She sat down with Senior Staff Reporter Carten Cordell to talk about the future of IT modernization, the benefits of agile and how it will benefit oversight.
How do you prepare the agency for a presidential transition, especially when it occurs in the middle of EPA's IT modernization and agile development initiatives?
So I think I said just the other day at Fed Talks that I'm convinced that IT is important enough at this point right now that it doesn't matter who's going to be in the White House next, that we're going to be able to continue this work on IT.
Because everyone in the government, whether that's in Congress or in the executive branch, has recognized that the way we've been doing IT in the past is broken, and that we've made tremendous strides toward making real change in government.
So not only has there been the activity at 18F and at [U.S. Digital Service] and all the other agencies that are embracing agile, but we've now got Tony Scott, [who] is leading the transformation task force — that I'm one of the co-chairs of — where we're looking at how to remove all the bureaucratic barriers that exist, and we're really ramping up so to complete most of the work of the task force by the end of December so that really we have that done.
Tony's team has also put together a road map for next in the next administration to let them know where we are and what's going on. So there's a lot of things in place across the government.
Then within EPA, we've really been focusing on institutionalizing the work we've done. We've completed our organization. We've changed our governance process. We're putting these vehicles and these programs in place. Earlier this year, I hired a new deputy very intently with the idea that he would be leading the agency through this transition and be here for some period of time until the next political appointee comes along.
So we've done a lot of things across the government and within EPA to make sure that as we go through this transition, basically from an IT standpoint, it's business as usual. We're not going to have a huge upheaval. We can't guarantee you that no agency leader, no new CIO is going to come in with some different ideas, but I'm fairly confident those different ideas are going to be 20 or 30 degrees away from where an agency was going rather than 180 degrees from where an agency was going.
Agile obviously feeds into, at least in our mind if you're doing it right, it feeds into all of your operational systems. So you get the mission systems and, yes, we build a lot of those. Because it's unlikely you're going to find someone who's creating a system that is going to meet your mission needs because government missions are fairly unique.
But we have lots and lots of operational and productivity systems that aren't unique but that we still want to move fast at either implementing or developing. So agile is a big part of how we're moving forward with all of our productivity systems.
We had, just a couple years ago, 22,000 Lotus Notes applications and we've been in the process of getting off the Lotus Notes and moving to new platforms. In that process, we started by learning the processes and leaning the number of applications. We initially thought we were going to have 2,000, and I challenged the organization to reduce that number.
As I go around the organization to talk to each program office and region — we have a formal review every year with each program office and region — as I’m going through that, I'm finding now regions and program offices that have taken their portfolio of 200 applications down to five or six that they want to migrate. So we're really going to look at a couple hundred across the agency and that couple hundred, what we're looking at not only is agile development processes, but also collaborating across the agency.
The only way we can truly collaborate across the agency in fact is to be agile. Because if I try and say, "OK everyone needs a fleet manager system. We can't buy commercial off-the-shelf systems." This is probably a bad example, but imagine we can't. We're going to build one. And we're going to gather requirements for the entire agency and we’re going to build that. It's going to take me years. However, if I say, "Region 4 is going to build it. And they're going to build their requirements in and then they're going to share it with the rest the agency, then Region 6 and Region 9. The headquarters folks are going to add in their requirements, and in future sprints, we’re going to bring those requirements in." I could deliver that in three to six months because we're not trying to boil the ocean. We're not trying to everything at once. We build that minimum viable product and then we add into it. So that's how we're building products that serve our productivity need across the agency.
We're also applying those principles to helping our HR and our business systems when they go in to make changes to upgrade the systems. We're using lean. So we're backing out a lot of the customizations we did to commercial products, leaning them and making our business processes meet those products’ design so that we don't have so much customization so we don't get stuck again. We get orphaned on an older version of a product because we’ve done so much customization and we can't afford that, particularly the security issues we have in the world now.
But even so, just from a user experience standpoint, we can't afford to get orphaned on old version of, say, PeopleSoft. We've got to stay up with the program. So we're leaning those processes, and then we're using agile practices where we can do our upgrades and reintegrate those solutions together.
So there are a lot of opportunities to lean our solutions in terms of productivity systems and in running our business.
The oversight question is really interesting because we have conversations with OMB, particularly about [IT Capital Planning and Investment Control], about how CPIC doesn't really support agile. They're trying to figure out how to support agile with CPIC, but I think you’ve got some underlying concepts in oversight that make that hard.
Some of the underlying concepts in oversight are, "Hey, you should be able to tell me three years ahead what projects you are going to work on." Well, I might know generally what projects I’m going to work on, but I'm not going to have activities and projects three years ahead. [They say], "But we just got through looking at Exhibit 300," and that's exactly what we're being asked to do is, "Tell for your projects are for 2018." I don't know what my projects are for 2018, at least in terms of a start date, a finish date and the duration. I might know [that] I have these general capabilities I think I want to add in 2018.
So I think it’s a huge opportunity from an oversight standpoint, I think the folks who are responsible for oversight get that and I think we're all struggling with how we're going to get there together.
With that flexibility on things like phishing attacks and network vulnerabilities, do they help you more in terms of keeping networks more protected than on, say legacy systems?
Certainly. I think you've heard Tony Scott talk about building in security as opposed to trying to build security around an old system and I think you'll hear a lot of people talk about that. It's the best way to create security, to bake-in security from the very beginning, to be secure by design.
It's sort of like when I used to work in quality. People used to test in quality and then they said, "Well, wait why don't we design in quality, and then we can test it out to make sure that we hit our goals, but our primary goal is going to quality planning and design." It's the same thing, security planning and design. And then you can test your security because you should, but it should be designed in from the beginning to be much more robust than trying to build it around an old system that wasn't designed with the kind of attacks and issues we have now.
No one could have predicted the world we live in, from a security standpoint, when people are building mainframe systems in the 1950s and 1960s.
What advice would you give a possible successor about the CIO role?
What I almost always tell people when they ask for advice on this area is don't be afraid of change. I think the government tends to be averse to change. We tend to move slowly and anyone who comes in needs to figure out how to move things fast.
The industry is moving fast, the threats are moving fast and the biggest risk of government is moving too slowly and having both citizen needs pass you by, but also get swamped by events with security issues.
The Executive Leadership Conference has put a big focus on being a change agent for public service. What traits do you think a good change agent needs to possess?
So that's an interesting problem because as you probably know USDS and 18F brought in a lot of change agents and other agencies [are bringing in] a lot of change agents.
There are kind of two types of change agents: The ones who fit and the ones who the antibodies reject. So we really want to have change agents that will not be rejected by the agencies' antibodies, which most importantly means we need people who trust and respect government employees to be change agents. We have lots of really smart, really capable people working for the government who have spent a long time in a system that's hard to work in. They know a lot about how to work in that system.
While many of those folks can no longer consider the possibilities on their own, what we find is if you bring in someone who is a change agent who wants to make change, who’s got an exciting vision and who is respectful of the people they work with, very quickly everyone gets on board with that change agent. If you bring in someone who thinks they know it all, the antibodies will reject that person.
So we want people who have good ideas, have a bias for action, who are willing to take risks, but also who are really collaborative and who have a lot of respect for the ideas and the capabilities of people around them and who are as interested in learning from the people who work for the government as they are in helping the government be more successful.