After spending more than 15 years as a CTO in the private sector, Michael Hermus wasn't sure of his odds when he applied for the CTO role for the United States Department of Homeland Security. But it turned out a background in the private sector made Hermus a solid fit for the role.
With an eye toward emerging technologies and innovation, Hermus has spent the last year with the DHS identifying the obstacles impeding the organization’s agility and paving the way for the department’s efforts to transform into a technology-driven organization. In this interview, Hermus explains how a passion for the mission and a focus on business outcomes can help IT leaders overcome their barriers to digital transformation.
TEP: What motivated you to pursue a career in public service?
Hermus: The Department of Homeland Security has a unique combination of law enforcement, intelligence and military domains; it is charged with a breadth of fascinating missions, all of which are national security-related and incredibly important. And for me, I felt a personal connection to these missions. My grandfather was a Naval intelligence officer in World War II. I was living in Manhattan when 9/11 happened and the towers fell. And of course, like of many of us, I felt a strong desire to contribute in some way to our nation’s security.
So when I saw this job description, I thought it was extremely interesting. But it seemed like a long shot because I didn’t have the domain expertise or much experience with large-scale enterprises like DHS. But ultimately, I think that ended up working in my favor. Leadership was looking to bring in an outside perspective, including entrepreneurial experience, and that in itself is a sign of the changing times. The world is evolving rapidly, and the federal government needs to try to find a way to evolve with it.
In the end, when I was selected for the role, it was an honor and an opportunity I couldn’t turn down. I think I would have forever regretted making a different decision.
TEP: Was transforming the organization into a technology-driven company part of the job description?
Hermus: I was definitely not hired to do that. When I was brought on, the department wanted my assessment on how to move them forward from a technology perspective. My operating assumption had always been that I would come in and focus on emerging technology and innovation, and help craft a roadmap forward.
But what I recognized when I came in was that we had some structural issues that impeded the organization’s ability to adapt to, and adopt, change. We were not capable of evolving at anything that approximated a sufficiently rapid pace. It wasn’t simply a question of identifying and bringing in the next greatest technology. The system itself was not operating correctly, and we needed to address that first.
TEP: What are some of the organizational changes that this transformation entails? Is it more people, more process, or both?
Hermus: One of the challenges of transforming DHS is just how massive and complex the organization is. By any measure, it’s a Fortune 50 size organization. And it’s particularly complicated because it’s still somewhat decentralized. It is seven major operating agencies brought together to make one department, and each has its own unique culture. So when you say, “We need to transform this organization into something else,” the work involved is almost overwhelming. You cannot do it by just looking at the process, or by just looking at people, or by just looking at technology. We needed to start decomposing this big, bold vision of transformation into more concrete, actionable units if we were ever going to get off the ground.
So we took a look at how we deliver IT capabilities, which all go through an “IT acquisition” oversight process. Almost everything that we do is considered an acquisition, whether we build it or outsource it, and as such goes through a tremendous amount of oversight and governance. What we realized was this acquisition process was inherited from the DOD, and it was originally designed for heavy metal like battleships and weapons systems.
We were using those same kinds of processes to govern and oversee our software IT programs. And that meant long planning cycles, significant documentation efforts, and static, rigid requirements management. It involves long waterfall processes with big gate reviews, and massive testing efforts bolted on at the end of development. And in spite of this long heavyweight oversight process, there was a history of projects that hadn’t necessarily achieved success. In some cases, what was ultimately delivered didn’t conform to the needs of the mission, which may have evolved since the time of planning. This is the same kind of enterprise IT problem that you see in other large organizations as they struggle to move into a more agile world. But at DHS, it was effectively enforced by an oversight process that was not designed for the digital world.
We decided that if we could transform this process to become more streamlined and more flexible – if we could support, encourage, and enable modern software best practices, including agile and iterative development – then that would be a really good starting point for our overall transformation.
TEP: It seems like it would take a lot to turn a ship like that. Can you share where you are in the process?
