The Department of Housing and Urban Development is looking for a new chief information officer. HUD is now one of five major agencies looking for a new technology leader.

But unlike the departments of Defense and Health and Human Services, and the Small Business Administration and the Centers for Medicare and Medicaid Services, the HUD CIO didn’t actually leave the agency to create the job opening.

Beth Niblock, who has been CIO since July 2021, moved to a new position as senior advisor for disaster management. The reason for the opening is purely political. HUD decided to move the CIO’s position back to a career one from a political one.

“[O]ver the past few years, HUD leadership determined the department would be best served by having a career CIO to ensure steady and consistent leadership, and to better position the department to deliver high-quality, transformative solutions enabling HUD to deliver on its mission,” said a HUD spokesperson in an email to Federal News Network.

HUD posted the CIO job on USAJobs.gov in mid May and applications are due today. In the meantime, Sairah Ijaz will step in as the acting CIO until a permanent career leader is selected.

Political CIOs close to leadership?

The decision by HUD to transition the CIO position back to career from political isn’t that unusual.

Over the course of the last 28 years — January 2026 will be the 30^th anniversary of the Clinger Cohen Act — several agencies ranging from the departments of Commerce, Energy, Treasury and Transportation as well as the Environmental Protection Agency and others have flipped the position back and forth between career and political to suit the needs of the leadership.

But HUD’s decision brought up a long-standing and healthily-debated question of whether CIOs, especially at this point in time of history where technology is at the center of every agency’s mission, are better off being political appointees?

To many, the answer continues to remain as it has for the last almost 30 years: It depends. But what has become clearer than ever is the role of managing, implementing and securing technology puts the CIO and deputy CIO on a higher plane across all agencies. Thus, requiring the federal community to continually re-ask the political appointee question.

“How the agency positions the CIO’s role in theory versus practice for the best possible function is really a question of how the head of the agency and the culture of that agency sets that role up for success,” said Dan Chenok, the former Office of Management and Budget official who helped with the Clinger-Cohen Act and now executive director of the IBM Center for the Business of Government. “Given the ubiquity of technology today, what is the right balance? My own personal view is a political CIO is more likely to be close to the head of the agency, and a career deputy CIO gives you continuity.”

Finding that seat at the table

But that closeness doesn’t always result in a CIO’s success.

If you look at the January 2024 Federal IT Acquisition Reform Act (FITARA) scorecard as one measure of CIO effectiveness, agencies with career CIOs versus those with politically appointed ones faired about the same. Agencies with political CIOs — the departments of Defense, Energy, Homeland Security, Veterans Affairs and HUD — received the same mix of “B” and “C” grades as those with career CIOs.

Simon Szykman, the president and founder of Cambio Digital Transformations and former Commerce Department CIO, said the role of the CIO is inherently not one that strongly aligns with any political ideology.

“Ideally it should not be necessary to make a CIO political appointment in order for that person to support the agency mission, or even the political leadership’s agenda,” he said. “However, the flip side to the argument for career CIOs is that no CIO will be successful if they don’t have that proverbial seat at the table. They need to be able to operate, influence and impact decisions at the senior-most levels. It can be a challenge for career senior executives to fully operate as peers to political leadership, and this challenge can be dependent on agency culture as well the leadership tone set higher up in the administration.”

Many times an agency hires a political CIO because the secretary wants a specific person in that role. That was the case, for example, with Steve Cooper, when he worked at Commerce from 2014 to 2017.

For other agencies like VA, Congress required the position be presidentially appointed and Senate confirmed — one of the few that requires Senate confirmation.

HUD’s great strides

But even then, there is no guarantee of success.

“Moving the CIO to political or a career position is situational and based on the candidates available and what’s going on at the agency at that moment,” said Margie Graves, a former deputy CIO at DHS and federal deputy CIO and now a senior fellow at IBM’s Center for the Business of Government. “A lot of times the decision to bring on a political CIO may be because the secretary wants a specific person on board to do something specific. I would advocate for choosing the best person for the moment. It’s really no different than what you’d do in private sector. And the times I’ve see the decision fail is when the person has no background in the technology management discipline and no expertise. I saw a couple of those at DHS.”

Graves added, at least for the CFO Act agencies, she would prefer to have someone in the C Suite who is “hearing” those political conversations as opposed to someone who is relegated as an “outsider.”

HUD’s reason for moving the CIO back to a career position is not entirely clear. The spokesperson said Niblock and her team have made “great strides over the past few years” to modernize the technology and improve the cyber posture of the agency’s infrastructure. But the spokesperson seems to insinuate there may be some bumpy roads ahead.

“However, HUD’s IT only received 0.5% of the department’s fiscal 2024 budget, which is one of the lowest percentages across cabinet level agencies. HUD is continuing to work with its federal and congressional partners to build on the progress of the past several years, while also continuing to pursue the ability to leverage various funding flexibilities that other agencies are able to leverage, including a working capital fund for its IT needs,” the spokesperson said.

HUD’s IT budget for 2024 is $641 million, of which it is spending only $94 million on development, modernization and enhancement projects. The agency requested $540 million for IT in 2025.

The post Political vs. career: Role of CIO remains unsettled first appeared on Federal News Network.

Sherman has accepted a position as dean at the Bush School of Government at Texas A&M University, the same institution he graduated from in 1992 before becoming an Army air defense officer. He’ll start that position on Aug. 1, the school said in a statement.

“The spirit of service and focus on preparing students for the future they instilled in the school will be our guiding light as we look to the challenges the next generation of leaders will face,” Sherman said. “Liz and I are excited to get back home to College Station and beginning this next chapter in our lives.”

Defense officials did not immediately announce who would succeed Sherman in the DoD CIO role. One likely candidate, at least on an interim basis, would be Leslie Beavers, the office’s current principal deputy.

In a statement, Defense Secretary Lloyd Austin credited Sherman with leading the department through several major technology advancements over the past two and a half years, including a restructured cybersecurity approach through DoD’s first-ever zero trust strategy.

“Mr. Sherman has been a steadfast advisor and an innovative leader who has helped the department adopt and utilize modern information technology to keep our country safe,” Austin said. “His technical expertise has proven invaluable in tackling a variety of digital challenges. His focus on mission readiness has ensured that each of the services is equipped with both the capabilities and the digital workforce necessary for modern warfighting.”

Sherman spent most of his federal civilian career in the intelligence community, starting as an imagery analyst. He worked his way up through the IC over the next 20 years, including positions as the CIA’s deputy director for open source intelligence, and eventually as the IC’s chief information officer. He joined DoD as its CIO in December 2021.

At Texas A&M, Sherman will succeed retired Gen. Mark Welsh, a former Air Force chief of staff, as the Bush School’s dean. Welsh now serves as the president of the university.

“When President Bush laid out his vision for the Bush School of Government and Public Service and the importance of preparing new generations of dedicated public servants, he thought of people like John Sherman,” Welsh said. “John is a true public servant, having worked in government service his entire career, including 25-plus years in the U.S. intelligence community. He’s built an incredible professional reputation as a leader in public service and national security, but maybe more importantly, for how he treats others.”

The post DoD CIO John Sherman to step down at end of June first appeared on Federal News Network.

Through the pandemic, the IRS learned it can move with urgency. And now that the emergency has subsided, Nancy Sieger, the former IRS chief information officer, believes that lesson isn’t going to waste.

Sieger, who will retire on June 1 after more than 40 years of federal service, including the last one as the Treasury chief technology officer, said IRS is building on the IT modernization lessons learned over the past few years.

“I think technologists saved the day during the pandemic. As the IRS CIO, I had the opportunity to lead IRS efforts to ensure that services to the public were handled in the most efficient way possible. If you think back to that time, businesses shut down, cities were practically shut down, and our economy was suffering and human beings were suffering. IRS focused really hard to issue three rounds of Economic Impact Payments. I am most proud of how IRS leadership and employees rallied to get money to the people in this country who needed it the most,” Sieger said during an “exit” interview on Ask the CIO. “We had a principle that any new technology would be built in a modernized way. We were really good at relying on the older systems and delivering fast. One of the opportunities we had with the Economic Impact Payments, looking to the future, feeling like IRS might be called upon again to do something similar. We had to challenge ourselves to say that may be easy and fast to build upon old operations, but how do we do this in a modernized way so that it’s repeatable? There were three rounds of payments, each round of payments came faster and faster, culminating within 24 hours. The Economic Impact Payments and that processing were built using new tools, new testing methods, new quality assurance processes and built in a modernized way. If IRS has to do that again, the strong foundation will be there.”

