There have been several recent articles and reports that offer ways to save Information Technology (IT) dollars. The lists of potential cuts are worth reviewing, but I urge some caution as well.

According to Computerworld, Gartner is urging IT managers to reexamine many common practices with an eye towards stopping ineffective or wasteful approaches. One conference in Florida urged “creative destruction” by killing spending or making radical changes to business as usual. For example, here are a few of the 16 items suggested:

-       Stop recommending IT mega projects.

-       Make people accountable for IT spending. Have business units acknowledge, with a signature, the ongoing cost of an IT service they need.

-       Terminate applications that aren't delivering value. Gartner estimates that operating expenses can be reduced by 20% by 2014 by decommissioning applications.

-       Abandon level 1, 2 and 3 tech support, where the more complex the problem the higher the skill level sought to address it until it reaches the people who built it.

-       Cancel most IT chargeback systems, which take an extraordinary amount of effort and expense to charge back what is a small amount of revenue.

-       Stop seeking competitive bids. Most companies keep their existing vendor.

While I like many of these suggestions, public sector organizations are committed to open, competitive contracts – so the last item must go. In addition, I’m not in agreement with the canceling of IT chargeback systems. (How would this really work?)

Nevertheless, I like many of the 16 items, such as stopping the mega-projects. Lists like these provide excellent food for thought. When government budgets get cut, new opportunities and new ways of thinking can emerge. Creative thinking is a must. Old paradigms and “turf battles” must be eliminated.

In addition, take a look at this blog which offers ways to save or redirect government dollars. One of the items includes a US Department of Interior Transformation Plan that will reportedly save $500 million.

Another blog from TechAmerica offers ways to save through innovation – not cuts. They offer six IT policy recommendations, including these first three:

1. Implement policies and actions that will increase collaboration and communication between the private sector and state and local government in all areas of technology acquisition, deployment and service delivery.

2. Innovation in government programs, in parallel with efforts to move to more cost-effective support functions, must now be considered management and fiscal policy imperatives.

3. Appoint a strong, visionary IT officer with authority to align technology assets, operations and services across the enterprise.

Whatever your approach, the current economic environment requires IT leaders to offer a list of cuts, or things they will stop doing, along with ways to implement new projects with a return on investment.

We can all take a hard look at ways to save. What approaches have you seen work in government?

It was Thursday night, October 6, 2011, and we were listening to Michigan Governor Rick Snyder share his thoughts on the soon-to-be launched Michigan Cyber Initiative. About seventy-five Fortune 500 technology and defense executives, leaders from federal, state and local governments, university presidents, keynote speakers and other VIPs were gathered at the Eastern Michigan University in preparation for the Cyber Summit the next day. The picturesque room, overlooking a golf course with a lake, was decorated with Detroit Tiger banners, in preparation for game five between the Tigers and Yankees in a few hours.  

Governor Snyder quickly raised the bar: “If people walk away tomorrow saying that we had a nice conference with good speakers, we will have failed. We need everyone walking away saying that it is time to act now on cyber – whatever their role.”

Who Spoke?

While only time will tell if we achieved that ambitious goal, the Michigan Cyber Summit was unlike any previous technology event that I’ve ever experienced. Here are a few of the reasons why:

The agenda was packed with featured speakers including:

- Michigan Governor Rick Snyder

- Secretary Janet Napolitano, Department of Homeland Security 

- Howard Schmidt, White House Cybersecurity Coordinator and Special Assistant to the President

- Congressmen John Dingell, Mike Rogers and  Hansen Clarke

In addition to our public sector leaders, the lunch keynote presentation by Richard Stiennon offered an informative and thought-provoking global view on cyber.

The afternoon breakout panels in five tracks contained participants that are generally tough to get as keynote speakers for other events - with senior execs from Facebook, Microsoft, Google, Symantec, AT&T, Comcast, Unisys, IBM and many others.

 National Cybersecurity Awareness Month Kickoff:

 The event was designated as the national kickoff for Cybersecurity Awareness Month and was streamed live on Facebook. As I walked around yesterday, I kept running into people from all over the country that are well-known cyber experts – who weren’t even speaking. I suspect this was because our partners got onboard and helped recruit many of the best to be there. These partners included groups like the National Cyber Security Alliance, the Washtenaw County Cyber Citizenship Coalition, the Multi-State Information Sharing & Analysis Center (MS-ISAC) and DHS’s National Cyber Security Division (NCSD).    

