What you need to know about IT

Agency heads: It takes more tech than you think

09/15 FCW Magazine Feature.

Do agency leaders need to know more about the inner workings of IT to do their jobs effectively and safeguard national secrets? For many experts, the answer is yes.

Tech is now “part of the fabric of everybody’s lives,” said Montana Williams, senior manager of ISACA’s Cybersecurity Practices.

When the recent Office of Personnel Management breaches triggered a national debate about cybersecurity, National Review’s Jim Geraghty lashed out at Katherine Archuleta, the OPM director who resigned in the wake of the breaches. He said her performance was part of “a troubling pattern of incompetent management from Obama appointees selected more for their political loyalty than for their expertise, skill or leadership abilities.”

Geraghty highlighted Archuleta’s lack of an IT or cybersecurity background and claimed she did not appear to have “any expertise in the vitally important human resources and recordkeeping functions OPM is supposed to serve.”

But she’s no outlier. At the 24 agencies governed by the Chief Financial Officers Act, most agency heads have legal, political and/or public administration backgrounds.

What you really need to know about tech

09/15 FCW Magazine thumbnail image.


Agency heads


Auditors and regulators

You can also view the print version of this package in our digital edition.

There are a few exceptions: Secretary of Energy Ernest Moniz has a background in physics and has served on technology and security commissions; Secretary of Defense Ashton Carter has a background in technology, physics and security; and National Science Foundation Director France Córdova has had extensive scientific training.

In light of the OPM breach, should the old conventional wisdom — that a good leader knows how to lead people but not necessarily how to do those people’s jobs — go out the window when it comes to cybersecurity?

It’s still about people

At the end of the day, leadership and management skills are still the key.

“Surround yourself with the right people who have the right technical skills, and ask the right questions” was Williams’ prescription for agency heads. “Be willing to hold people accountable.”

Leaders need to “understand [cybersecurity and IT] at the basic level,” he added, but they don’t need an extensive cybersecurity background. “Large hospitals are not run by doctors,” he said by way of an analogy.

Patrick Malone, executive-in-residence at American University’s Department of Public Administration and Policy, said, “I haven’t ever seen any [federal employees] complain, ‘Dammit, I wish my boss knew more about some Windows 10 update,’ What people are crying about is their agency’s culture.”

According to Malone, feds say they need a culture of “compassion, trust, learning, collaboration and caring.”

Good leadership might also be a key to attracting and retaining cybersecurity pros. Those skills are in short supply nationwide, and an approaching spike in the numbers of feds eligible for retirement threatens to widen the government’s existing cybersecurity skills gap.

Some observers say one of the mistakes that undermined OPM was putting cybsersecurity in the hands of program office employees who did not have the relevant background.

“Soft skills” — though Malone said he is no fan of the dismissive connotations of that adjective — unlock “the real magic of leadership”: attracting the right talent, encouraging them to give their best and retaining them.

“If you create the right environment, the tech skill will come,” Malone said. “The only way we’re going to get the technical talent — and the only way they’ll stay — is if leaders make them want to stay. Otherwise, you’re going to lose them to IBM, lose them to Apple.”

Know the risks

Gregory Wilshusen, director of information security issues at the Government Accountability Office, said agency heads need to have a core understanding of what kinds of sensitive information their agency collects, how it’s protected, the damage that would be done if the information is compromised, and who controls and interacts with the agency’s systems in the cloud.

“Just because you start to migrate systems to the cloud doesn’t mean you’re absolved of responsibility,” he said.

In the future, it shouldn’t be a requirement that agency heads have deep IT knowledge. If they do, “that would be a bonus but not the determining factor,” Wilshusen added.

So would OPM have done a better job of detecting and responding to the breaches if a tech-savvy leader had been in charge?

Williams said yes, adding that someone who understood the risks would have immediately cut off KeyPoint Government Solutions’ system access when it became clear that the contractor had been hacked.

But Malone said the leader’s role is to foster an open environment, not necessarily understand all the technology. In such an environment, an agency employee who had a solution to the problem would have felt comfortable bringing it up, he added.

Wilshusen said the public administrators and lawyers who currently lead agencies are probably capable of picking up the tech knowledge they need as they work, and they’re likely doing so now.

“I would imagine there’s a lot more on-the-job training after what happened to Secretary Archuleta,” he said.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.