Sieger said it took constant reminders to build the confidence of the developers and engineers to the point where she and then-IRS Deputy CIO Kaschit Pandya, who is now the agency’s CTO, met daily with the technology workers who were writing code and analyzing it.

“We often had to say to our folks, ‘no, no, you have my permission to do it this way. Not [the old] way. It was risky. We managed those risks,” she said. “But ultimately, it resulted in little-to-no rework. I would say to you, on behalf of Kaschit and myself, the hours we spent with a team doing this the way it needed to be done was very fulfilling.”

IRS can accept, manage risks

That experience has helped the IRS continue to launch modern services, such as the direct file application, launched in March across 12 states. The IRS said the direct file pilot helped more than 140,000 citizens file their taxes online and for free.

There are plenty more opportunities for the technology development lessons learned from the pandemic to continue to spread across the IRS. Commissioner Danny Werfel told lawmakers in April that the tax agency needs $104 billion for a multi-year modernization effort.

Sieger said the experience over the last three-plus years taught the IRS it can accept and manage risks differently than before.

“We took a lot of risks. We weighed those risks. We said, ‘the worst thing that could happen is this. What are we going to do when that happens?’” she said. “I think our greatest opportunity is not forgetting how we did that, and bringing that forward into future operations. I’m trying not to say don’t be risk averse, but I’m going to say it. Don’t be risk averse and accept measured risk; know what could happen, know how you’ll adapt, but let’s face it, in our personal lives, especially in the technology space, how many of us get an update on our smartphone that didn’t work. But we know the next day it will be updated and fixed. Now I am not suggesting something so aggressive in government. But I am suggesting that we look back to how the government served this country during the pandemic and bring some of those skills and learnings forward to be even more effective and efficient in government service.”

One of the biggest reasons for the IRS’ success, beyond the urgency of the moment, was the top-cover leaders gave the developers. Sieger said helping employees reduce the fear of failure and ensuring they know they are not going to be left behind should something go wrong was a huge factor in the agency’s success.

“At the time, it was Commissioner Charles Rettig who was constantly keeping his hand on the pulse of the employees, working with Treasury to ensure that we were delivering the payments and processing tax returns and the IT workforce knew they had support. They were constantly asked, ‘What do you need?’ Sometimes they would tell us what they needed. Sometimes, I saw what they needed, and they wouldn’t ask. There was a particular weekend where the team was working really hard,” she said. “This was not a case of the workforce being hesitant to do new things. This was a case of the workforce having the skills they needed to do this in the most elegant way, and once leadership let them know — from Commissioner Rettig through the different deputy commissioners to myself and all the front line executives at the IRS who helped them — they were able to get things done and help the country. It was an example of coming together at the right time in the right way for the right outcome.”

The post How the pandemic changed IRS technology for good first appeared on Federal News Network.

Federal News Network has learned Caron is heading to a new job in industry. The specifics about where he is going is unknown. His last day at ITA will be May 31.

Caron, who is well-known on the federal speaking circuit, has been the ITA CIO since February 2023.

Before that, he was the CIO for the inspector general office at the Department of Health and Human Services and worked for the State Department for 18 years, including the last two years as director of enterprise network management.

Caron also has played a big role in helping drive the development of zero trust concepts through the CIO Council’s Innovation Counsel for Zero Trust.

During his time at ITA, Caron focused on moving ITA to a more modern network and security infrastructure. For example, he implemented phishing-resistant multifactor authentication, in part, by sending each of ITA’s employees a “YubiKey” authentication device to meet MFA requirements.

“So we’re taking a lot of steps, we’re looking at some identity management things in order to mature identity management and automate our processes around that as well,” Caron said during a January 2024 panel.

He also has focused on ensuring ITA is managing its data so it’s protecting its most important and valuable data as part of its zero trust implementation.

Additionally, Caron said because ITA has been 100% in the cloud for several years, he has focused on understanding the costs of using cloud services and how to manage those costs.

“In the wake of the pandemic and the subsequent move to work from home, Gerry Caron was the right kind of leader at a critical time. Gerry helped galvanize the entire federal government around actual use cases for zero trust,” said Tom Suder, president of ATARC. “The effort led directly to several Technology Modernization Fund awards to agencies, specifically for zero trust that have been the model for funding cybersecurity.”

DISA executives move into new roles

Over the last few weeks, there also has been a few other noteworthy changes in the federal technology community.

Let’s start with the Defense Information Systems Agency where Sharon Woods, who led the agency’s hosting and compute center for the last almost three years moved to new role at the agency. She is now leading DISA’s Endpoint Services and Global Service Center.

“We deliver networking and endpoint solutions at all classification levels to the Department of Defense. This is a crucial mission, connecting the department’s globally dispersed workforce, from the Pentagon to the edge, with unified communications,” Woods wrote on a post on LinkedIn. “Incorporating my experience with cloud technology, I hope to drive modernization and propel J6 forward as the premier communications provider to the department.”

In her place, Jeff Marshall, who has been vice director of the hosting and compute center since February, is now acting director.

During her tenure as the head of the HACC, Woods helped usher the Joint Warfighting Cloud Capability (JWCC) through the implementation phase, launched DISA’s own hybrid cloud instance, called Stratus, and led the effort to provide a DevSecOps platform, called Vulcan, for DoD users.

Bill Dunlap, the acting deputy chief information officer for the information enterprise at the Defense Department, said on Tuesday at the AFCEA Enterprise IT Day that the defense agencies and military services have made 84 awards under JWCC worth more than $634 million.

Marshall joined DISA in February after spending the last 20-plus years in industry. He also served in the Army for 13 years before moving to industry.

New cyber execs at CTIIC, EX-IM Bank

Moving to the intelligence community, the Cyber Threat Intelligence Integration Center (CTIIC) hired Chris Zimmerman as its first director of the Office of Strategic Cyber Partnerships.

In that role, Zimmerman will “further the integration of commercial cyber threat intelligence in the IC and take an innovative approach to partnering with the public and private sector,” Laura Galante, the director of CTIIC and the IC Cyber Executive, said in a statement.

Zimmerman comes to CTIIC from industry where he held leadership positions with Symantec, FireEye, Palo Alto Networks, Cylance and, most recently, as President of FedStarts, LLC, where he led the deployment of software technology to enable stronger cyber defenses.

Finally, the Export-Import Bank has a new chief information security officer and new chief privacy officer. Darren Death joins the agency after spending the last nine years as the vice president of information security and CISO for ASRC Federal.

Death has worked in and out of government during his career, including stints at FEMA, the Library of Congress and the Air Force.

He also is active with cybersecurity education groups like InfraGard MD and is a fellow with the Institute for Critical Infrastructure Technology (ICIT).

The post ITA CIO Caron moving on to industry first appeared on Federal News Network.

CISA confirmed his last day will be in June, but didn’t say exactly when. A CISA spokesperson didn’t say who would be acting in his place after Goldstein leaves. Matt Hartman serves as Goldstein’s deputy.

Goldstein joined CISA in February 2021 from the private sector where he was the head of cybersecurity policy, strategy and regulation for Goldman Sachs.

In his role at CISA, he oversaw an assortment of initiatives to protect and strengthen federal civilian agencies and the nation’s critical infrastructure against cyber threats.

CISA Director Jen Easterly praised Goldstein’s contributions over the last few years.

“I could not be prouder of the work that Eric Goldstein has done to move CISA forward as an agency. He has helped catalyze a shift across the agency to data-driven risk reduction and built an inclusive team that has enabled CISA and our partners to confront the serious cyber threats facing our country,” Easterly said in a statement. “Under Eric’s superb leadership, we pioneered new models of operational collaboration, reshaped our ability to detect and address cyber risks and shifted the balance toward building technology that is secure by design. I consider myself fortunate to be Eric’s teammate and know that he will carry his dedication to a secure and resilient nation forward in his next adventure.”

