If you have been at a recent Washington Capitals hockey game when the opponent scores a goal, you know the crowd routinely shouts out “Who cares!”

Last week, Steven VanRoekel, Federal CIO, released the long awaited OMB plan for the Federal Risk and Authorization Management Program, or FedRAMP; which reminds me to be thankful for pronounceable acronyms. The purpose of FedRAMP per the implementing OMB memorandum, is to “provide a cost-effective, risk-based approach for the adoption and use of cloud services”.

So were I a federal CIO, which I was, or an executive working for a provider to the Federal Government, which I am, what are the short- and long-term implications?

First, and most important, I think there are short- and long-term implications, which is not always the case with long awaited announcements and OMB produced memoranda.

However, I suggest the longer term implications tie more to the general topic of infrastructure rationalization than focusing specifically on the ever popular and impossible to avoid ongoing cloud frenzy.

It has long been my contention that while the IT focus in commercial organizations should be top-down to be most effective, in federal government it is the opposite: better off focused on a bottoms-up approach.

This difference reflects how funding, or revenue, is achieved.

In a commercial company revenue comes in from customers, is filtered through a sales organization and the decisions are controlled by executive leadership. IT leadership focuses on using the defined strategic goals to drive derived IT goals down into the rest of the organization.

In a government entity, funding comes through the appropriations process, and except in very rare circumstances, such as the Veterans Administration, is associated with the individual components that make up larger agencies or department, rather than with the overall mission of the department.

The real value of initial cloud implementations is they represent the next big step in allowing federal CIOs to get a handle on what IT provisioning is going on within the organizations.”

Because of this, the first hurdle for government CIOs is overall situation awareness; discovering what IT assets exist and figuring out how to put in place configuration management to keep track of those IT assets.

To just take one example, when OMB started pushing to consolidate data centers, it took months or longer to get an accurate inventory of how many data centers there were, let alone put together a plan to consolidate them.

Reducing costs is a reasonable goal to associate with cloud computing. Be warned that recent articles question whether cost savings will be large as some are articulating. See, for example, the discussion I participated in this last Friday on the Federal News Radio Countdown, hosted by Francis Rose.

The real value of initial cloud implementations is that they represent the next big step in allowing federal CIOs to get a handle on what IT provisioning is going on within the organizations. Every application that is moved to the cloud is one that now is visible to and can be managed and measured by the CIO. Consistent security approaches can be taken. And it is the inconsistencies, not whether an application is internally hosted or externally hosted, that lead to security weaknesses.

There are a few additional specifics from the OMB memorandum that I wanted to note.

First, the process still has some time before it will be put into place. The goal is to have the FedRAMP PMO, to be run by GSA, operational no later than 180 days from issuance. This follows interim steps including establishing formally the list of security controls, creating a Concept of Operations, and creating a charter for the Joint Authorization Board (run by DoD, DHS, and GSA) dealing with governance.

Second, it will interesting to see how robustly the effort will be funded over the next few years. Congress has not been consistently supportive of shared service implementations. From my stint at DOT, I remember the difficulties that OMB had keeping the various eGovernment initiatives sufficiently funded.

While outside the scope of this write-up, I contend that one reason that DoD continues to make progress in this area is because of the existence of a home, what I refer to as a “center of gravity”, for managing the resulting shared infrastructure, namely DISA. While I have nothing but the greatest admiration for Richard Spires and Casey Coleman, running shared services is not currently the primary mission of either DHS or GSA respectively.

Third, I found it interesting that both the CIO and the chief financial officer need to certify together the list of all cloud services that cannot meet FedRAMP security authorization requirements within their agency. The dividing line between what is expected from CIO’s and CFOs regarding program management is not always clear cut, and is made even less clear when the CIO has been folded underneath the CFO.

In April, 2009, I asked the question “Why are 42 or so different procurements now looking at clouds?” I was quoted as saying that I thought that instead cloud computing could be offered in a way … in which any federal agency can access a handful of major … contracts.”

And now a little over 2 ½ years later, we are only six months away from saying “You can.”

Daniel Mintz is chief operating officer of Powertek Corp. He served as CIO of the Department of Transportation from 2006-2009.

A few days ago I was talking to one of the employees about working with others and they mentioned how they felt a person had to earn trust and I realized that I took a slightly different perspective and at least to some extent this difference in approach reflected different leadership styles.

One way I differentiate leaders is between those who want to avoid losing and those who want to win.

