The State Department over the last two years has slowly moved to a more centralized technology infrastructure.
It will always have several networks and access points because of their global mission, but certain core functions like identity management and Office 365 are now enterprisewide capabilities.
Stuart McGuigan, who was the chief information officer at the State Department for the last two years before leaving on Jan. 20, said State is a much more agile today than when he arrived in 2018.
Insight by Sonatype: Stephan Mitchev, acting CTO at USPTO, discusses how USPTO is looking at supply chain issues to address cybersecurity concerns. Dr. Stephen Magill, VP of product innovation at Sonatype, provides an industry perspective.
A State spokesman confirmed the agency named Keith Jones as its new CIO on Jan. 21, becoming the first of seven agencies needed to name a permanent one.
“Cloud solves a lot of problems — access, availability. But the heart is an infrastructure play if you are just thinking about cloud. So what we have been pushing for is software-as-a-service,” McGuigan said on Ask the CIO. “One of the very interesting challenges with government work is the authority to operate (ATO) process. One of the objectives I was asked to take on when I arrived was to streamline the ATO process and make it faster. It’s in the way of developing new capabilities. I looked at it and it was complex. But if you are bringing in brand new technology and putting it on your network, you have to do the homework to make sure that you are not creating harm or a vulnerability of some kind. So yes, we can speed up the ATO, but by its very nature, it’s going to be involved, intrusive and technical. We said, ‘what if we could go around the ATO process in the sense of doing all of our development on an already ATO’ed platform?’ We have been pushing to software-as-a-service and the carrot is if you can get what you want done for your post, for your bureau or for your region in Salesforce, then you can use low-code, no-code configuration capabilities to be able to provide process support for your users, and because you are operating within a safe and secure platform, you don’t have to go through that overhead and delay. So speed to market is tremendously advantaged by using SaaS cloud based capabilities.”
He said by giving these offices a path to faster capabilities — 6-to-8 weeks versus 6-to-9 months — requiring them to use a standard platform has been attractive across the agency.
State recently held an application development summit in late 2020 that was open to any office or bureau around the world. McGuigan said he hoped to get about 200 people to attend, but more than 800 showed up virtually.
“To me it was one of those signs that we are understanding how to use cloud capabilities and agile, and we are believing in the model where we will collaborate and not command and control,” he said. “We will benefit from the innovations that could occur anywhere in the department and everyone would get access to the very best the department can do, or they can contribute something new and innovative and get rewarded for that.”
From that application development summit, State kicked off dozens of new projects got started because developers and others saw the benefits of the SaaS platform in terms of speed and security.
McGuigan said the huge turnout meant the agency has embraced this agile approach to development.
“We are using the summit as a starting point to collect what capabilities do we need to provide globally, on an enterprise basis, that they don’t have today that can help people do an even better job of bringing new features and functions to their users,” he said. “We’ve seen an enormous amount of activity and had to devote more leadership and focus from my office so we aren’t getting in the way of the speed of progress that the department wants to make as a whole.”
For State, this concept of agile started when McGuigan came on board in March 2018, but it really hit home during the COVID-19 pandemic. A strong majority of State Department employees didn’t work remotely before the pandemic, so getting employees up to speed needed both patience and flexibility.
“There were bureaus and functions that actually couldn’t do their job at all until we provided them with remote access. That gave us our focus and our sense of urgency,” he said. “We were able to incorporate some agile principles that otherwise were really difficult to incorporate into a large organization, the concept of a minimal viable product. It’s a concept that’s hard to sell when things are calm. It doesn’t even sound good. But the ability to focus on the essential features and functions a particular bureau or area needs to get online and get working allowed us to have a very lean approach to requirements and then to iterate, iterate and iterate. And because we were doing things that were very short cycle, the cost of rework was very low.”
He said developers would release new capabilities overnight and if they didn’t work, the investment wasn’t a big deal and State could quickly turn it around until they did work.
“The fundamental principles of agile, continuous feedback, deep engagement with the user and rapid iteration just became how we were operating and we didn’t spend a lot of time having philosophical debates on what agile is. We just did the work,” McGuigan said. “After a few months went by, we realized we got more done in a few months than we would’ve gotten done in a year or two in the past. We did it not by violating any sort of security principles or good processes. If anything, we doubled down on good cybersecurity and good deployment processes. One of the most important deliverables during this period is not a what, but a how. The ability of the organization to have confidence … to identify technology opportunities and rapidly deliver capabilities. It’s something that I think will endure well beyond my tenure.”
McGuigan said he’s unsure what he will do next, but would like to remain in the public sector community.
“What I think I learned is the people are stronger than I expected. I didn’t have low expectations. But they are just more capable, have a higher sense of urgency and have incredible creativity to get things to work,” he said. “What did surprise me was the structure challenges in just getting something that is more than a year long funded and underway. The fact we are talking about budgets that are multi-years out that already are mostly fully baked. It’s really hard to reconcile that type of planning with an agile mindset. I think there are vehicles to do it and I think we have had some support in creating those vehicles. I was surprised how much they could and did get done.”
McGuigan said he hopes the new CIO, which he did not know who it would be last week, would continue to build on the technology foundation established over the last few years, especially around collaboration and mobility.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
“The push should be to amplify those capabilities, to create even more secure mobile platforms so the diplomats and the officers of the future can go from their desk, their office, into a conference room or out in the field using their favorite device and having access to the resources they need to do diplomacy in the moment,” he said. “The person will have to look at what the critical success factors are in accomplishing the new administration’s policy goals and take the basic capabilities that have been well put in place and figuring out what’s the next thing to amplify. Analytical modeling and data analytics will be a big play. But more and more having the access to the same information and same tools across a variety of devices in a variety of environments where traditionally we have been hardwired.”