Preparedness is the Key to Deal with Constantly Changing Technology

André Mendes, CIO, U.S. Department of Commerce

André Mendes, CIO, U.S. Department of Commerce

As the CIO at the U.S. Department of Commerce (DOC), André Mendes has overall responsibility for the organization’s strategic IT direction and for the regulatory and legislative compliance across all the IT landscape, executive orders, and mandates that affect the federal government IT systems. He has established a technical statement of direction that focuses heavily on eliminating duplication across the bureaus and creating consolidation and economies of scale. The statement of direction also concentrates on aggressive migration into the cloud and away from legacy environments. Over the last two years since  Mendes’ appointment the Department has made significant progress in terms of regulatory compliance as well as IT portfolio management.

Previously, as the CIO of the International Trade Administration (ITA)—the DOC bureau that manages global trade issues for the U.S.—Mendes was responsible for all global technology platforms. He administered rapid bureau-wide transformation efforts over 18 months, finalizing the migration of all the systems to the cloud and subsequently, making ITA the first government agency/bureau to be 100 percent cloud-based. Prior to ITA, Mendes worked at the U.S. Broadcasting Board of Governors for almost 9 years, where he fulfilled several roles, including CIO, CTO, CEO, COO, and interim CFO during his tenure in the organization.  

Following is the conversation between Government CIO Outlook Magazine and  Mendes.

What are the existing pain points in the government sector? 

One of the biggest pain points that prevail in the market today is the availability of human resources with significant expertise in cybersecurity. It is extremely difficult for us to find and retain for such talent, in the midst of  enormous competition across the entire field of IT dependent organizations. We are in constant competition with private-sector corporations and other government institutions for the highest quality cyber  talent.   

“The landscape is changing so dramatically and at such a pace that the old systems will not remain viable for a long period of time”

What are the latest trends that are affecting the government space lately?

The migration to zero trust architecture and the adoption of its principles have been front and center for the last few years and gained additional momentum since the SolarWinds incident took place. The incident involved hackers compromising the infrastructure of SolarWinds, which offers a network and applications monitoring platform called Orion, and then using that access to distribute trojanized updates to the software’s users. Over 30,000 public and private organizations, including local, state, and federal agencies, utilize the Orion network management system for managing their IT resources. So, when SolarWinds inadvertently delivered the backdoor malware as an update to the Orion software, the data, networks, and systems of thousands were compromised. So now Implementation of zero trust solutions will keep organizations worldwide busy for a long time. We need to ensure that we have sufficient funds for this change. The budgetary cycles do not align themselves well with the changing needs, especially in the IT department of government agencies, where the budget plan is created for three to four years. It becomes challenging to align the budget with the changing requirements at a large scale, such as the current scenario of zero trust architecture migration.

Could you tell us about one of the projects that you have been working on?

We have adapted a non-standard financial and funding model. Though the technology modernization funds are available, there is enormous competition for those resources. Internally, at DOC, we have a non-expense recurring fund. It taps into unused funds from previous fiscal years. We have been using that to drive funding for the modernization activities that were not part of the budgets when they were created three years prior.  

How do you envision the future in the next couple of years, and what is the piece of advice that you would like to give your fellow colleagues or aspiring professionals in this field?

We will continue to focus on cybersecurity, cloud migration, legacy transformation, and employee training and retention in the coming years. The search and retention efforts for high expertise professionals will be one of our top priorities for a long period of time.

I would suggest my fellow colleagues and aspiring professionals become keely aware of the need to deal with constant and ever accelerating change. The world is changing dramatically with innovation and new technologies arriving  every day. The status quo is always going to be the biggest challenge because it will become irrelevant and old in an ever shorter time span.

We must continually be on the move, looking at system life cycles from the beginning of projects. We need to keep our resources ready and prepare IT systems and infrastructure for quick migration. The landscape is changing dramatically at such a pace that the old systems will not remain viable for a long period of time. So we have to be prepared for change as it is the only constant. 

Financial