HackerOne, Synack win DOD contracts to expand bug bounty program
October 20, 2016
The Department of Defense has awarded two contracts to expand its bug bounty program across a variety of its digital assets.
Jake Williams is a Staff Reporter for FedScoop and StateScoop. At StateScoop, he covers the information technology issues and events at state and l...
The role of the chief information officer in government is changing rapidly, and nobody seems to know with any certainty what the role of the CIO will or should be in the future.
But Deloitte Consulting LLP thinks it knows. In a new report, "Tech Trends 2014: Inspiring Disruption," the company said CIOs should think more like the risk-takers and captains of industry known as venture capitalists.
“Like a venture capitalist, today’s CIO should deliberately manage their portfolio of assets – understanding the position, inventory as well as financial commitments, relative value and risk profiles while creating the tools, organization and processes required for readily acquiring and divesting capabilities,” Tom Galizia, a principal at Deloitte, said in a video introduction to the report.
Van Hitch, the former CIO of the Justice Department and a senior adviser at Deloitte, said people don’t normally think of the federal government as a place where venture capitalism happens, but there are similarities between venture capitalists and federal CIOs.
“A venture capitalist is really going after innovation,” Hitch said. “They’re looking for the next new thing – something that’s going to be a major, quantum improvement in capability.”
Federal CIOs also deal with portfolios. In the case of a federal CIO, the portfolio is a group of information technology investments for the public sector, while a venture capitalist could have a wide variety of investments. In addition, Hitch said, a portfolio includes the acquisition and management of talent.
“I think in order to make good things happen, you’ve got to have the right kind of skill mix, you have to have the right kind of talent, and if you don’t already have it, you’ve got to either grow it or you’ve got to train it, or you’ve got to hire it, but you’ve got to get it in some way or another,” he said.
But that means CIOs need to create an environment that will attract and retain talent. "You’re not going to have everybody who’s an IT specialist want to work in the federal government. It’s just not in their DNA, but I think you are going to find a certain number of people...who see it as a really good thing to be in public service, at least for a while,” Hitch said.
Like a venture capitalist, federal CIOs also have to deal with the management of the risks they face from their stakeholders – in this case, taxpayers and Congress, as well as their respective agencies.
“I think that federal CIOs have to be very cautious and judicious in what risks they take and how they take those risks, but they definitely have to take risks in order to deliver the latest in technology and the best benefits to their organization,” Hitch said. “I think you often think of the federal government as a place where risk-taking is not rewarded, and that is certainly one of the elements that a federal CIO would have to overcome.”
The Federal Information Technology Acquisition Reform Act, which will move to the Senate floor after passing through the Senate Homeland Security and Governmental Affairs committee, would reform the role of the federal CIO, providing the position with more authority to make IT budget decisions.
“I think what Congress is looking for, and I think what everybody should be looking for, is to hold people accountable, especially executives, for performance, and it’s very difficult to hold a CIO in the federal government accountable if they don’t really have responsibility for the budget,” Hitch said. “Oftentimes, what you have is the CIO only has a responsibility for a small part of [the budget] and maybe even lacks visibility into the entire IT budget. It’s difficult to manage a portfolio of projects across the entire agency enterprise if you don’t control, or at least have a major impact, on the budget and are controlling that budget and the spend on a particular project.”
Although the relationship between the roles of a federal CIO and a venture capitalist is not an exact match, Hitch said the federal CIO can learn how to adapt the work venture capitalists do and use it to improve their chances of success.
“I’m not saying it’s easy for a federal CIO to implement all the elements of a venture capitalist, but I think they should be looking at ways to do so, because that’s the way they’re going to stretch their organization, that’s the way they’re going to bring value to their organization, that’s the way they’re going to be a real change agent in their organization,” Hitch said. “I think FITARA, if that comes to be, would help provide them with some of the incentives to do that.”