Array ( [0] => acquisition [1] => all-news [2] => management [3] => technology-main )

My two cents: Recommendations for the new federal CIO

Commentary by Keith Trippie
CEO of The Trippie Group

The Obama administration in February named a new chief information officer, Tony Scott, continuing to build its portfolio of top IT talent from the commercial space.

Great news.

Now for the rest of the story: Very little of the business and supply-chain mechanics enjoyed by our friends in Silicon Valley are in play today in the federal environment. And with less than two years left in the administration, what’s a new federal CIO to do?

Keith Trippie

While it’s not a lot of time, two years is enough to continue to build upon successes of your predecessors and to move the ball forward. But Tony, you will have to prioritize. You can’t do it all.

Some say the worst vice is advice. Couldn’t agree more.

So here’s mine.

First, avoid the technology discussions. Lots of great technology in the federal community. The challenges impacting federal entities are primarily business and structural.

Next, find four or five key agency CIOs who share your vision. Find a way that they can help you drive your vision. They are out there. You will need to find them.

Stay within the Federal IT Acquisition Reform Act (FITARA) framework. You will hear a lot about “authority,” but don’t let that distract you. That term has been around 20 years and will be batted around another 20.

Work to set up a line of sight across planning, programming, budgeting and execution. Specifically, work with senior-level agency executives who have strong business executives as CIOs. Work to get those empowered CIOs embedded within the planning and programming phase. Many CIOs get engaged too late in the process and the baby is being carried out of the hospital. If the right business-focused CIO is engaged and empowered on the front end of the financing process, the end results will be more successful IT programs.

You need to develop a close relationship with your chief-acquisition-officer peer. The IT investment scorecards are littered with programs that are both too big and too complex to get off the ground in a short amount of time, especially when large scale IT procurements can take more than 24 months to award. By then, technology has jumped a generation. Leadership within a program can change, new policies and requirements could require a new direction, etc.

Here are some solutions to these problems:

Something Borrowed

Allow agencies to reuse other contracts. If the agency has room on the contract vehicle, let others use it today. Some agencies don’t support that approach with “fees” but those are small compared to a 1-to-2-year procurement cycle for new awards and, with the internal costs, it is usually a good value.

Any new contract should be able to be used by any other agency, period.

Aggressively pursue getting a few agencywide reusable cloud-broker contracts established to streamline access to multiple cloud services. CIOs need to focus on business and clients, but until the IT clutter is addressed, most will be bogged down in technology refreshes and outage discussions.

Something New

Look at the crowd/talentsourcing model that is gaining traction in the commercial sector. Companies and entrepreneurs use an online capability to quickly propose their needs and individuals bid on the work. They quickly come to terms on the work agreement and talent can be rated on the quality of their work.

Two-page statements of objectives: One page for business outcomes and one page for technical capabilities. Then add in the standard terms and conditions. Anything longer than that is too much “value add.” Make it simple, easy to understand and, most importantly, let industry do what it does best: innovate.

Human capital

This topic, like acquisitions, is complicated. But without fixing some issues that have impacted federal programs for years, the federal IT boneyard will continue to grow. Agencies need access to the best and most talented business executives to lead their IT organizations and talented innovators to help deliver better value to federal customers. I recommend, Tony, that you call the Office of Personnel Management and ask for:

  • Direct hire authority for agencies for select IT professionals AND business executives. Find a percentage of overall IT staff per agency that makes sense based on the number of IT employees at the agency, number of complex or high-risk programs, pending major legislation, etc.
  • To secure such talent, you have to pay for it. I recommend using the current framework of term appointments and building off of that existing mechanism. Give these patriotic former private-sector folks sign-on bonuses spread out over three years. To be effective, the total annual salary would have to be north of $250,000 a year. Yes, that is a little higher than what feds are paid today. That is okay. It’s a drop in the federal-budget bucket. The results will more than cover the slight increase in federal salaries.
  • Finally, give them incentives and penalties based solely on outcomes and performance. No soft measures. Either they execute what they were brought in to do or “Auf Wiedersehen,” as the Germans might say. If they hit targets, bonus them up to 25 percent of their salary. If they don’t achieve objectives, show them the door. No muss, no fuss.


