Leonel Garciga, the CTO of the Joint Improvised Threat Defeat Organization (JIDO), broke from the traditional federal model with open source to get capabilities out faster.
“We are not just engaging the community in understanding what’s going on, but we’re able to really take these core packages that are out there of capabilities and expand them, and put them together in a way that meets our mission and pushes the cost down,” Garciga said on Ask the CIO. “Those tactics, techniques and procedures (TTPs) that the open source community is using are something we’ve adopted.”
The TTPs Garciga is referring to includes a secure agile or dev/ops methodology and maximizing automation, as well as becoming more open about who and how they share information with whether developers at a meet-up or a more formal sharing with a vendor.
“We are a lot more customer focused. We are embedded at the tactical edge with the customer so as you are doing these iterative builds, you are getting that instantaneous feedback,” he said. “What it’s really changed is that whole front-end requirements piece. That piece has become very much streamlined and point-to-point with the customer as opposed to a more traditional model where we write a huge architecture plan and an 800-page requirements document that may or may not get read. This is really more about engaging directly with the customer and being able to have that back-and-forth discussion as you build.”
Garciga said getting some capabilities out to the warfighter quickly and then improving them is better than waiting for all the new systems and apps all at once.
JIDO worked with Hortonworks to move to an enterprise platform using big data open source technologies like Hadoop to enable the agency to focus on those mission capabilities and worry less about the infrastructure.
Shaun Bierweiler, the vice president of Hortonworks U.S. Public Sector, said JIDO no longer has to maintain and sustain these projects themselves.
“Having a consistent platform from which you are able to access your data is essential, and having something that is secure and able to be consistent is huge as you are building your data driven applications and data driven systems,” Bierweiler said.
Garciga added that JIDO initially built its own big data platform using an assortment of integration approaches to bring the open source tools together. But quickly, JIDO found it was spending too much time and money on maintaining the integration efforts instead of developing capabilities for warfighters.
He said JIDO looked at what was available in the commercial sector and determined the HortonWorks platform met their needs.
Now JIDO spends less than 10 percent of their budget on infrastructure down from as much as 41 percent less than two years ago.
“Just being able to have an agnostic platform to work off of that has core components that we were already using definitely has given us a lot more flexibility to move out a lot faster,” Garciga said. “The challenge before was you almost had to do things in tandem. As new capabilities came out, you had to do some heavy lift on the infrastructure and architecture pieces to get to what’s next. I think that has been alleviated quite a bit. It also given us some time to rethink and relook at how we modernize and how we make sure architecturally we are set up to be on-premise, off premise or in the cloud.”
A key factor in moving to open source is to have the tools to review and ensure source code is secure.
Garciga said JIDO had to understand its risks of bringing in open source software.
“There still some bigger challenges around security. Things like how do you deal with third party libraries. If code was developed 10 years ago and it’s been static since, how do you assess risks around that?” he said. “That’s where the tools can help you do that. The bigger part around that is adjusting policy to support that. Across DoD, many folks are taking a more traditional approach where they are not interrogating source code on a daily basis. When you start looking at lot of the open source capabilities. you’re going to change the way you look at your security posturing and change the things you will look at.”
Garciga said JIDO moved to this new agile approach over the last two years. He said it was not only a matter of changing technology, but reskilling the workforce too.
“You may have a developer who knows how to program in C++ and you can teach them a new language because they have the base capabilities,” he said “There also going to be folks who may have been doing X function the last 4 or 5 years, but have the knowledge and expertise to be able to shift to a new area. And then you can redeploy and find somewhere for folks who can add to the mission that may not be within the new workflow,” he said. “Probably the hardest part was how do you shape policy and process that are not organic to the federal government. We spent quite a bit of time around reshaping our policies and processes to do this.”
He estimated JIDO changed about 40 percent of all employees’ skillsets over a six-month period, and the current move to sec/dev/ops will require another 30 percent change in the skillet of the workforce.
Garciga said he’d advise other CIOs and technology executives to have patience in the culture and technology changes.
“It will take time. There is a thought that you can take a template and say here is what we will do and it just happens, but that isn’t the case,” he said. “It’s all about being transparent about where you are going and setting the expectations on the level of knowledge needed. I spent quite a bit of time building the core contracts around innovation and getting to the next piece of technology. Part of that was focused on building very tightly wound service level agreements that really guide our entire contract approach. It’s having a contract with an open enough framework to allow folks to be focused on the delivery of a capability and not so much on the delivery of a widget.”