This Q&A is part of a GovLoop series called “CIO Conversations.” Here, we’ll feature conversational interviews twice a month with current and former federal, state and local chief information officers to get to know the people behind the titles. You’ll learn about the perks and challenges of their job, how they ended up in their current position, what’s top of mind for them, how they’ve rebounded from setbacks and more.
The Mississippi Information Technology Services Department (ITS) is relatively unique in its operations, and with that comes a tailored title for Executive Director Craig Orgeron, who is also the state chief information officer (CIO).
Mississippi’s central IT department does not receive a large amount of funding, and technology budgeting in the state is federated – meaning that individual agencies directly receive IT budgets that they can apply to innovation and issues for their own agency.
Therefore, ITS – and by extension the role of the CIO – differs in some important ways from other states’ IT departments. And still, in other ways, its challenges and goals are exactly the same.
Orgeron would know. With more than 29 years of IT experience, he has served as President of the National Association of State Chief Information Officers (NASCIO) and is on the Executive Committee of the Multi-State Information Sharing & Analysis Center (MS-ISAC).
Orgeron assumed his role as Mississippi CIO in 2011 and has pioneered notable cybersecurity, digital signature and citizen experience initiatives. Recently, Mississippi became the second state to launch a voice-enabled Amazon Alexa skill that allows citizens to link a personal state MyMississippi profile with a home device.
He spoke with GovLoop on Jan. 24 about these and other state IT initiatives.
The interview below was lightly edited for length and clarity.
GOVLOOP: What are your priorities as state CIO?
ORGERON: Well, I’ve got to tell you — I was thinking of a top three.
GOVLOOP: Oh perfect. We love those.
ORGERON: Yeah, and so I really believe No. 1 is redoing the IT job classification for state government:
modernizing the job descriptions, adding new descriptions that didn’t exist or don’t exist – cyber, GIS. We don’t have a specific vertical in the IT job family for those kinds of things.
And then, most importantly for public sector, modernizing the salary structure to bring it much closer to date. So that is a pretty big strategic effort. It’s just wildly important to have great people.
No. 2 is our hybrid cloud project, really for several reasons. It’s going to move us away from very classic “buy it, build it, maintain it” and much more toward a managed service that we want to commoditize and let agencies consume. I think those two words are critical to the way IT is delivered today. And we want that hybrid cloud solution to be able to open doors for consumption of the largest of the public cloud providers.
Thirdly, and this one probably isn’t a surprise but it’s on the list, is cyber. In 2017, our Mississippi legislature provided great leadership in passing House Bill 999, which enacted the first-ever enterprise security statute for Mississippi. It put in statute the roles and responsibilities of ITS, the roles and responsibilities of agencies, and it formally enabled some security template – you know, literally a collaborative body that was going to approach security questions in the state collectively.
We had a program before 2017, but that was a big move. So, we continue to stay very focused on the culture of cyber in advocating for training, basic hygiene and awareness in agencies, and we have other projects.
GOVLOOP: What cyber challenges are you currently facing? And, what is the security posture, especially related to insider threats and ransomware?
ORGERON: So we haven’t necessarily seen an uptick specifically in ransomware in a way that would be catastrophic. You certainly have issues, so let me move back to the first one. I really think of some of the bigger issues are really cyber culture and hygiene. And I say that’s a challenge because of the weakest link mentality.
Cyber is one of those things – you know, in some ways it’s like the analogies I’ve heard. It’s like insurance; it’s like going to the dentist. You could really, maybe get by without going to the dentist for four or five years. Hey, you brush your teeth, and you’re good. But when you get the cavity, you kind of regret not going.
And, in some ways cyber can be somewhat thankless because you can rock along for a while, regardless of what’s happening under the hood, and maybe not run into a problem. And I think that’s the most toxic potential message, right? Nothing bad has happened, therefore. So I think there’s a constant challenge to stay vigilant.
GOVLOOP: With this being a federated state, how does your role itself as CIO vary as compared to one that is more consolidated? Does that free you up to work on maybe more things, such as the MyMississippi Program, as well as the education side?
