My guest co-host for today is my old buddy and a regular here on CxOTalk, Dion Hinchcliffe.
Dion, how are you doing?
I'm doing fantastic, Michael.
Thanks for having me on again.
Today, we have a very special guest, indeed.
I've been looking forward to this for a long time.
We've got Tony Joyce, Deputy CIO Naval Facilities Engineering and Command of the U.S. Navy.
We're going to talk about all sorts of things.
We do a lot of public sector here on CxOTalk, but I think this is probably the first military
guest, right?
It'll be interesting to hear those stories and how IT works in that world.
Yeah.
Tony Joyce, how are you?
Tell us about NAVFAC, and tell us about the Navy and your role.
NAVFAC is probably best thought of when you look at all the buildings.
The shore infrastructure is really the secret buzzword for what NAVFAC does: the buildings,
of course the planning, land acquisition, and everything else associated with that;
environmental activities on the shore, cleanup or remediation, ranges, and things like that
are also part of our mission; the whole public works function for the buildings that the
Navy owns.
There are over, I think it is, 2 million acres and well over 100,000 buildings and structures
of interest on the shore that we manage or support in various ways.
Of course the construction of that over the last roughly 125 years has been handled by
NAVFAC or its predecessor organization.
We also are the parent organization for the CBs and, of course, they have a long and legendary
history behind them.
NAVFAC, do you guys supply IT for all of those facilities and the CBs?
We do have systems that support the utilities management, utilities metering, utilities
monitoring, energy management, [and] some newer stuff that's associated with smart grids
and things like that, so a lot of IoT in that infrastructure.
[We] can't forget the buildings and the HVAC controls, some monitoring systems for environmental
purposes, [and] various other things that are part of that industrial control environment
that surrounds the building.
Again, as the technical authority for the shore infrastructure, it is our primary mission
or one of our missions--we have several missions--for cyber security purposes is making sure all
of those controls and that building systems are effectively isolated, managed, updated,
[and] supported.
Is this a global facility management mission?
Does the sun never set on NAVFAC, or how does that work?
Yeah, we are a global organization.
Of course, our mission is associated with where the Navy has activities.
The Navy has about 100 bases, and so we have well over 100 delivery points of where we
have large organizations and small.
In some cases we have three-, four-, or five-man offices where new construction is being done
in foreign countries; but in other cases, the Norfolk area, we have a substantial presence.
The Washington area, we have a variety of activities.
And so it's a large and diverse community.
Overall, there are about 20,000-plus people in NAVFAC.
In particular, my role in the organization is the information and business systems of
the organization.
One of my colleagues is the manager of the industrial control environment and the systems
that are going into those buildings or that are necessary to secure them.
I have a different colleague who is responsible for our cyber securing activities themselves
as an authorizing official for that.
You provide the business systems that includes the digital workplace for those 20,000 folks?
The digital workplace that we use is the Navy's Navy Marine Corp. intranet, which is a very
large network: approximately 0.5 million seats scattered across the United States, covering
the Navy and Marine Corp.
Approximately 100,000, I think, Marine Corp., so the majority, 3,000 to 4,000, are Navy
seats.
Of course, NAVFAC doesn't own that.
The whole system is an outsourced contract.
Rather, system is not the right term.
It's a services contract that provides us with our desktops, and our desktops are fully
managed under that construct, are secured, [and] are appropriately detailed.
One of the things that one of my teams does in my organization is ensure that we have
the desktop software that people need and ensure that it is adequately tested, secured,
and suitable for use on the desktops within this environment.
When you think about the cloud, how do you grapple with that concept?
How do you think about migrating to the command?
What do you migrate?
What about the training?
You're dealing with a lot of people, and there's a lot of complexity.
I don't think most of us watching recognize that kind of complexity, so shed some light
on that for us, would you?
We see the cloud as being easier to manage and easier to run.
