Since 2014, the beginning of CIO Joseph Klimavicz’s tenure, the Department of Justice (DoJ) has achieved $600 million in IT cost avoidance, reduced cyber risk by 70 percent, and streamlined its 23 email systems into one cloud-based solution.
Set to retire from the public sector on Feb. 29, Klimavicz told MeriTalk that he’s not ready to slow down. After nearly four decades in government, and six years as DoJ’s CIO, he said that he will work in the private sector as he “can continue adding value.”
In his last weeks on what he calls “the greatest job I’ve ever had,” Klimavicz shared his IT modernization tips, DoJ’s approach to data management, and a new way to tackle cybersecurity in the 21st century.
MeriTalk: Reflecting on your decades of experience in Federal IT, what have you learned about pushing for IT modernization products in the Federal space?
Klimavicz: The first thing to be focused on is having a clear, compelling vision. There’s so many opportunities out there in Federal IT that I like to focus on those opportunities that have a clear ROI [return on investment]. You can’t over communicate things enough. The first time they’re hearing about it they may think “is it really going to happen” or it’s not going to impact them, but when you hear about it 10 different ways, you start taking it seriously and you can prepare. You need to start with quick wins.
There’s a lot of different ways to go about pushing modernization in the Federal space. If you really want to change things, there’s always going to be people who will tell you that they’re not changing no matter what. Leave the more difficult people and organizations to the end and let everybody else that is using the newer, modernized technology push people that don’t want to change. Peer pressure is a wonderful thing. When everybody else is using it, even the most reluctant person says, “we’re going to change and get on board.”
MeriTalk: There are always new CIO/CTO/CDO/CISOs coming into Federal service from the private sector. Do you have any other early advice for new people on important things to do or know about the Federal culture and mission?
Klimavicz: The mission is what really drives the Federal culture and people in the Federal service. I have met some incredibly dedicated people who during government shutdown we couldn’t keep them away from working. The Federal employees come to work for the nation, and I can’t say enough good things about the Federal employees.
One of the other things that you really need to do is focus on understanding Federal processes. Within DoJ, we get money from many different sources, and you really need to understand the totality of how programs get funded, and what options are out there and how to play the process and where they are because if you miss certain key points, you’ve missed a whole year in the cycle. The other piece is actually the acquisition process. The vast majority of modernization within the Federal government is done through acquisition.
MeriTalk: You said in your retirement announcement that your mantra is “we need to keep pace with American innovation.” Can you talk a little bit more about how DoJ has embraced that mantra during your tenure as CIO?
Klimavicz: By having legacy technologies around, you’re really not supporting the mission the way it should be focused and supported. I spent a lot of time meeting with corporate leaders, visiting their site, seeing what’s just around the corner so we can start thinking about possibilities and even if there are going to be issues with this technology and this maturity curve.
We made remarkable progress in this area. Our IT budget is about 10 percent of the overall department spend, $3 billion annually, and we initiated and completed a lot of large scale and complex IT transformations, really focused on improving services, reducing costs, and enhancing cybersecurity. All of our major investments have held steady. We are within 10 percent of cost, schedule, and performance objectives. When I got here, we had no cloud services at all. Today, we have over 30 different cloud service providers supporting us and have closed nearly 100 Federal data centers.
MeriTalk: How has last year’s push for chief data officers at every agency and the addition of CDO to your title in May shaped the Department of Justice’s IT efforts?
Klimavicz: I take a holistic and efficient approach to managing databases and data and implementing new requirements. We did publish our data strategy before the Federal Data Strategy came out. Luckily, for me, ours pretty much aligned in terms of the theme. With the new authority, basically you’re overseeing this data management from a lifecycle perspective. Our data strategy within the department is the roadmap for returning our capabilities and building standard enterprise approaches for advanced information sharing and expanding data skills for workforce.
We talked a lot about identity management within our data strategies and most of that work falls within our cybersecurity program. We’ve got implementation plans for our data strategy and it allows us to leverage new tools and resources like AI and advanced analytics to maximize the value of the data for the mission.
MeriTalk: Because of the Department of Justice’s crime fighting and crime prevention mission, and the Office of the CIO offering cybersecurity services to Federal agencies, has working at DoJ compared to other agencies impacted your perceptions about cybersecurity?
Klimavicz: I’m very proud of the fact that we were able, and hopefully it will keep growing, to provide services to other Federal agencies. Cybersecurity is a critical element of nearly everything we do in the Federal government. We’ve put a lot of resources into cybersecurity, our programs and making them available to other agencies.
The DoJ workforce is here for the mission, they do not have the patience for technology that lags behind their passion. Instead of continuous layers of various cybersecurity products on our perimeter, we need to rethink our architecture to support an increasingly mobile customer base. Specifically, we need to emphasize security at the development layers, on the data, and at system integration; and spend less time on transient security solutions that might not best fit the needs of our end users.
MeriTalk: Are there any ongoing Department of Justice-specific IT projects that you hope to see completed in the next few months after you leave, or throughout fiscal year 2020?
Klimavicz: I can wrap up most of this under zero trust, but when we look at where AI and machine learning are, that’s huge in cybersecurity. I’d like to continue seeing more of that brought to the forefront. Expect that they will continue pushing forward on all these cyber activities. I slipped them my long laundry list of my ideas on cybersecurity because they have a CISO and deputy CISO that are fairly new hires, so they’re not going anywhere any time soon.
MeriTalk: In your opinion what’s next for Federal IT at large? Do you have any trends or predictions you want to share?
Klimavicz: We’re going to continue seeing technology expand at an increasing rate. In my own career, I started out with punch cards and look at where we are now. Today we’re seeing technology revolutionize our everyday lives and transform how we interact with the world. But today the commercial sector drives the technology revolution. Digital technology is ubiquitous. Millions of mobile users are in the world today. This digital collaboration is robust and in everything we do.