For decades the federal government has put its calories into compliance as a primary cyber objective. The federal government is ahead of commercial peers in the cyber space. But unfortunately, the bad guys–and there are a lot of them–are getting better at their craft. When the bad guys can turn off your car while you’re going 60 MPH or have your refrigerator attack your neighbor’s game system, it’s time for a new approach. Promote and implement risk management as the primary objective.

  • Update the FISMA scorecard. It was fine a decade ago, but those days are long gone. Add cyber metrics for mobile, cloud, continuous assurance/monitoring, sensors, etc.
  • Keep the pedal down on NIST standards and FedRAMP, but encourage a model that adds or updates standards in months, not years.

Measuring is good. Measuring the right things is even better.

Previous federal CIOs have implemented measures that agencies have had to report against. Over the past decade, those have included the E-Government scorecard, IT Dashboard, PortfolioStat, Federal Data Center Consolidation Initiative (FDCCI) and more. All good stuff, but let’s modernize the numbers. Let’s see if we can change output measure to outcome metrics. And while we are at it, let’s add the voice of the customer.

Reduce the emphasis on the number of data centers closed. Hundreds of data centers have closed, yet IT spending has not dropped, customer satisfaction is poor and the performance of federal IT programs has not improved. To that end, I propose two simple metrics:

  • Measure the utilization of IT assets. Recommend 90 percent is green, 75- to-90 percent is yellow and anything below 75 percent is red. Think of it this way: You are a plant manager in the commercial world and you manage an automobile parts supplier or a pharmaceutical plant producing saline bags. You have the capacity to produce 1,000 units a day but the plant produces only 100 units a day. How long would you, as the the plant manager, have a job? You wouldn’t make it back from lunch. Use the same discipline for IT assets.
  • And let’s add one that is more application-centric: percentage of seats or user licenses that have active daily and monthly users. Eighty percent must have monthly usage as a target, which sounds about right to get started.

Create joint metrics on the supply chain. CIOs and CAO/CPO organizations would have the following metrics at both the executive level and within individual employee-performance plans:

  • Length of time to award for contracts. Any contract that takes more than six months from inception to award is red on the scorecard. One month to award a task order from an existing contract vehicle would also be red on the scorecard.
  • New customer-satisfaction metrics with input from both mission and OCIO employees for IT contracts,
  • Percentage of agency contracts that are reusable by other agencies,
  • Percentage of federal contracts used by an agency as a total of all contracts awarded by the agency,
  • And percentage of new agency contracts awarded annually that include language allowing any other federal agency to use the contract.

Risk Management Metric:

  • Develop a metric to measure the number of IT programs and projects that can report monthly on cyber vulnerabilities, mapped to current and advanced persistent threats, aligned with agency’s critical assets and the cost to mitigate prioritized risks.
  • Years two through five, drive up the percentage of IT programs and projects that can achieve the above and add in the number of IT investments that have fully implemented continuous assurance and monitoring.

If any gas is left in the tank, you should draft guidance for all CIO organizations to establish customer service offices. Base it off private-sector customer service models and best practices. Nothing elaborate required. This will send a message that clients and taxpayers are king. Not control, not the biggest budget and certainly not the organization that has the most staff will make CIOs effective. Those things don’t matter. Borrowing from the great Vince Lombardi: Customers aren’t everything. They are the only thing.

Keith Trippie, a former Senior Executive Service member, left the Homeland Security Department in March 2014 after 11 years in government. The last position he held at DHS was as the executive director for the Enterprise System Development Office within Office of the Chief Information Officer. He’s now the CEO of The Trippie Group.

Other columns by Keith Trippie:

Information to strategy: The future transformation of CIOs

Silicon Valley on the Potomac

An acquisition wish list for Santa