Hermus: A big part of the effort was getting senior leadership and stakeholders on board. That includes our senior political leadership, and also our management leadership folks like the CFO, the chief procurement officer, and the acquisition oversight organization that is responsible for running the oversight process I just described. And to make it more complicated, there are stakeholders at the headquarters level, and then corresponding stakeholders at each operating component. So we had to go around and explain to everybody, across all those different lines of business, “Here is the problem as we see it. Here’s why it’s important. Here is what we see as the solution. And here’s how we want to go about doing it.”
Our goal and approach was to pick a handful of programs to pilot, and go in there and practice what we were preaching. In all, we probably spent six months just getting everybody to agree that this was important and we had to do it. Once we had the five pilot programs, we formed integrated teams across all those stakeholder groups and started working through the process.
Most importantly, we were communicating openly at every step along the way. “Where are we now? What can we improve? Let’s try this and see what happens. Now that we know this let's start making some changes. How does this impact stakeholders? What works and doesn’t work? Are we actually advancing the ball towards this goal of streamlining, accelerating, and increasing flexibility and driving real best practices?”
We have been focused on this for the last four months or so, and we’ve already made some progress. It’s hard, and it will take time for us to get to the point where we can synthesize the results from these pilot programs into new policy and new guidance across the entire department so that everybody can benefit from this transformation. But for now, we’ve made tangible improvements that will ultimately help get us towards those goals.
TEP: Are there any examples of the improvements you can share?
Hermus: Throughout this process, there are various artifacts, documents, and deliverables that need to be generated and approved for each of our pilot programs to move forward. There’s a lot of them, and they are big. In some cases, we are talking about 500-page planning documents. In several cases, we've been able to look at all the information in these documents, and limit them to what is relevant to an IT program. We found elements that may not have been necessary for the oversight process, or necessary for making key decisions. So, by setting the right level of details for these documents, we made an excellent start at streamlining. In doing this, we've also been able to eliminate redundancy.
In some examples, we've been able to take these documents from several hundred pages to tens of pages. And although that’s not a super important metric, I think it is a reasonable proxy for time, energy, money, complexity, and the actual usefulness of the document, quite frankly.
The other important principle is supporting well-established, modern best practices for software — things like user centricity, modern technology stacks, open source, flexible hosting environments —i.e., cloud. So our goal was not just to streamline the documents, but also take the inflexibility and rigidity out of the system. We believe that it is of critical important that the mission owners can prioritize features through an agile development process.
TEP: Coming from the private sector, where something like this may have been table stakes, how do you as CTO stay motivated to make sure that the things that you were doing in the private sector are getting implemented in the public sector?
Hermus: I realized this simply is the best way for me to add value to the organization. My primary mission is to enable the organization to start delivering capabilities in the most sensible way possible – that both increases speed to market, or in this case, speed to mission, and that reduces cost. In a way that reduces risk, increases value, and improves the outcomes to the mission.
So with that in mind, the whole reason I was drawn to this job was the hope that I could make an impact on an organization like this that truly matters and affects people’s lives, and quite frankly, protects all of us every day. If I can effect a change that can do those things — even if it isn’t the latest shiny object — it is tremendously fulfilling, and that is enough to motivate me.
But there are many other things that we’re doing, as we build out the organization, which are focused on more sexy elements typical of the CTO role – the emerging technology and innovation side of what we're doing. We are currently building the capability to fully engage and understand the emerging technology landscape. We're engaging with the Valley, the VC community, the incubator/accelerator community, and the startups themselves to gain better visibility into what’s happening, and then ultimately, creating a path towards operationalizing them right within our programs.
TEP: What advice do you have for other IT leaders who have to sell up a transformation throughout their organizations and the complexities that come along with that?
Hermus: We are focused on the value and the mission. I'd urge IT leaders to focus on the business outcomes that you’re striving to achieve. What will transformation buy you? What are the problems you’re solving? What’s the value created or the outcome generated if you successfully undertake this transformation? That’s how we are pitching it at DHS. When you phrase it regarding tangible business results, what senior leader in any organization is going to say, “No, I don’t want that?”
Subscribe to our weekly newsletter.
Keep up with the latest advice and insights from CIOs and IT leaders.