I think the cloud services that we get--if you will, platform as a service or software
as a service--are generally better integrated and more effective than some of the traditional
services that are heavily client server-based, which is probably the majority of our technology,
although we have a mainframe, IBM mainframe, that's running one of our major financial
supporting applications, a project management tool.
We have externally hosted systems at other data centers that are there for various historical
or other reasons.
Collectively, when one looks at the architecture of our system, we have a rather complex as-is
environment because there are several technology stacks that support these applications.
Again, we've been at this for a while.
We did, essentially, a consolidation of a variety of regional systems and individual
environments into our enterprise data center in roughly a 2010 timeframe or a bit before,
and had been running a centralized hosted, centrally maintained set of systems and services
out of our specialty center that does that.
Tony, when you came up with the idea, initially, of moving some of your applications to the
cloud--and I realize that, for you, 1,500 internal users plus a bunch of contractors
is a relatively small pilot.
Did you have resistance internally to the cloud?
What were the considerations for that?
There isn't, per se, resistance to the cloud.
The difficulties I think we have in getting to the cloud is really the securing of the
systems and the services.
As part of BOD, we are subject to BOD's information assurance controls and requirements.
Cyber security is the slightly more modern term for that.
There are hundreds of controls that we must assess and, in many cases, test in order to
ensure that these systems are suitably protected, secured, [and] operational.
They cover a whole bunch of different areas, so it's not purely for security, but it is
the experience of many years of evaluation of different pieces of software and the different
components of our system.
And so the implementation of systems within that regime turns out to be pretty hard.
Securing, say, the database; we use Oracle.
We install the software, apply the patches, [and] do the STIGs.
By the time you get through all of that, it turns out that various functions may not work
as expected, and so there is a lot of effort and engineering involved in getting these
systems to operate properly within this secured environment.
Yeah, you're describing a complicated environment that I think most people in private sector
IT couldn't begin to imagine.
I think probably your bar for cyber security is far higher.
You've got systems of systems, so clearly are doubling down on the industrial Internet
and have IoT.
You're trying to do this in a kind of verified environment.
What can you tell us; what's unique about NAVFAC IT that we wouldn't expect, we wouldn't
necessarily think about or have to experience in private sector IT?
Well, I think what is unique about our IT is that our diverse systems, which are really
several different technology stacks and different applications, are functioning well together.
We have people that are using our financial management system one morning and then going
into our project management tools, going into our contracting tools, going into reporting
tools, moving over to a GIS, and we have managed to both build all these systems and make sure
they were working within the environment, but also make the information available so
I can link over from my reporting tool back to some of the financial records, source records,
or documentation that might be necessary.
Information sharing has always been one of the big desires in government information
systems.
But, as you well know, the security challenges you have in that information sharing makes
that difficult.
Is that something that you've faced?
Is that something unique, compartmentalization and other things, that are common in the public
sector environment, but we wouldn't necessarily see elsewhere?
Yes, it is.
It is.
It's actually rather difficult to achieve because our desktops, in particular, are secured,
fortified.
The whole NMCI environment is heavily secured.
I can't install software on my system, so I have to use only tested software.
Then the ability of my desktop, say, to connect to a reporting tool is purely through a Web
browser.
I can't DDE or OB, you know, a CD type or other sorts of data connections that people
have come to rely on.
Trying to use some desktop software to access a database is not permissible or possible
within this environment because of the intense security.
How do you balance the need to have a good user experience in such a locked down environment?
Is user experience a concern, or where does that fit?
User experience is a concern with all of our systems, as part of our production process.
We have multiple environments for our systems, and so we have a development environment where
there is a lot of freedom to set this stuff up.
But as we move through a promotion process, we go through from development to a testing
environment, which is very close to what our production environment is.
We go through user acceptance testing in that environment to ensure that the system does
what the user wants it to do.
It's not until we have accomplished most of that testing--I mean no testing is perfect--until
we have satisfied the user criteria and the user testing that have been required for a
particular system change, it's not until that occurs successfully that we allow the software
into production.