Federal cyber leaders on the move

Goldstein’s decision to leave government comes two days after Chris DeRusha, the federal chief information security officer, announced his decision to move on.

The departures of DeRusha and now Goldstein are also causing several other changes across CISA. Mike Duffy, the associate director for capacity building in the cyber division, is taking a detail to be the acting Federal CISO. On top of Duffy’s leaving, even for a short time, CISA has also seen several other senior cyber leaders head out the door, including Sean Connelly, who led the federal zero trust and Trusted Internet Connections efforts.

Among his accomplishments during his time at CISA include leading an effort to create the first ever CISA cyber strategic plan last summer, which he said will fundamentally shift the way the agency works, how it prioritizes resources and how they work with their stakeholders.

During his tenure, CISA issued seven emergency cyber directives for agencies, including one in April around Russian hackers taking advantage of a Microsoft vulnerability, to address immediate threats.

Another big focus over the last three years was the Federal Enterprise Improvement Team (FEIT), which the agency funded through a portion of the $650 million CISA received under the American Rescue Plan Act of 2021.

This was Goldstein’s second stint in government. He worked from 2013 to 2017 at CISA’s precursor agency, the National Protection and Programs Directorate, in various roles including policy advisor for Federal Network Resilience, branch chief for Cybersecurity Partnerships and Engagement, senior advisor to the assistant secretary for cybersecurity and senior counselor to the undersecretary.

CNN first reported Goldstein’s departure.

The post Second senior cyber leader this week to exit federal service first appeared on Federal News Network.

Brian Epley, the principal deputy CIO at the Energy Department, will be the new technology leader at Commerce, Federal News Network has learned.

Epley replaces Andre Mendes, who left in in January to join Tarrant County, Texas to be its CIO. Epley will join Commerce on June 3.

Epley joined Energy in September 2022 as its principal deputy CIO and previously worked at the Environmental Protection Agency for six years as the deputy CIO and as the deputy assistant administrator for administration and resources management.

Multiple emails to Commerce seeking comment were not returned.

Epley has been in and out of government for his entire career. He served as the Homeland Security Presidential Directive-12 (HSPD-12) program director at the Department of Veterans Affairs from 2005-2007. He worked as a program manager at Northrop Grumman and CSC, and worked as a consultant for North Highland and for his own company InterSolve-IT.

During his time at Energy, Epley has led the CIO office’s day-to-day operations and assisted with the formation of the office’s strategic direction for the protection and modernization of IT, cybersecurity and data usage across the DOE enterprise.

Over the last two-plus years, Epley also led several specific IT initiatives. He helped moved the department forward to modernize its network and telecommunications infrastructure through the Enterprise Infrastructure Solutions (EIS) contract from the General Services Administration. In its April 2024 report, GSA says Energy has moved more than 80% of circuits to its new contract.

Additionally, Epley lead the effort to develop an artificial intelligence sandbox to safely test out capabilities and tools and led the recent project to establish a five-year enterprise license with Microsoft that is costing the department 19% less than previous contracts.

A third big focus areas for Epley over the last few years has been to update the Energy Department’s five-year IT strategic plan, which hadn’t been updated since 2022, and play a significant role in hiring the CIO office’s senior leadership team.

In coming to Commerce, Epley inherits a $2.9 billion IT budget, according to the Federal IT Dashboard. Of that, $2.1 billion is considered operations and maintenance or about 72% of all spending.

The dashboard also shows most of Commerce’s 98 major IT investments are in good shape, with 78 receiving a “green” rating, meaning low risk of failure. On the most recent Federal IT Acquisition Reform Act (FITARA) scorecard, Commerce earned a “C” grade, receiving low scores on its cybersecurity, transition to the EIS contract and its adoption of cloud computing requirements.

Epley also inherits a Commerce IT modernization strategy that has been focused on moving to software-as-a-service (SaaS) and a troubled financial management modernization project.

The post Energy deputy to take over as new Commerce CIO first appeared on Federal News Network.

The Office of Management and Budget confirmed DeRusha is leaving. Federal News Network also has learned that Mike Duffy, the associate director for capacity building in the cyber division at the Cybersecurity and Infrastructure Security Agency at the Homeland Security Department, will take over on an acting basis.

“Since day one of the Biden administration, Chris has been instrumental in strengthening our nation’s cybersecurity, protecting America’s critical infrastructure, and improving the digital defenses of the federal government,” said Clare Martorana, the federal chief information officer, in an email statement to Federal News Network. “I wish him the best, and know he will continue to serve as a leading voice within the cybersecurity community.”

Duffy will begin his detail next week, according to an internal email obtained by Federal News Network.

DeRusha joined OMB in January 2021, coming over from the Biden presidential campaign. He also worked as CISO for the state of Michigan and spent five years at DHS and two years as a senior cyber advisor for the White House.

OMB didn’t say when DeRusha’s last day would be nor where he is heading next.

“From the beginning of the Biden-Harris administration, and even before, Chris DeRusha has been a steady, guiding leader. As Deputy National Cyber Director with ONCD – while continuing his excellent work as federal CISO – he has been a trusted and valued partner,” said National Cyber Director Harry Coker, Jr., in a statement to Federal News Network. “Chris’s keen insights, experience, and judgement have been integral to the work we’ve done and what we will continue to do to strengthen our nation’s cyber infrastructure. I’m grateful for his commitment to the American people and to the Biden-Harris Administration.  All of us at ONCD wish him the very best in his next chapter.”

DeRusha has played a key role in advancing many of the White House’s cyber priorities, including the writing of and the implementation of zero trust strategy, and overseeing the federal agency responsibilities outlined in President Joe Biden’s cyber executive order, particularly around software security and applying phishing resistant multi-factor authentication.

Ross Nodurft, the executive director of the Alliance for Digital Innovation (ADI), an industry association and a former OMB cyber chief, said DeRusha’s impact across the government has been significant.

“Chris DeRusha, his teams at OMB and ONCD, and his partners at CISA and across the CISO community have made significant strides in making our federal government more secure and resilient. In many cases, Chris has guided federal agencies into security postures and architectures that are ahead of many commercial companies,” Nodurft said. “He has driven governance processes that prioritize risk management and helped make cybersecurity a consideration in the beginning of technology decisions as opposed to a bolted on afterthought.  The government will miss his leadership, energy and vision.  ADI is thankful that Mike Duffy will be stepping in to keep up the drumbeat of cybersecurity and zero trust implementation and modernization.”

Over at CISA, Duffy said Shelly Hartsook, the deputy associate director, would be taking over for him on an acting basis. During his tenure at CISA, Duffy took on several large priorities, including modernizing the continuous diagnostics and mitigation (CDM) program, helping agencies implement the zero trust maturity model and helping to stand up and advance several cyber shared services for agencies.

Duffy said in his email to staff that it was an “honor to answer the call” to be acting federal CISO and advance the administration’s cyber priorities during this time of change.

“Mike Duffy will do an outstanding job as the acting federal chief information security officer.  As associate director here at CISA, he has spearheaded efforts to evolve and operationalize our Continuous Diagnostics and Mitigation program, unveiled a new enterprise-wide approach to operational cybersecurity alignment, and led the expansion of CISA’s cybersecurity shared services to critical infrastructure,” said CISA Director Jen Easterly in a statement. “Mike’s vast experience, strong partnership acumen, and strategic approach to federal cybersecurity will make for a seamless transition and continue to drive sustained progress across the federal government.”

A former government official, who didn’t get permission to speak to the press, said Duffy is an excellent choice to be the acting federal CISO.

“I can only think of a few people who can hit the ground running as quickly and efficiently as Mike will in his role as acting federal CISO,” the former official said. “From continuing the modernization of the federal enterprise to collaborating with both domestic and international, private and public partnerships, increasing the focus on critical infrastructure and securing elections, Mike is well-positioned to lead the office.”

This story will be updated as more details emerge.

The post Federal CISO DeRusha leaving first appeared on Federal News Network.

