If Congress, administration want IT modernization, better cyber, fix the workforce

The 27th annual survey of federal chief information officers by Grant Thornton and the Professional Services Council should serve as a warning to Congress and the Trump administration.

Throughout each of the sections on IT modernization, cybersecurity and innovation, the one most common theme wasn’t the need for more policy and legislation. But time and again, CIOs and other IT executives said having the right people would make or break their efforts.

No real surprise here, I know. We’ve heard this concern before. But what’s different this time is the building crescendo of IT modernization. Between Congress likely passing its second IT-focused bill within the last three years, to the Trump administration’s 36-point draft modernization strategy, to the maturation of many of the Obama administration’s priorities like cloud, digital services and agile, the time to address the workforce challenges is now.

When Congress wonders why agencies aren’t moving to the cloud more quickly, or keep getting hacked, or continue to hang on to the waterfall approach for IT development, it all comes back to people and training. And that’s two areas where there is little-to-no talk about in Congress or the Trump administration.

Advertisement

Every public and private sector manager says they need more people, and most boards of directors —whether it’s the 535 lawmakers on Capitol Hill or some investment management group putting millions into a startup — know people tend to be the biggest cost they can control to an organization.

The difference for agencies, however, is they aren’t playing on the same field as the private sector, so a good year doesn’t portend more resources. And with agency reform plans focusing on shifting workloads, shared services and consolidations, the money to train or bring in employees with the necessary skillsets is hardly mentioned.

Rep. Will Hurd (R-Texas) is trying to address this challenge through his Modernizing Government Technology (MGT) Act, which the Senate included in the Defense authorization bill last week, giving it a clearer path to becoming law. The bill would let agencies retain savings by moving off legacy IT systems for up to three years.

Here’s the catch, and the PSC and Grant Thornton survey highlights this really well, the skillsets needed to successfully move off old technology and into the cloud, for instance, and shut down that old system just doesn’t exist broadly across the government.

“The CIOs are not the only ones feeling the impact of an under-resourced and skilled staff. One in four online respondents believe the lack of resources has a significant negative impact on staff morale and leads to staff burnout,” the survey states. “Shifting resources to tasks they are not qualified to do may result in significant rework and missed targets on CIO initiatives.”

Respondents say the hiring freeze and budget uncertainty also hampered the IT modernization initiatives.

When CIOs talk about agile and dev/ops, the people piece again is among the biggest roadblocks.

“Our survey saw responses related to not having enough skilled agile practitioners and trouble getting some groups on board with Agile, with a drop in responses related to procurement related issues,” the survey states. “This reinforces the point that, as more agencies adopt agile as the default, challenges begin to occur in other areas of the organization that are not used to the new speed of development.”

The survey found good news around the adoption of the agile methodology: 82 percent of all respondents say they are using this approach for almost half of their IT projects.

“Some CIOs continue to note a few of the same challenges implementing agile for large IT development projects from last year, but overall, there was a notable shift to CIOs reporting issues indicative of their agencies’ increasingly mature agile processes,” the survey states. “The agencies that are over the hurdle of initial agile adoption are reporting issues with non-development related activities. For example, one respondent said, ‘[One] challenge, not limited to agile, [is that] development [and] test environments do not allow for full-scale testing.’ Another respondent noted other challenges to adopting agile practices include difficulty with customer buy-in during development the process and weak points in load testing and performance.”

CIO respondents also say they are struggling with how to measure the effectiveness of agile delivery. It’s having the right metrics, but it’s also having the people who understand how to develop those metrics.

Again, the key word here is people.

Dev/ops also is gaining a stronger foothold in government. The survey found 75 percent of CIOs say they are adopting this approach to continuous improvement.

But the workforce challenges come out there, too.

“Some organizations have reported having trouble adapting to the DevOps culture, which may have been affecting its adoption rate,” the survey states. “The two most common issues contributing to the slow adoption of DevOps include a widespread lack of understanding what DevOps is and the difficulty of the cultural shift within existing organizations.”

The survey also pointed to the need for better training current staff on how dev/ops works.

“Part of DevOps is also failing quickly and recovering quickly to avoid large system downtimes. A big challenge, according to one CIO, will be getting agency staff to make the mental shift that ‘it is okay to fail and to fail rapidly… and letting people become comfortable with [that concept].’”

Without a doubt, the most discussed workforce challenge over the last decade has been in the cybersecurity realm.

The survey reinforces the need for more training, higher pay, and maybe for the first time, it shows agencies, such as the Homeland Security Department, that have tried to be more like the private sector by giving salary increases just aren’t working well enough.

“CIOs also expressed the continuing challenge of trying to recruit and retain qualified cybersecurity personnel. One CIO referred to ‘a very slow hiring process, and a security budget that was too small to attract and retain qualified cyber staff,’” the survey states. “Another CIO cited that even though they had a special hiring authority that allowed them to ‘pay a 25 percent pay bump for cyber staff, it isn’t high enough — it only gets 2nd and 3rd tier cyber talent, not the A team.’ Another stated, ‘we lack the cyber workforce because pay isn’t equitable with the private sector,’ and suggested they develop a cyber pay scale between GS-15 and SES rates to attract top cyber talent.”

What drives this point home even further is when PSC and Grant Thornton asked respondents what the biggest threats to their environment are, legacy IT, human error, malware, phishing campaigns were the top answers. All of which come back to training both IT workers and employees more generally.

There is light at the end of this workforce tunnel. The CIO Council recognizes the need to improve the hiring process to bring in needed skillsets more quickly. The council is holding a hiring fair on Nov. 6-7 in Silver Spring, Maryland.

Hurd has been talking about creating a cyber national guard of sorts, and once the MGT Act is on the books, he plans to turn his full attention to that effort.

But the Trump administration has a prime opportunity in 2018 — the 40th anniversary of the Civil Service Reform Act — to once and for all fix the General Schedule for many critical positions across government, and do it not based on studies by federal unions or conservative think tanks, but by listening to the people who do the hiring and are being hired.

Return to the Reporter’s Notebook