The United States Agency for International Development (USAID) was the only Federal agency to receive an overall “A” grade on the latest FITARA Scorecard, so MeriTalk took the opportunity to chat with Chief Information Officer (CIO) Jason Gray about the agency’s recent scorecard success.
In an exclusive interview with MeriTalk, Gray discusses the secret sauce to an “A” rating, which includes support from agency leadership, USAID employees, and Congress.
For those who may not be familiar, the FITARA Scorecard grades the 24 largest Federal agencies on a variety of IT-related categories. Those grades are compiled with input from the Government Accountability Office (GAO) and have been published semi-annually – usually by the House Oversight and Accountability Committee – since 2015.
The scorecard has helped to save the government billions of dollars by driving efficiencies in how agencies deploy and use technology.
In the interview, Gray talks about how he would like to see the FITARA Scorecard evolve, USAID’s partnership with the Department of State, “cool tech” projects, the journey that led him to a career in technology, and key best practices learned along the way.
MeriTalk: USAID was the only agency to receive an overall “A” grade on the latest FITARA Scorecard. To what do you attribute your success?
Gray: We attribute success to several factors.
First, USAID leadership support. I report directly to the administrator and maintain a direct, open line of communication with senior leadership, to help shape the agency’s strategy and vision on leveraging emerging, transformative technologies. This is a two-way collaborative relationship that provides the opportunity to brief, be a direct feed, and provide the detailed information needed to make informed decisions, and help shape the agency’s IT strategy and vision.
Secondly, the full embrace and support from the agency have been critical to the success of the FITARA Scorecard implementation. Working with senior leadership across the bureaus, missions, and independent offices to embrace and embed policy processes, as well as work through change management and organizational culture needs has made FITARA easier to implement. The agency has fully embraced FITARA’s key tenets.
Third, we appreciate the support we have received from Congress. We lead with and leverage FITARA across all aspects of IT governance to ensure business continuity and resiliency of our network and infrastructure. USAID appreciates Congress’s support for the CIO Council and the Federal community at large, and the efforts made to establish the necessity and importance of our duties as we drive and execute the Federal government technology roadmap.
MeriTalk: USAID, like the State Department, has a large global presence and relies on infrastructure all over the world. How does that present unique challenges, and useful solutions that others can take lessons from?
Gray: We have a strong, collaborative working relationship with Dr. Kelly Fletcher, CIO at the Department of State (DoS). We maintain a deep connection with our colleagues at DoS to ensure the safety of our people and the effectiveness of our operations around the world. Like our counterparts at DoS, our large global presence presents unique challenges. Our mission environments experience unique technology challenges due to a variety of factors, which include unstable local infrastructure, civil unrest, war zones, and natural disasters.
Based on lessons learned, I have a few best practices to share.
Acknowledge risk. Each agency will need to assess risk and develop a risk-informed plan of action unique to their particular agency.
Demonstrate value. It is important to identify and articulate value-based outcomes, i.e. the value that technology and technology investments bring to the organization. I think it is essential to create a “beneficial loop” – if you engage stakeholders and clearly demonstrate the value to the mission, they will engage the CIO shop in return.
At USAID, we leverage local Foreign Service Nationals (FSNs) – our system managers on the ground at each mission. These system managers leverage their unique technical skills and local knowledge, to ensure targeted, outcomes-focused IT efficiencies – which affect positive mission outcomes.
FITARA implementation is unique for each agency. Having worked on FITARA at three different agencies, it has been my experience that the unique mission of each of these institutions is what makes it different. Each agency experiences varying challenges and crafts strategic approaches and distinct solutions applicable to its unique environment. Consequently, each agency will have its own lessons learned.
I have served in various capacities along my career track, but I have really enjoyed and continue to treasure the collaborative nature of the CIO Council. Agency CIOs are doing great work, and this community provides an opportunity to share, collaborate, and communicate valuable insights from their unique agency perspectives and experiences. I encourage others to seek out and leverage opportunities to collaborate with similar governing bodies and learn from shared, evidence-based insights.
As mentioned earlier, like our DoS colleagues, USAID faces exceptional challenges with global overseas requirements. The need for collaboration with trusted partners is a must. Working with Dr. Fletcher and her team at DoS takes collaboration to the next level. To ensure success, both teams have learned to adapt, be flexible, and execute tactically to enable us to meet our specific goals and objectives.
In sum, FITARA principles have truly empowered USAID to establish enhanced IT governance protocols, transparency, oversight, and authorization of IT initiatives agency-wide. Clear congressional directives have helped guide and balance competing priorities, and helped steer us through potential barriers to deliver on the agency’s mission-focused outcomes.
MeriTalk: How is USAID leveraging FITARA to ensure its IT projects have a good cybersecurity plan in place?
Gray: USAID improved its cybersecurity processes, as evidenced by the agency’s “Effective” rating from the FISMA audit, achieving increased audit scores year over year.
For me, it all starts with pragmatic governance, which is one of the five objectives of USAID’s IT Strategic Plan. FITARA, coupled with FISMA, provides overarching governance principles, guidance, and oversight authority to enforce best practices, from which USAID manages cybersecurity risk to ensure high levels of worldwide operational readiness.
Leveraging FITARA and FISMA as roadmaps ensures we protect our data and systems from malicious intrusion [and] maintain business continuity and network resiliency – ultimately maintaining the highest level of security standards to protect the agency’s information and assets.