• The Army's Chief Information Officer continues his march to revamp technology policy, with two new ones on tap in the coming months. The Army's next set of policy updates are around generative artificial intelligence and large language models, and the continuous authority to operate. Leo Garciga, the Army CIO, said the GenAI and LLM policy is weeks away. "It's really going to be focused around mostly data protection, and what we think the guardrails need to be and what our interaction between the government and industry will look like in this space," Garciga said, adding that the continuous ATO policy will focus on six critical controls. It is expected out later this summer.
  (Next Army IT policy update: GenAI, C-ATO - AFCEA NOVA)
• The Defense Innovation Unit launched a new emerging technology portfolio, which will focus on technologies including quantum, hypersonics, advanced materials and propulsion, microelectronics, nanotechnology and additive manufacturing. The portfolio will coordinate closely with National Security Innovation Capital, which funds companies developing emerging hardware technologies. This is DIU’s seventh portfolio. The portfolio’s first solicitation is already live.
  (DIU launches new emerging technology portfolio - Defense Innovation Unit)
• The Office of Personnel Management is brainstorming ways to make in-office work more appealing to federal employees. Things like special in-person events, team building activities and strategic planning sessions could help ensure in-person work makes sense, OPM Acting Director Rob Shriver said. At the same time, Shriver said OPM is also focused on bringing more attention to employees’ mental health and wellness, especially now in a hybrid work environment. OPM is looking to bridge together in-person opportunities and mental health awareness in the hopes of improving the overall employee experience.
  (From burnout to balanced: A conversation with the nation’s doctor - Office of Personnel Management)
• A watchdog report said breakdowns in leadership led to the Department of Veterans Affairs paying nearly $11 million in bonuses to career executives not eligible to receive them. VA’s inspector general office said the department gave critical skills incentives to more than 180 executives. But Congress authorized those incentives to retain in-demand workers, such as police officers, housekeepers and food service workers. VA said more than 90% of critical skills incentives went to eligible recipients and that it continues to recoup bonuses it shouldn’t have awarded.
  (VA improperly awarded $10.8 million in incentives to central office senior executives - VA OIG)
• The Federal Deposit Insurance Corporation (FDIC) is in need of "cultural and structural change" to reverse years of workplace harassment, discrimination and other interpersonal misconduct. Those are the findings of the Special Review Committee of the FDIC’s Board of Directors. The committee issued the report in late April, as requested by the FDIC board, after a scathing Wall Street Journal story in November found systemic problems with the workplace culture. In the report, the committee made seven recommendations, including developing a more transparent and timely process for communicating about workplace investigations, and implementing leadership and management training focused on creating a working environment that is psychologically safe.
  (Special committee concludes FDIC needs cultural, structure changes - FDIC.gov)
• DoD’s new software acquisition pathway has gone some way toward speeding up software development, but Defense officials said the procedures have not taken off as quickly as they hoped. To help speed up adoption, the assistant secretary of Defense for acquisition is standing up a cadre of software experts. Their job will be to consult with program managers on how to use the software pathway and adopt agile methodologies. Congress first ordered the creation of that team in the 2022 Defense authorization bill.
  (DoD stands up ‘SWAT team’ to help speed software acquisition - Federal News Network)
• Federal records requirements for UFOs are coming. The National Archives and Records Administration released guidance for information needed to create and manage the unidentified anomalous phenomena (UAP) records collection. The 2024 National Defense Authorization Act required NARA to establish the collection to make federally held information about unidentified aerial phenomena available to the public. Agencies have until October to review, identify and organize each UAP record in its custody for disclosure and transmission to the National Archives.
  (National Archives releases guidance on unidentified anomalous phenomena - National Archives and Records Administration)
• An in-depth Air Force study to Congress recommends moving all National Guard space missions into the Space Force. But pushing against the move are all state governors, a bipartisan group of 85 lawmakers and the Air National Guard. The 2024 defense bill required the Pentagon to examine the feasibility of giving the Space Force its own Guard component, leaving things as they currently are, or moving Guard space units to the Space Force. The study found that overall costs for all options are about the same and that the Air Force has the capability of executing any of those options.
  (Air Force study recommends moving Guard units into Space Force but opposition mounts - Federal News Network)

The post Army CIO Leo Garciga continues his march to revamp technology policy first appeared on Federal News Network.

OMB last week officially created the replacement for the Joint Authorization Board (JAB), called the FedRAMP Board. The new board will provide executive oversight and governance of the program.

An OMB spokesperson says the board, which is made up of seven people, including legislatively-mandated representatives from the General Services Administration, and the departments of Defense and Homeland Security, also includes representatives from the Department of Veterans Affairs (VA), the Department of the Air Force, the Cybersecurity and Infrastructure Agency (CISA) and the Federal Deposit Insurance Corporation (FDIC). Experts from GSA, DoD and DHS made up the JAB from the start.

“One of our key priorities in selecting members of the FedRAMP Board is to strike the right balance between retaining experience and institutional knowledge from agencies that were part of the Joint Authorization Board (JAB) while also including diverse agency viewpoints into the FedRAMP strategic setting process,” said Drew Myklegard, deputy federal chief information officer in OMB, in an email to Federal News Network.

New policy still in draft

OMB initially introduced the idea of the FedRAMP Board as part of its draft policy update released in October. The spokesperson didn’t offer any insight to when the OMB would issue the final memo.

But Federal CIO Clare Martorana said the new memo and related efforts come at a key time for FedRAMP, which is relying on guidance that is more than 10 years old.

“This is a pivotal moment to evolve the FedRAMP Program, aligning it with the dynamic cloud landscape of today and tomorrow,” Martorana said in a statement. “Our schedule included time for an inclusive and collaborative policy design process, where we actively solicited feedback from government agencies, industry, and the general public. By considering diverse perspectives, OMB will help to ensure that our new policy will stand the test of time.”

The Office of Information and Regulatory Affairs in OMB’s Regulations.gov website shows Martorana’s office received 290 comments on the draft guidance.

GSA today also added another piece to the FedRAMP revamp, making changes to the membership and chairperson of the Federal Secure Cloud Advisory Committee (FSCAC), which are effective May 15.

The FSCAC advises FedRAMP on the adoption, use, authorization, monitoring, acquisition and security of cloud computing products and services.

GSA named Larry Hale, GSA’s deputy assistant commissioner in the Office of Information Technology Category Management in the Federal Acquisition Service, the new chairman, and added two new industry members and extended two current committee members.

GSA established the FSCAC, which will hold its next meeting on May 20, in February 2023. Its recommendations complement the FedRAMP Technical Advisory Group, an advisory body of federal technical experts, as well as the FedRAMP Board.

Chairperson, vice chairperson to be named

While OMB sorts through the comments on the draft FedRAMP memo, it went ahead and replaced the JAB with new members.

OMB says the board CIOs, chief information security officers (CISOs) as well as a deputy CIO, whose focus is in engineering, and CISA’s technical director for cybersecurity.

OMB and GSA will each designate a non-voting member to be chairperson and vice chairperson of the board, who will manage its overall agenda.

The spokesperson said one of the board’s first actions will be to approve a charter that will finalize details around terms. In general, all members of the board will serve time-limited terms and are expected to rotate over time. DoD, DHS, and GSA will consistently have representation on the FedRAMP Board, as established by the FedRAMP Authorization Act.

The spokesperson says the board will have similar responsibilities as the JAB such as reviewing and approving FedRAMP policies and requirements. It will oversee the overall health and performance of FedRAMP, and will work within the federal community to expand the authorization capacity of the FedRAMP ecosystem

The board, however, is not expected to participate in the approval of individual authorization packages.

“We are currently planning the inaugural FedRAMP Board meeting.  The FedRAMP Roadmap and feedback from the Federal Secure Cloud Advisory Committee (FSCAC) will inform the board’s overall agenda,” the OMB spokesperson said. “The FedRAMP Board’s early priorities will include ensuring a smooth transition from the JAB and its provisional authorizations and any work in progress that directly affects customers, engaging with the federal community to increase the number of FedRAMP authorizations performed by one or more agencies, and working with the FedRAMP program to support updated performance metrics, greater consistency across authorization processes and continuous monitoring, and other FedRAMP roadmap initiatives.”

The post OMB forms replacement for FedRAMP JAB first appeared on Federal News Network.

Zscaler makes a key hire of a former federal technology leader to expand its global reach and influence.

These are two of the most recent federal executives on the move.

