The new Federal CIO Tony Scott is an industry veteran — serving as chief information officer at Microsoft, Disney and General Motors before VMware and the White House — but the federal space brings with it a new set of challenges and initiatives.
As he enters the public sector, Scott's priorities should be focused on three major areas: cybersecurity; bolstering the workforce through better hiring and training; and better performance on IT projects, according to analysts.
Industry executives and federal technologists are excited to see what Scott will do in his new position and how his experience will translate into the government sphere.
"He will bring in a new perspective to the role," said Jason Kimrey, area director of Intel Federal. "He's the first incoming Federal CIO who was a CIO in his prior life. It's going to be interesting to see how he brings some of the private sector best practices into the role."
As the government's top IT official, Scott will be coordinating adoption of new technologies across all federal agencies but largely in a supervisory, leadership role.
"There is no other CIO job like it," Kimrey said. "He's going to be looked at as somebody to help be a coordinator and also a leader in terms of identifying what are the top priorities and really leading that federal CIO community … Really identify what are those core fundamental issues he's going to lead around."
The first topic of any IT discussion today has to center on cybersecurity.
"The good news for [Scott] is the administration's focus in support of cybersecurity," said Rob Potter, vice president of public sector for Symantec.
Scott's job will be to communicate those policies down the line to component CIOs and ensure they have the tools to follow through. This won't be an easy task, according to Potter, but there are some support structures already in place for the new Federal CIO to capitalize on.
"Running the IT infrastructure of a federal agency I would argue is one of the toughest jobs out there in IT," Potter said, but Scott can make it easier by promoting collaboration between agency CIOs.
"The thing that's going to help them achieve that type of collaboration is to continue to have these types of committees or organized thought-leadership sessions where CIOs come together and discuss some of the challenges they're seeing inside their particular agency," Potter said, honing in on groups like the Federal Council of CIOs.
Potter cited security challenges like mobility and cloud, along with being able to identify and respond to networks breaches in a timely manner.
The second set of task orders on the Continuous Diagnostics and Mitigation (CDM) program are expected this spring, bringing CDM to some 50 agencies and departments. Continuing to scale Continuous-Monitoring-as-a-Service throughout the federal government will require a concerted effort but this program has the biggest potential for real results in cybersecurity.
The second phase of CDM will focus on the other major security issue for federal agencies: identity, credentials and access management.
Agencies are pushing forward with the use of CAC and PIV cards as a means of ensuring only authorized users gain access to their networks. As simplified multi-factor methods like derived credentials and device authentication develop, the Federal CIO should be aware of the effects they have on security, as well as employee workflow.
However, any cybersecurity effort is only as good as the people clicking.
A recent SolarWinds survey found the primary concern for federal IT managers is accidental data leaks caused by unwitting or untrained employees. A basic understanding of cyber hygiene and regular training on new and evolving threats would go a long way toward mitigating that risk.
If Scott really wants to lead on cybersecurity, he should start with better training for the federal workforce.
"One of the first indications we've gotten from Tony Scott is an early interest and willingness to address workforce issues in the federal government," said Rick Holgate, CIO at Alcohol, Tobacco, Firearms and Explosives (ATF) and president of the American Council for Technology.
Almost 50 percent of the federal IT workforce is over 50 years old, according to OPM numbers. While age doesn't preclude cyber skills, the rapid evolution of technology requires regular training to stay current.
Skills training should extend beyond cybersecurity, Holgate said, and even beyond traditional IT roles.
Training initiatives should be "looking at skillsets in the technology community, not just IT but the community overall and adjusting the skillsets to meet the demands of what we buy and how we buy things today," he said. "Those skillsets stretch across the technology community in terms of IT professionals to contract professionals and acquisition professionals to program managers."
Supporting these kind of initiatives will lead to more creativity in IT contracting, as well as less waste and more agility in IT projects, Holgate said.
"You don't necessarily need them all to be coders," said Dan Chenok, executive director of the IBM Center for The Business of Government and chair of the Industry Advisory Council. "But you do want them to be able to understand enough about technology and how it operates in an agency setting to be able to help advise how to adopt those processes to make intelligent decisions."
Another long-term solution to keeping government on the cutting edge will be to bring in expertise from the private sector, even if it's only on a temporary basis.
The U.S. Digital Service is already doing this on a small scale at OMB, which Federal CTO Megan Smith likened to the National Guard model.
"We want the technical people to come and serve," Smith said at an ACT-IAC event on government innovation on Feb. 5, the same day Scott's appointment was announced. "You don't have to come for your whole life — you can if you want to. But come for tours of duty: come as a reserve, come for two weeks, come for months, come for two years and come in and out of government just like our colleagues in other fields are doing."
Scott mentioned this model during a meeting with the Council of CIOs on Feb. 11.
"Two of his interests as a Federal CIO were addressing workforce issues and blurring the boundary between government and industry," Holgate said. "Not only attracting new entrants into the federal workforce from industry with the right skillsets, but potentially for a temporary period — bringing them on board for a finite term … and also looking at exchange programs between the government and industry."
As these ideas evolve, Holgate hopes Scott can provide agencies with guidance on how to properly use these arrangements in a consistent way across government.
The major IT initiatives highlighted in the president's 2016 budget proposal center on increasing services and performance while decreasing waste. The budget includes some $450 million to create public-facing dashboards for agencies' PortfolioStat reporting, along with other IT oversight programs.
In his new position, Scott should focus not only on getting agencies to report more through the PortfolioStat process, but also using the data and lessons learned to improve new projects as they come on board. Creating a culture where reports are seen more as a tool than a mandate should be a central priority for the nation's top CIO.
The president's budget also calls for scaling the Digital Service by creating teams at 25 more agencies.
The new teams will help agencies improve citizen services, particularly around IT. How these teams will interact with the existing agency CIOs has yet to be determined, according to USDS Administrator Mikey Dickerson. Ensuring good working relationships and smooth transitions for both sides will require leadership at the top, particularly from the new Federal CIO.
Most are optimistic that Scott is the right person for the job.
"It's terrific that somebody of the stature and success of Tony Scott has chosen to come into the federal government," Chenok said. "I think he'll bring a knowledge and expertise about how to work with technology professionals and those that support technology professionals in a very interesting and dynamic way."