It’s more than just a thought exercise. Their clean-slate wish lists help to paint a picture of what might be possible. From governance structures to funding mechanisms to hiring schemes, they describe a range of creative changes that could help to put IT on a stronger footing going forward.
To see all responses, click here.
If you could start a government IT shop completely from scratch, what key steps would you take? What would you change?
I would establish governance right off the bat. This is assuming that everything is brand new, that we’re a newly formed government and there’s no history of bad behavior that this government entity has adopted over the years. In that case I would start with putting a governance process in place.
You need that in order to understand your projects and purchases, to manage the renewals that would eventually creep up after year one. You need it in order to have a solid understanding of what is in your environment and what is accepted.
The second thing I would do, as part of this governance process, would be to address risk. You can’t secure everything all the time. You don’t have an endless army of people, nor do you have an endless bank account, so you really need a well-put-together program to assess risk.
Why would this approach be better than your present setup, or better than the current norms?
In many organizations, I have seen the silo effect. Back at the state level, you typically have commissioners and the commissioners want to do their own thing. You have technologists that whisper in the ears of people, and everybody just wants to have their own little kingdom and they don’t want you to be a part of it, they don’t want you telling them what to do. Governance can help to knock that down.
In government, people are resistant to breaking down the silos, they’re resistant to centralization because they feel that their job is going to be taken away. In fact, they’ve usually absorbed all these other responsibilities, and their job has morphed over time. With good governance driving centralization, we’re releasing them back to doing what they were supposed to do, while the centralized organization takes care of the heavy lifting around common IT operations.
We’ve seen it in the federal space, where we successfully convinced people that centralizing does not take away their jobs. It actually allows them to do their jobs more effectively.
What challenges would this new model encounter, and how could these be overcome? What would it take to make this real?
The challenges are around culture change. No. 1, you have to have buy-in from leadership. Without that, it doesn’t mean anything. Then, you make people part of the process. You make it transparent. You’re being really crystal clear with them that this is why we’re doing this. And you elicit feedback from the organization.
You have to have everyone’s departmental needs in the forefront of your decision-making. It might not be 100 percent: If you have 30 departments, like I do in Phoenix, you have to try to balance them, and sometimes it might not go over completely smoothly. But the overall idea is, you make them part of the process. Then they understand that you have their best interests at heart.
Shannon Lawson has been CISO of Phoenix since April 2019, and previously worked as Alaska’s first CISO. His career includes tech work in private industry as well as the U.S. Navy.