From the opening keynote highlighting what it takes to be a successful technology leader in 2016 to the closing general session to determine “are you smarter than a state CISO,” the 2016 NASCIO Midyear conference was packed with thought-provoking content. The mix of speakers, panels, breakout sessions, “speed networking” (by jumping to different tables to discuss hot projects with leaders from various states) and other engagement was outstanding, in my opinion.
The conference kicked-off with one of the best opening keynotes that I have seen in the past few years. Scott Klososky's views on technology-infused leadership offered interesting stories and helpful analogies that certainly raised the bar for public- and private-sector attendees.
I can’t go through all of Scott’s keynote points here, but one of his best takeaways was on being a “High Beam Leader” and not just a “Low Beam Leader.” The major difference is whether you are just managing the operation (low beam) versus seeing the future accurately and leading the organization into what’s truly next.
Here’s an excerpt from a talk Scott gave last year where he described what it means to be a “high beam” leader.
Here’s another earlier excerpt from a talk that Scott Klososky gave last year, which covers some of the same material from the recent NASCIO Midyear Conference.
I especially liked how Scott wrapped up the keynote with a challenge to each technology leader to leave a lasting “digital legacy” in their situation that:
- You pioneered new uses
- You invested in the future
- You implemented new processes
- You left a winning digital strategy
Everyone on the panel agreed that unlimited liability requirements "needed to go" in government contracts. But beyond that, there were pros and cons regarding various suggestions — including a big push toward agile software development processes — which is largely viewed positively by the state leaders.
Back in late February 2016, NASCIO issued this call for state IT procurement reform. Here’s an excerpt:
NASCIO believes that there are five actions that states can take to improve the IT procurement process:
- Remove unlimited liability clauses in state terms and conditions (www.nascio.org/LOL)
- Introduce more flexible terms and conditions (Best Practice Guide for Cloud and As-A-Service Procurements)
- Don’t require performance bonds from vendors (Leaving Performance Bonds at the Door)
- Leverage enterprise architecture for improved IT procurement (Leveraging Enterprise Architecture for Improved IT Procurement)
- Improve the negotiations process (Strategies for Procurement Innovation and Reform)
Cybersecurity Stays Front and Center for States
There were several sessions addressing privacy and cybersecurity actions, and NASCIO issued this press release on May 6, 2016, which calls for a stronger federal-state partnership on cybersecurity. Here’s a brief excerpt:
Today NASCIO members engaged with strategic partners, representatives from Capitol Hill, federal officials from U.S. Department of Homeland Security (DHS), Internal Revenue Service (IRS), and FirstNet to emphasize the need for strong partnership between federal and state governments. More than 30 state CIOs and state technology policy officials participated in NASCIO’s 2016 Fly-In, where they had the opportunity to advocate for NASCIO’s 2016 advocacy priorities. ...
DHS’ Assistant Secretary for Cybersecurity and Communications, Dr. Andy Ozment, spoke to federal cybersecurity resources available to state governments on how state CIOs can take advantage of those offerings. State CIOs also received a DHS briefing focused on lessons learned from the attack against Ukrainian power infrastructure in December 2015. ...
There was an excellent breakout session on privacy actions in the states on Thursday afternoon, which covered the evolving privacy policies, different governance approaches and the future of privacy legislation. NASCIO recently launched a privacy sub-committee within its membership to cover a long list of items related to data sharing.
Leadership and governance changes, such as those announced this week regarding the centralization of cybersecurity in California, will continue to accelerate in state governments. Therefore, the collaboration efforts taken by organizations such as NASCIO and the National Governors Association (NGA) have become even more vital — so that states can learn from best practices, successes and failures in other states.
NGA announced a state cyber policy academy in April, and efforts by NGA go back several years to the establishment of the Resource Center for State Cybersecurity. Back at the 2013 NGA Winter Meeting, I offered these seven actions for state leaders to consider on cybersecurity.
I have attended dozens of NASCIO Midyear and Annual Conferences over the past two decades, and I can say without hesitation that I found this event to be in the top tier of events held.
Why? I saw more interactive and fast-paced sessions with opportunities for public- and private-sector pros to engage in meaningful dialog in helpful ways.
Nevertheless, the challenges and pressures facing state governments are immense, and the turnover among CIOs and CISOs remains high. I don't see this trend changing with 12 gubernatorial elections in 2016. The turnover will likely accelerate again in 2018 when many more governors are term-limited.
This turnover of leadership is also true in cybersecurity leadership. I heard from a trusted colleague at Deloitte, who was putting together the next biennial cybersecurity study of the states (the last NASCIO study can be found here), that 24 new CISOs are filling out the survey in this round. This turnover has occurred in just two years. Those cybersurvey results will be announced at the NASCIO Annual Conference in September.
I was encouraged by the additional steps that NASCIO and NGA are taking to further collaboration on cybersecurity, and I plan to cover more details on next steps this summer.