We have this pipeline built, and we work our systems, a majority of our systems, through
it.
Our mainframe is a little bit different, a little different constraints.
One of the external systems does things a bit differently, and so there are some variations.
But for the 20 some business systems that we support out of our hosting center on a
regular basis, we go through this for all of those systems and their routine change
management production, promotion, and development.
The user dimension of this is mostly focused on--and I don't want to put words in your
mouth--ensuring the right functionality layered with the right security, essentially.
Well, it's ensuring the right functionality works within a secured environment.
The right security is actually something that is probably more evident in documentation.
It's something that we are doing more documentation and more elaboration on in the course of preparing
for audits of our financially relevant systems.
We have seven systems that have been deemed financially relevant that provide transactional
or critical property accounts to the financial, the actual accounting systems.
As part of the Navy's assessment of the balance sheet, which is being reviewed by independent
auditors, there is a set of requirements that are imposed on us to describe, document, and
test our financially relevant systems to meet a series of the FISCAM required controls and
standards for these systems.
I'd love to talk about that.
The whole governance model for that must be something to behold.
A hot topic, as you know, in our industry right now is this whole conversation around
digital transformation.
Obviously you're isolated from some of the pressures that other organizations.
You've got a mandate, and you own that mission.
What can you tell us?
Are you guys embarking a similar kind of parallel public sector version of digital transformation?
What are your goals and plans that you can tell us about?
How is that process going?
I'm not sure we have gotten to that stage yet.
We are certainly looking at it.
The Navy logistics community has stood up an effort to look at that throughout the logistics
community, but it's a bit early.
We haven't gotten into any actual attempts at transformation.
Where we have been the last couple of years and probably will be the next two years, is
data center consolidation and, again, moving or preparing our operations in order to move
into a cloud environment or even multiple cloud environments because we don't necessarily
see that a single cloud environment will suffice or, as we go through competition as part of
our contracting efforts, we may find ourselves in multiple cloud environments as a result
of competitive […]. I think shifting to the cloud is certainly
a first step in some kind of digital transformation.
We see organizations doing one of two things: focusing much more on getting access to the
data, improving analytics, and starting to foray into things like artificial intelligence--whether
or not you'd believe that's a real term or not--or on customer experience.
You were talking a little bit about usability.
Are those areas of interest?
Are you maturing that focus?
Are you still really working on service delivery as your primary mission?
A lot of our effort currently is in the analytics space, and so we are working on building out
our reporting environment, enterprise information.
We are in the process of building a logical data warehouse that will
permit the analysis of data across a variety of different fields.
Financial information is one of our stacks.
Our property in geo spacial information is another stack.
The utilities and energy consumption and related activities, and then over into budgetary and
financial information, particularly labor and other types of service information are
all kind of separate operational data sets or operational data stores.
We've embarked on an effort to tie those all together into what really is a logical data
warehouse as opposed to some of the more traditional data warehouses of Bill Inmon or other forms,
if I might.
Logical is probably not particularly well understood, and so it is cutting edge and
a fair amount of work to bring all these data sources into this construct and
make the analysis effective and efficient.
This isn't really a big data environment, which I think some people go to, which is
just a data lake; throw everything in, or put it on a cloud system.
That is something that perhaps has some usefulness here, but we don't have an opportunity to
build that within our hosted environment, and it make require us to get into the cloud
in order to use a data lake type non-structured environment in order to do this analytics
more efficiently and more effectively.
Not really, I think, quite come to terms with the digital transformation that I think some
of the leaders are getting to.
We're not that fast.
We have a question from Twitter, which Arsalan Khan is asking, how useful are not has been
the DoDAF, the DoD Architecture Framework for NAVFAC culture?
I guess it's a question about the link between an architectural framework, a technical framework,
and the organizational culture.
Is there a link there?
Yes.
DoDAF is a big deal in certain circles in the D.C. area, for sure.
Yes, the DoD Architectual Framework.