The former tend to micromanage people, usually find someone to blame (other than themselves), are able to be successful though often as individuals which may or may not build an organization, and are not fun, at least for me, to work for.

The latter tend to tolerate failure, are more fun to work for, and I believe are more able to grow organizations.

Each brings their own price to the table. The losing-avoider finds it more and more difficult over time to find out accurate information since people are reluctant to provide information on problems only to get blamed. The same goes for risk takers who will always fail at least part of the time as their work ‘outside-of-the-box’.

The winning-desirer often will over-trust and often will not invest enough time in oversight activities, which is doubly important for someone who delegates a great deal of authority.

Both can be successful and if successful enough that alone will attract people to work for them. However in the long run it is those leaders who want to win that are most likely to create large and thriving organizations, because the resulting culture is larger than them. Losing-avoiders end up with organizations that are only about themselves as individuals.

Coming back to the conversation I mentioned at the beginning, it occurred to me that this was just one aspect of the same overall theme. Leaders who want to avoid losing lean toward having people earn their trust. Leaders who want to win lean toward trusting people unless that trust is lost.

Smart leaders who want to win remember to “trust, but verify” and I continue to strive to do both.

A student wrote:

“Who has time to share information? Codifying one’s knowledge can be a very time intensive task. While many people share their knowledge via blogs, wiki’s and other such tools, getting individuals who are already overburdened to do this can be a challenge.  I’ve seen organizations try to force its employees to do this kind of thing resulting in very shallow products.”

From this conversation, I started to consider how this relates to some of the work my company, Powertek Corporation, www.powertekcorporation.com, has been doing with knowledge management. It seemed to me that in the end in the simplest sense knowledge management like information sharing solutions are all built upon the foundation of tagging information in a fashion that allows retrieval.

In the interactions I have had with Jeff Jonas, http://jeffjonas.typepad.com/, one of the smartest people I have met who studies all of this, he has impressed on me the importance of tagging information when it is ingested. Doing so afterwards is something liking trying to add the Dewey Decimal coding to a book after you put it on the shelf in the library. It would take so long to find the untagged books you typically wouldn’t get around to it.

If I can digress for a moment, and since this is my blog I guess I can write anything I want anyway I want to, while I was at the Department of Transportation and while watching what Vivek Kundra is trying to do with dashboards, I have pondered a similar issue – what tends to make some performance measurement systems and dashboards successful and some not.

I have come to believe that those dashboards whose metrics are automatically generated by the performance of the action being measured have a greater chance of surviving over time. The reason is that whenever an intermediate step is needed to generate the dashboard entries, organizations have many reasons to reassign or eliminate altogether the resources used to perform the intermediate step. Thus useful and even pretty successful measurement systems often last only as long as their sponsor stays and stays engaged.

So the common thread would be that the ‘sharing’ and ingesting into the knowledge management system, that is the tagging, should be accomplished when the information is created.

Looking specifically at knowledge management implementations that I am familiar with, most do the knowledge management part after, and often long after, the knowledge creation. The question then becomes whether it is necessary, or practical, to move tagging and ingesting to the actual knowledge creation.

I am sure experts in the field already know the answer to these questions, but if so, they often don’t seem to have sufficient impact on the large number of unsuccessful knowledge management implementations.

For most of my professional career I did not particularly think about the differences between management and leadership. I was not in a position where it mattered particularly; I was always ‘in the room’.

Generally I was either managing a single large program generally customer facing or managing people who themselves were managing single large programs. The way one achieved results was to use the importance of the program, either due to the importance of the customer or the size of the program, to leverage the rest of the organization I was working for.

“You need to listen to what I am asking”, a typical interaction would occur, “This is worth $100 million to us this year.” Few had the nerve to say no at that point.

When the projects were small it generally meant the other part of the conversation WOULD have the nerve to say no.

As the years passed, I was given additional responsibilities and had to learn to prioritize and help my staff prioritize better, but fundamentally had the same kinds of responsibilities.

In early 2006, I was appointed the CIO for the US Department of Transportation. Suddenly I was in a situation where I had hundreds of people reporting to me directly and thousands who I had at least nominal impact on through the myriad policy responsibilities that a Departmental CIO was responsible for.

I had sort of very faint dotted line relationships to all of the DOT agency CIO’s, created by the Clinger-Cohen Act, which established what I refer to as the negative authorities of CIO’s. By negative authorities I mean the Act gave CIO’s the authority to prevent results, for example not agreeing to a budget submission, but much less power to implement results, for example, without Department or Agency specific legislation or implementing authority, a CIO couldn’t consolidate or modify the resulting budget.

