As the Office of Personnel Management continues its IT modernization journey, it’s drawing on a familiar, tried and true playbook.
Guy Cavallo has been at OPM for about 11 months, first as the principal deputy chief information officer and then the agency’s acting CIO in March. He got the permanent job last month.
Now he’s drawing on lessons he learned at the Small Business Administration, from moving to the cloud and adopting cybersecurity tools to reskilling the IT workforce.
“I’m leading a big push to the cloud as I’ve done at my other two agencies,” he said Tuesday a virtual cybersecurity summit produced by NextGov. “I have a 90-day almost pre-packaged approach on how to move an agency to the cloud in 90 days. I did that at the Transportation Security Administration. I did that SBA. Now I’ve refined it at OPM.”
“We’ve established a cloud community of excellence,” he added. “We did our 90-day sprint. We have our initial architecture. We have our high-speed connections in place. We’re starting to turn on the cloud cybersecurity tools.
OPM still has several large legacy applications and mainframes, and its cybersecurity architecture to date is mostly on premise. But Cavallo said OPM is gradually adopting more cloud-based cybersecurity tools, with the ultimate goal of running a mix of both.
Eventually, he wants to pare back the number of tools in OPM’s cybersecurity structure and make better use of tools already in place.
“If I buy something I try to use 100% of it, instead of buying five things and using 20% of each and having that overlap,” Cavallo said. “There are a large number of tools in use at OPM today that I think we’ll be better off by reducing the footprint.”
That general philosophy applies to Cavallo’s approach to training and upskilling the OPM IT workforce as well. Listening sessions with OCIO employees inspired him to seek out more free, online training sessions for the IT workforce.
“Not only at OPM but I’ve also heard this talking to other CIOs, there’s a strong belief that you had haves and have-nots,” Cavallo said. “You had CIO favorites who could go to training, and it could be $5,000-to-$10,000 training course. They’d get to go and everybody else would be told there’s no training money.”
OPM has an enterprise agreement with Microsoft. Cavallo said he leveraged that agreement and signed up with Microsoft’s enterprise skills initiative, which lets him offer online training for every OCIO employee.
“That immediately leveled the playing field,” he said. “All the big cloud providers do it. There is plenty of free, high-quality training available from the major vendors today.”
He also gave a directive to OCIO employees, everyone from administrative assistants to contract managers, to take a two-hour introduction to cloud class.
“I want everybody to know what we’re talking about. I’ve been pleased to see people step up and do that,” he said.
Where cloud is a central part of an employee’s job, Cavallo said his office will reimburse staff for taking and passing certification exams. As a result, more people are earning cloud certifications than before, he said.
“I need my legacy workforce,” Cavallo said. “I can’t just tell everybody to go away and put everything in the cloud when I’m running mainframe end code that can be decades old. The best thing to do is to get them skilled up enough that I can partner them with a cloud specialist, and we can re-platform that application or rewrite it with the legacy knowledge and also the newer technology knowledge.”
Cavallo will also draw on another point from his IT modernization playbook: Playing nice with the chief financial officer.
“Something I’ve learned throughout my career is that if the CIO doesn’t have a strong partnership with the CFO, you’re in trouble. The CFO controls your money. Something that I’ve always done is built that partnership. One of the first things that I try to do is say, ‘Out of my current budget, if I’m able to cut my own expenses to invest in the cloud, will you let me keep the money?’ If you have a bad relationship with your CFO you will lose that money and they’ll take the cuts.”
To help OPM better comply with the terms of the recent cyber executive order, for example, Cavallo said he has two requests pending with the Technology Modernization Fund Board, which would help OPM adopt cloud and zero trust solutions.
Agencies have submitted just fewer than 100 proposals to get a share of the $1 billion in the Technology Modernization Fund.
And to help OPM secure additional funding for IT modernization, Cavallo is drawing on another series of lessons he learned while at SBA.
The Biden administration is pushing Congress to establish a new IT working capital fund, one of several recommendations that the National Academy of Public Administration made earlier this spring in its report on improving the agency.
Under the proposal, OPM could transfer up to 3% of unspent salaries and expenses funding into the working capital fund for IT modernization efforts.
Only SBA has been able to secure congressional approval so far for its own IT working capital fund.
“We definitely pulled the language that we got approved at SBA, and we repurposed it for OPM and said, ‘Hey, you guys already approved this once, let’s do this again,'” Cavallo said.
A seven-bill minibus, which cleared the House late last month, allows OPM to create its own IT working capital fund in fiscal 2022. The Senate has yet to weigh in on this topic, let alone introduce a complete set of 2022 appropriations bills.