People, sticky, tech

An interview with Gary Winkler, Army PEO-EIS

I’ve got a brief profile of Army Program Executive Officer for Enterprise Information Systems Gary Winkler appearing in tomorrow’s FedTech Bisnow.  But there’s only so much you can shove into an email newsletter. So here’s some of what Mr. Winkler had to say as he prepares to leave government service, raw and uncut. Be sure to pay attention to what he says about the mounting federal government talent drain…

(On succession plan:)

For the interim, Ms. Terry Watson, the deputy, will be acting. Dr. ONeil is still contemplating what the long-term succession plan will be. There are some options — he could move somebody else in here, and Terry could stay the deputy .  Dr. ONeil could “harvest my slot” — he looks across 13 PEOs and the SMT organization he has, and he may need the SES slot somewhere else, knowing Terry has been in the PEO for most of her career and knows our business area very well — he might be comfortable keeping her in the PEO position and using my slot somewhere else thrpught ASALT, maybe in the SMT community, Then we would go back to having a PEO and a military deputy at the col. level, which is what we’ve had before Terry came in back in December.

(On why he’s quitting now:)

I’ve been here close to 4 years, just past the 3 1/2  year mark, and I think we’ve done a lot. We’ve restructured, developed a lot of our staff, we have stability in the program offices, we have a strategic plan, we have a strategy map, a balanced scorecard we measure our performance against monthly — we’ve got a very mature  Lean Six Sigma organization, and  make sure that we do continuous process improvement.

We just have come a long way in the past 3 years from an org. maturity standpoint so the org doesn’t have to rely on superstars, and no one is a single point of failure — including myself. We’ve got processes in place and great people throughout.  So now is an appropriate time for me to move on — I feel like I’ve done all I can do here except doing the same., And what I’ve been focusing on in the last 6 mos to a year is developing our workforce, our younger leaders, because a lot of the programs are being very well executed. So I feel pretty good about where our office is, I need some more challenges.

(On Federal and DOD IT consolidation plans:)

(DOD consolidation roadmap) #00:06:08.0#

I think we have been working toward all of those (Kundra’s ) objectives all along.  Kundra’s 25 points on where he wants CIOS to go, we’ve been working toward that direction long before he came into the office. So from a strategic, operational and tactical standpoint. I don’t see too many changes for our programs. We’re trying to move our apps into data centers, whether they’re DISA, Army or commercial;  we have a procurement in source selection which should be completed in a month or two for commercial data center services.So I don’t see too many changes. It’s all good. And that shouldnt be surprising because we’ve been in business for a while here.  It will have more of an impact for organizations that have not had information technology systems acquisitions as their core mission — there will be a lot more changes for those who haven’t been doing what we do all the time.

(On his biggest challenges:)

The biggest challenge for anybody with this job is Time management — there’s just not enough time in the day, or night or weekend or holiday .  There are a lot of programs in this PEO, and they’re very diverse.  Just working the actions, knowing the issues and working them up at the headquarters level or the  OSD level just takes a lot of time.  Every one of our programs has a general officer sponsor, so I’m dealing with 30 to 40 general officers on a continual basis to address the hard problems and hard challenges, and those are the ones that usually cross org. boundaries. The tech issues aren’t so much a challenge, it’s all the other elements, wether it’s doctrine, organization, personnel, facilities, money… I don’t see money as a super big issue but the budgets are going down, so our PEO staff are going to have to be as creative as possible  to keep progs moving forward to deliver capabilities on schedule as resources shrink.

(On applying Lean Six Sigma across procurement:)

I do think we should apply Lean more widely.  The problem is a lot of that is outside our control. I can only control what we execute inside PEO EIS — a lot of the contracting process is really outside of our organization, so we work the pre-solicitation materials, but once an RFP goes out on the street we lose control of the procurement and contracting process after that., It’s really up to the contracting orgs.  I’d like to see more application of lEan 6 sigma in the contracting world.

(On the mounting talent drain from government, and whether new career paths like the Program Manager track will help:)

I don’t think so. I think there’s going to be such a squeeze on money that it’s going to be hard to develop new career tracks, courses, and training.  That’s all an investment and I would be surprised if it happens. It would be nice, but I think our professionals and our younger work force are going to learn through experience more than anything else — they’ll get acquisition certified, but anything above and beyond they’ll be swamped in doing hte work their mission requires,  The support contracting workforce is supposed to go down, The government workforce is going to shrink. It’ll shrink through attrition and hiring freezes like we’ve had.  In the Army, we’re supposed to attrit  10,000 people civilians out of the workforce over the next three years.  So, I think it’s going to be a big challenge. As people move up into more senior leader positions, do they have the experience, training and knowledge to do a really good job in those  more senior positions? I think they’re going to need some help.