Eric Hysen, the DHS chief information officer, announced on Monday that Hemant Baidwan will be the new CISO, taking over for Ken Bible, who retired on March 29.

“Hemant has been instrumental in enhancing the department’s cybersecurity posture,” Hysen wrote in an email obtained by Federal News Network. “His background spans both the public and private sectors, where he has excelled in IT development, agile application deployments and strategic expansion globally.”

Meanwhile, Zscaler is hiring Brian Conrad, the former acting director of the cloud security program known as FedRAMP, Federal News Network has learned.

Conrad, who left the General Services Administration on March 22, will be the new director of field compliance authorizing authority liaison.

“We want Brian to own all the relationships with all the FedRAMP-type of agencies or organizations across the globe,” said Stephen Kovac, the chief compliance officer and head of global government affairs at Zscaler. “Many countries have similar organizations like FedRAMP, which act as an authorizing agency. Many are going down the path of secure by design as well, which we think will be huge internationally, so you’ve got programs that are maturing and may not be where FedRAMP is today, but all are trying to mature their processes. Brian has worked with all these folks over the years, but has been more of a friendly coach to many of these agencies. By him joining, this will allow us to build out global practice and build those relationships.”

Kovac said companies ranging from Japan to Singapore to Spain to India to United Kingdom are maturing their cloud security oversight organizations.

He said Conrad can bring a technical acumen to the conversation that will benefit Zscaler as well as the organizations themselves.

“From the earliest days of the FedRAMP program, Zscaler has been an innovator, working to ensure the federal government can deliver modern digital government services, securely,” Conrad said in a release. “Implementing a zero trust cybersecurity framework is mission-critical for every organization, and we must stay focused on separating the signal from the noise. I’m excited to join a team that aligns with my vision of building a secure global digital ecosystem.”

Conrad’s decision to join Zscaler comes after he spent the last five-plus years working for GSA. He was the acting FedRAMP director for the last three years.

GSA is hiring a new FedRAMP director and held information sessions about the position on Monday and today.

Before joining GSA and FedRAMP, Conrad was an officer in the Marines Corps where he worked the Marines Systems Command, the Marines Corps College of Distance Education and several other commands. After retiring from the Marines Corps, Conrad worked at Booz Allen Hamilton before coming back to federal service.

Similar to Conrad, Baidwan joined the government after spending the early part of his career in industry.

Baidwan has been the deputy CISO at DHS since 2021 and has worked in the CIO’s office since 2015 in an assortment of cyber roles.

He also worked at the Immigration and Customs Enforcement directorate as the governance and risk management section chief.

With Baidwan taking on the new role, Hysen said Antonio Scimemi will be the acting CISO. Scimemi has overseen the CISO cybersecurity assessments division and led the effort to develop the agency’s unified cyber maturity model.

He also was the deputy CISO and acting director of IT operations at ICE.

The post DHS hires new CISO; Former cloud security lead lands new job first appeared on Federal News Network.

Up until about a year and a half ago, the 16,000 employees who make up the Office of the Secretary of Defense were the biggest technology user base in the Defense Department that didn’t much resemble an IT enterprise. Collectively, the organization is bigger than the Space Force and many large DoD agencies, but from an IT perspective, the nearly two dozen entities that comprise OSD were largely left to their own devices — figuratively and literally.

But an enormous amount has changed since October 2022, when DoD created a new CIO position to unify 17 OSD staff assistant offices and four agencies into a coherent IT management structure. Most recently — just this month — everyone involved signed a memorandum of agreement to make clear all assigned roles and responsibilities.

“Over the past 10 to 15 years of IT efficiency and consolidation drills, there was a lot of movement of money and resources, but nothing was written down,” Danielle Metz, OSD CIO said during Federal News Network’s DoD Cloud Exchange 2024.

“Since we weren’t really united and no one viewed themselves as part of a collective, everyone had different expectations, different thoughts. And because we didn’t have a memorandum of agreement that articulated the common services that were going to be delivered by the service provider — and the price points and metrics associated with that — there wasn’t an understanding of whether what was being delivered was considered good, what was considered not so good and how to correct that. All of that needed to be sorted through. And so just getting that baseline is what we’ve endeavored on in the past 18 months.”

The service provider is the Defense Information Systems Agency, which has been delivering IT services to tenants inside the Pentagon and the National Capital Region through its joint service provider since 2015, when DoD ordered an earlier consolidation of its IT service providers.

Buying, managing IT services at an enterprise level

But until recently, each OSD organization has been on its own when it comes to ordering and implementing those services, depending on their needs, and figuring out for themselves how to use them.

“We’re now acting as an enterprise instead of individual fiefdoms, and that it works two ways,” Metz said. “One is that we have collective buying power, but we also are able to advocate for the resources that we all need and not just the piece parts by those who were able to navigate the Planning, Programming, Budgeting and Execution process on their own, which is what was happening. There were a lot of organizations that were struggling, and the whole point of a CIO is to democratize access so that we don’t have winners and losers.”

In its initial stages, beyond creating usage, spending and user experience baselines, Metz’s new office — part of the Pentagon’s Directorate of Administration and Management — has had some early wins in deploying common services to the parts of the DoD “fourth estate” that fall within the new OSD enterprise portfolio.

For unclassified email and collaboration services, all 21 of the organizations have now moved to DoD 365, the Pentagon’s cloud-based implementation of Microsoft 365. As of this month, all but one of those organizations has also migrated to their secret-level systems to the new classified version of DoD 365, eliminating the need for a hodgepodge of aging information sharing tools at Impact Level 6.

Migrating those systems to a single cloud environment also helps mitigate the network fragmentation DoD organizations have been creating for the last several decades.

“It doesn’t make those fragmentation issues irrelevant, but it helps us prioritize the fact that we do need to do some network simplification, both on our unclassified and classified networks. That’s what DISA has been leading with what they call DoDNet,” Metz said. “We’re working with DISA to accelerate their plans to have that in the Pentagon, so that you don’t have like a Pentagon local area network that’s kind of sandwiched in between all these other various networks, whether it’s classified or unclassified. We really do need to streamline and simplify the network because we have a lot of network outages. We have performance issues.”

Moving toward a single budget for OSD IT

Another major objective: figuring out how to create a unified IT budget for nearly two dozen organizations with widely varying missions, expertise and needs.

Metz said the most sensible way to provide for each organization would be to create a single working capital fund for the entire enterprise’s IT expenditures, rather than forcing each of them to plan their technology budgets via DoD’s arduous and rigid PPBE process.

“In that model, you’re using your crystal ball to assess what is the technology that we need to be able to implement, and then you have to get a lot of details to be able to come up with a funding profile over five years — but you’re doing it two years out, and you’re going to be wrong. And even if you have it programmed, if you’re operating under a continuing resolution, you don’t have access to those dollars. It really slows your ability to drive the important changes that need to take place. In a working capital fund or fee-for-service model, you’re able to make those capital investments and technology insertions a lot more gracefully instead of having to do big bang approaches — which we know in technology never ever works.”

Discover more articles and videos now on Federal News Network’s DoD Cloud Exchange event page.

The post DoD Cloud Exchange 2024: OSD’s Danielle Metz on moving from ‘fiefdoms’ to coherent IT enterprise first appeared on Federal News Network.

From the Education Department to the Homeland Security Department to the Air Force to the Defense Information Systems Agency (DISA), federal leaders are retiring or heading to new opportunities in the private sector.

Starting with the Education Department, Luis Lopez, the chief information officer since December 2022, is leaving on March 22 for a job with INOVA Healthcare.

An Education Department spokesman confirmed Lopez is leaving for the private sector.

“We are preparing for a smooth transition by posting the position before he departs,” the spokesman said.

It’s unclear who will be acting CIO when Lopez leaves. Education already put out the job announcement to hire a new CIO. Applications are due by March 14 so only a two-week opening.

Federal News Network has learned Lopez will be vice president of IT operations for Inova Health Care Services.

Lopez has worked in federal service since 2008 and been with Education since 2017.

In his short time as CIO, Lopez said in a recent interview that he set up a customer advisory council last summer to help explain to non-IT executives why the 2014 law matters to them and it’s more than just a technology priority. He also led the effort to consolidate and standardize the number of video teleconferencing and collaboration tools used by Education Department employees.

