Editor's Note: This is the first in a two-part series covering columnist Dan Lohrmann's experiences as the "Undercover CTO." Part two will appear in the October issue of Public CIO.


In a recent meeting with front-line technology supervisors, I was wrapping up a Q&A session when one person raised his hand: "Everyone in my section is talking about that new TV show called Undercover Boss. We were just thinking: Why don't you do that? I mean, why not walk a mile in our shoes?"

Oops. Why did I take that last question? My mind started racing. How to answer?

OK, I believe in management by walking around, but I'm trying to be more strategic ... not good.

Try this: There are more than 800 staff and contractors in the technology infrastructure, so I don't have enough time to visit everyone. It wouldn't be fair ... strike two.

How about: That's not my job ... never mind. I'm out of strikes.

After a smiling pause, I responded: "Well ... um ... everybody knows me; it wouldn't work. I mean ... but ... you see ... I'm busy. And ... darn it, why not?"

Did I just say that?

Word travels fast. About an hour later I was on the phone trying to explain this to Vera, my executive assistant. "It's true. I'm spending a day on the front lines with each of our eight infrastructure groups this summer. I've already committed to the first stop -- field services in two weeks."

There was a painful silence before Vera responded sternly, "We never discussed this. Scheduling will be difficult." She was right.

Nevertheless, I decided to jump in with gusto. I announced the ground rules to my directors: "Your team decides where I go and how long I stay with each group. Your staff will tell me what I do and even what to wear. I will be with front-line staff solving real problems in the same way that they do. Beyond introductions, no other management will be present."

Two weeks later, as I walked into Dave's cube on my first assignment, I noticed his chair was old and looked uncomfortable. He insisted it was fine and proceeded to describe his job with an excitement that was contagious. His role: dispatching field services staff to users who are down and have problems that couldn't be fixed by our phone support staff.

After walking me through his processes and procedures, I asked, "How can we improve? How can I help?" Dave smiled and pulled out his list. He was obviously ready for this question.

"We struggle implementing our definition of 'user down.' All of our processes are keyed off of this definition, but the definition is too narrow. In addition, we need better back-office communications with the security group." Very interesting discussion.

My next 90 minutes were spent with Jason, visiting end-users who had submitted problem tickets. I was impressed with his knowledge and extensive work experience. (Jason has a master's degree, but he's fixing PCs. Wow!) After working with Jason, I was on the front lines with Jared for an hour. These guys know their stuff.

One issue that arose was "drive-by" support -- when another customer in the area has questions and asks for immediate help. Since our policy says they must call the Customer Support Center (CSC) first, resolving these issues is officially not allowed so we can track metrics and work priorities, and try to solve problems on the phone. But Jason mapped a printer in about two minutes to make one woman very happy. Note to self: If a customer can be helped in under five minutes, the drive-by should be allowed without calling the CSC. But we still need to track those tickets.

Speaking of the CSC, that's my next stop in 10 days. Seven more areas to go, but there are already some lessons learned:

1. Staff are sending me unsolicited e-mails and thanking me for taking the time to experience their job. Others have invited me to hear their problems firsthand.

2. We have dedicated professionals who care and have good ideas.

3. Management reports are coming to life. This experience will help in setting priorities. I'm asking myself why I didn't do this a year ago. It's definitely worth the time and effort. ¨


Dan Lohrmann Dan Lohrmann  |  Contributing Writer

Daniel J. Lohrmann became Michigan's first chief security officer (CSO) and deputy director for cybersecurity and infrastructure protection in October 2011. Lohrmann is leading Michigan's development and implementation of a comprehensive security strategy for all of the state’s resources and infrastructure. His organization is providing Michigan with a single entity charged with the oversight of risk management and security issues associated with Michigan assets, property, systems and networks.

Lohrmann is a globally recognized author and blogger on technology and security topics. His keynote speeches have been heard at worldwide events, such as GovTech in South Africa, IDC Security Roadshow in Moscow, and the RSA Conference in San Francisco. He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine and “Public Official of the Year” by Governing magazine.

His Michigan government security team’s mission is to:

  • establish Michigan as a global leader in cyberawareness, training and citizen safety;
  • provide state agencies and their employees with a single entity charged with the oversight of risk management and security issues associated with state of Michigan assets, property, systems and networks;
  • develop and implement a comprehensive security strategy (Michigan Cyber Initiative) for all Michigan resources and infrastructure;
  • improve efficiency within the state’s Department of Technology, Management and Budget; and
  • provide combined focus on emergency management efforts.

He currently represents the National Association of State Chief Information Officers (NASCIO) on the IT Government Coordinating Council that’s led by the U.S. Department of Homeland Security. He also serves as an adviser on TechAmerica's Cloud Commission and the Global Cyber Roundtable.

From January 2009 until October 2011, Lohrmann served as Michigan's chief technology officer and director of infrastructure services administration. He led more than 750 technology staff and contractors in administering functions, such as technical architecture, project management, data center operations, systems integration, customer service (call) center support, PC and server administration, office automation and field services support.

Under Lohrmann’s leadership, Michigan established the award-winning Mi-Cloud data storage and hosting service, and his infrastructure team was recognized by NASCIO and others for best practices and for leading state and local governments in effective technology service delivery.

Earlier in his career, Lohrmann served as the state of Michigan's first chief information security officer (CISO) from May 2002 until January 2009. He directed Michigan's award-winning Office of Enterprise Security for almost seven years.

Lohrmann's first book, Virtual Integrity: Faithfully Navigating the Brave New Web, was published in November 2008.  Lohrmann was also the chairman of the board for 2008-2009 and past president (2006-2007) of the Michigan InfraGard Member's Alliance.

Prior to becoming Michigan's CISO, Lohrmann served as the senior technology executive for e-Michigan, where he published an award-winning academic paper titled The Michigan.gov Story — Reinventing State Government Online. He also served as director of IT and CIO for the Michigan Department of Management and Budget in the late 1990s.

Lohrmann has more than 26 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a U.S./UK military facility.

Lohrmann is a distinguished guest lecturer for Norwich University in the field of information assurance. He also has been a keynote speaker at IT events around the world, including numerous SecureWorld and ITEC conferences in addition to online webinars and podcasts. He has been featured in numerous daily newspapers, radio programs and magazines. Lohrmann writes a bimonthly column for Public CIO magazine on cybersecurity. He's published articles on security, technology management, cross-boundary integration, building e-government applications, cloud computing, virtualization and securing portals.

He holds a master’s degree in computer science from Johns Hopkins University in Baltimore and a bachelor’s degree in computer science from Valparaiso University in Indiana.

NOTE: The columns here are Dan Lohrmann's own views. The opinions expressed do not necessarily represent the state of Michigan's official positions.

Recent Awards:
2011 Technology Leadership Award: InfoWorld
Premier 100 IT Leader for 2010: Computerworld magazine
2009 Top Doers, Dreamers and Drivers: Government Technology magazine
Public Official of the Year: Governing magazine — November 2008
CSO of the Year: SC Magazine — April 2008
Top 25 in Security Industry: Security magazine — December 2007
Compass Award: CSO Magazine — March 2007
Information Security Executive of the Year: Central Award 2006