Cloud Exchange 2023: DoTs Cordell Schachter on 3 Priorities to Achieve IT Modernization | Federal News Network

 Cloud Exchange 2023: DoTs Cordell Schachter on 3 Priorities to Achieve IT Modernization |  Federal News Network

Cordell Schachter, chief information officer of the Department of Transportation, doesn’t fall too enamored with technology.

Not new cloud services or fancy new cybersecurity tools, or even the DevSecOps approach that DoT is implementing.

Rather, Schachter is drawn to the end result the technology will bring to the department in solving DoT’s business and mission challenges.

DoT is such a huge enterprise and we are federated, so we have administrations or modes of operation with very specific missions…

TO KNOW MORE

Cordell Schachter, chief information officer of the Department of Transportation, doesn’t fall too enamored with technology.

Not new cloud services or fancy new cybersecurity tools, or even the DevSecOps approach that DoT is implementing.

Rather, Schachter is drawn to the end result the technology will bring to the department in solving DoT’s business and mission challenges.

DoT is such a huge enterprise and we’re federated, so we have administrations or modes of operation with very specific missions that are quite different from each other. They have different needs in their particular area of ​​expertise, in most cases they perform some sort of oversight, possibly enforcement, and bring with them a suite of legacy applications, some of which have been migrated to the cloud, others which are in our portfolio for be migrated in the future, Schachter said. We’ve probably scored the most in common systems areas like email, cloud storage, authentication, and various cybersecurity tools that we’re able to deploy at scale across the enterprise.

The federated nature of DoT is why Schachter is taking a portfolio approach to modernizing IT.

The portfolios focus on three main areas:

  • Cyber ​​security
  • Workforce
  • Modern development techniques

For each of them, technology, whether it’s the cloud or AI or whatever the current rage is, underpins, but doesn’t drive priorities. And all three are interrelated to help DoT achieve its mission goals.

The cybersecurity portfolio is leveraging both cloud capabilities and implementing a secure-by-design approach across all migrations and modernization efforts. One approach Schachter said is disarmingly simple, but complicated and difficult to implement.

There is a culture shift that needs to happen in terms of how cybersecurity is done. If you have a fixed budget for a particular program or project, cybersecurity will consume a larger portion of that budget than you might have initially estimated. So we certainly need to confirm our estimates to make sure cyber is given the right allocation, Schachter said. The second is that you will need experience, either full time in that team or consulting with the team, because cybersecurity is not just about supporting a particular tool. But it’s the three elements of people, processes and technical tools that will get you to that secure computing place we all need.

Secure-by-design requires a culture shift

While it’s clear that everyone from the secretary down understands the critical need to protect systems and data, Schachter said he meets with administration and business module leaders daily to review the latest threats, alerts and data to constantly update the IT posture of the departments.

Over the past few years, the number of people who have participated in such calls has increased as the understanding and challenges of cybersecurity have become better understood.

Of course, DoT is leaning on computing capabilities in its multi-cloud environment.

We definitely want to know that when we enter into or renew a contract with a company or a retailer or whatever, we are truly getting the best value for the tax payer. Within these cloud companies, they offer services that compete with third-party vendors in the cybersecurity area, and we want to find the right mix of what services are available within that cloud that are most easily enabled, once you’re within that environment, he said. So what other cybersecurity services do you want to add into the mix, so that you aren’t entirely dependent on one vendor or even technique to keep your business resilient. In the old days, we used to say that we could subscribe to two different antivirus vendors because the virus signatures weren’t the same. We have now evolved to the point where most of that antivirus is predictive and algorithmic in nature. However, there are still different kinds of techniques and secret sauce to detect the activities of threat actors. We want to have the widest range of tools and scans.

The secure-by-design approach and cloud capabilities require a skilled and knowledgeable workforce on how to manage and oversee many of these efforts.

Schachter said that, like most agencies, his goal is both to hire the best and brightest employees but also to retrain current workers to meet the needs of today and in the future.

The DoT CIO Office has approximately 400 full-time and contractor employees and approximately 70 vacancies that the department is trying to fill.

We are hiring aggressively for IT Data, Infrastructure, Application Development, Project Manager and many other positions. We have important roles to fill, Schachter said. We are also now considering creating a much larger internship program to provide opportunities for recent graduates or people who are new to the workforce who may fill a position in the CIO’s DoT office. We will be providing a lot of mentoring and coaching to entry-level positions in hopes of both growing our leadership and building a more diverse workforce, as well as one that is better insulated against big retirement, which people have been talking about now for a while. number of years.

Third stage of modernization: DevSecOps

The benefits of hiring, training and retaining a more highly skilled workforce mean they will also increase the complexity and challenge of their work.

Schachter said bringing automation and other tools to archiving, email or other common back office functions is reducing the day-to-day burden on staff.

We’ve made things harder for ourselves by implementing practices like multi-factor authentication and zero trust. We’ve faced new challenges to replace some of the old ones, but those challenges are much harder than the ones we faced just five or six years ago, he said. I believe there is no substitute for experience, and having people at the Department of Transportation who have experience in the transportation industry, it’s much easier for them to identify with the challenge of their particular operating administration. Even if their experience wasn’t in that particular industry, I think they can apply lessons they may have learned in another industry.

The third priority of developing systems and applications in a modern way based on best practices is the third stage of DoT’s IT modernization efforts.

Schachter said DoT needs to develop a greater practice of project management, application development and oversight, as well as actual application development on secure modern and, in most cases, cloud-based platforms.

We’ve had internal teams and cross-disciplinary teams, for example, create a DevSecOps playbook; implementing this in legacy systems is difficult. But adding it to the system we’re building or will build gives you a greater opportunity, he said. This is where the culture really changes because sticking with legacy technologies offers fewer options and presents more risk to the business.

All three priorities are driven by informed and risk-oriented decisions.

We want to apply our efforts to those things that present the greatest risk. Let’s define risk in a more textbook way. It’s not just a list of scary things, anyone can put it together. But which of those scary things do you approach first, and that has to do with both the impact of that scary thing if it happens but also the likelihood of it happening, Schachter said. Whether it’s an industry environment, at one of our transportation hubs, or in corporate IT, where that line is now graying out, as much of the operating technology that used to be on mechanical systems was separate from the IT network, if it was on a network. That OT is now becoming IT. It’s actually best managed using the IT controls themselves. Now you need a partnership from both sides, IT and OT. In transportation, as in many other fields, the lines between where IT now needs to cross and help are blurred. This is why all IT must follow a risk-based approach. We have to do risk assessments. We need to capture risk logs and are able to prioritize risks based on their likelihood and impact.

Did you want to hear from the other participants in our Cloud Exchange 2023? No problem, on Monday you will find all sessions available on demand on our event page.


#Cloud #Exchange #DoTs #Cordell #Schachter #Priorities #Achieve #Modernization #Federal #News #Network

Previous articleThe new device opens the door to storing quantum information such as sound waves
Next articleReRAM NVM shines, even in High-Rad applications – Embedded Computing Design

LEAVE A REPLY

Please enter your comment!
Please enter your name here