Along with his work at Education, Lopez also worked at the Defense Health Agency and the Walter Reed National Medical Center.

Joining Lopez in heading to the private sector are two other technology leaders.

Federal News Network has confirmed Drew Malloy, the technical director for DISA’s Cyber Development Directorate, and Robert Wood, the chief information security officer at the Centers for Medicare and Medicaid Services, also are leaving for new positions outside of government.

Malloy, who has been with DISA for 14 years and served in government since 2003, will join a small systems integrator.

Malloy has led DISA’s cyber directorate since 2020 where he oversaw the agency’s portfolio of cybersecurity capabilities, including identity and access management, the Joint Regional Security Stacks, cybersecurity situational awareness and zero trust.

He wrote on LinkedIn that he also “developed the modernization strategy for our network and security architecture in accordance with zero trust principles resulting in Project Thunderdome for the DoD enterprise.”

It’s unclear when Malloy’s last day will be or who will replace him even on an acting basis.

In addition to running the cyber directorate, Malloy ran DISA’s services development directorate and was the chief engineer for the Cyber Situational Awareness and Analytics Division.

He also worked at Naval Research Laboratory before coming to DISA.

CMS CISO Wood taking new role

As for Wood, who has been CMS CISO since November 2020, he will join a new venture with Sidekick Security, while also continuing to invest in and grow the non-profit Soft Side of Cyber.

Federal News Network has learned that CMS deputy CISO Keith Busby will be stepping up to lead the program until a permanent CISO is hired.

During his time at CMS, Wood focused on improving the culture at CMS around cybersecurity, building a security data lake to break down silos and advancing the technology strategy through cyber enablement.

Before joining CMS in 2020, Wood spent most of his career in the private sector working in cybersecurity positions with Cigital, Simon Data and N95.

Retirements at DHS, Air Force

Two other federal technology leaders decided it was time to call it a career.

Ken Bible, the Department of Homeland Security’s chief information security officer, and Eileen Vidrine, the Air Force’s chief data and artificial intelligence officer, have submitted their retirement papers.

Bible said his last day will be March 29 and has no firm plans for his post-federal life.

“I am looking forward to taking some time to enjoy my home in Charleston, S.C. and perhaps engage in helping in both the education arena as well as helping at the state and regional policy levels in the future,” Bible said in an email to Federal News Network.

He has been DHS CISO since January 2021 and worked in government for almost 39 years. Bible, who received a 2023 Presidential Rank Award,  started his career in 1985 at the former Charleston Naval Shipyard, where he rose to be a nuclear qualified engineering supervisor for three engineering branches.

During his time at DHS, Bible launched a pathfinder last summer to begin evaluating existing contractors with cyber hygiene clauses in their contracts and focused on addressing broader supply chain risks through a strategy.

Before coming to DHS, Bible served under the headquarters Marine Corps Deputy Commandant for Information as the assistant director for the information command, control, communications and computers division (IC4). He also served as the Marine Corps’ deputy CIO and CISO. Additionally, he worked at the Space and Naval Warfare Systems Command (SPAWAR) for almost two decades.

Vidrine is retiring on March 31 after 38 years of federal service.

She has been the Air Force chief data officer since 2018 and CDO/CAIO since January 2023 when she returned to the service after a one-year detail serving as the senior strategic advisor for data to the Federal Chief Information Officer in the Office of Management and Budget.

Last March, Vidrine told Federal News Network that her new title reflects the central role data has in getting AI projects off the ground.

Vidrine said AI readiness for the department comes down to establishing a baseline set of data and AI skills for airmen and guardians, as well as making sure they have access to the digital infrastructure and tools needed to advance breakthroughs in AI research.

Vidrine began her government career in 1986 as an enlisted member of the Army where she received her commission in 1987 through the U.S. Army Officer Candidate School Program as an Army transportation officer.

From 2006 to 2012, Vidrine served in various positions of leadership at the Office of the Director of National Intelligence culminating as the chief of staff for the Assistant Director of National Intelligence for Human Capital.

Army PEO-EIS leader moving to new agency

Finally, one federal executive who isn’t leaving federal service, but is on the move to a new role.

Rob Schadey, the acting deputy program executive officer for the Army’s PEO-Enterprise Information Systems (PEO-EIS), is joining the Defense Counterintelligence and Service Agency (DCSA) to be the program manager of the National Background Investigation Services.

Federal News Network has learned Schadey’s last day will be in March and it’s unclear who will take over for him even in an acting role.

Before stepping into the acting deputy PEO-EIS role in January, Schadey served as the assistant program executive officer and as the director of the business mission area, both at PEO-EIS.

As the program manager for NBIS, Schadey will have to continue to modernize the systems that help federal employees obtain security clearances.

OMB recently approved the Personnel Vetting Questionnaire (PVQ) in November, according to the third quarterly update on the “Trusted Workforce 2.0” initiative from the Performance Accountability Council. The questionnaire consolidates the SF-86, “Questionnaire for National Security,” along with several other vetting questionnaires used for federal jobs, including public trust and non-sensitive positions.

DCSA is now working on plans to integrate the PVQ into the new “eApp” web portal for background investigation applications as part of its NBIS.

The post Education, DHS among agencies seeking new IT leaders first appeared on Federal News Network.

Since September, the Office of Management and Budget has been working in policy overdrive. Six draft or final memos came from OMB’s Office of the Federal Chief Information Officer.

On Sept. 23, OMB issued the long-awaited digital services memo to implement the 21^st Century IDEA Act.

About a month later, OMB offered draft updates to the cloud security initiative called Federal Risk Authorization and Management Program (FedRAMP) for the first time since 2011.

A week after that, the draft guidance for implementing the executive order on artificial intelligence detailed a host of new requirements for agencies.

Then there is the annual Federal Information Security Management Act (FISMA) guidance that dropped in early December with a specific focus on operational technology and internet of things devices.

And finally, OMB offered an early Christmas present in the form of the new requirements to ensure agencies are meeting the accessibility standards under Section 508.

Hopefully, the OMB staff took a breadth and some time off after that sprint.

Two months into calendar year 2024, OMB is revving back up to finalize many of these policies.

Federal News Network checked in with Federal CIO Clare Martorana to see what stood out to her in 2023 and what her priorities are for 2024. The following email conversation is edited only for style and clarity.

FNN: 2023 was a busy year for the Office of the Federal CIO. What are some of your office’s efforts that may not have received as much attention or notice, but will have a big impact on federal IT sector in the years to come?

 Martorana: Above all else, our north star is delivering for the American people. We need to ensure that Americans’ experience with government matches the quality and experience of the private sector — and I think we have made great progress on this.

One of the things I’m most proud of is the work we’ve done in partnership with other federal offices — that’s how we can make a big lasting impact on federal IT, which benefits how Americans interact with government. For example, the Executive Order on Improving the Nation’s Cybersecurity was released early in the administration and it called for a transformation of federal cybersecurity, based on universal adoption of strong authentication, encryption and zero trust principles across the government. As a result of the efforts of my office, our partners at the Office of National Cyber Director and the Cybersecurity and Infrastructure Security Agency (CISA), we are seeing significant cultural and technological change across the federal enterprise to strengthen our cybersecurity posture.

We also partnered with CISA on CyberStat, a holistic program which strengthens agency defenses by addressing individual agency challenges, reducing the potential for successful attacks, and bringing risks to the attention of executive leadership when necessary, all while maximizing limited OMB and CISA resources. With over 6,000 attendees across 16 engagements in 2023, we provided agencies with the information and tools necessary to achieve specific security outcomes in a more consistent manner.

My office also works closely with the General Services Administration’s Technology Modernization Fund (TMF) Program Management Office (PMO). The TMF works in complement with the appropriations process, allowing agencies to quickly access capital to tackle the IT modernization needed to keep up with the fast pace of changing technology. In fiscal 2023, the TMF invested more than $177 million in 18 projects that improve how the federal government provides services to the American people, increasing public trust and making it easier to get the services they need.