My ability to get things done was almost completely dependent, not on managing a project, but on providing leadership, whatever that was, to get people to do what I wanted without the direct ability to tell them to do it.

Now that I serve as the Chief Operating Officer at Powertek Corporation, www.powertekcorporation.com, while a bit smaller than the Department of Transportation, I still have the same issue of having indirect impact.

Having thought about this a lot over the last almost five years, I have come to five thoughts that provide me with some direction as to how be a good leader, or being perhaps a bit more realistic, to be as good a leader as I can be.

THE NARRATIVE. In my opinion the best leaders are storytellers. They explain how they want people to behave and what values are important to them by telling stories of behavior illustrating those values and actions. It amazes me how often I find out that the stories I have told are repeated to others. Amazed and pleased.

If you have read biographies of President Lincoln you will read how many anecdotes he told.

Even people who do not consciously or explicitly do this, they still are conveying a narrative about themselves and what they expect from others. How often they talk about their family, what they wear, the jokes they tell (or don’t tell), how they deal with people, whether they raise their voice or not, and so on.

NIGHT AND DAY. If you are in a leadership position everything you do and how you do it is watched and analyzed. It all becomes part of that narrative thing, whether you like it to or not or intend it to or not.

My father-in-law, a wonderful person I have been very lucky to get to know, used to tell me when he was President of a manufacturing company in Michigan, that when he was feeling sick and acted that way around the office, this impacted negatively the work of everyone at the plant. At first this surprised him, but over time he came to understand how important how he acted every day was.

About a year after I started at DOT, a young woman who worked for me asked for a meeting. When she came in she told me that she had heard that I was in a good mood and thus wanted to go over some difficult issues that she needed to be resolved. I reflected on the fact that never before in my business life had anyone cared about what mood I was in, or generally noticed.

I reached out to a wonderful person, Shelley Metzenbaum, who is now an appointee within OMB, who gave me advice about being a political appointee at DOT. Shelley told me “Political appointees are unable to talk in a whisper.” Wise advice. Over time I have come to recognize that this advice is true for all people in very senior positions in any organization.

BE TRUE TO YOUR SCHOOL. My final comment about narratives is to emphasize that the most important aspect of the narrative is to be true to who you are. Over time people can tell if you aren’t. The rare exceptions being if you are an extraordinary actor or a professional politician. When people detect a false note, everything else you say or do will be much less likely to be paid attention to.

I have read many books about leadership which provide lots of advice on how to act. All the advice in the world is of limited value if it is inconsistent with your nature. Understand yourself and go with that.

ROADRUNNER VERSUS COYOTE. I tell people who work for me that sometimes you have to go running off the cliff without knowing if you are the Roadrunner or the Coyote, http://www.youtube.com/watch?v=fUq9hynzCVo, and not knowing how far down the ground is.

If you want people to attempt great things and run off cliffs for you, you need to be there to catch them and not blame them for trying. Toleration for the occasional failure is a characteristic to me of great leadership.

EMPATHY, NOT SYMPATHY. I read somewhere that leaders needed to show empathy, but not necessarily sympathy.

What I take that to mean is that it is important to understand the motivations of the people who work for you. You want to use those motivations to support your goals. You double the level of energy by having people working toward your objectives both to support you and to achieve their own goals.

At the same time, you have obligations to the entire organization, not just one person within it. Sometimes you are able to scratch individual itches, but often you cannot or at least not in the way that the individual might like.

TREAT PEOPLE WITH RESPECT. I say frequently that people will never act better than they are treated.

If you treat them poorly, not sharing information or objectives, just ordering them around, not empowering them in any fashion, most will act just like they are treated and no more. To have a successful organization you need people to take ownership of their responsibilities.

IN SUMMARY. So there you have it my five rules of leadership, reworded slightly:

• Understand and articulate a coherent narrative that explains to everyone what kind of person you are and what kind of organization you want to lead
• Recognize that everything you do regardless of the setting impacts on that narrative
• Be authentic, people will see through a false story over time
• Tolerate risk taking and its inevitable partner, the occasional failure
• Treat everyone with respect

I divide leaders into two types, those that want to win and those that want to avoid losing. These rules will help you be the first type, the winners, who are much more enjoyable to be around and build the best organizations.