The local media coverage as well as the national press coverage was excellent, with very positive feedback. Some of the coverage included:

WDIC Detroit - Michigan Announces Cyber Initiative

 SC Magazine – Cybersecurity Awareness Month Launched

Sacramento Bee: Facebook Live Covers National Cybersecurity Month Launch

Smart Grid: Secretary Napolitano’s Remarks at the Michigan Cyber Security Summit

 Looking Back and Forward

This was actually our 4^th Cyber Summit in Michigan, with the first cyber summit being held in 2008. However, there is no comparison between this event and the first three that we held. Not only was attendance three times higher this time (600 v 200), the participants, buy-in and level of discussion were at an entirely different level. (The summit was actually sold-out more than two weeks in advance.) We had a nice beginning in 2008, but this is a new day with a new sense of urgency.

The bottom line is that Governor Snyder clearly is passionate about this cybersecurity topic. He “gets it” when it comes to the importance of Internet safety and online protection in every aspect of our economy. He also sees this issue in economic terms - with plans for growing private sector technology and cybersecurity jobs in the state. More than that, he is leading the charge and driving the change in “dog years.” His leadership and the support of everyone around him is bringing new partners around the country, allowing this event to happen quickly (only 12 weeks of planning).

The next question becomes: so what? Or perhaps: now what? We have some momentum and high expectations. The time for specific action is now. Our state has new partners at another higher level of engagement on this issue. Many sidebar planning meetings occurred that will help propel new projects within the Michigan Cyber Initiative forward with support and aggressive timeline for deliverables. You can learn more about this and see our toolkit at www.Michigan.gov/cybersecurity.

Final Thought

 When I first became CISO in May 2002, we built the Secure Michigan Initiative in eight months - but gaining top-level executive buy-in was a battle. I was proud of our team's pioneering efforts given the resources we were provided. That plan delivered a bottom-up approach to transforming state IT security at the time, but the going got tougher as other priorities often trumped cybersecurity. Still, we did eventually implement almost two-thirds of that security plan on a smaller-than-expected budget. 

  Coming back as Michigan's new CSO - with physical and cybersecurity in one office, I see the Michigan Cyber Initiative differently. Our previous plans never received this much attention - which is a good and bad thing. Admittedly, the threat landscape has changed. Now, we not only have the Governor’s full support, but his leadership and experience on this cybersecurity issue. I think that we can accomplish much more with that clear priority and stronger executive support, but the stakes are higher as well. The plan is ambitious, but so are the challenges that face each state and our nation in cyberspace.

  I am an optimist and a believer in the Internet’s ability to transform government service delivery for the better, but the bad guys are also getting better online as well. From cloud computing to smartphones to the smartgrid, state and local government efforts on cybersecurity will enable or disable innovation.

The reality is that many criminals and other countries are ahead of us. We have work to do. We must partner in new ways. Time will tell if we succeed.

What are your thoughts on this cyber challenge in 2011?  

As reported by Government Technology Magazine last week, Michigan is merging physical and cyber security.  I will be moving to the newly created role of Michigan Chief Security Officer (CSO) in October. The reaction from my friends and colleagues from around the country has been all over the map – ranging from “Great move” to “Are you really ok with this?” Here’s a brief look at some of my thoughts about the change and the technology and security industries as we head towards 2012.

Some Background:

When I moved to Chief Technology Officer (CTO) and Director of Infrastructure almost three years ago, I didn’t think I would be returning to focus full-time on security. I was broadening my scope of duties and vastly expanding my horizons by running the day to day back-office functions like networks, datacenters, office automation, project management, client service center, field services and enterprise architecture. I took a crash course in developing budgets and rates for our services. No doubt, I was “drinking from a fire hose” the first year. I had to implement many of the security policies and procedures I had created as CISO – and that was not easy. A few of my early thoughts included, “What was I thinking when I signed that restriction?”

We’ve had our struggles – such as increasing our percentage of virtual servers and improving communication with our front-office technology partners who lead our customer service efforts with agencies. We still need to expand communication further across the Michigan. Our new CIO David Behen is serious about customer service improvements with agency directors – so this is happening.

 As expected when I took the job, we’ve had some tough outages as well as unwanted news headlines.  We survived a large incentivized retirement. Those hard days come with the technology management territory.

