One of the architects behind the Small Business Administration’s IT modernization successes is taking his experience to the Office of Personnel Management.
Guy Cavallo, the SBA deputy chief information officer, will become the principal deputy CIO at OPM starting on Sept. 14.
“I’m looking forward to helping doing the same modernization at OPM that I helped lead at SBA,” Cavallo said. “My time at SBA is coming to an end, but I’m excited to move over to OPM and help them get modernized.”
Cavallo will leave SBA after more than three years. He joined in 2017 from the Transportation Security Administration where he was executive director of IT operations.
“This team has accomplished an incredible amount of progress over the past 3 ½ years, and I am extremely proud of all of our modernization efforts. Those efforts allowed SBA to be able to handle the massive expansion in size and information systems that we have absorbed to support the CARES Act,” Cavallo wrote in an email to staff, which Federal News Network obtained. “If we had not progressed as quickly as we had, I don’t know how SBA would have been able to support that incredible demand. We also have impacted federal policy by demonstrating the power of cloud cyber and having the Homeland Security Department change their approaches to the Trusted Internet Connections (TIC) and the continuous diagnostics and mitigation (CDM) [program]. So not only did we greatly improve the delivery of SBA’s mission, we also changed federal policy forever. My time at SBA is a time in my career that I will always fondly remember.”
It’s unclear who will replace Cavallo, even on an acting basis.
He becomes the second high-ranking SBA IT executive to leave in the last four months. Maria Roat, who spent almost four years as SBA’s CIO, left in May to become the deputy federal CIO.
In going to OPM, Cavallo almost is returning to the starting line. OPM CIO Clare Martorana told House lawmakers earlier this month about how much work she has to do to modernize the agency.
OPM brought in Martorana and David Nesting, as deputy CIO, to lead the office in February 2019. Both of them came from the U.S. Digital Service.
OPM’s technology infrastructure has been a problem for decades with different CIOs trying to get a handle on how best to modernize it.
In May 2019, OPM brought on the General Services Administration’s Centers of Excellence to address IT infrastructure and legacy technologies. But in the year since that agreement, OPM and the CoE remain in the discovery phase.
According to the Federal IT Dashboard, OPM has an IT budget of $147.3 million in fiscal 2020 and requested $129.6 million for 2021. OPM reports 73% of its projects are on schedule and 89% of its projects are on budget.
OPM’s largest spending, more than $21 million, is on security and compliance, while it also spends $14 million on retirement services and $11 million each on end user and application support services.
During his time at SBA, Cavallo helped lead a team that was known for its innovations and for taking smart risks.
Under the TIC and CDM programs, SBA showed how these programs could be done in the cloud. SBA proved to DHS and OMB that the outcomes were the same in using cloud tools as compared to on-premise tools.
“We are not matching control by control of the current on-premise TIC or CDM requirements,” Cavallo said in 2018. “We are getting alerts when people sign in from weird places or other potential threats.”
Additionally, Cavallo and team reduced the number of tools SBA had to manage as part of the cybersecurity modernization effort, meaning using 100% of the functionality of each tool instead of 5-10% functionality of 38 tools.
Beyond security, SBA also “burned its bridges” as it moved to the cloud and that decision paid off during the pandemic.
Cavallo said in July that upgrading the technology infrastructure to handle the surge in teleworkers and ensuring every employee had a laptop or tablet so they could do their work from anywhere and do it securely went smoothly because of the decisions made over the last few years.
SBA also took on initiatives like DevSecOps, which helped make it easier to modernize applications to respond to the Paycheck Protection Program and other requirements Congress put on the agency in the stimulus laws.