We are required to assess our business systems against the business enterprise architecture,
which is a large portion of the DoDAF framework.
I am not sure how that really relates to culture.
I have found that culture is more the behavior of the organization as opposed to a particular
static construct.
One of the things that I think NAVFAC has and serves well in terms of culture, as I
mentioned, is the CBs are a part of our community, and the CB motto of "Can do," I think permeates
the rest of the business.
We have built the system and manage our IT, I think, equally effectively.
We have found a way or find ways to do things.
Presented with a particular requirement, we managed to buckle up and get the work done.
I think the culture, again, is what you do, not what it looks like or how you put it down
on paper.
Tony, I'd be curious to know.
We talked about the digital transformation of IT, moving to the cloud, and building on
the analytics, but really the hard part is changing the people.
How are you attracting the next generation of IT talent?
You have some mission critical things that you guys oversee.
Certainly, on the cyber security side, you're going to be facing some of the smartest people
in the world who are going to be trying to do their best to compromise the work that
you do.
How do you staff up for that?
How do you attract that talent?
Well, we are hiring cyber talent as fast as we can.
In fact, I think there are two positions open currently.
Our positions are available out on USA Jobs.
Specifically, if somebody goes to the NAVFAC homepage, www.navfac.navy.mil, you'll find
links there to our job section, job announcement, and that'll take you over to the USA Jobs,
which is the actual record of all jobs.
But it's hard; it's a challenge.
Are you guys competing with the Amazons and Facebooks who are soaking up a lot of the
best talent in the world right now?
Well, I'm not sure that it's a level playing field because the government doesn't have
the ability to offer the salary that the Amazons and the Facebooks have.
You have a more important mission.
Why a lot of people go into public service is not because of the pay, but because they
think that they're defending, you know, what's good and what's right, helping people, or
whatever it is.
The public service is definitely an attractive component, as is the mission.
Depending upon where people are, we may not be competing in the same regions as Amazon
and others, and so that may provide us some leeway.
We have perhaps some less populated cities or less expensive cities where we're hosted
than Silicon Valley, so we do have some opportunities for that.
We actually, I think, have a lot of opportunity for younger people.
I know we have an intern program.
We have an ability to encourage and get people, I think, coming out of school into the government,
and there is a lot of interest in working in that space in order to capture people,
to get them interested early in some of this important type of stuff.
Certainly cyber security is being taught in school; and bringing folks right out of school
into our environment is, I think, an easy path into the government to help people learn
because we have plenty of work to do.
One of the things that is, I think, the selling point is, I've got 100,000 buildings we've
got to secure.
It's going to take us a long time to get there.
It's semi-permanent work if people are interested in pursuing it.
But that's not the only point.
We have a variety of things going on.
As I said, we can bring people in on our data center, our operations, our support of our
systems, [and] on the cyber security, so it's not just cyber security.
What are the key IT related, technology related challenges that you see coming down the pike?
One of the challenges is certainly the data management and analytics, making that easier,
making ad hoc querying effective.
The whole arena of unstructured data and unstructured data management also is key because a large
part of what we do and a lot of our data is captured inside contract documents or various
reports, financial documents and such.
Even in this day and age, the government exists largely off of paper.
A large part of the auditing is to ensure that the business processes also have the
key supporting documentation.
As part of the independent audit team, they've been going out and looking for documentation
about the building that may be 20-, 30-, or 40-years-old to determine that the air conditioning
system was properly acquired and the building was properly constructed or things like this.
There is, I think, an awful lot of opportunity in finally getting data out of the paper,
which I am still not too sure that I have seen too many successful technologies that
do it because most of them require manual metadata collection.
How do we automate that metadata?
How do we discover the patterns between different types of documents?
If I can pull the document out of the file, is that a maintenance manual?
Is that a contract?
Is that something else?
What advice would you have for corporate managers that are heading in that direction, a large,
global organization, getting their analytics house in order as they grow and embarking
on things like Internet of Things initiatives?