At the same time, I was blessed with an excellent staff. Our directors were motivated and focused. My number one strategy: more teamwork and cross-group collaboration. Thanks to their daily efforts to build relationships, I believe that we function much more as a single infrastructure entity now and not seven unique divisions.   I truly enjoyed our pioneering efforts in cloud computing in government. I’m proud of the continual drop in rates and improvements in technology and communications service that we’ve seen despite fewer staff. We continue to be recognized as a government leader. Serving as Michigan CTO has been hard but rewarding work.  

Back to the Future:

Now on to a new role. Why? I must admit that this next career step seems a bit like the movie, Back to the Future 2 for me. That is, I’m in the process of doing many of the same things that I did in 2002 when I became Michigan first CISO and started building our Office of Enterprise Security.

I thought that if I ever went back to security, it would be in Washington DC or in the private sector. Indeed, I had offers and looked hard at those tempting options. My thanks go out to colleagues who helped in that job search. Over time it became clear that Governor Snyder was (and is) very serious about growing Michigan into a global leader in cyber security within government and the private sector. The opportunity here was very compelling and reignited my passion with an expanded CSO role.

Building on our successful past and our Governor’s technology experience as CEO of Gateway, we are developing an aggressive strategic plan to make a global difference in cyberspace. One near-term example is the Michigan Cyber Summit on October 7. We will be the national kickoff for Cybersecurity Awareness Month. Our summit agenda is exciting and impressive.

I know that many readers are in government service because they feel a calling to help in ways that go beyond a paycheck. Others want minimal travel so that they can focus on family priorities. Some love their job and look forward to coming into work and using their God-given abilities to change their community, state and/or global industry for the better. These are some of the reasons I accepted this new CSO challenge. I also think it is time for me to focus on where I can the most beneficial impact.

Changing World – Cyber and Physical Security:

Much has changed – including the security threat. While computer security was growing more complex and important, cyber crime has now become the new growth industry.  Security is a part of everything that government does, and our virtual world and physical worlds are merging. This is not just seen in delivering government services, but in homes across the globe with users of Facebook, Amazon.com, virtual world training and more. We need to be enablers of the bright side of the Internet.

While many experts are proclaiming that we’re in a global cyber war, I prefer to think about our current Internet challenges as more like invasive species that threaten our online ecosystem. (I must give credit to our Michigan Governor Rick Snyder who was the first one that I heard use this analogy.)  We are threatened by foreign and domestic adversaries who are attempting to exploit both the physical and virtual aspects of our society.  Sure, a cyber war is possible and perhaps even probable at some point in the future, but I wouldn’t use that term to describe our situation yet.

 Our critical infrastructures, such as the electrical grid, are at risk. We need to partner in new ways across public/private organizations and local/state/federal/international governments. (Yes, we work with Canada in Michigan, and I am sure that southern states interact with Mexico.)

Sorry for rambling a bit in this longer blog, but this is a new direction for me. I wanted to share some of my thoughts on this change. I am excited about the new opportunities that are available in Michigan government.   My friend Will Pelgrin,  CEO at the Center for Internet Security, was right when he told me that I would be back to security before too long. It seems all roads lead to security for me – whether physical or cyber.

As far as this blog goes and my writing for Government Technology Magazine and PCIO Magazine – I’ll still be here, under a new name, probably “Lohrmann on Cyber Security.” The switch will occur over the next month or two. In the meantime, I will continue to write about government technology infrastructure and cyber.   Feel free to send me a note or write a comment on topics you’d like me to blog about. I’m always interested in your thoughts.

I had just come out of an e-Michigan meeting in the Romney Building in downtown Lansing. It was a few minutes after 9 AM on 9/11/01. Someone yelled, “A small plane just hit the World Trade Center in New York!”

Several of us rushed over to watch the events unfolding on a small TV. We were shocked when a second plane hit the other tower, and we stared in disbelief when both towers collapsed.  After that, I remember the rumors flying for hours. Scary (false) reports like: “The While House is on fire.”  

But there were also reports that turned out to be true, like: “The Pentagon was hit.”

And, “A plane full of passengers went down somewhere in Pennsylvania.”

Government meetings were canceled, and buildings locked down. Thoughts turned to family. Was everyone ok? The phone lines were jammed, but everyone kept trying to make calls from their work cubes anyway. Relief was evident on the faces of colleagues when they finally reported back, “Everyone is fine.”

I prayed my wife, who was taking our kids and four British visitors on a shopping trip to Frankenmuth, was safe. She didn’t have a cell phone, so I couldn’t contact her. I found out later that all was well, but extended family members around the country were stranded in various cities. Other friends rented cars and drove across America to get home as soon as possible.