MeriTalk: The FITARA Scorecard recently added a new cloud computing category. How else would you like to see the FITARA Scorecard evolve in the future in this category?
Gray: I appreciate the great work that Carol Harris, director of information technology and cybersecurity at GAO, has done with House Oversight. She is a real advocate for FITARA and has done a phenomenal job in this space. I appreciate the continued evolution of the FITARA Scorecard and the impact she has had working with house oversight to drive this evolution.
We believe the cloud is driving value to agencies. I look forward to hearing more about the outcomes and impacts being driven by the cloud. For example, how does the cloud reduce an agency’s cybersecurity footprint, i.e. surface attack areas? Is the cloud improving an agency’s security? If so, by how much? How is this saving the agency money, in terms of both cost savings and cost avoidance? How is it capturing reduction in burdensome administrative overhead?
I have been watching this area for years and my desire for future evolution would be to identify, capture, and demonstrate the gains and specific progress made in the cloud. Multiple burden centers across multiple agencies, demonstrating ongoing cost savings. That would be my wish for the future.
USAID believes there may be other metrics that can help to assess good IT management but that new reporting mechanisms, beyond audits, may be required.
MeriTalk: I’m sure USAID is working on several technology projects, but what’s one currently in the works that falls into the “cool tech” category?
Gray: Interoperability with the Department of State (DoS).
USAID has a phenomenal relationship with Kelly Fletcher, CIO at DoS, and her team. She has been a terrific partner.
Based on our global missions, the work delivered by USAID and DoS workforce often intersects and it is common for staff from both agencies to collaborate on various initiatives. Last year, USAID and DoS released a Joint Strategic Plan to prioritize keeping our workforce equipped with the tools needed for success and improved interoperability between our two IT systems to reduce administrative burdens for staff.
One area of focus has been the use of federated identity management, which would allow both agencies to access each other’s services using their own agency credentials. Last October, both agencies entered into an agreement with a signed Memorandum of Understanding (MOU) that allows USAID to opt in on DoS Enterprise Wi-Fi. We recently signed a Reciprocity of Cybersecurity Awareness Training MOU that will allow employees to access systems at either agency as long as the appropriate training has been completed at either agency, instead of requiring it to be done twice. Key benefits include: agency collaboration enhancement, improved security, and cost savings in time and money.
Another truly transformative project is the launch of USAID’s agency-wide partner relationship management system, Compass.
Compass is USAID’s new agency-wide IT system to manage its local, regional, and global relationships with businesses, foundations, philanthropies, and other strategic resource partners worldwide. Compass provides a comprehensive 360-degree view of our strategic partner relationships, and has powerful contacts and records management capabilities, as well as strong data analytic and reporting functions. It integrates seamlessly with other USAID applications, providing a more efficient way to effectively draw on the capabilities and resources of our private sector colleagues, as well as enabling USAID staff to effectively tap into the institutional memory and collective wisdom of the agency.
This project is the result of a multi-year close collaboration with the Bureau for Management, Office of Chief Information Officer (M/CIO); Sheryl Stumbras, senior deputy assistant administrator, Bureau for Inclusive Growth, Partnerships, and Innovation; Michael Metzler, executive director of the Private Sector Engagement Hub; and many others. A big thank you also goes to our M/CIO technical teams and all the missions who participated in the pilots. I am truly proud of the collaborative efforts that went into this – a testament to the value of relationships and how they ultimately drive our mission-based, successful outcomes.
MeriTalk: Tell us a little bit about your career path – has technology always been a natural fit for you, or was that something you picked up along the way?
Gray: As for my career path and technology, I would say that it was rather serendipitous. While attending the University of Hawaii (as I grew up on the Big Island), I took a summer off and headed overseas to earn some money teaching English.
On my way back, I had my tickets and money stolen by a pickpocket and was stuck. This was a time when you couldn’t just print off your tickets, so I needed to buy new tickets. Without money or a credit card, it was quite an intense moment. In the end, a friend of mine contacted his uncle who offered to pay for my ticket, but not back to Hawaii. He instead offered to pay my way to California so that I could work off the money I’d owe, and then save enough to pay my way back to Hawaii. Given the circumstances, I accepted and flew to California. Little did I know that my new job would be in the technology field, and I would be assembling computer memory, Random Access Memory (RAM) modules.
I loved the simplicity, and the logic used to solve the challenges, as in the end, there was always a reason something did or did not work. That experience changed my entire trajectory, as I became more fascinated with technology, and while it surely became more and more complex, in the end at its core it was about zeroes and ones, and I liked that for every challenge there was an explainable reason behind it.
I will say that my path after that has been very deliberate, and I’ve focused on continuous improvement, positioning myself to expand on my experiences and exposure to the multitude of facets of technology. I’m a lifelong learner and love that technology is a field where there is never a shortage of something to learn or learn from.
MeriTalk: What is one key takeaway you’ve learned thus far during your time as USAID’s CIO?
Gray: One key takeaway I have learned from my experiences across all agencies, and that has been reinforced during my time here as USAID’s CIO, is the value of relationships to achieve successful outcomes.
Relationships are complex but critical and necessary. Establishing a solid foundation upon which to build strong, value-based relationships fosters trust, mutual support, and effective collaboration. Collaborative teams determine and communicate business value. They identify shared goals, roles, responsibilities, and action plans. I believe that trusted relationships enable transparency and accountability, ultimately enhancing productivity and success in achieving USAID’s mission-based outcomes.