(So, government is going to need to lean on private sector more?)

I think so.  I think as with every other industry there will be a shakeout .  And government suppporet contractors — you see that from time to time in other industries, where there’s a weeding out of different companies, and the market shrinks, but the ones left standing will be the ones that provide the best capability for the money, and provide government agencies the best expertise at the best price.

(that’s the business you’re moving into?)

That’s where I can see that I can contribute and add value . I don’t need to malke a lot of money, I just have to pay the bills. and if I can capture people leaving the govt workforce, for whatever reason they leave, whether its a pay freeze or they’re just frustrated — they’re leaving not because they don’t like the mission but morale issues.  So if I can capture them, take care of the morale issues and keep them working on the gov side helping those new leaders, it’s win win.  I know right now is exactly the wrong time to get into government support contracting, but if someone is in there providing great support at a great price, they’re going to do well as opposed to some of the companies that haven’t differentiated themselves.

(On the morale of senior folks in fed tech. )

That’s how I qualify it (morale issue). It’s probably a mixture. A pay freeze doesn’t help. The technical people are in demand ,and they have options, and the new retirement system people have options. So no longer are civil servants held by the golden handcuffs of staying in until they’re 55 and having at least 20 years, and if they leave before that they have no retirement. Under FERS, vested after 3 yrs of service, get a pension when  you hit 62 which is 1% of avg of high 3 salaries x num of years you worked.

Pension isn’t as good as the old system, but then again people can leave.  And I’m not sure the Army or gov. senior folks recognize that paradigm shift — that they now have a mobile workforce where people in demand don’t have to stay until they’re 55 and a min of 20 yrs of service.Unfortunately, I think the government is going to see a lot of good people leave because they can, and they want to do more.

(time off?)

That’s a good one. No.  I don’t mind working 15 hour days.  It becomes a habit after a while. No, I actually have 3 or 4 months of vacation that the Army is going to have to pay me for. So that will sustain me for the near term.  The big benefit of being an SES is you get to roll over more vacation because you don’t get to take it, and you get better parking spots.

Cross my fingers I can pay the bills — I’m used to being poor, I’m a gov. employee, so I wouldn’t know what I would do with more money.

My motivation is I can do more. I love the job here, love the people and the mission, but I feel I can do more.  Unfortunate that I’ll be banned from the Army for one year, so I’ll have to go help the OSD, and the Navy, and the Air Force and Cyber and Agriculture and other orgs that need my help. I think I can help them. I’ve got all the bruises and scars from working in this business over the years.

(Things that were important to your professional development?)

Professionally, not knowing what the heck I wanted to do, and bouncing around doing a variety of things, and never feeling like I fit in anywhere. So that seemed to work pretty well here.  There’s a good hodgepodge of programs here, and I have a technical background, and I have a business background too.  I worked in private industry, and then I came back into the government, and  I worked at headquarters, I worked here, I worked in an Air Force office, so, I think that diversity and just moving around seemed to be a good fit.  When I was in college, I was a EE, but I don’t think I was your typical engineer. Then I went to graduate school and I was an MBA student, but I wasn’t your typical MBA student, because they were wearing blazers and bowties to class, and I came in with jeans and a flannel shirt, then grew a beard, so I didn’t really fit in there either. But that was ok, because I had nearly a 4.0 so they couldn’t give me a hard time.  But I’m still trying to fit in somewhere.

(Words of advice for whoever takes over PEO-EIS:)

Just the standard words of advice: don’t screw it up.  Somebody has to do things their way, and I think with Terry Watson here everything will go smoothly. We have a great set of directors and PMs , and I think the organization will continue to thrive, even in the challenges that they’re going to face with budgets are shrinking.  Even with budgets shrinking, you know Sean, how the IT budget is.  Nobody can do anything without technology, so I don’t think this office will be hit as hard as a lot of others.

cloud computing, Enterprise IT, NASA, sticky, tech

Chris Kemp Quits, as Fed Budget and Inertia Beat Govtrepeneurs Down

Chris Kemp, who had a few short weeks ago been greeted with rockstar fervor at the Cloud/Gov conference in Washington, DC, has stepped down from his role as NASA’s Chief Technology Officer for Information Technology.  Kemp was the champion of NASA’s Nebula program, the agency’s private cloud effort , and helped with the General Services Administration’s launch of the cloud service program. But in the face of budget cuts and continued institutional resistance to his agenda for changing government IT, Kemp submitted his resignation in March.