Walking outside on my way home that afternoon, everyone (including me) was instinctively looking up – hoping that no planes were heading our way. (All planes were formally grounded by the FAA.) I remember not feeling safe. I had a renewed sense that I was now vulnerable, peering around defensively on empty streets.

Fear seemed to strike our souls during the next few weeks. Confusion reigned in every area of life. This didn’t fit any of our plans – personal or professional. Beyond inconvenient, the horrid pictures of people jumping off buildings seemed unimaginable. The faces on TV of those who lost loved ones and told their stories brought out new emotions that had previously been dormant.     

Our UK friends would end up staying at our house an extra eight days when their flights were canceled. They watched President Bush’s historic speech with us a few days later. Their Prime Minister, Tony Blair, sat in the crowd during the speech that was watched around the world. And yet, the events didn’t transform our foreign friends in the same way that we were impacted. Our country became more introspective, self-absorbed, yet determined for justice. Our new battle-cry became: the terrorists will not win.

 The 9/11/01 Attack Defined The Decade

 Over the past decade since 9/11, much has changed and much has stayed the same. Airport waits instantly became long, and security checks continue to evolve today – with debates over body scanners. The safety concerns that changed our lifestyles in 2001 are again modifying behaviors in Washington DC and New York on the 10^th anniversary weekend. Billions of dollars continue to be spent to stop terrorism, including the fight against cyber crime which is heating-up.  

The events of that day also put security “on the map” for Michigan State Government in new ways. As the US Department of Homeland Security was born, corresponding relationships were established with state governments to protect critical infrastructure – including the Internet. Buildings were protected then as new guards were put in place, and those guards are still in place.

On a personal level – these tragic events directly affected my career direction.  My role changed from building e-Government to protecting e-Government after 9/11. The following spring, I became Michigan’s first Chief Information Security Officer (CISO).

We received a large part of our grant funding for cybersecurity protections from this new security focus in DC. We built a team to defend our government Internet activity and safeguard sensitive data. We asked "what if?" We dusted-off Y2K plans and prepared anew. (These planning activities did pay off during the blackout of 2003 and during other unexpected emergencies.)

 At the same time, I watched as my niece, a freshman at the University of Michigan, joined the Army Reserves and fought overseas as a result of these 9/11 events. “I want to die as a United States veteran,” she determined. A sense of patriotism swept America, and several members of my extended family have now joined the armed forces in the past decade. (None joined the two decades before).

The Next Decade?

 Where to from here? The Denver Post published an article which describes "Silent reflection and unshaken resolve." Here's an excerpt:

  "The legacy of Sept. 11, 2001, takes on different forms in different places. Here, on the streets around the World Trade Center, it may be in the New York forcefulness of a plumber who voices his own sense of loss intermingled with the pride of knowing that he is helping to rebuild. In Washington, D.C., it can be reflected in the face of a college student, standing in the Lincoln Memorial considering what freedom means — and what it costs. In Denver, it can be found in a sculpture fabrication studio, where a gnarled piece of steel from the twin towers will be transformed into a display that will touch people."

 For state and local governments, threats from terrorists and organzied criminals have evolved but remain very real in 2011. The Internet has become a battleground that affects every aspect of 21st century government. More government services and citizen interactions are being done online and not in person. This means that protections, from home users to large enterprises to critical infrastructures like the electricity grid, must address new potential vectors of attack. Vigilance is still required going forward.     

Weekend Remembrance Events

Many remembrance events are planned for this weekend. Just as communities came together immediately after 9/11, our nation is pausing to reflect now. Church services brought former opponents together to address serious issues affecting local communities, and it can happen again. Everyone stopped and refocused their lives and plans, and I hope it happens again.

There are many interesting articles which address wider perspectives on 9/11. I don’t agree with everything being said, but a few pieces worth reading include:

Sept. 11’s self-inflicted wounds by George Will

Success and Excess Mark Decade Since 9/11 by USA Today

Here’s a quote I like from the USA Today article, “This 10th anniversary gives the nation an opportunity not just to remember the victims, as it should, but also to reassess the threat.”

Wherever we go from here, one thing is clear – 9/11 changed the past decade for individuals, families, organizations and governments. National and state policy has been overhauled.  It is good to pause, remember, reflect and reassess.   

Where did you first learn what it means to out-hustle the competition? How did you develop that strong will to win? When was the first time you worked hard with teammates to accomplish a goal? For many readers, the answer is likely to be playing sports.

