agency’s ability to modernize.

HHS received a “B” under the latest Federal IT Acquisition Reform Act (FITARA) scorecard, with a lot of work still needing to be done around cybersecurity and the transition to the Enterprise Infrastructure Solutions (EIS) program. HHS also received a “Partial” score for its CIO reporting to the agency head or their deputy.

“CIOs that do not report to the head of the agency weakens their ability to effectively manage IT,” the House Oversight and Reform Committee said about this category in general. “Given the history of federal IT failures, this is a concern.”

Mathias inherits an HHS technology organization with the third largest budget among civilian agencies. For the fiscal 2022 request, the White House said HHS requested more than $6.9 billion, which is up from $6.4 billion requested in 2021 and almost $1.5 billion more than the 2020 request.

HHS updated its IT strategic plan in 2021, detailing five goals to modernize, secure and enhance business and mission systems.

“The expanding capabilities of IT creates a dynamic where the IT organization no longer solely supports the mission but is part of the mission that shapes the enterprise strategy,” the agency stated in the plan. “As the IT organization’s role changes, it increasingly focuses on service orchestration via platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS) technologies, in addition to service delivery. These shifts come with new governance responsibilities as well as new customer and partner expectations. Increasingly, IT organizations facilitate collaboration across the enterprise and drive agility, cost savings, interoperability and flexible solutions that IT leaders tailor to various mission needs.”

As the Marshals Service’s CIO since 2015, Mathias has created a disciplined process to bring more applications and systems into the cloud. He has invested time and energy into creating an IT investment governance process as well as ensuring there is room for innovation and new technology.

As of last fall, the Marshals Service has about 60% of all applications in a cloud instance, whether SaaS or IaaS.

One of his big successes over the last five or six years is that his office has worked with the mission side to put applications like the warrant tracking system, the prisoner operations system and several others in the cloud.

Before coming to the Marshals Service, Mathias served in the Air Force until he retired in 1993 and then took civilian jobs serving as an analyst, engineer and program manager on the Joint Surveillance System, the NORAD Battle Management System, combat simulations at the Air Force Wargaming Institute, and the Air Force Research Laboratory’s Enterprise Business System.

He also was an assistant professor at the Air Force Institute of Technology and a military advisor to the Ministry of Defense and Aviation in Riyadh, Saudi Arabia.