Over the past year, we worked closely with GSA Technology Transformation Service (TTS) to ensure an integrated approach to tackling our biggest IT challenges. We continue to meet with GSA leadership on a weekly basis and our teams are engaging daily to support the implementation of our policies, such as helping develop and provide agencies access to tools that will help them deliver a digital-first experience to the public.

Lastly, I want to highlight the strong connection my staff has established with our budget colleagues to ensure funding and resources are aligned so that agencies can best secure their infrastructure and be on the road to digital transformation.

FNN: Of the policies/guidance your office did issue in 2023, which ones do you think will have the biggest impact in 2024 and why?

Martorana: Building off the customer experience executive order and the President’s Management Agenda Customer Experience Priority Area, in September, we released digital experience guidance to help agencies move faster to deliver the simple, seamless, and secure experience that the American people deserve. Some 430 federal agencies and sub-agencies provide information and services to more than 400 million individuals, families, businesses, organizations and local governments each year.

Digital is increasingly becoming the primary way that the public interacts with government and accesses the information and services they depend on. In order to provide the best possible customer experience — we must fix the digital experience.

Right now, everyone is talking about artificial intelligence and the power and potential that it yields. Our pending FedRAMP guidance will significantly scale the size and scope of the FedRAMP marketplace.

Another piece of guidance issued in 2023 that is having an immediate, positive impact in 2024 is our Digital Accessibility guidance, which is based on the idea that all Americans should have equal access to government. Sixty-one million adults in the United States have a disability, an estimated 15 million or more people have a temporary disability, and an estimated 40 million people are caregivers who provide support to a person with a disability. There is nothing more heartbreaking than someone being unable to use accessible technology to complete what should be a basic task. That’s why our Digital Accessibility guidance is so important; it helps build and sustain an accessible Federal technology environment that delivers for everyone.

FNN: What are your top 3 priorities for 2024 and why?

Martorana: Strengthening Office of the Federal CIO’s foundation to enable our staff to grow and thrive. They are working on the front lines across the Federal ecosystem to drive progress and positively impact the way services are delivered to the public each and every day. And while there is a lot of external attention on our policies, there is often little discussion on the people behind the policy. As I look at 2024, I’m so excited by our team and what we will be able to achieve together.

Supporting agencies in operationalizing the policies we issued over the past few years. Every agency is at a different place on their journey — our job is to ensure they have the executive support, shared services and tech talent needed to deliver results.

Ensuring continuity so agencies and tech teams across government can continue making progress in modernizing technology. We’ve delivered and we’ve built a strong foundation of tech policies that will span from year to year and across administrations. The American people deserve good government every day. Technology is critical to delivering a government that meets today’s expectations — and we must continue moving forward.

FNN: There is a lot of excitement around artificial intelligence in the public sector, how is your office trying to balance the excitement with all the challenges that come with AI?

Martorana: AI presents tremendous opportunities to improve public services, such as making it easier to access benefits, preventing drug shortages, or fighting wildfires. While we harness AI’s power for good, we also need to protect people from its potential risks. My goal as the Federal CIO is ensure the federal government is a leader in both using AI and managing its risks. That’s why we’re issuing extensive guidance to federal agencies on their use and governance of AI, which will be finalized this spring.

In the meantime, the AI EO directed agencies to name a chief AI official (CAIO), a senior agency representative responsible for driving consistent implementation of AI practices across their agency. I recently convened and [led] the first meeting of the CAIO Council, a new executive council that will coordinate the development and management of AI across agencies. We know that innovation relies on great minds coming together to rethink what is possible. Ensuring that the U.S. is a world leader in AI will require all of us — across government, academia, civil society, and industry — to be successful.

FNN: There is a lot of excitement over the special salary rate for IT/cyber workers, but agencies are struggling to implement and fund it. How is your office, with your partners in OMB, addressing this opportunity to use the SSR to help agencies recruit and retain the best talent?

Martorana: Now more than ever, we need technologists at the table to collaborate with our nation’s leaders and provide expertise on how best to launch products and services that are secure by design, digital by default, and accessible to people of all abilities. There are many entry points to federal government and we are continually trying to reduce barriers.

Late last year, we launched a new page on CIO.gov to serve as a “front door” into government for technologists at all levels. When you navigate to CIO.gov, you will see a banner with a call to action to join us.

If you are thinking about a career in civil service, I encourage you to check it out and consider putting your tech superpowers to work for your families, friends and neighbors.

FNN: What is your message to non-technology federal IT leaders, such as those in the finance or acquisition or mission areas?

 Martorana: Technology today is deeply integrated into nearly every facet of our federal operations and services. It presents both opportunities and threats that we cannot afford to overlook. All leaders — regardless of background — need to make technology a core priority. We can deliver a government that rivals our favorite consumer brands.

What it takes is a C-Suite — leaders beyond CIOs, CISOs, and chief data officers (CDOs) — it will take chief human capital officers (CHCOs), chief acquisition officers (CAOs), CFOs, general counsels and public affairs teams to align their efforts to support an agency’s technology journey map to modernize how they deliver products and services. They’ll reduce administrative burden for their workforce, improve employee engagement and inspire others to join us in the effort.

FNN: What is your message to federal IT vendors?

 Martorana: Read our final guidance to understand the federal government’s requirements and our draft guidance to understand where we are heading.

Know where agencies are on their IT modernization journeys and sell them the appropriate tools, technology and solutions — meet them where they are.

Let’s collaborate: we get the best ideas when we share lessons, challenges, and opportunities for delivering faster.

The post Federal CIO Martorana’s top 3 priorities for 2024 first appeared on Federal News Network.

Lily Zeleke, who became the deputy DoD chief information officer for information enterprise in 2022, “took over new responsibilities” in the DoD CIO’s office on Thursday, Cmdr. Tim Gordon, a Pentagon spokesman told Federal News Network via email. He did not specify what those new responsibilities are.

Bill Dunlap, who had served under Zeleke as the information enterprise office’s principal director, is now the acting deputy CIO for information enterprise, Gorman said. Dunlap previously served as CIO at the Defense Advanced Research Projects Agency.

Zeleke herself held that same acting title for most of 2022 before formally taking the deputy CIO role last December. During that time, she oversaw the relatively trouble-free awards of the Defense Department’s first ever enterprise-wide cloud computing contracts, the Joint Warfighting Cloud Capability to Amazon, Microsoft, Google and Oracle.

The reasons for her departure from the deputy CIO position remain unclear. Zeleke did not immediately respond to questions sent via LinkedIn on Friday.

The post Zeleke departs deputy DoD CIO role, reasons unclear first appeared on Federal News Network.

It wasn’t that Rep. Gerry Connolly (D-Va.), co-author of the 2014 law and ranking member of the Oversight and Accountability Subcommittee on Cybersecurity, IT and Government Innovation, didn’t let others speak, though he is prone to enjoy the microphone like most lawmakers.

It was that he was the only legislator at the FITARA 17 roundtable last Thursday.

Subcommittee Chairwoman Nancy Mace (R-S.C.), for a second time since September, didn’t agree to hold a formal hearing so Connolly was left to host a roundtable that had no Republican participation.

“First, I want to mention how disappointed I am that our Republican majority has turned its back on the FITARA scorecard,” Connolly said in his opening statement. “The scorecard has been a bipartisan oversight project for more than eight years with Republican champions like [Reps.] Mark Meadows (R-N.C.), Will Hurd (R-Texas) and Darrell Issa (R-Calif.). It has helped save nearly $30 billion, closed 4,000 unnecessary data centers, expanded the use of working capital funds as flexible vehicles for IT modernization funding, almost doubled the percentage of federal IT projects using incremental development to deliver functionality and empowered agency Chief Information Officers (CIOs) with greater budget and procurement authority and a more direct reporting relationship to agency leadership. The scorecard sits at the heart of this subcommittee’s mandate to oversight federal IT.”

There now has been no formal FITARA hearing since December 2022, the 15^th iteration of the scorecard.

A House Committee on Oversight and Accountability spokesperson pushed back on Connolly’s notion that the majority has “turned its back on FITARA.”

“FITARA is a law concerning federal IT management and acquisition. Ms. Mace’s subcommittee has held a dozen hearings in the past year concerning not only federal information technology management and acquisition, but also pressing issues surrounding artificial intelligence, and cybersecurity. These hearings have been a critical vehicle for substantive oversight and the development of significant legislation,” the spokesperson said in an email to Federal News Network.