“When I use a word,” Humpty Dumpty said, in a rather scornful tone, “it means just what I choose it to mean – neither more nor less.”
“The question is,” said Alice, “whether you can make words mean so many different things.”
“The question is,” said Humpty Dumpty, “which is to be master – that’s all.”

And thus it is with Cloud Computing. The question on the table is whether we are to be the master of the Cloud Computing concept and what it means to us as practitioners and/or users or whether we will treat it as magic providing whatever value we have need of during that moment in time.

For those of you, who are willing to brave Washington during the Nuclear Security Summit, April 13, I encourage you to drop by a Digital Government Institute sponsored event called “Use Secure Cloud Today to Optimize Customer Experiences”, being held at the Willard Hotel, from 8:30am to 1pm; registration opens at 7:45am.

I was asked to be on a panel at the conference starting at 10:30 entitled Meeting Customer Expectations In the Cloud, Practical Experience”. The panel will be hosted by Chris Dorobek, the ever popular host of the Federal News Radio afternoon show The Daily Debrief, and is scheduled to have:

• Gil Guillen from the Office of Electronic Services at the Social Security Administration;
• Laef Olson, CIO, RightNow Technologies;
• Thom Rubel, Vice President, IDC Government Insights; and
• Joe Thele, Director Air Force Personnel Operations Agency.

Based on the last phone call interaction with the other panelists Chris will lead us through three sub-topics:

• Current status,
• Thoughts on why one should consider ‘doing’ Cloud Computing, and
• Examples of lessons learned and how to deal with the barriers that tend to get in the way when doing so.

It should be fun and informative.

You can get further information at:

http://www.digitalgovernment.com/Events/Conferences/Use-Secure-Cloud-Today-to-Optimize-Customer-Experiences.shtml.

And as an added benefit, you can go out before or after and demonstrate for or against the Summit activities.

The webinar, moderated by Adam Ross, the Managing Editor from the SANS Institute, will focus on some of the challenges faced in creating secure Federal Systems. With the growing movement for speed-to-market and the movement to the cloud, and associated buzz words, and with the increased publicity about cyber-attacks, how we should best deal with such issues is becoming a still greater issue.

Pat and I will look at these issues in three parts.

First, we will look at the context that we now face. I find that without understanding the context of a problem, it becomes difficult to really deal with the systemic issues. Second, I will review some of the high-level goals that I would focus on, putting on my now dusty CIO hat from my Department of Transportation days. Finally, Pat will tackle real-world issues with implementation suggestions, looking at how to integrate security planning rather than dealing with it as an afterthought. He will also offer his thoughts relating to SCADA design issues (Supervisory Control and Data Acquisiton – e.g. computers managing things like the electrical grid, power plants, and so forth).

Registration details are at:

http://event.on24.com/r.htm?e=195825&s=1&k=D14C3C31F1889E77A82E235253D58190

The Government Executive website is at: http://www.govexec.com/

Powertek Corporation’s web site is at: http://www.powertekcorporation.com/

The Nuclear Regulatory Commission’s web site is at: http://www.nrc.gov

In this entry I wanted to give a Workshop committee update, encouraging readers to either comment here or send me an email, and also talk a little bit about ACT-IAC.

Management of Change Workshops

Each year Government and Industry IT and associated functional leadership get together to discuss key challenges facing the Government usage of IT. This year the conference is being held in Philadelphia, May 23-25, http://www.actgov.org/EVENTS/MANAGEMENTOFCHANGE/MOC%202010/Pages/default.aspx.

Monday afternoon there will be four workshops, two per session. Our current thinking is to focus on the following four topics:

Panel 1: Increasing Citizen Engagement

One of President Obama’s Technology Guiding Principles is “restoring a culture of accountability through openness and transparency of government operations and information.”  Part of this initiative involves opening communication and increasing engagement with citizens..This panel will bring together individuals from different lines of business and organizations, who have had experience with these efforts to not only discuss their efforts and the technologies used, but also best practices and lessons learned and how to measure whether these efforts have actually resulted in the desired results. 

Panel 2: Top Commercial Practices by the Global 500; Organizer

This panel will present CIOs from global, industry-leading companies discussing their solutions to challenges common to CIOs everywhere. Our plan is to select 3 or 4 topics from the following list to focus on:

• Program management, program managers, project failures
• Budgeting, budget justification, capital planning
• Interactions with executive managers, bringing value to product managers
• Recruiting staff, training staff, retaining staff
• IT Security, balancing risk and cost, publicizing breaches
• Standards, policy enforcement, working with component CIOs
• Oversight, audits, transparency 
• Cloud versus CoBOL – Risk of implementing new versus risk of maintaining old 

Panel 3: Human Capital: To Insource Or Not To Insource?