“Whereas I thought I had the best of both worlds being a Headquarters employee stationed in Silicon Valley,” Kemp said in a blog post announcing his move, “I actually had the worst of both worlds… no influence when I can’t be in all of those meetings at NASA HQ, with no mandate to manage projects at Ames. As budgets kept getting cut and continuing resolutions from Congress continued to make funding unavailable, I saw my vision for the future slowly slip further from my grasp.”

Kemp’s dillema, while certainly higher profile than that of many state and local CIOs and CTOs, is hardly unique.  With revenues at historic lows, and budgets tight, it’s perhaps harder than ever to try to achieve meaningful change in the way agencies run their information technology, even at tech-focused agencies like NASA.  At the federal level, the budget standoff threatens to put major initiatives that could actually save the government more money on hold.

But perhaps more dangerous, the uncertainties around IT budgets and programs at all levels of government can be demoralizing, particularly to the most talented and valuable members of IT organizations who have options elsewhere.  As other employment opportunities emerge, government IT organizations could see an exodus of talent, making it even more difficult to do more with less.


cloud computing, Cyberdefense and Information Assurance, sticky

State, Local Agencies Should Examine NISTs Public Cloud Guidelines

(This post was originally published on the Virtual Integrated System Blog )

As I mentioned in a recent post, the National Institute of Standards and Technology recently published a document outlining the risks of cloud computing and offering policies and procedures to help reduce those risks. While the guidelines aren’t official federal policy yet, they are a good starting point for agencies at any level of government thinking about using public clouds as a part of their cost-cutting and consolidation of IT services.

The core guidelines of the NIST document come down to four main steps in preparing for a public cloud solution:

  1. “Carefully plan the security and privacy aspects of cloud computing solutions before engaging them.” Before even looking at cloud solutions, an organization should fully understand the privacy and security requirements of the data that will be handled. Not doing due diligence on all of the potential privacy and security issues in advance can lead to roadblocks later–or worse, major breaches in security and exposure of citizens’ private data. The City of Los Angeles was caught by surprise when it found its cloud solution wasn’t in alignment with federal data protection regulations for public safety data, for example.
  2. “Understand the public cloud computing environment offered by the cloud provider and ensure that a cloud computing solution satisfies organizational security and privacy requirements.” Most public cloud services–be they infrastructure-as-a-service, platform-as-a-service, or software-as-a-service–were not built with public sector regulatory requirements in mind. Agencies need to do an analysis of the gaps between what cloud providers offer and what their own privacy and security demands require–and then determine whether the cost of getting that sort of solution from a cloud provider makes going forward with a project financially feasible.
  3. Ensure that the client-side computing environment meets organizational security and privacy requirements for cloud computing.” Just because the application and data are secure at the back end in the provider’s cloud doesn’t ensure the overall security of the solution. It’s easy to overlook the client side, which can create a number of potential security problems–especially if SaaS applications include support for mobile devices. It’s important to consider issues like how to lock down smartphones and other mobile devices, preventing them from accessing internal resources through cached credentials, for example, if they’re lost or stolen. And there’s also the issue of how the public cloud service will integrate with identity management and established authentication standards already being used in the organization.
  4. “Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.” Outsourcing the infrastructure doesn’t mean an organization is outsourcing responsibility. Public clouds should be handled like any other managed service or outsourcing arrangement–agencies need to ensure that security and privacy practices are applied consistently and appropriately in the cloud just as they are to internal IT resources. That means agencies should have visibility into the operation of the cloud service, including the ability to monitor the security of the cloud assets and continually assess how well security and privacy standards and practices are implemented within the cloud infrastructure.


At the end of the day, after assessing how well public cloud providers can handle the requirements of government applications, agencies may find that much of what they thought could be moved to a public cloud environment is better suited to a private cloud service.

cloud computing, sticky

McNealy’s Monday Morning Quarterbacking on Solaris and Linux … shows he still doesn’t get it.