Mace held 12 hearings in 2023 looking at federal technology and cyber issues, with artificial intelligence receiving the most attention. She did hold hearing on legacy federal IT, the problems with Login.Gov and the continued struggles with the Defense Travel System program — all of which fall under the FITARA umbrella of oversight of federal IT projects.

Exactly why Mace will not hold a FITARA hearing is unclear. Maybe it’s not a “sexy” enough topic, like AI or ransomware, for her? Maybe it’s something different.

Either way, not holding a traditional hearing on FITARA is a missed opportunity for lawmakers, for agencies and for the overall goal of improving how agencies manage, spend and account for the nearly $100 billion spent on federal IT.

But getting away from the big “P” politics playing out between Mace and Connolly, the roundtable provided some important and new updates to federal IT oversight and progress.

Here are my three takeaways from FITARA 17:

EIS under review

The Government Accountability Office is dusting off the cobwebs from its “why did this transition take so long?” probing tool. GAO will begin looking this spring at the continued delays agencies are having in moving to General Services Administration’s Enterprise Infrastructure Solutions (EIS) contract.

“We’ll be able to really dig in deep and ascertain progress and the reasons why agencies are not able to make this transition on time,” said Carol Harris, GAO’s director of cybersecurity and IT, in an interview with Federal News Network after the Feb. 1 roundtable. “We’ll also dig into the missed cost savings as a result as well because that’s a huge component of this. But when you take a look at the progress that’s been made, certainly over the past two years, agencies have done their best and but still we still have, I believe, 14 agencies that did not meet the deadline.”

GSA gave the departments of Justice and Homeland Security until May 2026, while 80 other agencies have until May to complete their transitions.

Of the four agencies that participated in the roundtable, the Office of Personnel Management, the Nuclear Regulatory Commission and the U.S. Agency for International Development all completed transition. The Department of Housing and Urban Development reached the 80% mark as of December, according to GSA’s EIS transition progress dashboard.

As a reminder, the transition from FTS 2001 to Networx took 33 months longer than planned and cost the government an estimated $395 million, according to an analysis by GAO in 2014.

It’s clear this Networx to EIS transition may not meet the 33 month record, but the cost will exceed $395 million.

Cloud grades vs. cloud progress

The string of “Fs” filling the cloud computing category showing a lack of progress is striking when you first look at the FITARA scorecard. Of the 24 agencies, 16 received the lowest grades and six others received “Ds.”

As GAO’s Harris and Connolly said during the roundtable, the grades are supposed to be low given it’s a new category.

“[We are] introducing a new category and a new grade, therefore, we were expecting that we started at a lower base. The object here is to move up. So whatever we started with, we will be measuring it,” Connolly said. “We need to put that into perspective that it’s not like every federal agency just regressed in the last few months because they took large holiday breaks. It’s because we are introducing metrics that really matter. We’re starting at an uneven point with a lot of federal agencies.”

The cloud category is measuring agency progress against several of the areas the Office of Management and Budget outlined in its 2018 federal cloud computing strategy.

These include:

• Whether agencies are ensuring that the CIOs are overseeing modernization, Agencies have cloud service level agreements (SLAs) attached to all of their cloud deployments,
• Agencies have standardized SLAs

Harris said GAO is currently reviewing how agencies are meeting these requirements and used the results of that work to give agencies initial grades.

“What we’re seeing is uneven progress across the agencies. None of the agencies have fully implemented the five categories with the exception of the Defense Department,” she said. “That’s something that we need to see improved progress in. When I cited the 47% average [for SLA compliance]. That’s what we’re not seeing across the agencies in the implementation of this area.”

At the same time, what the FITARA scorecard isn’t measuring, which may be equally important, is the actual use of cloud services.

Take the Office of Personnel Management for example. Guy Cavallo, the agency’s CIO, said over the last two years, OPM has deployed over 35 new cloud-based applications that were previously on-premise. OPM also migrated over 100 business applications to the cloud that previously ran in data centers.

“Our goal is to have the majority of OPMs applications operating in the cloud by the end of this year,” Cavallo said.” Now, one of the benefits of utilizing cloud computing is the implementation of enhanced cybersecurity capabilities, such as data encryption, real-time security updates and patching, centralized monitoring and robust access controls. Today, all of those are improving the security of OPM’s applications, data and cybersecurity. We’ve had a number of successes there by leveraging machine learning and artificial intelligence to enhance our cybersecurity capabilities, allowing us to have real-time situational awareness, which allows us to quickly respond to and defend against threats. We also implemented data driven cloud-based dashboards to provide better visibility into our cyber status.”

Cavallo said OPM is far from done in moving to the cloud. But it’s clear that OPM’s “F” grade doesn’t entire reflect the real goal of moving data and applications out of data centers.

The same can be said for USAID, which received a “D”, and the Department of Housing and Urban Development and NRC, both of which received “F” grades.

NRC’s Feibus said the agency is transitioning legacy technology to the cloud.

“We’re developing solutions that focus more on current and future technologies, including artificial intelligence, machine learning and process automation to keep the agency innovative,” he said. “The NRC has also worked with the General Services Administration on a financial operations pilot. It is implementing the recommendations and best practices we learned to further enhance management of our cloud services. We have been able to locate additional workflows to the cloud to provide an additional layer of resilience to our technology operations.”

USAID’s Gray said by moving to the cloud, the agency has reduced the number of data centers from 87 to 2.

“Even technology refresh is something that historically would take weeks or months to do major upgrades. In my prior agency [Education], we were able to upgrade an entire data center over a weekend, that would never happen. There would’ve be a disruption, but that did not happen because of the cloud,” Gray said.

It’s clear that agencies need to improve how they oversee and manage cloud services, but let’s not confuse that area with the real impact of cloud services on IT modernization efforts.

Working capital fund compromise

If the Technology Modernization Fund (TMF) was the icing on top of the Modernizing Government Technology (MGT) Act cake, then the IT working capital fund (IT-WCF) is the cake itself.

Everyone can “ooh and aahh” over the icing, but when you dig into the MGT Act, authorizing IT working capital funds is what holds the act together and gives agencies hope that IT modernization is an achievable goal.

For the previous 16 iterations of the scorecard, Connolly and GAO graded agencies on whether they were meeting the spirt and intent of the MGT Act by implementing a specific IT working capital fund. Agencies received some partial credit for already having another fund that provides money for technology modernization.

For the 17^th iteration, one of the major changes is giving agencies credit for having any working capital fund that supports IT modernization.

After nearly a five years, Connolly realized that it’s not the agencies who didn’t want the IT working capital fund, it’s the appropriators who were less than excited to approve them. Sen. Maggie Hassan (D-N.H.) had planned to try to fix the MGT Act with a technical amendment in 2021, but that bill never moved.

Only a handful of agencies, including OPM and the Small Business Administration, have received approval from Congress to set these up. Others like the departments of Treasury, Labor and USAID have requested Congress give them the green light, but had no luck so far.

HUD is the latest agency to try to run the appropriator’s IT-WCF gauntlet.

Sairah Ijaz, HUD’s deputy CIO, said not having access to a working capital fund has impeded their ability to modernize technology as quickly as they would’ve liked.

“We do see some hope of that coming into the fiscal 2024. We’re hopeful that is something that we will be able to leverage in order to be able to quickly address some of the issues that are part of our long underlying strategies,” Ijaz said.

Like several other agencies, HUD does have a working capital fund out of its CFO office, but it doesn’t specifically support technology modernization.

“We are working to be able to begin the use of that working capital fund, and that’s part of the conversations we’ve been having with all of our counterparts about looking toward that in future appropriations. Currently, our appropriations do not allow for the use of a working capital fund,” Ijaz said. “It has hindered our ability to be able to be flexible, and be able to work toward modernizing our platforms. We’ve had to look towards other areas in order to be able to support our ability to fund some cyber needs. We’ve gone to the TMF and received some funding there to be able to manage that. Then we looked at reallocating some other costs in order to be able to support our cyber needs because that is most important at the moment.”

The post 3 takeaways from the FITARA 17 scorecard roundtable first appeared on Federal News Network.