Today’s political climate has the President and the Congress putting pressure on Agencies to insource contractor jobs, in particular those jobs having to do with acquisition.  OMB is providing new guidelines on what is inherently governmental.  Join panel members as they consider the value added (or not) of increasing the federal workforce.  Gain insight into the challenges associated with altering the federal employee /contractor employee staffing proportions.  Consider the operational and cultural adaptations necessary to effectively move professionals from the private to the public workplace.  Share insights concerning how a partnership of government and industry can contribute to efficiently accomplishing a major workforce transition.  Perhaps, most importantly join the panel in examining possible and probable impacts to agency mission and how to mitigate potential risk to high profile projects.

Panel 4: Innovation and Performance focusing on Sustainability/Green IT focused

The Green IT track provides a forum for presentation and discussion of planned and ongoing Green IT initiatives designed to provide new services, improve operations, and reduce the cost of IT. Topics of discussion include energy efficiency improvement of data centers, green computing initiatives, new communication tools, improved operations of legacy systems, and leveraging new technology.” 

Our Thoughts 

We want these to be much more interactive than in the past. Typically these panels have a moderator and three-to-four panelists. Each speaks for 10-15 minutes, then the audience gets to answer a few questions, with the moderator having a question handy in case everyone is too shy to ask anything. 

We are thinking of doing a debate for Panel 3 picking speakers who will be on different sides of the premise of the panel. For some of the other panels we are thinking about posting a summary of the panelists opinions and pass copies out before and at the workshops. There would be no formal presentation, rather the entire interaction would consist of the audience asking questions or presenting arguments and having the panelists respond. 

What Are Yours? 

What do you think about the topics as well as the areas of focus for Panel 2? Any comments on format? Suggested panelists for any of the panelists? Questions about the Management of Change conference or as it is popularly referred to as MOC? 

If so, feel free to add a comment here or send me an email at dmintz@powertekcorporation.com and I’ll pass your comments on to the organizers of each of the panelists. 

A Final Word About ACT-IAC 

For those of you who have not heard of ACT-IAC, it is a great organization to join if your company hasn’t joined; and participate in if you have not done so. 

You get to interact with great people, learn from serious practitioners inside and outside Government what the real issues are, and how they are grappling to deal with them. 

Perhaps most important you have the chance to make some great new friends. 

http://www.actgov.org/Pages/default.aspx

Despite my decision to move, CSC, the company I am leaving, continues to be a  great place to work  with committed and talented employees, many of whom have become friends over the last year. So why did I leave?

Simply put, it became clear to me that my need to help grow something and bring about change within my workplace is greater than I had realized. While I valued my time at CSC, my fundamental worth there was related to what I was not what I did. It brought home the fact that my happiest times were when I was valued for the changes I helped bring about.

At the US Department of Transportation I had in many ways the perfect position, at least for me. I was able to take advantage of my experiences to provide strategic insight into the use and management of Information Technology. I used my capital-P political experiences to work with the small-p organizational politics of being a Departmental CIO. At the same time I was lucky in that the DOT CIO had responsibility for a significant operational segment of the Department, managing the desktops and telephones for headquarters and a growing percentage of the field offices as well as a data center for the non-FAA agencies.

I tell people that during my three years at the Department of Transportation, no-one ever felt that any one person was in charge of Information  Technology BUT they agreed that IF someone was in charge it would have been me. I was able to use that general opinion to cause more change than I had expected.

Powertek provides a comparable opportunity to the one I had at the US Department of Transportation. This is a chance to bring my background in the public and private sector to support the development and implementation of a strategic vision, and to utilize my leadership skills to mentor employees who have less experience and to provide operational and tactical direction. I feel very lucky and privileged to be part of a company that has been very successful thus far but with hard work has the potential to make even more of a difference in the future.

As usual I am always interested in receiving input from the larger community. If there are people out there who are willing to provide advice regarding growing and transitioning an 8a company and/or would be interested in talking about business opportunities or partnerships, please feel free to reach out to me at dmintz@powertekcorporation.com or my personal email at dmintz@ourownlittlecorner.com . You can also find me on Facebook or follow me on Twitter at technogeezer.