Or, if you were not an athlete, what brought your diverse high school or college student body and faculty together when so many forces pulled them apart? What often unites liberals and conservatives today in your city? That’s right, the answer is cheering for your favorite local baseball, football, basketball, hockey, soccer, or other sports team.

What got me thinking about this? It’s that time of year again.  Signs are popping up all over mid-Michigan proclaiming, “GO GREEN! GO WHITE!”

With Labor Day weekend comes:  Back to school for the kids, cooler temperatures, trees just starting to change colors, and another kickoff for college and pro football teams. But whether you’re a gridiron fan or not, technology managers and other technology professionals can learn plenty from what happens down on the field all across America.

Yes, geeks (or nerds or information technology professionals or whatever other label you want to use to describe your high-tech office career) have been challenged for years by inspiring words that come from what the British call “the pitch.”  Do these phrases sound familiar?

• “When the going gets tough, the tough get going. “
• “You can’t keep doing the same thing and expect a different result.”  
• “You’re never as good as you look when you’re winning or as bad as you look when you’re losing. “
• “We have to be able to handle prosperity or adversity.”

When was the first time you heard these popular slogans? For me, it was in high school and college football locker rooms.  No, I was never very good in college as a quarterback at Valparaiso University. Nevertheless, my first attentive audience came from a packed room of guys listening to me describe opposing offensive and defensive formations. As a scout-team lead, I built strategies to model and simulate opposing teams to help our starters become better prepared for various Saturday afternoon situations. That early experience was invaluable to my current role which is full of regular adjustments to government technology strategy.

Here are a few more “lessons learned” from sports:

• “Hustle and heart, set us apart.”
• “Never give up. The game isn’t over until the fat lady sings.”
• “We’re better than this people! We’re better than this!”
• “A team above all. Above all a team.” 

These exhortations came from our little league or high school coaches. True, sometimes the tone of our half-time lectures wasn’t uplifting and would probably offend many in office settings. And yet, I learned what it meant to really work through difficult circumstances. As my current colleagues know well, I still use many sports analogies at the office on a regular basis.

As a passionate fan, I remember the winning streaks and losing streaks. From the 1970 Baltimore Orioles to the 2010 Michigan State Spartans, sports demonstrated the thrill of victory and the agony of defeat. I still watch and read transcripts from the pre and post game press conferences that talk about how pride comes before a fall, or how it hurts to lose a close game or get blown out.

There are also incredible sports stories that motivate me when I’m down. I ponder the words that great players like (NFL quarterback) Kurt Warner said at their retirement press conference. What did he remember most about his career? How did he achieve the results he did after stacking cans at the grocery store and being an NFL nobody? What was his mindset during the long hours of practice that paid off? Why is character so important in everyday relationships?

Or perhaps you’re burned out. You’ve made some major mistakes in your life, possibly including drug or alcohol addiction. You feel as if you’re at a career dead-end. You can’t find the right job. The story of Major League Baseball’s 2010 American League Most Valuable Player (MVP) Josh Hamilton is worth reading. I’m energized and motivated every time I hear it. We can all learn from these experiences.

Oftentimes, my “self-talk” from my sports days quietly preaches to me at work: “Don’t get too high.” –or- “You’re better than this, get back up!”

If you're at all like me, the concepts learned from sports instinctively pop in your head at key points in an important conversation. Whether a bad day at the office, or conversely after a successful presentation (big win) or even a promotion, we think about various sports experiences - the good, the bad and the ugly when both playing and watching favorite teams.

There are websites full of these sports quotes. But my experiences with sports are not unique. How many meetings have you attended that started with informal comments such as: “Did you see that game last night?” Without a doubt, offices are full of “Monday morning quarterbacks” who second-guess decisions made the day before on TV. 

 Or perhaps you’ve heard, “I need to leave a bit early today, my son has his first freshman high school game at 4 PM.” Situation like this offer a great opportunity to get to know colleagues and their families in new ways.

So embrace sports in your office. Wear the local team colors at the cookout before the “big game.” Find out what the pros and cons are to an “all-out blitz.” It may matter in relationships more than you realize.

Vince Lombardi once said: ”Football is like life, it requires perseverance, self-denial, hard work, sacrifice, dedication and respect for authority.”

Ruining a great quote, I’d add strategy, passion, give and take, teamwork, leadership, the element of surprise and a whole lot more. Yep, many of the same qualities that are required to succeed at work. And besides all these practical benefits, playing and watching sports is fun.  

I’m convinced. Computer geeks need sports. At least, this one does.