With New CIO in Place, OPM Turns to Familiar IT Modernization Playbook
As the Office of Personnel Management continues its journey of IT modernization, it relies on a familiar and proven playbook.
Guy Cavallo has been with OPM for about 11 months, first as senior deputy director of information, then acting director of the agency’s IT in March. He got permanent job last month.
Now he’s building on the lessons he learned in the Small Business Administration, from moving to the cloud and adopting cybersecurity tools to retraining the IT workforce.
“I’m leading a big push to the cloud like I’ve done in my other two agencies,” he said. “I have an almost predefined 90-day approach on how to move an agency to the cloud in 90 days. I did it at the Transportation Security Administration. I did this SBA. Now I have refined it at OPM.
“We have established a cloud community of excellence,” he added. “We did our 90 day sprint. We have our initial architecture. We have our broadband connections in place. We are starting to activate cybersecurity tools in the cloud.
OPM still has several large legacy applications and mainframes, and its cybersecurity architecture to date is primarily on-premises. But Cavallo said OPM is gradually embracing more cloud-based cybersecurity tools, with the ultimate goal of running a mix of the two.
Ultimately, he wants to reduce the number of tools in OPM’s cybersecurity structure and make better use of the tools already in place.
“If I buy something, I try to use 100% of it, instead of buying five things and using 20% of each and having that overlap,” Cavallo said. “There are a lot of tools in use at OPM today and I think we will be better off by reducing the footprint. “
This general philosophy also applies to Cavallo’s approach to training and developing OPM’s IT staff. Listening sessions with OCIO employees prompted him to look for more free online training sessions for IT staff.
“Not only at OPM, but I’ve heard this from other CIOs as well, there’s a strong belief that you have haves and have-nots,” Cavallo said. “You had favorite CIOs that could take training, and it could be $ 5,000 to $ 10,000 training. They could go and everyone would be told that there was no money for training.
OPM has a corporate agreement with Microsoft. Cavallo said it has leveraged this deal and signed up for Microsoft’s enterprise skills initiative, which allows it to offer online training to every OCIO employee.
“It immediately leveled the playing field,” he said. “All the big cloud providers are doing it. There are many free, high-quality training available today from major vendors. “
He also instructed OCIO employees, from administrative assistants to contract managers, to complete a two-hour introduction to the cloud classroom.
“I want everyone to know what we’re talking about. I was happy to see people step in and do that, ”he said.
Where the cloud is a central part of an employee’s job, Cavallo said his office would reimburse staff for taking and passing certification exams. As a result, more people are getting cloud certifications than ever before, he said.
“I need my legacy workforce,” Cavallo said. “I can’t just tell everyone to go and put it all in the cloud when I’m running final mainframe code that can be decades old. The best thing is to train them enough so that I can pair them with a cloud specialist, and we can re-platform this app or rewrite it with the legacy knowledge and also the latest technological knowledge.
Cavallo will also rely on another point of its IT modernization manual: playing nicely with the CFO.
“What I’ve learned throughout my career is that if the CIO doesn’t have a strong partnership with the CFO, you’re in trouble. The CFO controls your money. Something that I have always done is build this partnership. One of the first things I try to do is say, “On my current budget, if I can cut my own spending on investing in the cloud, will you let me keep the money? If you have a bad relationship with your CFO, you will lose that money and they will suffer the cuts.
However, this approach will not cover all of OPM’s IT modernization needs, especially as the administration develops new cybersecurity requirements for agencies every month or so.
To help OPM better comply with the terms of the recent cyber decree, for example, Cavallo said he had two pending applications with the Technology Modernization Fund Board, which would help OPM adopt cloud and zero trust solutions.
The agencies submitted just under 100 proposals for a share of the billion-dollar Technology Modernization Fund.
And to help OPM secure additional funding for IT modernization, Cavallo draws on another set of lessons he learned during his time at SBA.
The Biden administration is pushing Congress to establish new IT working capital, one of many recommendations the National Academy of Public Administration made earlier this spring in its report on improving the agency.
According to the proposal, OPM could transfer up to 3% of unspent salaries and expenses into working capital for IT modernization efforts.
So far, only the SBA has been able to secure congressional approval for its own IT working capital.
“We definitely took the language that we approved at the SBA, and reused it for OPM and said, ‘Hey you already approved this once, let’s do it again,’” Cavallo said.
A seven-bill minibus, which cleared the House at the end of last month, allows the OPM to create its own IT working capital in fiscal year 2022. The Senate has yet to weigh in on this matter , let alone presented a full set of 2022 appropriation bills.