Eight months into the job, CIO Richard Spires discusses plans for creating a 'center of excellence' for program management, department-wide services, and other steps.
Richard Spires was named CIO of the Department of Homeland Security in July 2009, joining an agency in the midst of an ongoing transformation from a group of independent agencies into an integrated department focused on national security. Homeland Security's so-called Unified DHS initiative includes consolidating facilities while constructing a new headquarters in Washington, D.C., and streamlining operations in other ways. The department's "component" organizations include Customs and Border Protection, the Federal Emergency Management Agency, Citizen and Immigration Services, Immigration and Customs Enforcement, the Coast Guard, and the Secret Service.
Spires was formerly CIO of the Internal Revenue Service and, before that, an executive with Mantas, a software vendor, and SRA International, a systems integrator. Now eight months into the job at Homeland Security, he is taking steps to consolidate and centralize the department's IT operations as part of that larger effort. In this interview with InformationWeek, Spires discusses how he's tackling that challenge through a center of excellence for program management, centralized services, and other steps.
InformationWeek: In a recent speech, you expressed concern at a lack of "institutionalization of process discipline, standards, and tools to run programs" at the DHS. What are you doing to fix that?
Spires: We have a department-wide systems development lifecycle, and it's got stages and gates and the like, but beyond that, we just don't have a lot of standard tools or methods to help programs. The components have things they try to institutionalize, but we haven't standardized it across the department. I saw significant improvements when we did that in my commercial experience and even more to the point at the IRS, where we really matured things.
There are some foundational things you need to do to run programs well. For example, you need to have good requirements management, from the initial elicitation of requirements all the way through the lifecycle management of those requirements. There's nothing that gets lifecycle management in trouble faster than not managing that well. One thing we did at the IRS and we're looking to do here is putting together an office that really drives that from an enterprise perspective. We can put out the procedures, the process, the toolset to help project teams do it right. We had a model at IRS where we could provide help to get started, and then if they need help throughout the program, they can get it.
I would like to do that and other things under the guise of a program management center of excellence where we provide these kinds of disciplines across the spectrum, everything from integrated schedule management to risk management, configuration management, requirements management, and test management.
InformationWeek: Homeland Security has fairly independent sub-agencies in ICE, CBP, and others, but Secretary Napolitano is pushing for "One DHS." How do you see that coming together from an IT perspective?
Spires: When I came on board, one of the things I noted was that this is a federated model, meaning that I have overall responsibility for IT in the department and I have the Office of the CIO here at headquarters, but we also have IT organizations throughout DHS, and they vary in size from very large, like CBP, to relatively modest, like S&T.
I noticed there wasn't a clear dividing line between what we were trying to do at an enterprise level versus what should be left to the components to do. In early December, we had a two-day offsite meeting where we brought my management team and my direct reports together with the component CIOs and their deputies. I talked about how important it was to get better clarity around where are we drawing the line between what we're going to do enterprise-wide and what we're going to leave to the components.
Some of that is pretty obvious--for example, to get to one physical wide area network infrastructure called OneNet. And the data center consolidation effort; we're trying to get down to two enterprise data centers, and they would be administered by us at an enterprise level.
But pretty quickly, you get into some gray areas. We're really still working through this, but I think we made some good decisions. Let me give you an example; right now we are operating 12 different e-mail systems. They're all Microsoft Exchange and Outlook, but there are actually 12 instances. We decided that we want to strive to provide e-mail as an enterprise service out of the two data centers. There's an example where right now each of these e-mail systems is owned by those components, but we're going to centralize that as a core enterprise service.
Some programs are mainly aligned by component, working to meet component missions, and I don't think in any near term we're going to change that model, although I point back to a center of excellence where we provide better help to these programs overall. I think we've got a better dividing line now, and it really comes down to that base infrastructure at the network and the data center level being enterprise, as well as some of these core enterprise services.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.