Scott “Privacy Is Dead” McNealy told an audience at an event in Silicon Valley that Sun could have won out over Linux if the company had consistently pushed forward Solaris xI86 instead of pussy-footing around.  “Google today would be running on Solaris,” he said.

Um, no.

Solaris was, and is, a great operating system, to be sure. But Linux did not succeed because of Sun’s failure to commit to Intel.  Linux succeeded because of the open-source model, and the ability of IT people all over the world to try it without license restrictions.

If Sun had open-sourced Solaris early, Sun may very well have taken a dent out of Linux’s success. But that’s a big if.  And considering how much internal wrangling, legal finagling and patent-exchanging had to be done to get Solaris open-sourced in the timeframe that it did, even with the somewhat restrictive terms of Sun’s custom-rolled open-source license even though it was a license that split Solaris off to some degree from other open-source communities , it’s doubtful that McNealy would have pulled it off. It wasn’t until 2005 that Sun cleared the legal hurdles to open-source Solaris.

There are so many other “woulda, shoulda, coulda” moments in Sun’s history. McNealy should be acknowledged for his early recognition of the coming of cloud computing — “application dial-tone”, he referred to it as.  But  Sun had multiple opportunities to redefine the market with open-source early, both with Java and Solaris.   The company’s toe-dips with its investments in OpenOffice (via its acquisition of StarOffice), Gnome, mySQL and other open-source projects came after Linux had already become a major threat. And honestly, Sun did those things to put a thumb in Microsoft’s eye.

So, McNealy can look back and replay the game all he wants. But it won’t change the fact that Sun was caught up in Sparc , and failed to leverage Solaris and Java to transition the company toward being an open-source driven software services company that also sells hardware.  And that’s why Larry Ellison owns Sun now.

cloud computing, NASA, sticky, tech, virtualization

NASA’s Chris Kemp calls OpenStack the “Linux of Cloud”, and predicts a public cloud future.

Chris Kemp, NASA’s CTO for IT, closed out yesterday’s Cloud/Gov conference in DC with a discussion of Nebula, NASA’s open-source cloud-in-a-shipping-container, and the impact it has had on the agency. Kemp was greeted with the most enthusiasm from the audience that any of the speakers got, including whoops from some of the government employees and vendors in the audience, and for good reason: Nebula has become the gravitational center of cloud standards efforts within and outside the government.

“While (the National Institute of Standards and Technology) is talking about standards, there are defacto standards that are evolving right now,” Kemp said. And Nebula, he said, “is a reference implementation of what NIST is doing.”

The Nebula project’s code has become the core of the OpenStack initiative, the open-source cloud infrastructure software project, and now is maintained by a community that includes Intel, AMD, Dell, Rackspace, and an army of other technology companies. “There are over 1000 developers that have submitted features and bug fixes,” Kemp said, “and over 100 companies.  If you’re interested in doing a cloud, you can download OpenStack today.  It’s the Linux of the cloud–it gives you an environment you can actually develop on and meet a requirement, and build your environment on, on a platform that’s compatible with everything in the industry.”

Kemp said that he believed that the public cloud could be as secure as private clouds, but that private clouds were a “necessary stepping stone” to the day when NASA didn’t have to be in the IT business, to demonstrate that cloud environments could be completely secure.  And by moving to a private cloud, agencies were doing the majority of the work required to get them to the point where they can move to a public cloud infrastructure.

“Once you virtualize an application, you’re more than halfway there,” Kemp said.  “Every agency that builds a private cloud takes us 90% of the way to where we’ll be able to put everything in the public cloud.”

Still, Kemp said, it will be decades before agencies are able to make that jump completely. “We’ve only scratched the surface of this.  We still have mainframe systems running that were coded in the ’70’s. They’re systems we just haven’t taken the time to make run in Oracle or SQL Server .  Moving something to cloud is a thousand times bigger a challenge.”  The only apps that have been written to take advantage of the features of cloud so far are apps that were written for the cloud to begin with, such as Google’s apps, and Zynga’s game platforms.

Kemp emphasized that cloud infrastructure and data center consolidation were not synonymous.  “One thing that I hope happens is that you treat data center consolidation and cloud as separate things. If you’re virtualizing existing applications, you need the support of commercial systems. But if you’re doing really pioneering development, and can’t use Amazon, then you need something like (Nebula).”