One of the things we need to focus on, and we hadn't really talked about that as a technology,
is mobile, because all this stuff is not really sitting on a desktop any more.
How do we get it out in the field on mobile devices, people's phones, and so on?
There are certainly user issues about how do you handle large volumes of paper on little,
tiny iPhone screens.
One of the things that we are doing is looking at that environment and looking at what our
requirements are.
How do we get different tools, better tools?
How do we mobile enable our systems?
I think, for the managers, there is a need to orient a bit further out.
What is a purely mobile environment going to look like and how is that going to affect
the sorts of services, really the back office services, that I as a CIO--?
Mobile is a really big challenge.
Are you guys heading in a mobile first direction?
Is that how important it is for you?
I guess you have a lot of field people.
That's correct.
Yeah, we've got about 5,000 field people out of our 20,000-plus population.
They are not well served with desktop machines, and so that's an area we're putting a lot
of attention in supporting them and providing them.
Sorry.
Back to our question about hiring and bringing people in.
Mobile, too, would be an area that we would hope to bring people in to help us with.
That's a definite growth area throughout the government.
Many organizations are behind in mobility, for sure.
That's correct.
We're looking to get rid of our mainframes because the expense is just outrageous.
How do we transform our financial system is actually something that's coming up in the
very near future.
We have one final question.
This is from Naomi Williams, who is not on Twitter, but she's on the Livestream platform.
Very quickly, because we're almost out of time, what are your thoughts on replacing
Microsoft Office on desktops and using Google Suite for government instead?
It's something that we have to contemplate.
Again, we are under federal acquisition regulations, and our ability to maintain a particular environment
or go to a particular sole source, or single source, is limited.
We always have to think about adaptability.
We can't let ourselves get locked into technology too deeply because, in our acquisition world,
we may not be able to get it.
Every time we go out for a collection of services, and particularly on the large-scale ones,
there is a high chance that somebody may be coming in.
The next contractor in the NGEM maybe is NGEM competition could well bring in a different
office suite.
All of a sudden we find ourselves with 20,000 users that we have to help adapt.
That is a part of life in the government and a part of the business that we, as government
managers, have to rely on.
I think industry is perhaps a little spoiled in that they can keep going buying Office
forever if they choose to do so.
The government is not nearly so lucky, and so it does present some challenges to us.
In conclusion, if I may, one of the probably better parts of working in the government--for
those who are interested in doing so--is that there is no lack of challenges in our day-to-day
job.
It doesn't run out.
We never have enough money.
We never have enough time.
We face the competition, a competitive system, and outcomes that we can't expect.
We're heavily leveraged with outsourced contractors or with services from other organizations.
It is an interesting intellectual challenge, and it keeps us busy.
All right.
On that note, we are out of time.
You have been watching Episode #260 of CxOTalk.
We've been speaking with Tony Joyce, who is the deputy CIO of the Naval Facilities Engineering
Command; and my illustrious guest co-host today has been Dion Hinchcliffe.
Dion, this has been a very interesting and in-depth conversation about a sector of the
world that we don't always hear about.
Absolutely.
It just shows how varied the world of IT can be.
I think that more crosspollination should happen between commercial and public sector
IT.
We have a lot to learn from each other, so thank you, Tony, for sharing all of your knowledge
with us today.
Thank you, both.
Glad to help.
Everybody, we have two shows next week.
Tune in on Tuesday and on Friday next week.
Go to cxotalk.com, and you can see our upcoming episodes.
Thanks so much and have a great day.
Bye-bye.
For more infomation >> Manafort, Gates Pleaded Not Guilty After Conspiracy Against US Charge - Duration: 2:39. 
For more infomation >> Russia charges cast U S attorney Boente resignation in new light MSNBC - Duration: 7:53. 
For more infomation >> Man Reportedly Connected To Crime Spree Across Two States - Duration: 2:26. 
Không có nhận xét nào:
Đăng nhận xét