, ,

What IT Modernization Looks Like at SBA

The Small Business Administration (SBA) went from a D+ to a B+ in its Federal Information Technology Acquisition Reform Act (FITARA) score over two years, marking the agency’s efforts to mitigate IT inefficiencies in government.

The change didn’t happen overnight, SBA Chief Information Officer Maria Roat explained in an interview with GovLoop. Cumulative effort over the past two years in the areas of inventory and software license management was ultimately reflected in the score. Roat talked to GovLoop about IT modernization initiatives, challenges and more.

The responses have been lightly edited for brevity and clarity.

GOVLOOP: Who exactly was involved with driving IT modernization forward in a cumulative way?

ROAT: At SBA, we try to move quickly on all our modernization initiatives. We drove innovation into everything we were doing and we did not take little steps; we took some very big steps on our modernization. I set some very clear goals and expectations on what we were doing and where we were headed.

We continue to push the envelope on many of the initiatives. For example, two years ago, we were the first agency to spin up the CDM [Continuous Diagnostics and Mitigation] in the cloud. Last year, we were a pilot for the Trusted Internet Connection (TIC) initiative. We, through the spirit and the intent of the TIC, were able to put forward a viable alternate solution. We are taking the same approach with CDM and evaluating outcomes that need to be achieved. We questioned the approach and kept the intended outcomes in mind.

GOVLOOP: Looking back on the process of reaching or progressing towards your IT modernization goals, what would you improve?

ROAT: You can’t do everything all at once. You have to balance the work required with the budget you have, the skillsets of your workforce, the contracts you have in place, and support you have organizationally.

We had such a big turnaround here as we’ve been innovative, relentless, incremental and methodical. We take a measured risk approach and there are some things we’ve tried that didn’t work, so we adjust and continue. Given what we inherited on our infrastructure and our network, sometimes a change is made in one area that should not affect something in another area on the network, and it does. I’ve been very clear: Don’t point fingers; fix it and move on.

GOVLOOP: Do you have any plans for this year as to what you’re going to do to further IT modernization?

ROAT: We continue to take an enterprise approach, eliminating silos. For example, we are nearing completion of onboarding all of our program offices into enterprise security services. Services include security monitoring, incident response, vulnerability management, patch management, and penetration testing. This enables greater visibility and consolidates and standardizes on tool sets.

So this year, not only are we focusing on wrapping up the work on our core infrastructure modernization, we’re continuing our push on monitoring and modernizing the desktop with the rollout of Windows 10 and Office 2016.

GOVLOOP: Did you face any challenges with regards to IT modernization? How did you overcome or tackle those challenges?

ROAT: Modernization isn’t just technology. It needs to take into account the workforce that knows the business of SBA. I’ve been trying to take the long view on our IT workforce to prepare for the future. I am evaluating what we need to put in place for training, and how do we raise the IT workforce skills to support high-value work. Last year, we completed an IT Strategic Workforce Plan. This year we’re focusing on IT competencies, training, how we’re going to up-skill the entire IT workforce. I don’t want to train the IT workforce for the work we’re doing yesterday, or the work we’re doing today, but to lay the groundwork for the next few years.

In terms of other challenges, 2.5 years ago I inherited a turnover of CIOs and acting CIOs. Stability in the leadership team is critical and reinforcing to my team that I wasn’t going to leave after 12 months or even 24 months, that I was here for the long haul, was a challenge.

There is a cultural aspect as well. You have to allow people to make mistakes and learn from them. We’re very forward-leading, we do accept risks, and we want people to be creative, dynamic, to think outside the box and come forward and bring their ideas. You change a culture by doing things differently. That’s what we’re doing. We’re doing things differently to drive culture change, to really get people to think about innovation, to take risks and leap forward.

GOVLOOP: So what advice do you have for other agencies who are looking to modernize?

ROAT: From my perspective, we don’t plan to plan. We take action and try to be creative along the way. Here’s our target; here’s where we’re headed; this is what we’re doing; let’s go. We certainly have trackers, dashboards, and metrics. But taking action is important.

Stop talking about doing things; do it. We work in sprints, and daily standups are important. Are yesterday’s actions complete? We’re continuing to move on, on the active projects, continuing to take actions. Not planning to plan.

GOVLOOP: What advice do you have for agencies in terms of change management?

ROAT: Communication is important, as well as setting goals. About every six weeks, I hold a CIO forum to continually communicate status and progress. The CIO forums are an opportunity for program or project managers and SME’s to share. Communication with the front office, program offices, communication to the workforce – vertical and horizontal. Over-communicate, over-communicate, over-communicate. Sometimes I still think we don’t do enough because people don’t always get the word.

We’ve turned on different communication channels at SBA. We’re not relying exclusively on e-mail, but instead turning to the intranet, Yammer, or even posters in the lobby downstairs and by the elevators. I have a CIO Connection on Yammer, and my office hosts several other Yammer forums for the technical community. It’s hard to do, but you have to communicate.

What is your agency doing to further IT modernization? Let us know in the comments below.

Photo Credit: Digital Government Institute Flickr

Leave a Comment

One Comment

Leave a Reply