ORGERON: A lot of times out in the world, if you’re not fully consolidated, you’re thought of as, “Boy, you all have a ways to go.” I definitely think there are challenges. There’s not necessarily a consolidated technology budget. I don’t know if that’s a bad thing. We get a budget, we work with agencies on shared services, and then individual agencies have their own budgets. In my time in this job and in my time in government, I don’t know that I’ve necessarily seen a giant crash of the intersection of priorities not being right.
However, it sounds a little controlling, and I don’t mean it that way, but I do think to get us further down the maturity curve there’s a question to ask, and the question is: “Are we investing the dollars that we spend collectively the right way?” And I don’t think that question gets asked enough.
I’m of the opinion that you can do both. I think you can be distributed with the right kind of governance models, and I think that model can work. I’ve talked to friends and colleagues at NASCIO that are more centralized, and in some ways, once you get behind closed doors and visit, some of the problems and challenges are the same.
GOVLOOP: I actually wanted to ask you about serving as president for NASCIO and bringing that experience back to your current position. I mean, what was that like, what did you learn from it and what did you see from other states as well?
ORGERON: Yeah, it was a tremendous honor, first off, to do it. I get a tremendous amount of value from the NASCIO community, just being able to plug in and understand what other states are doing or how they’re doing it.
So I think that’s a two-way street. You know, I think when you plug in at a deeper level, you have the opportunity to serve, because obviously serving as president is a second job. You have to be cautious because that’s not the job necessarily that the governor’s paying you to do. But in return, I think the friendship and the bonds and the connected issues between being able to reach out to other states, learn how other states are approaching certain challenges – just being on the receiving end of that has been tremendous.
GOVLOOP: You said you all don’t secure a large amount of funding for ITS in general. But what do you advocate for mainly? Is it more so what you think there should be a focus on in the legislative level, or is it more funding matters?
ORGERON: It’s a two-pronged thing. We pay attention to our budget and by the nature being who we are, there is a bigger picture, right? So budget hearings are going on now. We attend all of those to hear what agencies are requesting to be sure that we’re in sync, and we understand what’s going on. All that is part of the funding side.
So we have several kinds of roles there. In addition, we track legislation initiatives of all kinds –you know, cyber, any kind of technology initiative. sit on boards or commissions or working groups to move the state forward. And, to your point, using the word “advocacy” and I would argue, yes. From a political perspective, we would have an advocacy position, which is being at the capitol in and above capacity.
GOVLOOP: I suppose Alexa and those sorts of technologies play into advocating for recognition from the legislature about what technology can do. Is that a central focus of digital government as well?
ORGERON: I do think whether it was digital assistant devices or watches or other devices, we were talking about voice two decades ago. It’s kind of crazy that in the mobile craze, in this device-centric craze, that there’s so much more attention being put on the voice side.
So, a quick story: I was at a conference a handful of years ago, and I got to talking to a friend of mine, and we were talking about the Apple Watch. And basically, the premise was “what can you do on that platform?” I mean it’s tiny. It can be hard to see. It was really when the watch was newer.
And my friend turned to me and said, “Well you know, it’s really all going to be about voice interaction over time.” And I kind of thought, it sounds so common sense now to say it, but my parents are an example. As much as they struggle with technology, if you talk to something and it does what you tell it to do, OK. You know that it brings a whole new context and element in to the fold. So yeah, of course, in a state like Mississippi, connectivity in and of itself is a challenge – much less the device or the other components of what you need.
GOVLOOP: Do you have any tips for the CIOs who might be in similar situations and want to push forward these sorts of citizen and customer experience initiatives?
ORGERON: I tend to think that the innovative cycle is staying pretty tight in terms of moving a solution forward. I don’t think there’s going to be a lot of options for states. Now, you know we’ve seen 36 elections last November. Some of that will bring a lot of change to certain states, so I think you’ll see the ball moved forward pretty iteratively with a whole lot of new governors coming in and then this coming year of moving that forward.